Removing Caldera

Vagrant/Vagrantfile

@@ -48,7 +48,6 @@ Vagrant.configure("2") do |config|
     cfg.vm.provision "shell", path: "scripts/install-redteam.ps1", privileged: false
     cfg.vm.provision "shell", path: "scripts/install-choco-extras.ps1", privileged: false
     cfg.vm.provision "shell", path: "scripts/install-osquery.ps1", privileged: false
-    cfg.vm.provision "shell", path: "scripts/install-caldera-agent.ps1", privileged: false
     cfg.vm.provision "shell", path: "scripts/install-sysinternals.ps1", privileged: false
     cfg.vm.provision "shell", path: "scripts/configure-ou.ps1", privileged: false
     cfg.vm.provision "shell", path: "scripts/configure-wef-gpo.ps1", privileged: false
@@ -104,7 +103,6 @@ Vagrant.configure("2") do |config|
     cfg.vm.provision "shell", path: "scripts/install-redteam.ps1", privileged: false
     cfg.vm.provision "shell", path: "scripts/install-choco-extras.ps1", privileged: false
     cfg.vm.provision "shell", path: "scripts/install-osquery.ps1", privileged: false
-    cfg.vm.provision "shell", path: "scripts/install-caldera-agent.ps1", privileged: false
     cfg.vm.provision "shell", path: "scripts/install-sysinternals.ps1", privileged: false
     cfg.vm.provision "shell", path: "scripts/configure-pslogstranscriptsshare.ps1", privileged: false
     cfg.vm.provision "shell", path: "scripts/install-autorunstowineventlog.ps1", privileged: false
@@ -154,7 +152,6 @@ Vagrant.configure("2") do |config|
     cfg.vm.provision "shell", path: "scripts/install-redteam.ps1", privileged: false
     cfg.vm.provision "shell", path: "scripts/install-choco-extras.ps1", privileged: false
     cfg.vm.provision "shell", path: "scripts/install-osquery.ps1", privileged: false
-    cfg.vm.provision "shell", path: "scripts/install-caldera-agent.ps1", privileged: false
     cfg.vm.provision "shell", path: "scripts/install-inputsconf.ps1", privileged: false
     cfg.vm.provision "shell", path: "scripts/install-sysinternals.ps1", privileged: false
     cfg.vm.provision "shell", path: "scripts/install-autorunstowineventlog.ps1", privileged: false

Vagrant/Vagrantfile_Minimum

@@ -46,7 +46,6 @@ Vagrant.configure("2") do |config|
     cfg.vm.provision "shell", path: "scripts/install-inputsconf.ps1", privileged: false
     cfg.vm.provision "shell", path: "scripts/install-utilities.ps1", privileged: false
     cfg.vm.provision "shell", path: "scripts/install-osquery.ps1", privileged: false
-    cfg.vm.provision "shell", path: "scripts/install-caldera-agent.ps1", privileged: false
     cfg.vm.provision "shell", path: "scripts/install-sysinternals.ps1", privileged: false
     cfg.vm.provision "shell", path: "scripts/configure-ou.ps1", privileged: false
     cfg.vm.provision "shell", path: "scripts/configure-wef-gpo.ps1", privileged: false
@@ -100,7 +99,6 @@ Vagrant.configure("2") do |config|
     cfg.vm.provision "shell", path: "scripts/install-inputsconf.ps1", privileged: false
     cfg.vm.provision "shell", path: "scripts/install-utilities.ps1", privileged: false
     cfg.vm.provision "shell", path: "scripts/install-osquery.ps1", privileged: false
-    cfg.vm.provision "shell", path: "scripts/install-caldera-agent.ps1", privileged: false
     cfg.vm.provision "shell", path: "scripts/install-sysinternals.ps1", privileged: false
     cfg.vm.provision "shell", path: "scripts/configure-pslogstranscriptsshare.ps1", privileged: false
     cfg.vm.provision "shell", path: "scripts/install-autorunstowineventlog.ps1", privileged: false
@@ -147,7 +145,6 @@ Vagrant.configure("2") do |config|
     cfg.vm.provision "shell", path: "scripts/install-splunkuf.ps1", privileged: false
     cfg.vm.provision "shell", path: "scripts/install-utilities.ps1", privileged: false
     cfg.vm.provision "shell", path: "scripts/install-osquery.ps1", privileged: false
-    cfg.vm.provision "shell", path: "scripts/install-caldera-agent.ps1", privileged: false
     cfg.vm.provision "shell", path: "scripts/install-inputsconf.ps1", privileged: false
     cfg.vm.provision "shell", path: "scripts/install-sysinternals.ps1", privileged: false
     cfg.vm.provision "shell", path: "scripts/install-autorunstowineventlog.ps1", privileged: false

