Actually add files
This commit is contained in:
Chris Long
@@ -130,7 +130,7 @@ jobs:
|
||||
done
|
||||
|
||||
- run:
|
||||
name: Wait for build results
|
||||
name: Post the build results
|
||||
command: |
|
||||
## Recording the build results
|
||||
STATUS=$(cat /tmp/status)
|
||||
|
||||
@@ -17,7 +17,7 @@ if exist "C:\Users\vagrant\windows.iso" (
|
||||
)
|
||||
|
||||
if not exist "C:\Windows\Temp\windows.iso" (
|
||||
powershell -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile('https://softwareupdate.vmware.com/cds/vmw-desktop/ws/15.0.4/12990004/windows/packages/tools-windows.tar', 'C:\Windows\Temp\vmware-tools.tar')" <NUL
|
||||
powershell -Command "(New-Object System.Net.WebClient).DownloadFile('https://softwareupdate.vmware.com/cds/vmw-desktop/ws/15.1.0/13591040/windows/packages/tools-windows.tar', 'C:\Windows\Temp\vmware-tools.tar')" <NUL
|
||||
cmd /c ""C:\Program Files\7-Zip\7z.exe" x C:\Windows\Temp\vmware-tools.tar -oC:\Windows\Temp"
|
||||
FOR /r "C:\Windows\Temp" %%a in (VMware-tools-windows-*.iso) DO REN "%%~a" "windows.iso"
|
||||
rd /S /Q "C:\Program Files (x86)\VMWare"
|
||||
@@ -38,7 +38,7 @@ if exist "C:\Users\vagrant\VBoxGuestAdditions.iso" (
|
||||
)
|
||||
|
||||
if not exist "C:\Windows\Temp\VBoxGuestAdditions.iso" (
|
||||
powershell -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile('https://download.virtualbox.org/virtualbox/5.2.26/VBoxGuestAdditions_5.2.26.iso', 'C:\Windows\Temp\VBoxGuestAdditions.iso')" <NUL
|
||||
powershell -Command "(New-Object System.Net.WebClient).DownloadFile('https://download.virtualbox.org/virtualbox/6.0.8/VBoxGuestAdditions_6.0.8.iso', 'C:\Windows\Temp\VBoxGuestAdditions.iso')" <NUL
|
||||
)
|
||||
|
||||
cmd /c ""C:\Program Files\7-Zip\7z.exe" x C:\Windows\Temp\VBoxGuestAdditions.iso -oC:\Windows\Temp\virtualbox"
|
||||
|
||||
@@ -2,8 +2,10 @@
|
||||
# Detection Lab
|
||||
DetectionLab is tested weekly on Saturdays via a scheduled CircleCI workflow to ensure that builds are passing.
|
||||
|
||||
CircleCI: [](https://circleci.com/gh/clong/DetectionLab/tree/master)
|
||||
|
||||
[](https://circleci.com/gh/clong/DetectionLab/tree/master)
|
||||
[](https://github.com/clong/DetectionLab/blob/master/license.md)
|
||||
|
||||
[](https://github.com/clong/DetectionLab/commit/master)
|
||||
[](https://twitter.com/DetectionLab)
|
||||
|
||||
#### Donate to the project:
|
||||
|
||||
4
Vagrant/Vagrantfile
vendored
4
Vagrant/Vagrantfile
vendored
@@ -26,7 +26,7 @@ Vagrant.configure("2") do |config|
|
||||
end
|
||||
|
||||
config.vm.define "dc" do |cfg|
|
||||
cfg.vm.box = "detectionlab/win2016"
|
||||
cfg.vm.box = "../Boxes/windows_2016_vmware.box"
|
||||
cfg.vm.hostname = "dc"
|
||||
cfg.vm.boot_timeout = 600
|
||||
cfg.winrm.transport = :plaintext
|
||||
@@ -79,7 +79,7 @@ Vagrant.configure("2") do |config|
|
||||
end
|
||||
|
||||
config.vm.define "wef" do |cfg|
|
||||
cfg.vm.box = "detectionlab/win2016"
|
||||
cfg.vm.box = "../Boxes/windows_2016_vmware.box"
|
||||
cfg.vm.hostname = "wef"
|
||||
cfg.vm.boot_timeout = 600
|
||||
cfg.vm.communicator = "winrm"
|
||||
|
||||
@@ -13,7 +13,7 @@ apt_install_prerequisites() {
|
||||
apt-get -qq update
|
||||
apt-get -qq install -y apt-fast
|
||||
echo "[$(date +%H:%M:%S)]: Running apt-fast install..."
