From be0f22417f7d6d794c5441f960aa59f9a790cef6 Mon Sep 17 00:00:00 2001 From: NemoEht Date: Mon, 23 Mar 2020 20:36:16 -0700 Subject: [PATCH 1/5] Update to ubuntu1804_esxi.json with ssh_timeout Added ssh_timeout of 10000 seconds (166.6667 minutes). This will keep packer from destroying the VM before it's even done with the setup process. The time can be adjusted but this helped me in the setup process. --- ESXi/Packer/ubuntu1804_esxi.json | 1 + 1 file changed, 1 insertion(+) diff --git a/ESXi/Packer/ubuntu1804_esxi.json b/ESXi/Packer/ubuntu1804_esxi.json index 928f194..39eadb3 100644 --- a/ESXi/Packer/ubuntu1804_esxi.json +++ b/ESXi/Packer/ubuntu1804_esxi.json @@ -45,6 +45,7 @@ "ssh_password": "vagrant", "ssh_port": 22, "ssh_username": "vagrant", + "ssh_timeout": "10000s", "pause_before_connecting": "10m", "tools_upload_flavor": "linux", "type": "vmware-iso", From b2cf652fdc0cae6d5cfc03ba1d9e91ca86f02c2b Mon Sep 17 00:00:00 2001 From: Chris Long Date: Wed, 25 Mar 2020 22:46:19 -0700 Subject: [PATCH 2/5] Update install-utilities.ps1 --- Vagrant/scripts/install-utilities.ps1 | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Vagrant/scripts/install-utilities.ps1 b/Vagrant/scripts/install-utilities.ps1 index 670d899..b79d0fa 100755 --- a/Vagrant/scripts/install-utilities.ps1 +++ b/Vagrant/scripts/install-utilities.ps1 @@ -14,8 +14,6 @@ If ($(hostname) -eq "win10") { choco install -y --limit-output --no-progress classic-shell -installArgs ADDLOCAL=ClassicStartMenu & "C:\Program Files\Classic Shell\ClassicStartMenu.exe" "-xml" "c:\vagrant\resources\windows\MenuSettings.xml" } -choco install -y --limit-output --no-progress NotepadPlusPlus -choco install -y --limit-output --no-progress GoogleChrome -choco install -y --limit-output --no-progress WinRar +choco install -y --limit-output --no-progress NotepadPlusPlus GoogleChrome WinRar Write-Host "Utilties installation complete!" From 6525456492bc311c3ae061adb854691f424e4ba7 Mon Sep 17 00:00:00 2001 From: Chris Long Date: Wed, 25 Mar 2020 22:46:55 -0700 Subject: [PATCH 3/5] Update install-choco-extras.ps1 --- Vagrant/scripts/install-choco-extras.ps1 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Vagrant/scripts/install-choco-extras.ps1 b/Vagrant/scripts/install-choco-extras.ps1 index 5fd4cd3..cbc14fe 100644 --- a/Vagrant/scripts/install-choco-extras.ps1 +++ b/Vagrant/scripts/install-choco-extras.ps1 @@ -10,7 +10,6 @@ If (-not (Test-Path "C:\ProgramData\chocolatey")) { } Write-Host "Installing Chocolatey extras..." -choco install -y --limit-output --no-progress wireshark -choco install -y --limit-output --no-progress winpcap +choco install -y --limit-output --no-progress wireshark winpcap Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Choco addons complete!" From 9437e74c3e4c9914949e20848ed35dba37371282 Mon Sep 17 00:00:00 2001 From: Chris Long Date: Thu, 26 Mar 2020 11:45:37 -0700 Subject: [PATCH 4/5] Update bootstrap.sh --- Vagrant/bootstrap.sh | 7 ------- 1 file changed, 7 deletions(-) diff --git a/Vagrant/bootstrap.sh b/Vagrant/bootstrap.sh index 49a8820..a7102d5 100644 --- a/Vagrant/bootstrap.sh +++ b/Vagrant/bootstrap.sh @@ -335,13 +335,6 @@ import_osquery_config_into_fleet() { sed -i 's/interval: 3600/interval: 180/g' osquery-configuration/Fleet/Endpoints/Windows/osquery.yaml sed -i 's/interval: 28800/interval: 900/g' osquery-configuration/Fleet/Endpoints/MacOS/osquery.yaml sed -i 's/interval: 28800/interval: 900/g' osquery-configuration/Fleet/Endpoints/Windows/osquery.yaml - # These can be removed after this PR is merged: https://github.com/palantir/osquery-configuration/pull/14 - sed -i "s/labels: null/labels:\n - MS Windows/g" osquery-configuration/Fleet/Endpoints/Windows/osquery.yaml - sed -i "s/labels: null/labels:\n - MS Windows/g" osquery-configuration/Fleet/Endpoints/packs/windows-application-security.yaml - sed -i "s/labels: null/labels:\n - MS Windows/g" osquery-configuration/Fleet/Endpoints/packs/windows-compliance.yaml - sed -i "s/labels: null/labels:\n - MS Windows/g" osquery-configuration/Fleet/Endpoints/packs/windows-registry-monitoring.yaml - sed -i "s/labels: null/labels:\n - MS Windows\n - macOS/g" osquery-configuration/Fleet/Endpoints/packs/performance-metrics.yaml - sed -i "s/labels: null/labels:\n - MS Windows\n - macOS/g" osquery-configuration/Fleet/Endpoints/packs/security-tooling-checks.yaml # Use fleetctl to import YAML files fleetctl apply -f osquery-configuration/Fleet/Endpoints/MacOS/osquery.yaml From 0f5faccf46ba6b32ffb2b6b98a846eb0ea5480c1 Mon Sep 17 00:00:00 2001 From: Chris Long Date: Thu, 26 Mar 2020 13:34:20 -0700 Subject: [PATCH 5/5] Update main.yml --- ESXi/ansible/roles/logger/tasks/main.yml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/ESXi/ansible/roles/logger/tasks/main.yml b/ESXi/ansible/roles/logger/tasks/main.yml index d768a38..b861be0 100644 --- a/ESXi/ansible/roles/logger/tasks/main.yml +++ b/ESXi/ansible/roles/logger/tasks/main.yml @@ -367,13 +367,6 @@ sed -i 's/interval: 3600/interval: 180/g' osquery-configuration/Fleet/Endpoints/Windows/osquery.yaml sed -i 's/interval: 28800/interval: 900/g' osquery-configuration/Fleet/Endpoints/MacOS/osquery.yaml sed -i 's/interval: 28800/interval: 900/g' osquery-configuration/Fleet/Endpoints/Windows/osquery.yaml - # These can be removed after this PR is merged: https://github.com/palantir/osquery-configuration/pull/14 - sed -i "s/labels: null/labels:\n - MS Windows/g" osquery-configuration/Fleet/Endpoints/Windows/osquery.yaml - sed -i "s/labels: null/labels:\n - MS Windows/g" osquery-configuration/Fleet/Endpoints/packs/windows-application-security.yaml - sed -i "s/labels: null/labels:\n - MS Windows/g" osquery-configuration/Fleet/Endpoints/packs/windows-compliance.yaml - sed -i "s/labels: null/labels:\n - MS Windows/g" osquery-configuration/Fleet/Endpoints/packs/windows-registry-monitoring.yaml - sed -i "s/labels: null/labels:\n - MS Windows\n - macOS/g" osquery-configuration/Fleet/Endpoints/packs/performance-metrics.yaml - sed -i "s/labels: null/labels:\n - MS Windows\n - macOS/g" osquery-configuration/Fleet/Endpoints/packs/security-tooling-checks.yaml # Use fleetctl to import YAML files fleetctl apply -f osquery-configuration/Fleet/Endpoints/MacOS/osquery.yaml