trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #465 from clong/azure_bugfix1

Browse Source 
Azure bugfixes
This commit is contained in:
Chris Long
2020-06-15 00:34:08 -07:00
committed by GitHub
parent 8829697fab 518101dc40
commit a64fc9e641
9 changed files with 56 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@@ -8,3 +8,5 @@ Boxes/*
*.tfstate *.tfstate
*.tfstate.* *.tfstate.*
*.tfvars *.tfvars
Azure/Ansible/inventory.yml
Azure/Ansible/inventory.yml.bak

4
Azure/Ansible/group_vars/all.yml
View File

@@ -1,5 +1,5 @@
ansible_user: vagrant ansible_user: ansible
ansible_password: Vagrant123 ansible_password: Ansible123
ansible_port: 5985 ansible_port: 5985
ansible_connection: winrm ansible_connection: winrm
ansible_winrm_transport: basic ansible_winrm_transport: basic

4
Azure/Ansible/group_vars/linux.yml
View File

@@ -1,4 +0,0 @@
ansible_user: vagrant
ansible_password: vagrant
ansible_port: 22
ansible_connection: ssh

26
Azure/Ansible/roles/wef/tasks/main.yml
View File

@@ -1,5 +1,4 @@
--- ---
# This needs to be made idempodent # This needs to be made idempodent
- name: Set HostOnly DNS Address - name: Set HostOnly DNS Address
win_shell: "Set-DnsClientServerAddress -InterfaceAlias Ethernet -ServerAddresses 192.168.38.102,8.8.8.8" win_shell: "Set-DnsClientServerAddress -InterfaceAlias Ethernet -ServerAddresses 192.168.38.102,8.8.8.8"
@@ -108,29 +107,4 @@
- "wevtutil el | Select-String -notmatch \"Microsoft-Windows-LiveId\" | Foreach-Object {wevtutil cl \"$_\"}" - "wevtutil el | Select-String -notmatch \"Microsoft-Windows-LiveId\" | Foreach-Object {wevtutil cl \"$_\"}"
- "Set-SmbServerConfiguration -AuditSmb1Access $true -Force" - "Set-SmbServerConfiguration -AuditSmb1Access $true -Force"
- name: Disable password complexity policy
win_shell: |
secedit /export /cfg C:\secpol.cfg
(gc C:\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\secpol.cfg
secedit /configure /db C:\Windows\security\local.sdb /cfg C:\secpol.cfg /areas SECURITYPOLICY
rm -force C:\secpol.cfg -confirm:$false
become: yes
become_method: enable
- name: Add Ansible user
win_user:
name: ansible
password: Ansible123
groups:
- Administrators
- name: Switch to Ansible user
set_fact:
ansible_user: ansible
ansible_password: Ansible123
- name: Change password for vagrant account back to vagrant
win_user:
name: vagrant
password: vagrant

29
Azure/Ansible/roles/win10/tasks/main.yml
View File

@@ -51,36 +51,11 @@
state: present state: present
install_args: "ADDLOCAL=ClassicStartMenu" install_args: "ADDLOCAL=ClassicStartMenu"
- name: DetectionLab Menu - name: Import ClassicShell config
win_shell: | win_shell: |
"\"C:\\Program Files\\Classic Shell\\ClassicStartMenu.exe -xml c:\\vagrant\\resources\\windows\\MenuSettings.xml\"" "C:\Program Files\Classic Shell\ClassicStartMenu.exe -xml c:\vagrant\resources\windows\MenuSettings.xml"
regedit /s c:\vagrant\resources\windows\MenuStyle_Default_Win7.reg regedit /s c:\vagrant\resources\windows\MenuStyle_Default_Win7.reg
- name: Disable password complexity policy
win_shell: |
secedit /export /cfg C:\secpol.cfg
(gc C:\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\secpol.cfg
secedit /configure /db C:\Windows\security\local.sdb /cfg C:\secpol.cfg /areas SECURITYPOLICY
rm -force C:\secpol.cfg -confirm:$false
become: yes
become_method: enable
- name: Add Ansible user
win_user:
name: ansible
password: Ansible123
groups:
- Administrators
- name: Switch to Ansible user
set_fact:
ansible_user: ansible
ansible_password: Ansible123
- name: Change password for vagrant account back to vagrant
win_user:
name: vagrant
password: vagrant