Vagrant/bootstrap.sh

@@ -5,26 +5,17 @@ echo "apt-fast apt-fast/maxdownloads string 10" | debconf-set-selections;
 echo "apt-fast apt-fast/dlflag boolean true" | debconf-set-selections;
 sed -i "2ideb mirror://mirrors.ubuntu.com/mirrors.txt xenial main restricted universe multiverse\ndeb mirror://mirrors.ubuntu.com/mirrors.txt xenial-updates main restricted universe multiverse\ndeb mirror://mirrors.ubuntu.com/mirrors.txt xenial-backports main restricted universe multiverse\ndeb mirror://mirrors.ubuntu.com/mirrors.txt xenial-security main restricted universe multiverse" /etc/apt/sources.list
 
-install_python_apt_source() {
-  # Install apt source for Python3.6
-  add-apt-repository -y ppa:jonathonf/python-3.6
-  add-apt-repository -y ppa:apt-fast/stable
-}
-
 apt_install_prerequisites() {
   # Install prerequisites and useful tools
   echo "Running apt-get update..."
   apt-get -qq update
   apt-get -qq install -y apt-fast
   echo "Running apt-fast install..."
-  apt-fast -qq install -y jq whois build-essential git docker docker-compose unzip python3.6 python3.6-dev
-  # Install pip for Python 3.6
-  echo "Installing Pip3.6..."
-  curl -s https://bootstrap.pypa.io/get-pip.py | sudo -H python3.6
+  apt-fast -qq install -y jq whois build-essential git docker docker-compose unzip
 }
 
 test_prerequisites() {
-  for package in jq whois build-essential git docker docker-compose unzip python3.6 python3.6-dev
+  for package in jq whois build-essential git docker docker-compose unzip 
   do
     echo "[TEST] Validating that $package is correctly installed..."
     # Loop through each package using dpkg
@@ -219,33 +210,6 @@ import_osquery_config_into_fleet() {
   /opt/splunk/bin/splunk add monitor "/home/vagrant/kolide-quickstart/osquery_status" -index osquery-status -sourcetype 'osquery:status' -auth 'admin:changeme'
 }
 
-install_caldera() {
-  if [ -f "/lib/systemd/system/caldera.service" ]; then
-    echo "Caldera is already installed... Skipping"
-  else
-    # Install Mitre's Caldera
-    echo "Installing Caldera..."
-    cd /home/vagrant || exit
-    git clone https://github.com/mitre/caldera.git
-    cd /home/vagrant/caldera/plugins || exit
-    git clone https://github.com/mitre/adversary.git adversary
-    git clone https://github.com/mitre/chain.git chain
-    git clone https://github.com/mitre/gui.git gui
-    git clone https://github.com/mitre/sandcat.git sandcat
-    git clone https://github.com/mitre/stockpile.git stockpile
-    cd /home/vagrant/caldera || exit
-    pip3.6 install -r requirements.txt
-    # Make Caldera accessible on all ports
-    sed -i 's/127.0.0.1/0.0.0.0/g' conf/local.yml
-    # Create Systemd service for Caldera
-    cp /vagrant/resources/caldera/caldera.service /lib/systemd/system/caldera.service
-    cd /home/vagrant/caldera || exit
-    cp /vagrant/resources/caldera/cert.pem /vagrant/resources/caldera/key.pem /home/vagrant/caldera/conf
-    service caldera start
-    systemctl enable caldera.service
-  fi
-}
-
 install_bro() {
   # Environment variables
   NODECFG=/opt/bro/etc/node.cfg
@@ -436,7 +400,6 @@ main() {
   install_fleet
   download_palantir_osquery_config
   import_osquery_config_into_fleet
-  install_caldera
   install_suricata
   install_bro
 }

Vagrant/resources/caldera/caldera.service

@@ -1,11 +0,0 @@
-[Unit]
-Description=Caldera
-After=multi-user.target
-
-[Service]
-Type=idle
-WorkingDirectory=/home/vagrant/caldera
-ExecStart=/usr/bin/python3.6 server.py -E local
-
-[Install]
-WantedBy=multi-user.target

