trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #515 from clong/build_to_prepare

Browse Source 
Replace build scripts with prepare scripts
This commit is contained in:
Chris Long
2020-08-27 19:21:40 -07:00
committed by GitHub
parent 4ed4d9ed4a bee5d4ce1b
commit eabe0fa90c
18 changed files with 745 additions and 931 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
ESXi/main.tf
View File

@@ -43,23 +43,26 @@ resource "esxi_guest" "logger" {
}
}
# This is the network that bridges your host machine with the ESXi VM
# If this interface doesn't provide connectivity, you will have to uncomment
# the interface below and add a virtual network that does
network_interfaces {
virtual_network = var.vm_network
mac_address = "00:50:56:a3:b1:c2"
nic_type = "e1000"
}
# OPTIONAL: You can comment out this interface stanza if your vm_network provides internet access
network_interfaces {
virtual_network = var.nat_network
mac_address = "00:50:56:a3:b1:c3"
nic_type = "e1000"
}
# This is the local network that will be used for 192.168.38.x addressing
network_interfaces {
virtual_network = var.hostonly_network
mac_address = "00:50:56:a3:b1:c4"
nic_type = "e1000"
}
# OPTIONAL: Uncomment out this interface stanza if your vm_network doesn't
# provide internet access
# network_interfaces {
# virtual_network = var.nat_network
# mac_address = "00:50:56:a3:b1:c3"
# nic_type = "e1000"
# }
guest_startup_timeout = 45
guest_shutdown_timeout = 30
}

2
Packer/scripts/vm-guest-tools.ps1
View File

@@ -15,6 +15,8 @@ if ("$env:PACKER_BUILDER_TYPE" -eq "vmware-iso") {
if (!(Test-Path "C:\Windows\Temp\windows.iso")) {
Try {
# Disabling the progress bar speeds up IWR https://github.com/PowerShell/PowerShell/issues/2138
$ProgressPreference = 'SilentlyContinue'
$pageContentLinks = (Invoke-WebRequest('https://softwareupdate.vmware.com/cds/vmw-desktop/ws') -UseBasicParsing).Links | where-object {$_.href -Match "[0-9]"} | Select-Object href | % { $_.href.Trim('/') }
$versionObject = $pageContentLinks | %{ new-object System.Version ($_) } | sort-object -Descending | select-object -First 1 -Property:Major,Minor,Build
$newestVersion = $versionObject.Major.ToString()+"."+$versionObject.Minor.ToString()+"."+$versionObject.Build.ToString() | out-string

83
Vagrant/post_build_checks.ps1 Normal file
View File

@@ -0,0 +1,83 @@
function download {
param(
[string]$URL,
[string]$PatternToMatch,
[switch]$SuccessOn401
)
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$wc = New-Object System.Net.WebClient
try {
$result = $wc.DownloadString($URL)
if ($result -like "*$PatternToMatch*") {
return $true
} else {
return $false
}
}
catch {
if ($_.Exception.InnerException.Response.StatusCode -eq 401 -and $SuccessOn401.IsPresent) {
return $true
} else {
Write-Host "Error occured on webrequest: $_" -ForegroundColor red
return $false
}
}
}
function post_build_checks {
$checkmark = ([char]8730)
Write-Host '[*] Verifying that Splunk is reachable...'
$SPLUNK_CHECK = download -URL 'https://192.168.38.105:8000/en-US/account/login?return_to=%2Fen-US%2F' -PatternToMatch 'This browser is not supported by Splunk'
if ($SPLUNK_CHECK -eq $false) {
Write-Host '[!] Splunk was unreachable and may not have installed correctly.' -ForegroundColor red
}
else {
Write-Host ' ['$($checkmark)'] Splunk is running and reachable!' -ForegroundColor Green
}
Write-Host ''
Write-Host '[*] Verifying that Fleet is reachable...'
