Merge pull request #474 from clong/linter_errors

Fix lint errors, update packer files

.gitignore

@@ -8,5 +8,4 @@ Boxes/*
 *.tfstate
 *.tfstate.*
 *.tfvars
-Azure/Ansible/inventory.yml
-Azure/Ansible/inventory.yml.bak
+inventory.yml

Azure/build_ansible_inventory.sh

@@ -18,16 +18,16 @@ if ! which terraform >/dev/null; then
   exit 1
 fi
 
-cd ./Terraform
+cd ./Terraform || exit 1
 TF_OUTPUT=$(terraform output)
 
-DC_IP=$(echo $TF_OUTPUT | egrep -o "dc_public_ip = ([0-9]{1,3}[\.]){3}[0-9]{1,3}" | cut -d '=' -f 2 | tr -d ' ')
-WEF_IP=$(echo $TF_OUTPUT | egrep -o "wef_public_ip = ([0-9]{1,3}[\.]){3}[0-9]{1,3}" | cut -d '=' -f 2 | tr -d ' ')
-WIN10_IP=$(echo $TF_OUTPUT | egrep -o "win10_public_ip = ([0-9]{1,3}[\.]){3}[0-9]{1,3}" | cut -d '=' -f 2 | tr -d ' ')
+DC_IP=$(echo "$TF_OUTPUT" | grep -E -o "dc_public_ip = ([0-9]{1,3}[\.]){3}[0-9]{1,3}" | cut -d '=' -f 2 | tr -d ' ')
+WEF_IP=$(echo "$TF_OUTPUT" | grep -E -o "wef_public_ip = ([0-9]{1,3}[\.]){3}[0-9]{1,3}" | cut -d '=' -f 2 | tr -d ' ')
+WIN10_IP=$(echo "$TF_OUTPUT" | grep -E -o "win10_public_ip = ([0-9]{1,3}[\.]){3}[0-9]{1,3}" | cut -d '=' -f 2 | tr -d ' ')
 
 # Don't update unless there's default values in inventory.yml
-GREP_COUNT=$(egrep -c 'x\.x\.x\.x|y\.y\.y\.y|z\.z\.z\.z' ../Ansible/inventory.yml)
-if [ $GREP_COUNT -ne 3 ]; then
+GREP_COUNT=$(grep -E -c 'x\.x\.x\.x|y\.y\.y\.y|z\.z\.z\.z' ../Ansible/inventory.yml)
+if [ "$GREP_COUNT" -ne 3 ]; then
   echo "This script is expecting the default values of x.x.x.x, y.y.y.y, and z.z.z.z for the dc, wef, and win10 hosts respectively in Ansible/inventory.yml."
   echo "You can restore the file to this state by running 'git checkout -- Ansible/inventory.yml'"
   echo "Rerun this script once that is complete."

ESXi/Packer/_common/minimize.sh

@@ -6,18 +6,18 @@ esac
 
 # Whiteout root
 count=$(df --sync -kP / | tail -n1  | awk -F ' ' '{print $4}')
-count=$(($count-1))
+count=$((count-1))
 dd if=/dev/zero of=/tmp/whitespace bs=1M count=$count || echo "dd exit code $? is suppressed";
 rm /tmp/whitespace
 
 # Whiteout /boot
 count=$(df --sync -kP /boot | tail -n1 | awk -F ' ' '{print $4}')
-count=$(($count-1))
+count=$((count-1))
 dd if=/dev/zero of=/boot/whitespace bs=1M count=$count || echo "dd exit code $? is suppressed";
 rm /boot/whitespace
 
 set +e
-swapuuid="`/sbin/blkid -o value -l -s UUID -t TYPE=swap`";
+swapuuid="$(/sbin/blkid -o value -l -s UUID -t TYPE=swap)";
 case "$?" in
     2|0) ;;
     *) exit 1 ;;
@@ -27,7 +27,7 @@ set -e
 if [ "x${swapuuid}" != "x" ]; then
     # Whiteout the swap partition to reduce box size
     # Swap is disabled till reboot
-    swappart="`readlink -f /dev/disk/by-uuid/$swapuuid`";
+    swappart="$(readlink -f /dev/disk/by-uuid/"$swapuuid")";
     /sbin/swapoff "$swappart";
     dd if=/dev/zero of="$swappart" bs=1M || echo "dd exit code $? is suppressed";
     /sbin/mkswap -U "$swapuuid" "$swappart";