Vagrant/resources/caldera/cert.pem

@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDVTCCAj2gAwIBAgIJAKUxnMnJz4CPMA0GCSqGSIb3DQEBCwUAMEExDzANBgNV
-BAMMBmxvZ2dlcjEQMA4GA1UECwwHU2VydmVyczEPMA0GA1UECgwGbG9nZ2VyMQsw
-CQYDVQQGEwJVUzAeFw0xOTAzMjcwMzU3NThaFw0yOTAzMjYwMzU3NThaMEExDzAN
-BgNVBAMMBmxvZ2dlcjEQMA4GA1UECwwHU2VydmVyczEPMA0GA1UECgwGbG9nZ2Vy
-MQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKL/
-7cDUXrSac8oILHLN3iKtuhoLttPrVi+GuYsdfKer7D9M9DrkGAvQ+qHLpHgg+omY
-ZIK4kDjS26eDKP2SGTHjeYwlmcJPnII6YU8vYdzyvi4eLJjI+lMO8BYd2yL2PVJX
-W8ScY/2MoC8LX31A8maGDW+4E6bu3ItAEchh4EWRj8V4PqCDJH1XnY18A0N0QEDV
-Osleb2dFWvXtyFmSu0OsqiMxBzlPbf/yl71Q1VjrRUT+alDJNfF3ewctshvx4hV8
-qDwpATR9GPfPKV6w1lj0a+81Qpwy6vOLve3yCV02lWe1TaCjL2otGbTspujbulkR
-DGy6MC9/9i1CRkEIBj0CAwEAAaNQME4wHQYDVR0OBBYEFKGWfBB6O2ktq/a4frXy
-LKxZNjngMB8GA1UdIwQYMBaAFKGWfBB6O2ktq/a4frXyLKxZNjngMAwGA1UdEwQF
-MAMBAf8wDQYJKoZIhvcNAQELBQADggEBAIgLaPeFJS/bHzITf62RgDbBEU3zaeOg
-72xiFHWd6uIA9SCHGHuKhbpzLOqBtoSGZlejI75/QDwAiwpu/cd9BWx9h9S/f0Zf
-fZnA/ngPojhnaHYFIn8165z/XSJwNvDhVh1oYqMcfTPgeSlbRdPTwAjxdYsJ4nik
-4xriKHV6WQ9ixFwOk9ROYg1M/OJ2lmOi23NFODKVP0LFPAqZEX7evKJatWQiJ2tF
-iUAm+4xvkGVJfPd6hShYEsXDjTJC+fVFgsPTWhaHGnLjiLORJLgvd/E6wIGGzvx7
-fIw1x7LxMmhlWa74yyGZKAMUOlMh4uBAYR3JhsVYl2LNSK9HwZYnfXc=
------END CERTIFICATE-----

Vagrant/resources/caldera/conf.yml

@@ -1,24 +0,0 @@
-url_root: https://logger:8888
-verify_hostname: false
-cert: |
-  -----BEGIN CERTIFICATE-----
-  MIIDVTCCAj2gAwIBAgIJAKUxnMnJz4CPMA0GCSqGSIb3DQEBCwUAMEExDzANBgNV
-  BAMMBmxvZ2dlcjEQMA4GA1UECwwHU2VydmVyczEPMA0GA1UECgwGbG9nZ2VyMQsw
-  CQYDVQQGEwJVUzAeFw0xOTAzMjcwMzU3NThaFw0yOTAzMjYwMzU3NThaMEExDzAN
-  BgNVBAMMBmxvZ2dlcjEQMA4GA1UECwwHU2VydmVyczEPMA0GA1UECgwGbG9nZ2Vy
-  MQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKL/
-  7cDUXrSac8oILHLN3iKtuhoLttPrVi+GuYsdfKer7D9M9DrkGAvQ+qHLpHgg+omY
-  ZIK4kDjS26eDKP2SGTHjeYwlmcJPnII6YU8vYdzyvi4eLJjI+lMO8BYd2yL2PVJX
-  W8ScY/2MoC8LX31A8maGDW+4E6bu3ItAEchh4EWRj8V4PqCDJH1XnY18A0N0QEDV
-  Osleb2dFWvXtyFmSu0OsqiMxBzlPbf/yl71Q1VjrRUT+alDJNfF3ewctshvx4hV8
-  qDwpATR9GPfPKV6w1lj0a+81Qpwy6vOLve3yCV02lWe1TaCjL2otGbTspujbulkR
-  DGy6MC9/9i1CRkEIBj0CAwEAAaNQME4wHQYDVR0OBBYEFKGWfBB6O2ktq/a4frXy
-  LKxZNjngMB8GA1UdIwQYMBaAFKGWfBB6O2ktq/a4frXyLKxZNjngMAwGA1UdEwQF
-  MAMBAf8wDQYJKoZIhvcNAQELBQADggEBAIgLaPeFJS/bHzITf62RgDbBEU3zaeOg
-  72xiFHWd6uIA9SCHGHuKhbpzLOqBtoSGZlejI75/QDwAiwpu/cd9BWx9h9S/f0Zf
-  fZnA/ngPojhnaHYFIn8165z/XSJwNvDhVh1oYqMcfTPgeSlbRdPTwAjxdYsJ4nik
-  4xriKHV6WQ9ixFwOk9ROYg1M/OJ2lmOi23NFODKVP0LFPAqZEX7evKJatWQiJ2tF
-  iUAm+4xvkGVJfPd6hShYEsXDjTJC+fVFgsPTWhaHGnLjiLORJLgvd/E6wIGGzvx7
-  fIw1x7LxMmhlWa74yyGZKAMUOlMh4uBAYR3JhsVYl2LNSK9HwZYnfXc=
-  -----END CERTIFICATE-----
-logging_level: debug