$FLEET_CHECK = download -URL 'https://192.168.38.105:8412' -PatternToMatch 'Kolide Fleet'
if ($FLEET_CHECK -eq $false) {
Write-Host '[!] Fleet was unreachable and may not have installed correctly.' -ForegroundColor red
}
else {
Write-Host ' ['$($checkmark)'] Fleet is running and reachable!' -ForegroundColor Green
}
Write-Host ''
Write-Host '[*] Verifying that Microsoft ATA is reachable...'
$ATA_CHECK = download -URL 'https://192.168.38.103' -SuccessOn401
if ($ATA_CHECK -eq $false) {
Write-Host '[!] Microsoft ATA was unreachable and may not have installed correctly.' -ForegroundColor red
}
else {
Write-Host ' ['$($checkmark)'] Microsoft ATA is running and reachable!' -ForegroundColor Green
}
Write-Host ''
Write-Host '[*] Verifying that Velociraptor is reachable...'
$VELOCIRAPTOR_CHECK = download -URL 'https://192.168.38.105:9999' -PatternToMatch 'app.html'
if ($VELOCIRAPTOR_CHECK -eq $false) {
Write-Host '[!] Velociraptor was unreachable and may not have installed correctly.' -ForegroundColor red
}
else {
Write-Host ' ['$($checkmark)'] Velocirpator is running and reachable!' -ForegroundColor Green
}
Write-Host ''
Write-Host '[*] Verifying that Guacamole is reachable...'
$GUACAMOLE_CHECK = download -URL 'http://192.168.38.105:8080/guacamole' -PatternToMatch 'Apache Software'
if ($GUACAMOLE_CHECK -eq $false) {
Write-Host '[!] Guacamole was unreachable and may not have installed correctly.' -ForegroundColor red
}
else {
Write-Host ' ['$($checkmark)'] Guacamole is running and reachable!' -ForegroundColor Green
}
Write-Host ''
}
post_build_checks

68
Vagrant/post_build_checks.sh Executable file
View File

@@ -0,0 +1,68 @@
#! /bin/bash
# This script is meant to verify that DetectionLab was built successfully.
# Only MacOS and Linux are supported. Use post_build_checks.ps1 for Windows.
# If you encounter issues, feel free to open an issue at
# https://github.com/clong/DetectionLab/issues
ERROR=$(tput setaf 1; echo -n " [!]"; tput sgr0)
GOODTOGO=$(tput setaf 2; echo -n " [✓]"; tput sgr0)
# A series of checks to ensure important services are responsive after the build completes.
post_build_checks() {
SPLUNK_CHECK=0
FLEET_CHECK=0
ATA_CHECK=0
VELOCIRAPTOR_CHECK=0
GUACAMOLE_CHECK=0
# If the curl operation fails, we'll just leave the variable equal to 0
# This is needed to prevent the script from exiting if the curl operation fails
SPLUNK_CHECK=$(curl -ks -m 2 https://192.168.38.105:8000/en-US/account/login?return_to=%2Fen-US%2F | grep -c 'This browser is not supported by Splunk')
FLEET_CHECK=$(curl -ks -m 2 https://192.168.38.105:8412 | grep -c 'Kolide Fleet')
ATA_CHECK=$(curl --fail --write-out "%{http_code}" -ks https://192.168.38.103 -m 2)
VELOCIRAPTOR_CHECK=$(curl -ks -m 2 https://192.168.38.105:9999 | grep -c 'app.html')
GUACAMOLE_CHECK=$(curl -ks -m 2 'http://192.168.38.105:8080/guacamole/#/' | grep -c 'Apache Software')
[[ $ATA_CHECK == 401 ]] && ATA_CHECK=1
echo "[*] Verifying that Splunk is running and reachable..."
if [ "$SPLUNK_CHECK" -lt 1 ]; then
(echo >&2 "${ERROR} Warning: Splunk was unreachable and may not have installed correctly.")
else
(echo >&2 "${GOODTOGO} Fleet is running and reachable.")
fi
echo ""
echo "[*] Verifying that Fleet is running and reachable..."
if [ "$FLEET_CHECK" -lt 1 ]; then
(echo >&2 "${ERROR} Warning: Fleet was unreachable and may not have installed correctly.")
