Updating logger to use Python 3.6.4 for better Caldera support
This commit is contained in:
Chris Long
@@ -34,6 +34,7 @@ OSX 10.12.6 | 2.0.1 | 1.1.2 | Virtualbox (5.1.30)
|
||||
OSX 10.12.4 | 1.9.2 | 1.0.0 | VMWare Fusion (8.5.6)
|
||||
OSX 10.12.5 | 1.9.3 | 1.0.0 | VMWare Fusion (8.5.8)
|
||||
OSX 10.12.6 | 2.0.1 | 1.1.3 | VMWare Fusion (8.5.9)
|
||||
OSX 10.12.6 | 2.0.1 | 1.1.3 | VMWare Fusion (8.5.10)
|
||||
|
||||
**Known Bad Versions:**
|
||||
* Packer 1.1.2 will fail to build VMWare-ISOs correctly due to [this issue](https://github.com/hashicorp/packer/issues/5622).
|
||||
@@ -65,6 +66,7 @@ $ packer build --only=[vmware|virtualbox]-iso windows_2016.json
|
||||
|
||||
7. Navigate to https://192.168.38.5:8000 in a browser to access the Splunk instance on logger. Default credentials are admin:changeme (you will have the option to change them on the next screen)
|
||||
8. Navigate to https://192.168.38.5:8412 in a browser to access the Fleet server on logger. Default credentials are admin:admin123#. Query packs are pre-configured with queries from [palantir/osquery-configuration](https://github.com/palantir/osquery-configuration).
|
||||
9. Navigate to https://192.168.38.5:8888 in a browser to access the Caldera server on logger. Default credentials are admin:caldera.
|
||||
|
||||
## Basic Vagrant Usage
|
||||
Vagrant commands must be run from the "Vagrant" folder.
|
||||
@@ -186,6 +188,12 @@ $ docker-compose up -d
|
||||
|
||||
---
|
||||
|
||||
**Issue:** Your primary hard drive doesn't have enough space for DetectionLab
|
||||
|
||||
**Workaround:** Documented in [#48](https://github.com/clong/detectionlab/issues/48). You can change the default location for Vagrant by using the [VAGRANT_HOME](https://www.vagrantup.com/docs/other/environmental-variables.html#vagrant_home) environment variable.
|
||||
|
||||
---
|
||||
|
||||
## Contributing
|
||||
Please do all of your development in a feature branch on your own fork of detectionlab.
|
||||
Requests for tools and features will be reviewed on a case by case basis, but I will always accept fixes and improvements.
|
||||
|
||||
@@ -6,9 +6,18 @@ echo "deb http://repo.mongodb.org/apt/ubuntu "$(lsb_release -sc)"/mongodb-org/3.
|
||||
|
||||
# Install prerequisites and useful tools
|
||||
apt-get update
|
||||
apt-get install -y jq whois build-essential git docker docker-compose unzip python3-dev python3-pip mongodb-org
|
||||
apt-get install -y jq whois build-essential git docker docker-compose unzip mongodb-org
|
||||
|
||||
# Install Python 3.6.4
|
||||
echo "Installing Python v3.6.4..."
|
||||
wget https://www.python.org/ftp/python/3.6.4/Python-3.6.4.tgz
|
||||
tar -xvf Python-3.6.4.tgz
|
||||
cd Python-3.6.4
|
||||
./configure && make && make install
|
||||
cd /home/vagrant
|
||||
|
||||
# Install Golang v1.8
|
||||
echo "Installing GoLang v1.8..."
|
||||
wget https://storage.googleapis.com/golang/go1.8.linux-amd64.tar.gz
|
||||
tar -xvf go1.8.linux-amd64.tar.gz
|
||||
mv go /usr/local
|
||||
@@ -28,6 +37,7 @@ sudo update-alternatives --set go /usr/local/go/bin/go
|
||||
if [ -f "/opt/splunk/bin/splunk" ]
|
||||
then echo "Splunk is already installed"
|
||||
else
|
||||
echo "Installing Splunk..."
|
||||
# Get Splunk.com into the DNS cache. Sometimes resolution randomly fails during wget below
|
||||
dig @8.8.8.8 splunk.com
|
||||
# Download Splunk
|
||||
@@ -57,6 +67,7 @@ else
|
||||
fi
|
||||
|
||||
# Install Fleet
|
||||
echo "Installing Fleet..."
|
||||
echo -e "\n127.0.0.1 kolide" >> /etc/hosts
|
||||
git clone https://github.com/kolide/kolide-quickstart.git
|
||||
cd kolide-quickstart
|
||||
@@ -71,7 +82,7 @@ echo "Updated enrollment secret"
|
||||
cd /home/vagrant
|
||||
|
||||
# Import Palantir osquery configs into Fleet
|
||||
echo "Downloading Palantir configs"
|
||||
echo "Downloading Palantir configs..."
|
||||
git clone https://github.com/palantir/osquery-configuration.git
|
||||
git clone https://github.com/kolide/configimporter.git
|
||||
cd configimporter
|
||||
@@ -117,15 +128,12 @@ curl 'https://192.168.38.5:8412/api/v1/kolide/packs/5' -X PATCH -H 'origin: http
|
||||
/opt/splunk/bin/splunk add monitor "/home/vagrant/kolide-quickstart/osquery_status" -index osquery-status -sourcetype 'osquery:status' -auth 'admin:changeme'
|
||||
|
||||
# Install Mitre's Caldera
|
||||
echo "Installing Caldera..."
|
||||
cd /home/vagrant
|
||||
git clone https://github.com/mitre/caldera.git
|
||||
cd /home/vagrant/caldera/caldera
|
||||
pip3 install -r requirements.txt
|
||||
pip3 install aiohttp==2.3.8 # See https://github.com/mitre/caldera/pull/13
|
||||
# Patch sslproto https://github.com/mitre/caldera/issues/14#issuecomment-358190888
|
||||
cd /usr/lib/python3.5/asyncio
|
||||
cp /vagrant/resources/caldera/sslproto.patch .
|
||||
patch < sslproto.patch
|
||||
pip3.6 install -r requirements.txt
|
||||
|
||||
# Add a Systemd service for MongoDB
|
||||
# https://www.howtoforge.com/tutorial/install-mongodb-on-ubuntu-16.04/
|
||||
cp /vagrant/resources/caldera/mongod.service /lib/systemd/system/mongod.service
|
||||
|
||||
@@ -5,7 +5,7 @@ After=multi-user.target
|
||||
[Service]
|
||||
Type=idle
|
||||
WorkingDirectory=/home/vagrant/caldera/caldera
|
||||
ExecStart=/usr/bin/python3 caldera.py
|
||||
ExecStart=/usr/local/bin/python3.6 caldera.py
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
--- sslproto.py 2018-01-17 08:00:50.567571454 +0000
|
||||
+++ sslproto.py.new 2018-01-17 08:03:31.996275969 +0000
|
||||
@@ -533,8 +533,10 @@
|
||||
def _get_extra_info(self, name, default=None):
|
||||
if name in self._extra:
|
||||
return self._extra[name]
|
||||
- else:
|
||||
+ elif self._transport is not None:
|
||||
return self._transport.get_extra_info(name, default)
|
||||
+ else:
|
||||
+ return default
|
||||
|
||||
def _start_shutdown(self):
|
||||
if self._in_shutdown:
|
||||
Reference in New Issue
Block a user