Vagrant/resources/caldera/key.pem

@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCi/+3A1F60mnPK
-CCxyzd4irboaC7bT61YvhrmLHXynq+w/TPQ65BgL0Pqhy6R4IPqJmGSCuJA40tun
-gyj9khkx43mMJZnCT5yCOmFPL2Hc8r4uHiyYyPpTDvAWHdsi9j1SV1vEnGP9jKAv
-C199QPJmhg1vuBOm7tyLQBHIYeBFkY/FeD6ggyR9V52NfANDdEBA1TrJXm9nRVr1
-7chZkrtDrKojMQc5T23/8pe9UNVY60VE/mpQyTXxd3sHLbIb8eIVfKg8KQE0fRj3
-zylesNZY9GvvNUKcMurzi73t8gldNpVntU2goy9qLRm07Kbo27pZEQxsujAvf/Yt
-QkZBCAY9AgMBAAECggEAchAQKyExyMZQgq9nk0r2yGOz2GgcH34OyKFJk80lnxvS
-7ZUHT3KwVQx/Zttfk2TYjZLjuwo2el0rsrQ46gDjuqKJOwZQ68XUKtl5oPTyUbBY
-X2NkJ+J0Mc1BOujXoUaZMNbK8/HQkuxmZ6VYxAi/1/i0zFoO/oEmOheymfvL+kG9
-Yi9o7DR8o8yHT2XAJM3sdRLb19/BdquB8vcXYvHY/X2+2uLU4vDycHZ9bFiRWfMK
-bpgzH0XRsfz5/9nV42gUhPZWbKJYZnauYI4k603i5uT165chkkv4HJld5mgUMZel
-U58zFE9LwGOKuQJbYkvKDj4G+vF4i9ONRMg5jNhO4QKBgQDPRALjFSFoTd5wOjef
-Z2n5P307DPyix+GxbE1VRvsKpWNW/DYmVHrLX9cyZPpVPwcAla11gSoSOQ4AW3F4
-8uVrL86FTPI3h4nCZje6NvLlzNvI7zmNgCVHLrtp16sub7qxRTuLJuO8V0Penka8
-dpRI1npaetvwuVjNjw98NdioWQKBgQDJU2hKEbCmX+h9IfuKdOCT5gMYjii1ndC4
-uUwrUf+Fy9Z0aZIIDa/TKjmVnUEd+2C4AGdWIc0p/ApzKId9o9f0RUTFv0x2fKGt
-wQUE4BuvHBTQY++N6lYSEVBHOicoITbKfTQyiHimzgg19JjRaxPEoI7zla7euOtz
-wD8RZisQhQKBgQCoqP14cG95AzSpOpacvnh7/PAZJ15F0EWWLT1Y0aPja+ZEmIQv
-+Lrb2CezuHwE9n7qOOKoJe1oWslL/R1/gJiz+nkh/BV2nnK5oJhkjeZmnaeUASdi
-QA8Vt6+GV5vS89SGAIKNn53eW1y9QSrqncvY4b869ZMYdpsO2wWM2/xsMQKBgQCU
-cgaszrxlAMTJN3xky+cnxmqz+WY0/AeBnUd3jb+OJQ2cypbdj1H8rt7E3a288LSR
-F+MaFFRVx7zgypqU3nGGcGjUMkir+RuxpWgQ/zoKdPc37OgeyRHrwo5h5pQmt87R
-oV4SgKQNwk81kYP4ri5mRkkBfHXzTYB22eLm7mGEjQKBgB+WaIOMpgQwrewRkU17
-S63jjHso3J4S21OHm748vpx3ize4JpnAkRpfpwZ9Rj+TmyOjgitJNWdV77zdiQkN
-5Dv5ZjsIurrnDXMslBww37mnV7LXyDAAsyaKqSGQuikKusz45FSej82KIfr/zGv+
-WbNZ+sK8mdVZoUSam+6BO9JH
------END PRIVATE KEY-----