else
(echo >&2 "${GOODTOGO} Fleet is running and reachable.")
fi
echo ""
echo "[*] Verifying that Microsoft ATA is running and reachable..."
if [ "$ATA_CHECK" -lt 1 ]; then
(echo >&2 "${ERROR} Warning: Microsoft ATA was unreachable and may not have installed correctly.")
else
(echo >&2 "${GOODTOGO} Microsoft ATA is running and reachable.")
fi
echo ""
echo "[*] Verifying that the Velociraptor service is running and reachable..."
if [ "$VELOCIRAPTOR_CHECK" -lt 1 ]; then
(echo >&2 "${ERROR} Warning: Velociraptor was unreachable and may not have installed correctly.")
else
(echo >&2 "${GOODTOGO} Velociraptor is running and reachable.")
fi
echo ""
echo "[*] Verifying that Guacamole is running and reachable..."
if [ "$GUACAMOLE_CHECK" -lt 1 ]; then
(echo >&2 "${ERROR} Warning: Guacamole was unreachable and may not have installed correctly.")
else
(echo >&2 "${GOODTOGO} Guacamole is running and reachable.")
fi
}
post_build_checks
exit 0

265
Vagrant/prepare.ps1 Normal file
View File

@@ -0,0 +1,265 @@
#Requires -Version 4.0
<#
.Synopsis
This script is used to ensure prerequisites for DetectionLab
are properly installed.
.DESCRIPTION
This scripts runs a series of tests. It checks:
* If Packer and Vagrant are installed
* If VirtualBox and/or VMware are installed
* If the proper vagrant plugins are available
* Various aspects of system health
If you encounter issues, feel free to open an issue at
https://github.com/clong/DetectionLab/issues
.EXAMPLE
./prepare.ps1
This runs a series of checks to ensure your system will successfully be
able to build DetectionLab.
#>
$VAGRANT_DIR = Split-Path -Parent -Path $MyInvocation.MyCommand.Definition
$checkmark = ([char]8730)
function install_checker {
param(
[string]$Name
)
$results = Get-ItemProperty 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*' | Select-Object DisplayName
$results += Get-ItemProperty 'HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*' | Select-Object DisplayName
forEach ($result in $results) {
if ($result -like "*$Name*") {
return $true
}
}
return $false
}
function check_packer_path {
# Check if Packer is in path
Try {
Get-Command packer.exe -ErrorAction Stop | Out-Null
}
Catch {
Write-Host ' [-] Packer was not found in your PATH.' -ForegroundColor yellow
Write-Host ' [-] This is only needed if you plan to build your own boxes, otherwise you can ignore this message.' -ForegroundColor yellow
}
}
function check_vagrant_path {
# Check if Vagrant is in path
Try {
Get-Command vagrant.exe -ErrorAction Stop | Out-Null
}
Catch {
Write-Host ' [!] Vagrant was not found in your PATH. Please correct this before continuing.' -ForegroundColor red
Write-Host ' [!] Correct this by installing Vagrant with Choco or downloading from https://www.vagrantup.com/downloads.html' -ForegroundColor red
Break
}
# Check Vagrant version >= 2.2.9
[System.Version]$vagrant_version = $(vagrant --version).Split(' ')[1]
[System.Version]$version_comparison = 2.2.9
if ($vagrant_version -lt $version_comparison) {
Write-Host ' [-] It is highly recommended to use Vagrant 2.2.9 or above before continuing' -ForegroundColor yellow
}
else {
Write-Host ' ['$($checkmark)'] Your version of Vagrant ('$vagrant_version') is supported' -ForegroundColor Green
}
}
# Returns false if not installed or true if installed
function check_virtualbox_installed {
Write-Host ''
Write-Host '[+] Checking if Virtualbox is installed...'
if (install_checker -Name "VirtualBox") {
Write-Host ' ['$($checkmark)'] Virtualbox found.' -ForegroundColor green
return $true
}
else {
return $false
}
}
function check_vmware_workstation_installed {
Write-Host ''
Write-Host '[+] Checking if VMware Workstation is installed...'