ESXi/Packer/_common/sshd.sh

@@ -3,6 +3,7 @@
 SSHD_CONFIG="/etc/ssh/sshd_config"
 
 # ensure that there is a trailing newline before attempting to concatenate
+# shellcheck disable=SC1003
 sed -i -e '$a\' "$SSHD_CONFIG"
 
 USEDNS="UseDNS no"

ESXi/Packer/_common/vagrant.sh

@@ -4,16 +4,16 @@
 HOME_DIR="${HOME_DIR:-/home/vagrant}";
 
 pubkey_url="https://raw.githubusercontent.com/mitchellh/vagrant/master/keys/vagrant.pub";
-mkdir -p $HOME_DIR/.ssh;
+mkdir -p "$HOME_DIR"/.ssh;
 if command -v wget >/dev/null 2>&1; then
-    wget --no-check-certificate "$pubkey_url" -O $HOME_DIR/.ssh/authorized_keys;
+    wget --no-check-certificate "$pubkey_url" -O "$HOME_DIR"/.ssh/authorized_keys;
 elif command -v curl >/dev/null 2>&1; then
-    curl --insecure --location "$pubkey_url" > $HOME_DIR/.ssh/authorized_keys;
+    curl --insecure --location "$pubkey_url" > "$HOME_DIR"/.ssh/authorized_keys;
 elif command -v fetch >/dev/null 2>&1; then
-    fetch -am -o $HOME_DIR/.ssh/authorized_keys "$pubkey_url";
+    fetch -am -o "$HOME_DIR"/.ssh/authorized_keys "$pubkey_url";
 else
     echo "Cannot download vagrant public key";
     exit 1;
 fi
-chown -R vagrant $HOME_DIR/.ssh;
-chmod -R go-rwsx $HOME_DIR/.ssh;
+chown -R vagrant "$HOME_DIR"/.ssh;
+chmod -R go-rwsx "$HOME_DIR"/.ssh;

ESXi/Packer/_common/vmware.sh

@@ -12,15 +12,15 @@ vmware-iso|vmware-vmx)
 
     mkdir -p /tmp/vmware;
     mkdir -p /tmp/vmware-archive;
-    mount -o loop $HOME_DIR/linux.iso /tmp/vmware;
+    mount -o loop "$HOME_DIR"/linux.iso /tmp/vmware;
 
-    TOOLS_PATH="`ls /tmp/vmware/VMwareTools-*.tar.gz`";
-    VER="`echo "${TOOLS_PATH}" | cut -f2 -d'-'`";
-    MAJ_VER="`echo ${VER} | cut -d '.' -f 1`";
+    TOOLS_PATH="$(ls /tmp/vmware/VMwareTools-*.tar.gz)";
+    VER="$(echo "${TOOLS_PATH}" | cut -f2 -d'-')";
+    MAJ_VER="$(echo "${VER}" | cut -d '.' -f 1)";
 
     echo "VMware Tools Version: $VER";
 
-    tar xzf ${TOOLS_PATH} -C /tmp/vmware-archive;
+    tar xzf "${TOOLS_PATH}" -C /tmp/vmware-archive;
     if [ "${MAJ_VER}" -lt "10" ]; then
         /tmp/vmware-archive/vmware-tools-distrib/vmware-install.pl --default;
     else
@@ -29,6 +29,6 @@ vmware-iso|vmware-vmx)
     umount /tmp/vmware;
     rm -rf  /tmp/vmware;
     rm -rf  /tmp/vmware-archive;
-    rm -f $HOME_DIR/*.iso;
+    rm -f "$HOME_DIR"/*.iso;
     ;;
 esac

ESXi/Packer/scripts/cleanup.sh

@@ -12,7 +12,7 @@ dpkg --list \
 dpkg --list \
     | awk '{ print $2 }' \
     | grep 'linux-image-.*-generic' \
-    | grep -v `uname -r` \
+    | grep -v "$(uname -r)" \
     | xargs apt-get -y purge;
 