1
Azure/README.md
View File

@@ -62,6 +62,7 @@ We're going to use Ansible to fininsh provisioning the rest of the Windows hosts
1. **(5 Minutes)** - Configure the `inventory.yml` file 1. **(5 Minutes)** - Configure the `inventory.yml` file
1. Navigate to `Azure/Ansible` and open `inventory.yml` for editing. 1. Navigate to `Azure/Ansible` and open `inventory.yml` for editing.
2. Take the `public_ip` values from `terraform output` and replace the `x.x.x.x` values with the public IP of each host 2. Take the `public_ip` values from `terraform output` and replace the `x.x.x.x` values with the public IP of each host
NOTE: I've added a script at `DetectionLab/Azure/build_ansible_inventory.sh` to help automate this.
Now that Ansible is configured for provisioning, there are two ways to go about this: Now that Ansible is configured for provisioning, there are two ways to go about this:

7
Azure/Terraform/files/winrm.ps1
View File

@@ -1,3 +1,10 @@
secedit /export /cfg C:\secpol.cfg
(gc C:\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\secpol.cfg
secedit /configure /db C:\Windows\security\local.sdb /cfg C:\secpol.cfg /areas SECURITYPOLICY
rm -force C:\secpol.cfg -confirm:$false
net user ansible Ansible123 /add /y
net localgroup administrators ansible /add
net user vagrant vagrant
powershell.exe -c "Set-NetConnectionProfile -InterfaceAlias Ethernet -NetworkCategory Private" powershell.exe -c "Set-NetConnectionProfile -InterfaceAlias Ethernet -NetworkCategory Private"
Enable-PSRemoting -Force Enable-PSRemoting -Force
winrm quickconfig -q winrm quickconfig -q

2
Azure/Terraform/locals.tf
View File

@@ -2,5 +2,5 @@ locals {
fleet_url = "https://${azurerm_public_ip.logger-publicip.ip_address}:8412" fleet_url = "https://${azurerm_public_ip.logger-publicip.ip_address}:8412"
splunk_url = "https://${azurerm_public_ip.logger-publicip.ip_address}:8000" splunk_url = "https://${azurerm_public_ip.logger-publicip.ip_address}:8000"
ata_url = "https://${azurerm_public_ip.wef-publicip.ip_address}" ata_url = "https://${azurerm_public_ip.wef-publicip.ip_address}"
guacamole_url = "https://${azurerm_public_ip.wef-publicip.ip_address}:8080/guacamole" guacamole_url = "http://${azurerm_public_ip.logger-publicip.ip_address}:8080/guacamole"
} }

41
Azure/build_ansible_inventory.sh Executable file
View File

@@ -0,0 +1,41 @@
#! /bin/bash
# This script is used to populate the Azure Ansible inventory.yml with
# the results of "terraform output"
if [ ! -d "./Terraform" ]; then
echo "This script needs to be run from the DetectionLab/Azure folder"
exit 1
fi
if [ ! -d "./Ansible" ]; then
echo "This script needs to be run from the DetectionLab/Azure folder"
exit 1
fi
if ! which terraform >/dev/null; then
echo "Terraform needs to be accessible from PATH."
exit 1
fi
cd ./Terraform
TF_OUTPUT=$(terraform output)
DC_IP=$(echo $TF_OUTPUT | egrep -o "dc_public_ip = ([0-9]{1,3}[\.]){3}[0-9]{1,3}" | cut -d '=' -f 2 | tr -d ' ')
WEF_IP=$(echo $TF_OUTPUT | egrep -o "wef_public_ip = ([0-9]{1,3}[\.]){3}[0-9]{1,3}" | cut -d '=' -f 2 | tr -d ' ')
WIN10_IP=$(echo $TF_OUTPUT | egrep -o "win10_public_ip = ([0-9]{1,3}[\.]){3}[0-9]{1,3}" | cut -d '=' -f 2 | tr -d ' ')
# Don't update unless there's default values in inventory.yml
GREP_COUNT=$(egrep -c 'x\.x\.x\.x|y\.y\.y\.y|z\.z\.z\.z' ../Ansible/inventory.yml)
if [ $GREP_COUNT -ne 3 ]; then
echo "This script is expecting the default values of x.x.x.x, y.y.y.y, and z.z.z.z for the dc, wef, and win10 hosts respectively in Ansible/inventory.yml."
echo "You can restore the file to this state by running 'git checkout -- Ansible/inventory.yml'"
echo "Rerun this script once that is complete."
exit 1
fi
echo "Replacing the default values in DetectionLab/Azure/Ansible/inventory.yml..."
sed -i.bak "s/x.x.x.x/$DC_IP/g; s/y.y.y.y/$WEF_IP/g; s/z.z.z.z/$WIN10_IP/g" ../Ansible/inventory.yml
echo "Displaying the updated inventory.yml below!"
cat ../Ansible/inventory.yml