if (install_checker -Name "VMware Workstation") {
Write-Host ' ['$($checkmark)'] VMware Workstation found.' -ForegroundColor green
return $true
}
else {
return $false
}
}
function check_vmware_vagrant_plugin_installed {
Write-Host ''
Write-Host '[+] Checking if the vagrant_vmware_desktop plugin is installed...'
if (vagrant plugin list | Select-String 'vagrant-vmware-workstation') {
Write-Host ' [!] The vagrant VMware Workstation plugin is no longer supported.' -ForegroundColor red
Write-Host ' [-] Please upgrade to the VMware Desktop plugin: https://www.vagrantup.com/docs/vmware/installation.html' -ForegroundColor yellow
Write-Host ' [-] Please also uninstall the vagrant-vmware-fusion plugin and install the vmware-vagrant-desktop plugin' -ForegroundColor yellow
Write-Host ' [-] HINT: `vagrant plugin uninstall vagrant-vmware-workstation; vagrant plugin install vagrant-vmware-desktop`' -ForegroundColor yellow
return $false
}
if (vagrant plugin list | Select-String 'vagrant-vmware-desktop') {
Write-Host ' ['$($checkmark)'] Vagrant VMware Desktop plugin found.' -ForegroundColor green
return $true
}
else {
Write-Host ' [!] VMware Workstation is installed, but the vagrant-vmware-desktop plugin is not.' -ForegroundColor red
Write-Host ' [-] Visit https://www.vagrantup.com/vmware/index.html#buy-now for more information on how to purchase ($80) and install it' -ForegroundColor yellow
Write-Host ' [-] VMware Workstation will not be listed as a provider until the Vagrant plugin has been installed.' -ForegroundColor yellow
Write-Host ' [-] NOTE: The plugin does not work with trial versions of VMware Workstation' -ForegroundColor yellow
return $false
}
}
function check_vagrant_vmware_utility_installed {
Write-Host ''
Write-Host '[+] Checking if the Vagrant VMware Utility is installed...'
if (install_checker -Name "Vagrant VMware Utility") {
Write-Host ' ['$($checkmark)'] Vagrant VMware Utility is installed' -ForegroundColor green
return $true
}
else {
Write-Host ' [!] To use VMware Workstation as a provider, you need to install the Vagrant VMware Utility.' -ForegroundColor Red
Write-Host ' [-] To download and install it, visit https://www.vagrantup.com/docs/providers/vmware/vagrant-vmware-utility'
return $false
}
}
function list_providers {
[cmdletbinding()]
param()
$vboxInstalled = 0
$vmwareInstalled = 0
if (check_virtualbox_installed) {
$vboxInstalled = 1
}
if (check_vmware_workstation_installed) {
if ((check_vmware_vagrant_plugin_installed) -and (check_vagrant_vmware_utility_installed)) {
$vmwareInstalled = 1
}
}
# Warn users if Virtualbox and VMware Workstation are both installed.
if (( $vboxInstalled -eq 1 ) -and ( $vmwareInstalled -eq 1 )) {
Write-Host " [-] Both VMware Workstation and Virtualbox appear to be installed on this system." -ForegroundColor Yellow
Write-Host " [-] Please consider setting the VAGRANT_DEFAULT_PROVIDER environment variable to prevent confusion." -ForegroundColor Yellow
Write-Host " [-] More details can be found here: https://www.vagrantup.com/docs/providers/default" -ForegroundColor Yellow
Write-Host " [-] Additionally, please ensure only one providers' network adapters are active at any given time." -ForegroundColor Yellow
}
if (($vboxInstalled -eq 0) -and ($vmwareInstalled -eq 0)) {
Write-Error ' [!] You need to install a provider such as VirtualBox or VMware Workstation to continue.' -ForegroundColor red
Write-Error ' [!] Virtualbox is free, the VMware Vagrant Plugin costs $80.' -ForegroundColor red
break
}
Write-Host ''
Write-Host '[+] Enumerating available providers...'
