Merge branch 'master' of https://github.com/clong/detectionlab

Azure/Ansible/roles/common/tasks/main.yml

@@ -6,6 +6,7 @@
     chdir: 'c:\vagrant\scripts'
   register: palantir_wef
   failed_when: "'Exception' in palantir_wef.stdout"
+  changed_when: "' already exists. Moving On.' not in palantir_wef.stdout"
 
 - debug: msg="{{ palantir_wef.stdout_lines }}"
   
@@ -15,6 +16,7 @@
     chdir: 'c:\vagrant\scripts'
   register: install_osquery
   failed_when: "'Exception' in install_osquery.stdout"
+  changed_when: "' already installed. Moving On.' not in install_osquery.stdout"
 
 - debug: msg="{{ install_osquery.stdout_lines }}"
 
@@ -24,6 +26,7 @@
     chdir: 'c:\vagrant\scripts'
   register: sysinternals
   failed_when: "'Exception' in sysinternals.stdout"
+  changed_when: "'Tools directory exists, no need to re-install.' not in sysinternals.stdout"
 
 - debug: msg="{{ sysinternals.stdout_lines }}"
 
@@ -33,6 +36,7 @@
     chdir: 'c:\vagrant\scripts'
   register: velociraptor
   failed_when: "'Exception' in velociraptor.stdout"
+  changed_when: "' already installed. Moving On.' not in velociraptor.stdout"
 
 - debug: msg="{{ velociraptor.stdout_lines }}"
 
@@ -42,6 +46,7 @@
     chdir: 'c:\vagrant\scripts'
   register: autorunstowineventlog
   failed_when: "'Exception' in autorunstowineventlog.stdout"
+  changed_when: "' already installed. Moving On.' not in autorunstowineventlog.stdout"
 
 - debug: msg="{{ autorunstowineventlog.stdout_lines }}"
 
@@ -51,6 +56,7 @@
     chdir: 'c:\vagrant\scripts'
   register: redteam
   failed_when: "'Exception' in redteam.stdout"
+  changed_when: "' already installed. Moving On.' not in redteam.stdout"
 
 - debug: msg="{{ redteam.stdout_lines }}"
 

Azure/Ansible/roles/dc/tasks/main.yml

@@ -21,6 +21,8 @@
 
 - name: Copy scripts to c:\vagrant
   win_shell: Copy-Item -Recurse c:\DetectionLab\Vagrant c:\vagrant
+  args:
+    creates: c:\vagrant\Vagrantfile
 
 - name: Create an Administrator user
   win_user:
@@ -28,7 +30,8 @@
     password: Vagrant123
     state: present
     groups:
-      - Users,Administrators
+      - Users
+      - Administrators
     password_never_expires: yes
   
 - name: Create the Domain

Azure/Ansible/roles/wef/tasks/main.yml

@@ -21,6 +21,8 @@
 
 - name: Copy scripts to c:\vagrant
   win_shell: Copy-Item -Recurse c:\DetectionLab\Vagrant c:\vagrant
+  args:
+    creates: c:\vagrant\Vagrantfile
 
 - name: Join the Domain
   win_shell: .\\provision.ps1
@@ -28,6 +30,7 @@
     chdir: 'c:\vagrant\scripts'
   register: wef_join_domain
   changed_when: "'HasSucceeded : True' in wef_join_domain.stdout"
+  failed_when: '"failed to join domain" in wef_join_domain.stderr'
 
 - debug: msg="{{ wef_join_domain.stdout_lines }}"
 
@@ -37,6 +40,7 @@
     pre_reboot_delay: 15
     reboot_timeout: 600
     post_reboot_delay: 60
+  when: wef_join_domain.changed
 
 - name: Download Microsoft ATA
   win_get_url:
@@ -53,6 +57,7 @@
     chdir: 'c:\vagrant\scripts'
   register: palantir_wef
   failed_when: "'Exception' in palantir_wef.stdout"
+  changed_when: "' already exists. Moving On.' not in palantir_wef.stdout"
 
 - debug: msg="{{ palantir_wef.stdout_lines }}"
 
@@ -62,6 +67,7 @@
     chdir: 'c:\vagrant\scripts'
   register: wef_subscriptions
   failed_when: "'Exception' in wef_subscriptions.stdout"
+  changed_when: "'already installed, moving on...' not in wef_subscriptions.stdout"
 
 - debug: msg="{{ wef_subscriptions.stdout_lines }}"
 
@@ -71,6 +77,7 @@
     chdir: 'c:\vagrant\scripts'
   register: splunkuf
   failed_when: "'Exception' in splunkuf.stdout"
+  changed_when: "' already installed. Moving on.' not in splunkuf.stdout"
 
 - debug: msg="{{ splunkuf.stdout_lines }}"
 