|
||||
apt-fast -qq install -y jq whois build-essential git docker docker-compose unzip
|
||||
apt-fast -qq install -y jq whois build-essential git docker docker-compose unzip htop
|
||||
}
|
||||
|
||||
test_prerequisites() {
|
||||
@@ -110,12 +110,17 @@ install_splunk() {
|
||||
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_forwarder/splunk-add-on-for-microsoft-windows_500.tgz -auth 'admin:changeme'
|
||||
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/add-on-for-microsoft-sysmon_800.tgz -auth 'admin:changeme'
|
||||
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/asn-lookup-generator_100.tgz -auth 'admin:changeme'
|
||||
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/lookup-file-editor_331.tgz
|
||||
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/force-directed-app-for-splunk_200.tgz -auth 'admin:changeme'
|
||||
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/punchcard-custom-visualization_130.tgz -auth 'admin:changeme'
|
||||
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/sankey-diagram-custom-visualization_130.tgz -auth 'admin:changeme'
|
||||
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/threathunting_13.tar.gz -auth 'admin:changeme'
|
||||
# Add custom Macro definitions for ThreatHunting App
|
||||
cp /vagrant/resources/splunk_server/macros.conf /opt/splunk/etc/apps/ThreatHunting/default/macros.conf
|
||||
# Fix Windows TA macros
|
||||
mkdir /opt/splunk/etc/apps/Splunk_TA_windows/local
|
||||
cp /opt/splunk/etc/apps/Splunk_TA_windows/default/macros.conf /opt/splunk/etc/apps/Splunk_TA_windows/local
|
||||
sed -i 's/wineventlog_windows/wineventlog/g' /opt/splunk/etc/apps/Splunk_TA_windows/local/macros.conf
|
||||
# Fix Force Directed App until 2.0.1 is released (https://answers.splunk.com/answers/668959/invalid-key-in-stanza-default-value-light.html#answer-669418)
|
||||
rm /opt/splunk/etc/apps/force_directed_viz/default/savedsearches.conf
|
||||
|
||||
@@ -140,7 +145,7 @@ install_splunk() {
|
||||
dismissedInstrumentationOptInVersion = 2
|
||||
[general_default]
|
||||
hideInstrumentationOptInModal = 1
|
||||
showWhatsNew = 0' > /opt/splunk/etc/apps/user-prefs/local/user-prefs.conf
|
||||
showWhatsNew = 0' > /opt/splunk/etc/system/local/user-prefs.conf
|
||||
|
||||
# Enable SSL Login for Splunk
|
||||
echo -e "[settings]\nenableSplunkWebSSL = true" > /opt/splunk/etc/system/local/web.conf
|
||||
|
||||
@@ -3,27 +3,27 @@ index = sysmon
|
||||
disabled = false
|
||||
renderXml = true
|
||||
|
||||
[monitor://c:\programdata\osquery\log\osqueryd.results.log]
|
||||
[monitor://c:\Program Files\osquery\log\osqueryd.results.log]
|
||||
index = osquery
|
||||
disabled = false
|
||||
sourcetype = osquery:json
|
||||
|
||||
[monitor://c:\programdata\osquery\log\osqueryd.snapshots.log]
|
||||
[monitor://c:\Program Files\osquery\log\osqueryd.snapshots.log]
|
||||
index = osquery
|
||||
disabled = false
|
||||
sourcetype = osquery:json
|
||||
|
||||
[monitor://c:\programdata\osquery\log\osqueryd.INFO.*]
|
||||
[monitor://c:\Program Files\osquery\log\osqueryd.INFO.*]
|
||||
index = osquery-status
|
||||
disabled = false
|
||||
sourcetype = osquery-info:syslog
|
||||
|
||||
[monitor://c:\programdata\osquery\log\osqueryd.WARNING.*]
|
||||
[monitor://c:\Program Files\osquery\log\osqueryd.WARNING.*]
|
||||
index = osquery-status
|
||||
disabled = false
|
||||
sourcetype = osquery-warn:syslog
|
||||
|
||||
[monitor://c:\programdata\osquery\log\osqueryd.ERROR.*]
|
||||
[monitor://c:\Program Files\osquery\log\osqueryd.ERROR.*]
|
||||
index = osquery-status
|
||||
disabled = false
|
||||
sourcetype = osquery-error:syslog
|
||||
|
||||
Binary file not shown.