Vagrant/resources/caldera/mongod.service

@@ -1,12 +0,0 @@
-[Unit]
-Description=High-performance, schema-free document-oriented database
-After=network.target
-Documentation=https://docs.mongodb.org/manual
-
-[Service]
-User=mongodb
-Group=mongodb
-ExecStart=/usr/bin/mongod --quiet --config /etc/mongod.conf
-
-[Install]
-WantedBy=multi-user.target

Vagrant/resources/caldera/settings.yml

@@ -1,27 +0,0 @@
-auth:
-  key: !!binary |
-    QfVQNdpJt0br69u4yGYgjJYr8mlKRb8nhkzxd+XkuBt7D/JKeCUmSafJuBFY3w7oXatwSqFYKdWn
-    ZhVklJsZAmoPy3BEr1maTwFFfJtfav6e6JUMfPKP2SXHFW0fsyF3mdxpXtMbRrMTwnQ4TrndAtCs
-    E0jWC9qM/ktTga5UweS3YkDlQpWQHktgPPRC8nLk2dtGkWLuam7lfFCW93mxrNyYAAlbNQPq8/ld
-    DvYD+eWB8tviOh5ZcntmST4tCXXZqk6pGByWV8m7EnBRK4ffIoNmgNV5K7UrWBPEI5ZbNbHx9rSl
-    GNqAiA9T020MJ5qyrCl9mgZTnbmKXiUOcgpr6g==
-crypto:
-  cert: conf/cert.pem
-  key: conf/key.pem
-database:
-  host: localhost
-  key: !!binary |
-    UXFoNGMzdU1kYWJzU195ZDEybUItWnBJbEg5UnNqYndmQWJpcC1xNjFNaz0=
-  port: 27017
-proxy:
-  default:
-    cert: ''
-    http: ''
-    https: ''
-server:
-  host: 0.0.0.0
-  https: true
-  port: 8888
-users:
-- name: admin
-  password: caldera

Vagrant/scripts/install-caldera-agent.ps1

@@ -1,36 +0,0 @@
-# Purpose: Installs the Caldera agent on the host
-Write-Host "Installing the Caldera agent..."
-$url="https://192.168.38.105:8888/file/render"; $ps_table = $PSVersionTable.PSVersion;If([double]$ps_table.Major -ge 6){iex (irm -Method Post -Uri $url -Headers @{"file"="54ndc47.ps1"} -SkipCertificateCheck);}else{[System.Net.ServicePointManager]::ServerCertificateValidationCallback={$True};$web=New-Object System.Net.WebClient;$web.Headers.Add("file","54ndc47.ps1");$resp=$web.UploadString("$url",'');iex($resp);}
-
-If (-not (Test-Path 'C:\Program Files\cagent\cagent.exe')) {
-  # Add /etc/hosts entry
-  Add-Content "c:\windows\system32\drivers\etc\hosts" "        192.168.38.105    logger"
-
-  # Make the directory
-  New-Item "c:\Program Files\cagent" -type directory
-
-  # Install Visual Studio 2015 C++ Redistributable
-  choco install -y vcredist2015
-
-  # Download cagent and start the service
-  Write-Host "Downloading Caldera Agent (cagent.exe)"
-  $cagentPath = "C:\Program Files\cagent\cagent.exe"
-  $cagentConfPath = "C:\Program Files\cagent\conf.yml"
-  # GitHub requires TLS 1.2 as of 2/1/2018
-  [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
-  (New-Object System.Net.WebClient).DownloadFile('https://github.com/mitre/caldera-agent/releases/download/v0.1.0/cagent.exe', $cagentPath)
-  # Copy hardocded Caldera config from the Vagrant resources folder
-  Copy-Item "C:\vagrant\resources\caldera\conf.yml" $cagentConfPath -Force
-  If (-not (Test-Path "$cagentConfPath" )) {
-    Write-Host "Caldera Agent configuration failed. Unable to retrieve config from resources folder."
-  }
-  Start-Process -FilePath $cagentPath -ArgumentList '--startup', 'auto', 'install' -Wait
-  Start-Process -FilePath $cagentPath -ArgumentList 'start' -Wait
-} Else {
-  Write-Host "Caldera Agent is already installed. Moving on."
-}
-Start-Sleep 5
-If ((Get-Service -name cagent).Status -ne "Running") {
-  throw "Caldera Agent service not running"
-}
-Write-Host "Cagent installation complete!"