Write-Host "[+] Available Providers: "
if ($vboxInstalled -eq 1) {
Write-Host ' [*] virtualbox' -ForegroundColor green
}
if ($vmwareInstalled -eq 1) {
Write-Host ' [*] vmware_desktop' -ForegroundColor green
}
}
function preflight_checks {
Write-Host ''
Write-Host '[+] Checking if CredentialGuard is enabled...'
# Verify CredentialGuard isn't enabled
if (('CredentialGuard' -match ((Get-ComputerInfo).DeviceGuardSecurityServicesConfigured) -eq "True")) {
Write-Host ' [!] CredentialGuard appears to be enabled on this system which can cause issues with Virtualbox.' -ForegroundColor red
Write-Host ' [!] See this thread for more info: https://forums.virtualbox.org/viewtopic.php?f=25&t=82106' -ForegroundColor red
}
Write-Host ''
Write-Host '[+] Checking if any boxes have been manually built...'
if ((Get-ChildItem "$VAGRANT_DIR\..\Boxes\*.box").Count -gt 0) {
Write-Host ' [-] You seem to have at least one .box file present in the Boxes directory already.' -ForegroundColor yellow
Write-Host ' [-] If you would like to use the pre-built boxes, please remove all .box files from the Boxes directory' -ForegroundColor yellow
}
else {
Write-Host ' ['$($checkmark)'] No custom Packer boxes found' -ForegroundColor green
}
# Check to see that no Vagrant instances exist
Write-Host ''
Write-Host '[+] Checking if any Vagrant instances have been created...'
$CurrentDir = Get-Location
Set-Location "$VAGRANT_DIR"
if (($(vagrant status) | Select-String -Pattern "not[ _]created").Count -ne 4) {
Write-Host ' [-] You appear to have already created at least one Vagrant instance.' -ForegroundColor yellow
vagrant status | Select-String 'not[ _]created' -NotMatch | Select-String -Pattern 'logger|dc|wef|win10'
Write-Host ''
Write-Host ' [-] If you want to start with a fresh install, you should run `vagrant destroy -f` to remove existing instances.' -ForegroundColor yellow
}
else {
Write-Host ' ['$($checkmark)'] No Vagrant instances have been created' -ForegroundColor green
}
Set-Location $CurrentDir
# Check available disk space. Recommend 80GB free, warn if less
Write-Host ''
Write-Host '[+] Checking available disk space...'
$drives = Get-PSDrive | Where-Object { $_.Provider -like '*FileSystem*' }
$drivesList = @()
forEach ($drive in $drives) {
if ($drive.free -lt 80GB) {
$DrivesList = $DrivesList + $drive
}
}
if ($DrivesList.Count -gt 0) {
Write-Host " [-] The following drives have less than 80GB of free space. They should not be used for deploying DetectionLab" -ForegroundColor yellow
forEach ($drive in $DrivesList) {
Write-Host " [*] $($drive.Name)" -ForegroundColor yellow
}
Write-Host ' [-] You can safely ignore this warning if you are deploying DetectionLab to a different drive.' -ForegroundColor yellow
}
else {
Write-Host ' ['$($checkmark)'] You have more than 80GB of free space on your primary partition' -ForegroundColor green
}
# Ensure the vagrant-reload plugin is installed
Write-Host ''
Write-Host '[+] Checking if vagrant-reload is installed...'
if (-Not (vagrant plugin list | Select-String 'vagrant-reload')) {
Write-Host ' [-] The vagrant-reload plugin is required and not currently installed. This script will attempt to install it now.' -ForegroundColor yellow
(vagrant plugin install 'vagrant-reload')
if ($LASTEXITCODE -ne 0) {
Write-Host ' [!] Unable to install the vagrant-reload plugin. Please try to do so manually via `vagrant plugin install vagrant-reload` and re-run this script.' -ForegroundColor red
break
}
}
else {
Write-Host ' ['$($checkmark)'] The vagrant-reload plugin is installed' -ForegroundColor green
}
}
# Run check functions
Write-Host ''
Write-Host '[+] Begining pre-build checks for DetectionLab'
Write-Host ''
Write-Host '[+] Checking for necessary tools in PATH...'