@@ -69,3 +69,7 @@ iseval = 0
|
||||
[remote_thread_whitelist]
|
||||
definition = search NOT [| inputlookup threathunting_remote_thread_whitelist.csv | fields mitre_technique_id host_fqdn process_name target_process_path target_process_address]
|
||||
iseval = 0
|
||||
|
||||
[indextime]
|
||||
definition = _index_earliest=-15m@m AND _index_latest=now
|
||||
iseval = 0
|
||||
|
||||
98
ci/README.md
98
ci/README.md
@@ -5,100 +5,4 @@ for continuous integration testing by installing the prerequisites needed for
|
||||
Detection Lab. After the prerequisites are installed, the build script is called
|
||||
and the build will begin in a tmux session.
|
||||
|
||||
## Understanding the build process
|
||||
|
||||
Once a PR is created, the contents of that PR will be copied to a CircleCI worker to be tested.
|
||||
The CircleCI worker will evaluate which files have been modified and set environment variables accordingly. There are 4 possible options and 3 different tests:
|
||||
|
||||
1. Code in both the Packer and Vagrant directories was modified
|
||||
* In this case, the CircleCI worker will execute `ci/circle_workflows/packer_and_vagrant_changes.sh`
|
||||
2. Code in neither the Packer and Vagrant directories was modified
|
||||
* In this case, the CircleCI worker will execute the default test `ci/circle_worker/vagrant_changes.sh`
|
||||
3. Code in only the Packer directory was modified
|
||||
* In this case, the CircleCI worker will execute `ci/circle_worker/packer_changes.sh`
|
||||
4. Code in only the Vagrant directory was modified
|
||||
* In this case, the CircleCI worker will execute `ci/circle_worker/vagrant_changes.sh`
|
||||
|
||||
## Test Case Walkthroughs
|
||||
|
||||
### packer_and_vagrant_changes.sh
|
||||
1. Spins up a single Packet server
|
||||
2. Bootstraps the Packet server by calling `ci/build_machine_bootstrap.sh` with no arguments
|
||||
3. Builds the Windows10 and Windows2016 images one at a time
|
||||
4. Moves the resulting boxes to the Boxes directory
|
||||
5. Brings each Vagrant host online one-by-one
|
||||
6. CircleCI records the build results from the Packet server
|
||||
|
||||
### vagrant_changes.sh
|
||||
1. Spins up a single Packet server
|
||||
2. Bootstraps the Packet server by calling `ci/build_machine_bootstrap.sh` with the `--vagrant-only` argument
|
||||
3. Downloads the pre-build Windows10 and Windows2016 boxes from Vagrant Cloud
|
||||
4. Brings each Vagrant host online one-by-one
|
||||
5. CircleCI records the build results from the Packet server
|
||||
|
||||
|
||||
### packer_changes.sh
|
||||
1. Spins up two separate Packet servers to allow the Packer boxes to be built in parallel
|
||||
2. Bootstraps each packet Server by calling `ci/build_machine_bootstrap.sh` with the `--packer-only` argument
|
||||
3. Starts the Packer build process on each server
|
||||
4. CircleCI records the build result from each Packet server
|
||||
|
||||
```
|
||||
+------------+
|
||||
| |
|
||||
| |
|
||||
| |
|
||||
| Github |
|
||||
| |
|
||||
| |
|
||||
+------+-----+
|
||||
|
|
||||
|
|
||||
| Pull Request
|
||||
|
|
||||
v
|
||||
+------+-----+
|
||||
| |
|
||||
| |
|
||||
| Circle |
|
||||
+----------------------------->| Worker |
|
||||
| | |
|
||||
| | |
|
||||
| | |
|
||||
| +------+-----+
|
||||
| |
|
||||
| | Code changes are evaluated
|
||||
| | to determine which test suite
|
||||
| | to run
|
||||
| |
|
||||
| v
|
||||
| +----------------+--------------+
|
||||
Circle Worker | | packer_and_vagrant_changes.sh |
|
||||
queries for | | vagrant_changes.sh |
|
||||
build results | | packer_changes.sh |
|
||||
| +----------------+--------------+
|
||||
| |
|
||||
| |
|
||||
| |
|
||||
| |
|
||||
| |
|
||||
| |
|
||||
| |
|
||||
| | 1. Provision Packet server(s)
|
||||
| | 2. Copy repo to server
|
||||
| | 3. Run server bootstrap
|
||||
| | 4. Bootstrap calls build.sh with
|
||||
| | the appropriate arguments
|
||||
| |
|
||||
| |
|
||||
| +---------v---------+
|
||||
| | |
|
||||
| | |
|
||||
| | |
|
||||
+-------------------------->| Packet Server |
|
||||
| |
|
||||
| |
|
||||
| |
|
||||
+-------------------+
|
||||
|
||||
```
|
||||
|
||||
|
||||
@@ -6,7 +6,7 @@ export DEBIAN_FRONTEND=noninteractive
|
||||
export SERIALNUMBER="SECRET"
|
||||
export LICENSEFILE="SECRET"
|
||||
|
||||
sed -i 's/archive.ubuntu.com/us.archive.ubuntu.com/g' /etc/apt/sources.list
|
||||
sed -i 's#http://archive.ubuntu.com#http://us.archive.ubuntu.com#g' /etc/apt/sources.list
|
||||
|
||||
# Install VMWare Workstation 15
|
||||
apt-get update
|
||||
|
||||
Reference in New Issue
Block a user