From 0b3aa71e461a90ed864125d41facd775722da174 Mon Sep 17 00:00:00 2001 From: Chris Long Date: Sat, 26 Jun 2021 21:39:00 -0700 Subject: [PATCH] Update AWS Terraform to use DL-Logger AMI --- AWS/Terraform/main.tf | 30 +++++++++++------------------- AWS/Terraform/outputs.tf | 4 ++++ AWS/Terraform/variables.tf | 6 +++--- 3 files changed, 18 insertions(+), 22 deletions(-) diff --git a/AWS/Terraform/main.tf b/AWS/Terraform/main.tf index db9b530..48563c3 100644 --- a/AWS/Terraform/main.tf +++ b/AWS/Terraform/main.tf @@ -181,38 +181,30 @@ resource "aws_instance" "logger" { key_name = aws_key_pair.auth.key_name private_ip = "192.168.38.105" - # Provision the AWS Ubuntu 18.04 AMI from scratch. provisioner "remote-exec" { inline = [ - "sudo apt-get -qq update && sudo apt-get -qq install -y git", - "echo 'logger' | sudo tee /etc/hostname && sudo hostnamectl set-hostname logger", - "sudo adduser --disabled-password --gecos \"\" vagrant && echo 'vagrant:vagrant' | sudo chpasswd", - "sudo mkdir /home/vagrant/.ssh && sudo cp /home/ubuntu/.ssh/authorized_keys /home/vagrant/.ssh/authorized_keys && sudo chown -R vagrant:vagrant /home/vagrant/.ssh", - "echo 'vagrant ALL=(ALL:ALL) NOPASSWD:ALL' | sudo tee -a /etc/sudoers", - "sudo git clone https://github.com/clong/DetectionLab.git /opt/DetectionLab", - "sudo sed -i 's/eth1/ens5/g' /opt/DetectionLab/Vagrant/logger_bootstrap.sh", - "sudo sed -i 's/ETH1/ens5/g' /opt/DetectionLab/Vagrant/logger_bootstrap.sh", - "sudo sed -i 's/eth1/ens5/g' /opt/DetectionLab/Vagrant/resources/suricata/suricata.yaml", - "sudo sed -i -e '127,130d' /opt/DetectionLab/Vagrant/resources/suricata/suricata.yaml", - "sudo sed -i 's#/vagrant/resources#/opt/DetectionLab/Vagrant/resources#g' /opt/DetectionLab/Vagrant/logger_bootstrap.sh", - "sudo sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config", - "sudo service ssh restart", - "sudo chmod +x /opt/DetectionLab/Vagrant/logger_bootstrap.sh", "sudo apt-get -qq update", - "sudo /opt/DetectionLab/Vagrant/logger_bootstrap.sh", + "sudo git clone https://github.com/clong/DetectionLab.git /opt/DetectionLab", + "sudo chmod +x /opt/DetectionLab/Vagrant/logger_bootstrap.sh", + "sudo sed -i 's#/vagrant/resources#/opt/DetectionLab/Vagrant/resources#g' /opt/DetectionLab/Vagrant/logger_bootstrap.sh", + "sudo yq d -i /etc/suricata/suricata.yaml af-packet[1]", + "sudo sed -i '1s/^/\\%YAML 1.1\\n---\\n/g' /etc/suricata/suricata.yaml", + "sudo cp /opt/DetectionLab/Vagrant/resources/fleet/fleet.service /etc/systemd/system/fleet.service && sudo systemctl daemon-reload && sudo service fleet restart", + "sudo service suricata restart", + "sudo /opt/DetectionLab/Vagrant/logger_bootstrap.sh splunk_only", ] connection { host = coalesce(self.public_ip, self.private_ip) type = "ssh" - user = "ubuntu" - private_key = file(var.private_key_path) + user = "vagrant" + password = "vagrant" } } root_block_device { delete_on_termination = true - volume_size = 64 + volume_size = 64 } } diff --git a/AWS/Terraform/outputs.tf b/AWS/Terraform/outputs.tf index 3b6dd33..2f27cd6 100644 --- a/AWS/Terraform/outputs.tf +++ b/AWS/Terraform/outputs.tf @@ -6,6 +6,10 @@ output "logger_public_ip" { value = aws_instance.logger.public_ip } +output "logger_ssh_access" { + value = "ssh vagrant@aws_instance.logger.public_ip (password=vagrant)" +} + output "dc_public_ip" { value = aws_instance.dc.public_ip } diff --git a/AWS/Terraform/variables.tf b/AWS/Terraform/variables.tf index 246b77f..e4077d1 100644 --- a/AWS/Terraform/variables.tf +++ b/AWS/Terraform/variables.tf @@ -59,11 +59,11 @@ variable "external_dns_servers" { # Use Data Sources to resolve the AMI-ID for the Ubuntu 18.04 AMI data "aws_ami" "logger_ami" { - owners = ["099720109477"] + owners = ["505638924199"] filter { name = "name" - values = ["ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-20191113"] + values = ["detectionlab-logger"] } } @@ -124,4 +124,4 @@ variable "exchange_ami" { variable "win10_ami" { type = string default = "" -} \ No newline at end of file +}