check_packer_path
check_vagrant_path
preflight_checks
list_providers
Write-Host ''
Write-Host 'To get started building DetectionLab, simply cd to DetectionLab/Vagrant'
Write-Host 'and run "vagrant up". If you run into any issues along the way, check out'
Write-Host 'the troubleshooting and known issues page: https://www.detectionlab.network/deployment/troubleshooting/'
Write-Host ''

246
Vagrant/prepare.sh Executable file
View File

@@ -0,0 +1,246 @@
#! /bin/bash
# This script is meant to verify that your system is configured to
# build DetectionLab successfully.
# Only MacOS and Linux are supported. Use prepare.ps1 for Windows.
# If you encounter issues, feel free to open an issue at
# https://github.com/clong/DetectionLab/issues
ERROR=$(tput setaf 1; echo -n " [!]"; tput sgr0)
GOODTOGO=$(tput setaf 2; echo -n " [✓]"; tput sgr0)
INFO=$(tput setaf 3; echo -n " [-]"; tput sgr0)
print_usage() {
echo "Usage: ./prepare.sh"
exit 0
}
check_packer_path() {
# Check for existence of Packer in PATH
if ! which packer >/dev/null; then
(echo >&2 "${INFO} Packer was not found in your PATH.")
(echo >&2 "${INFO} This is only needed if you plan to build you own boxes, otherwise you can ignore this message.")
else
(echo >&2 "${GOODTOGO} Packer was found in your PATH")
fi
}
check_vagrant_path() {
# Check for existence of Vagrant in PATH
if ! which vagrant >/dev/null; then
(echo >&2 "${ERROR} Vagrant was not found in your PATH.")
(echo >&2 "${ERROR} Please correct this before continuing. Exiting.")
(echo >&2 "${ERROR} Correct this by installing Vagrant with Homebrew or downloading from https://www.vagrantup.com/downloads.html")
exit 1
else
(echo >&2 "${GOODTOGO} Vagrant was found in your PATH")
fi
check_curl_path(){
# Check to see if curl is in PATH - needed for post-install checks
if ! which curl >/dev/null; then
(echo >&2 "${ERROR} Please install curl and make sure it is in your PATH.")
exit 1
else
(echo >&2 "${GOODTOGO} Curl was found in your PATH")
fi
}
# Ensure Vagrant >= 2.2.9
# https://unix.stackexchange.com/a/285928
VAGRANT_VERSION="$(vagrant --version | cut -d ' ' -f 2)"
REQUIRED_VERSION="2.2.9"
# If the version of Vagrant is not greater or equal to the required version
if ! [ "$(printf '%s\n' "$REQUIRED_VERSION" "$VAGRANT_VERSION" | sort -V | head -n1)" = "$REQUIRED_VERSION" ]; then
(echo >&2 "${ERROR} WARNING: It is highly recommended to use Vagrant $REQUIRED_VERSION or above before continuing")
else
(echo >&2 "${GOODTOGO} Your version of Vagrant ($VAGRANT_VERSION) is supported")
fi
}
# Returns 0 if not installed or 1 if installed
check_virtualbox_installed() {
if which VBoxManage >/dev/null; then
echo "1"
else
echo "0"
fi
}
# Returns 0 if not installed or 1 if installed
# Check for VMWare Workstation on Linux
check_vmware_workstation_installed() {
if which vmrun >/dev/null; then
echo "1"
else
echo "0"
fi
}
# Returns 0 if not installed or 1 if installed
check_vmware_fusion_installed() {
if [ -e "/Applications/VMware Fusion.app" ]; then
echo "1"
else
echo "0"
fi
}
# Returns 0 if not installed or 1 if installed
check_vmware_desktop_vagrant_plugin_installed() {
LEGACY_PLUGIN_CHECK="$(vagrant plugin list | grep -c 'vagrant-vmware-fusion')"
if [ "$LEGACY_PLUGIN_CHECK" -gt 0 ]; then
(echo >&2 "${ERROR} The VMware Fusion Vagrant plugin is deprecated and is no longer supported.")
