From 905eaca9fa9aef339f8809754b2fb7df584ffdc3 Mon Sep 17 00:00:00 2001 From: Chris Long Date: Tue, 19 Nov 2019 21:01:19 -0800 Subject: [PATCH] Adding Guacamole for multi-machine management --- Terraform/main.tf | 16 ++++++++ Vagrant/bootstrap.sh | 24 +++++++++++ .../resources/guacamole/guacamole.properties | 24 +++++++++++ Vagrant/resources/guacamole/guacd.service | 29 +++++++++++++ Vagrant/resources/guacamole/user-mapping.xml | 41 +++++++++++++++++++ 5 files changed, 134 insertions(+) create mode 100644 Vagrant/resources/guacamole/guacamole.properties create mode 100644 Vagrant/resources/guacamole/guacd.service create mode 100644 Vagrant/resources/guacamole/user-mapping.xml diff --git a/Terraform/main.tf b/Terraform/main.tf index dc30ae6..a7361df 100644 --- a/Terraform/main.tf +++ b/Terraform/main.tf @@ -72,6 +72,20 @@ resource "aws_security_group" "logger" { cidr_blocks = var.ip_whitelist } + # Guacamole access + ingress { + from_port = 8080 + to_port = 8080 + protocol = "tcp" + cidr_blocks = var.ip_whitelist + } + ingress { + from_port = 8443 + to_port = 8443 + protocol = "tcp" + cidr_blocks = var.ip_whitelist + } + # Allow all traffic from the private subnet ingress { from_port = 0 @@ -167,6 +181,8 @@ resource "aws_instance" "logger" { "sudo sed -i 's/ETH1/ETH0/g' /opt/DetectionLab/Vagrant/bootstrap.sh", "sudo sed -i 's#/usr/local/go/bin/go get -u#GOPATH=/root/go /usr/local/go/bin/go get -u#g' /opt/DetectionLab/Vagrant/bootstrap.sh", "sudo sed -i 's#/vagrant/resources#/opt/DetectionLab/Vagrant/resources#g' /opt/DetectionLab/Vagrant/bootstrap.sh", + "sudo sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config", + "sudo service ssh restart", "sudo chmod +x /opt/DetectionLab/Vagrant/bootstrap.sh", "sudo apt-get -qq update", "sudo /opt/DetectionLab/Vagrant/bootstrap.sh", diff --git a/Vagrant/bootstrap.sh b/Vagrant/bootstrap.sh index 1e1279f..b6f2a3e 100644 --- a/Vagrant/bootstrap.sh +++ b/Vagrant/bootstrap.sh @@ -423,6 +423,29 @@ test_suricata_prerequisites() { done } +install_guacamole() { + echo "[$(date +%H:%M:%S)]: Installing Guacamole..." + cd /home/vagrant + apt-get -qq install -y libcairo2-dev libjpeg62-dev libpng12-dev libossp-uuid-dev libfreerdp-dev libpango1.0-dev libssh2-1-dev libssh-dev tomcat8 tomcat8-admin tomcat8-user + wget --progress=bar:force "http://apache.org/dyn/closer.cgi?action=download&filename=guacamole/1.0.0/source/guacamole-server-1.0.0.tar.gz" -O guacamole-server-1.0.0.tar.gz + tar -xvf guacamole-server-1.0.0.tar.gz && cd guacamole-server-1.0.0 + ./configure &> /dev/null && make --quiet &> /dev/null && make --quiet install &> /dev/null || echo "[-] An error occurred while installing Guacamole." + ldconfig + cd /var/lib/tomcat8/webapps + wget --progress=bar:force "http://apache.org/dyn/closer.cgi?action=download&filename=guacamole/1.0.0/binary/guacamole-1.0.0.war" -O guacamole.war + mkdir /etc/guacamole + mkdir /usr/share/tomcat8/.guacamole + cp /vagrant/resources/guacamole/user-mapping.xml /etc/guacamole/ + cp /vagrant/resources/guacamole/guacamole.properties /etc/guacamole/ + cp /vagrant/resources/guacamole/guacd.service /lib/systemd/system + sudo ln -s /etc/guacamole/guacamole.properties /usr/share/tomcat8/.guacamole/ + sudo ln -s /etc/guacamole/user-mapping.xml /usr/share/tomcat8/.guacamole/ + systemctl enable guacd + systemctl enable tomcat8 + systemctl start guacd + systemctl start tomcat8 +} + postinstall_tasks() { # Include Splunk and Bro in the PATH echo export PATH="$PATH:/opt/splunk/bin:/opt/bro/bin" >> ~/.bashrc @@ -438,6 +461,7 @@ main() { import_osquery_config_into_fleet install_suricata install_bro + install_guacamole postinstall_tasks } diff --git a/Vagrant/resources/guacamole/guacamole.properties b/Vagrant/resources/guacamole/guacamole.properties new file mode 100644 index 0000000..0015d45 --- /dev/null +++ b/Vagrant/resources/guacamole/guacamole.properties @@ -0,0 +1,24 @@ +# Guacamole - Clientless Remote Desktop +# Copyright (C) 2010 Michael Jumper +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . + + +# Hostname and port of guacamole proxy +guacd-hostname: localhost +guacd-port: 4822 + +# Auth provider class (authenticates user/pass combination, needed if using the provided login screen) +auth-provider: net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider +basic-user-mapping: /etc/guacamole/user-mapping.xml \ No newline at end of file diff --git a/Vagrant/resources/guacamole/guacd.service b/Vagrant/resources/guacamole/guacd.service new file mode 100644 index 0000000..af83958 --- /dev/null +++ b/Vagrant/resources/guacamole/guacd.service @@ -0,0 +1,29 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +[Unit] +Description=Guacamole Server +Documentation=man:guacd(8) +After=network.target + +[Service] +User=daemon +ExecStart=/usr/local/sbin/guacd -f +Restart=on-abnormal + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/Vagrant/resources/guacamole/user-mapping.xml b/Vagrant/resources/guacamole/user-mapping.xml new file mode 100644 index 0000000..df7e54e --- /dev/null +++ b/Vagrant/resources/guacamole/user-mapping.xml @@ -0,0 +1,41 @@ + + + + ssh + 192.168.38.105 + 22 + vagrant + vagrant + + + + rdp + 192.168.38.103 + 3389 + vagrant + vagrant + nla + true + + + + rdp + 192.168.38.104 + 3389 + vagrant + vagrant + nla + true + + + + rdp + 192.168.38.102 + 3389 + vagrant + vagrant + nla + true + + + \ No newline at end of file