 # Delete Linux source

ESXi/Packer/scripts/networking.sh

@@ -1,7 +1,7 @@
 #!/bin/sh -eux
 
-ubuntu_version="`lsb_release -r | awk '{print $2}'`";
-major_version="`echo $ubuntu_version | awk -F. '{print $1}'`";
+ubuntu_version="$(lsb_release -r | awk '{print $2}')";
+major_version="$(echo "$ubuntu_version" | awk -F. '{print $1}')";
 
 if [ "$major_version" -ge "18" ]; then
 echo "Create netplan config for eth0"

ESXi/Packer/scripts/update.sh

@@ -1,8 +1,8 @@
 #!/bin/sh -eux
 export DEBIAN_FRONTEND=noninteractive
 
-ubuntu_version="`lsb_release -r | awk '{print $2}'`";
-major_version="`echo $ubuntu_version | awk -F. '{print $1}'`";
+ubuntu_version="$(lsb_release -r | awk '{print $2}')";
+major_version="$(echo "$ubuntu_version" | awk -F. '{print $1}')";
 
 # Disable release-upgrades
 sed -i.bak 's/^Prompt=.*$/Prompt=never/' /etc/update-manager/release-upgrades;

ESXi/Packer/scripts/vagrant.sh

@@ -1,14 +1,14 @@
 #!/bin/bash -eux
 
 pubkey_url="https://raw.githubusercontent.com/mitchellh/vagrant/master/keys/vagrant.pub";
-mkdir -p $HOME_DIR/.ssh;
+mkdir -p "$HOME_DIR"/.ssh;
 if command -v wget >/dev/null 2>&1; then
-    wget --no-check-certificate "$pubkey_url" -O $HOME_DIR/.ssh/authorized_keys;
+    wget --no-check-certificate "$pubkey_url" -O "$HOME_DIR"/.ssh/authorized_keys;
 elif command -v curl >/dev/null 2>&1; then
-    curl --insecure --location "$pubkey_url" > $HOME_DIR/.ssh/authorized_keys;
+    curl --insecure --location "$pubkey_url" > "$HOME_DIR"/.ssh/authorized_keys;
 else
     echo "Cannot download vagrant public key";
     exit 1;
 fi
-chown -R vagrant $HOME_DIR/.ssh;
-chmod -R go-rwsx $HOME_DIR/.ssh;
+chown -R vagrant "$HOME_DIR"/.ssh;
+chmod -R go-rwsx "$HOME_DIR"/.ssh;

ESXi/Packer/windows_10_esxi.json

@@ -92,8 +92,7 @@
     "esxi_host": "",
     "esxi_username": "",
     "esxi_password": "",
-    "iso_checksum": "ab4862ba7d1644c27f27516d24cb21e6b39234eb3301e5f1fb365a78b22f79b3",
-    "iso_checksum_type": "sha256",
+    "iso_checksum": "sha256:ab4862ba7d1644c27f27516d24cb21e6b39234eb3301e5f1fb365a78b22f79b3",
     "iso_url": "https://software-download.microsoft.com/download/pr/18362.30.190401-1528.19h1_release_svc_refresh_CLIENTENTERPRISEEVAL_OEMRET_x64FRE_en-us.iso",
     "autounattend": "../../Packer/answer_files/10/Autounattend.xml",
     "disk_size": "61440"

ESXi/Packer/windows_2016_esxi.json

@@ -80,8 +80,7 @@
     "esxi_username": "",
     "esxi_password": "",
     "iso_url": "https://software-download.microsoft.com/download/pr/Windows_Server_2016_Datacenter_EVAL_en-us_14393_refresh.ISO",
-    "iso_checksum_type": "md5",
-    "iso_checksum": "70721288BBCDFE3239D8F8C0FAE55F1F",
+    "iso_checksum": "md5:70721288BBCDFE3239D8F8C0FAE55F1F",
     "autounattend": "../../Packer/answer_files/2016/Autounattend.xml"
   }
 }