@@ -80,6 +87,7 @@
     chdir: 'c:\vagrant\scripts'
   register: windowsta
   failed_when: "'Exception' in windowsta.stdout"
+  changed_when: "' already installed. Moving on.' not in windowsta.stdout"
 
 - debug: msg="{{ windowsta.stdout_lines }}"
 
@@ -98,6 +106,7 @@
     chdir: 'c:\vagrant\scripts'
   register: evtxeventsamples
   failed_when: "'Exception' in evtxeventsamples.stdout"
+  changed_when: "' were already installed. Moving On.' not in evtxeventsamples.stdout"
 
 - debug: msg="{{ evtxeventsamples.stdout_lines }}"
 
@@ -107,6 +116,7 @@
     chdir: 'c:\vagrant\scripts'
   register: windowsata
   failed_when: "'Exception' in windowsata.stdout"
+  changed_when: "' was already installed. Moving On.' not in windowsata.stdout"
 
 - debug: msg="{{ windowsata.stdout_lines }}"
 

Azure/Ansible/roles/win10/tasks/main.yml

@@ -20,19 +20,27 @@
 
 - name: Copy scripts to c:\vagrant
   win_shell: Copy-Item -Recurse c:\DetectionLab\Vagrant c:\vagrant
+  args:
+    creates: c:\vagrant\Vagrantfile
 
 - name: Making Windows10 Great Again
   win_shell:  .\\MakeWindows10GreatAgain.ps1
   args:
     chdir: 'c:\vagrant\scripts'
+  register: win10_great
+  changed_when: "' was already installed. Moving On.' not in win10_great.stdout"
 
 - name: Join the Domain
   win_shell: .\\provision.ps1
   args:
     chdir: 'c:\vagrant\scripts'
+  register: win10_join_domain
+  changed_when: "'HasSucceeded : True' in win10_join_domain.stdout"
+  failed_when: '"failed to join domain" in win10_join_domain.stderr'
 
 - name: Update group policy
   win_shell: "gpupdate /force"
+  when: win10_join_domain.changed
 
 - name: Reboot Server
   win_reboot:
@@ -40,6 +48,7 @@
     pre_reboot_delay: 15
     reboot_timeout: 600
     post_reboot_delay: 60
+  when: win10_join_domain.changed
 
 - name: Clear Event Logs
   win_shell: "wevtutil el | Select-String -notmatch \"Microsoft-Windows-LiveId\" | Foreach-Object {wevtutil cl \"$_\"}"

ESXi/README.md

@@ -5,19 +5,17 @@ NOTE: This is an early release and it's possible that certain features may not w
 
 ## Prereqs (~30-60 minutes)
 0. Have an ESXi instance version 6 or higher. VSphere is **NOT** required.
-1. Install the [requirements from the ESXi Terraform Provider](https://github.com/josenk/terraform-provider-esxi#requirements)
+1. The ESXi Terraform Provider built by https://github.com/josenk/terraform-provider-esxi will be installed automatically from the Terraform Registry, if you are using Terraform 0.13.x or higher. If needed, the lastest provider package can be downloaded manually from https://github.com/josenk/terraform-provider-esxi/releases.
-    * If building on MacOS, don't forget to change the GOOS from linux to darwin!
+2. Your ESXi must have at least two separate networks - one that is accessible from your current machine (VM Network) and a HostOnly network to allow the VMs to have internet access (HostOnly). 
-        * `GOOS=linux` -> `GOOS=darwin`
+3. [OVFTool](https://my.vmware.com/web/vmware/details?downloadGroup=OVFTOOL420&productId=618) must be installed and in your path. 
-2. Build and install the [terraform-provider-esxi](https://github.com/josenk/terraform-provider-esxi#building-the-provider) provider
-3. Your ESXi must have at least two separate networks - one that is accessible from your current machine (VM Network) and a HostOnly network to allow the VMs to have internet access (HostOnly). 
-4. [OVFTool](https://my.vmware.com/web/vmware/details?downloadGroup=OVFTOOL420&productId=618) must be installed and in your path. 
     * On MacOS, I solved this by creating a symbolic link to the ovftool included in VMWare Fusion: `sudo ln -s "/Applications/VMware Fusion.app/Contents/Library/VMware OVF Tool/ovftool" "/usr/local/bin/ovftool"`
-5. On your ESXI, you must:
+4. On your ESXI, you must:
    1. Enable SSH
     2. Enable the "Guest IP Hack" 
     3. Open VNC ports on the firewall
     * Instructions for those steps are here: https://nickcharlton.net/posts/using-packer-esxi-6.html
-6. [Install Ansible](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html)
+    * Alternatively, you can install the VIB file from https://github.com/sukster/ESXi-Packer-VNC which will automatically open the VNC ports on the ESXi firewall.
+5. [Install Ansible](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html)
 
 ## Steps