Packer/windows_10.json

@@ -188,8 +188,7 @@
     }
   ],
   "variables": {
-    "iso_checksum": "9ef81b6a101afd57b2dbfa44d5c8f7bc94ff45b51b82c5a1f9267ce2e63e9f53",
-    "iso_checksum_type": "sha256",
+    "iso_checksum": "sha256:9ef81b6a101afd57b2dbfa44d5c8f7bc94ff45b51b82c5a1f9267ce2e63e9f53",
     "iso_url": "https://software-download.microsoft.com/download/pr/18363.418.191007-0143.19h2_release_svc_refresh_CLIENTENTERPRISEEVAL_OEMRET_x64FRE_en-us.iso",
     "autounattend": "./answer_files/10/Autounattend.xml",
     "disk_size": "61440",

Packer/windows_2016.json

@@ -173,8 +173,7 @@
   ],
   "variables": {
     "iso_url": "https://software-download.microsoft.com/download/pr/Windows_Server_2016_Datacenter_EVAL_en-us_14393_refresh.ISO",
-    "iso_checksum_type": "md5",
-    "iso_checksum": "70721288BBCDFE3239D8F8C0FAE55F1F",
+    "iso_checksum": "md5:70721288BBCDFE3239D8F8C0FAE55F1F",
     "disk_size": "61440",
     "autounattend": "./answer_files/2016/Autounattend.xml",
     "virtio_win_iso": "./virtio-win.iso",

README.md

@@ -1,5 +1,6 @@
-![DetectionLab](./img/DetectionLab.png)
 # Detection Lab
+![DetectionLab](./img/DetectionLab.png)
+
 DetectionLab is tested weekly on Saturdays via a scheduled CircleCI workflow to ensure that builds are passing.
 
 [![CircleCI](https://circleci.com/gh/clong/DetectionLab/tree/master.svg?style=shield)](https://circleci.com/gh/clong/DetectionLab/tree/master)
@@ -38,15 +39,15 @@ NOTE: This lab has not been hardened in any way and runs with default vagrant cr
 ## Requirements for VMware or Virtualbox
 * 55GB+ of free disk space
 * 16GB+ of RAM
-* Packer 1.3.2 or newer
-* Vagrant 2.2.7 or newer
+* Packer 1.6.0 or newer
+* Vagrant 2.2.9 or newer
 * Virtualbox or VMWare Fusion/Workstation
 
 ---
 
 ## Building Detection Lab
 
-Please view the quickstart guides based on the operating system you are using. The AWS/Terraform DetectionLab can be launched from any operating system.
+Please view the quickstart guides based on the operating system you are using. The AWS and Azure deployment options for DetectionLab can be launched from any operating system.
 
 * [AWS via Terraform](https://github.com/clong/DetectionLab/wiki/Quickstart---AWS-(Terraform))
 * [Azure via Terraform & Ansible](https://github.com/clong/DetectionLab/tree/master/Azure)

Vagrant/bootstrap.sh

@@ -10,7 +10,7 @@ sed -i 's/nameserver 127.0.0.53/nameserver 8.8.8.8/g' /etc/resolv.conf && chattr
 # Get a free Maxmind license here: https://www.maxmind.com/en/geolite2/signup
 # Required for the ASNgen app to work: https://splunkbase.splunk.com/app/3531/
 export MAXMIND_LICENSE=
-if [ -z "$MAXMIND_LICENSE" ]; then
+if [ -n "$MAXMIND_LICENSE" ]; then
   echo "Note: You have not entered a MaxMind license key on line 5 of bootstrap.sh, so the ASNgen Splunk app may not work correctly."
   echo "However, it is not required and everything else should function correctly."
 fi
@@ -166,7 +166,7 @@ install_splunk() {
     /opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/threathunting_141.tgz -auth 'admin:changeme'
 
     # Install the Maxmind license key for the ASNgen App
-    if [ ! -z "$MAXMIND_LICENSE" ]; then
+    if [ -n "$MAXMIND_LICENSE" ]; then
       mkdir /opt/splunk/etc/apps/TA-asngen/local 
       cp /opt/splunk/etc/apps/TA-asngen/default/asngen.conf /opt/splunk/etc/apps/TA-asngen/local/asngen.conf
       sed -i "s/license_key =/license_key = $MAXMIND_LICENSE/g" /opt/splunk/etc/apps/TA-asngen/local/asngen.conf