(echo >&2 "${INFO} Please upgrade to the VMware Desktop plugin: https://www.vagrantup.com/docs/vmware/installation.html")
(echo >&2 "${INFO} Please also uninstall the vagrant-vmware-fusion plugin and install the vmware-vagrant-desktop plugin")
(echo >&2 "${INFO} HINT: \`vagrant plugin uninstall vagrant-vmware-fusion && vagrant plugin install vagrant-vmware-desktop\`")
(echo >&2 "${INFO} NOTE: The VMware plugin does not work with trial versions of VMware Fusion")
echo "0"
fi
VMWARE_DESKTOP_PLUGIN_PRESENT="$(vagrant plugin list | grep -c 'vagrant-vmware-desktop')"
if [ "$VMWARE_DESKTOP_PLUGIN_PRESENT" -eq 0 ]; then
(echo >&2 "VMWare Fusion or Workstation is installed, but the vagrant-vmware-desktop plugin is not.")
(echo >&2 "Visit https://www.hashicorp.com/blog/introducing-the-vagrant-vmware-desktop-plugin for more information on how to purchase and install it")
(echo >&2 "VMWare Fusion or Workstation will not be listed as a provider until the vagrant-vmware-desktop plugin has been installed.")
echo "0"
else
echo "1"
fi
}
check_vagrant_vmware_utility_installed() {
# Ensure the helper utility is installed: https://www.vagrantup.com/docs/providers/vmware/vagrant-vmware-utility
if pgrep -f vagrant-vmware-utility > /dev/null; then
echo "1"
else
echo "0"
fi
}
# List the available Vagrant providers present on the system
list_providers() {
VBOX_PRESENT=0
VMWARE_FUSION_PRESENT=0
if [ "$(uname)" == "Darwin" ]; then
# Detect Providers on OSX
VBOX_PRESENT=$(check_virtualbox_installed)
VMWARE_FUSION_PRESENT=$(check_vmware_fusion_installed)
VMWARE_WORKSTATION_PRESENT=0 # Workstation doesn't exist on Darwain-based OS
VAGRANT_VMWARE_DESKTOP_PLUGIN_PRESENT=$(check_vmware_desktop_vagrant_plugin_installed)
VAGRANT_VMWARE_UTILITY_PRESENT=$(check_vagrant_vmware_utility_installed)
else
VBOX_PRESENT=$(check_virtualbox_installed)
VMWARE_WORKSTATION_PRESENT=$(check_vmware_workstation_installed)
VMWARE_FUSION_PRESENT=0 # Fusion doesn't exist on non-Darwin OS
VAGRANT_VMWARE_DESKTOP_PLUGIN_PRESENT=$(check_vmware_desktop_vagrant_plugin_installed)
VAGRANT_VMWARE_UTILITY_PRESENT=$(check_vagrant_vmware_utility_installed)
fi
(echo >&2 "Available Providers:")
if [ "$VBOX_PRESENT" == "1" ]; then
(echo >&2 "${GOODTOGO} virtualbox")
fi
if [[ $VMWARE_FUSION_PRESENT -eq 1 ]] && [[ $VAGRANT_VMWARE_DESKTOP_PLUGIN_PRESENT -eq 1 ]] && [[ $VAGRANT_VMWARE_UTILITY_PRESENT -eq 1 ]]; then
(echo >&2 "${GOODTOGO} vmware_desktop")
fi
if [[ $VMWARE_WORKSTATION_PRESENT -eq 1 ]] && [[ $VAGRANT_VMWARE_DESKTOP_PLUGIN_PRESENT -eq 1 ]] && [[ $VAGRANT_VMWARE_UTILITY_PRESENT -eq 1 ]]; then
(echo >&2 "${GOODTOGO} vmware_desktop")
fi
if [[ $VBOX_PRESENT -eq 0 ]] && [[ $VMWARE_FUSION_PRESENT -eq 0 ]] && [[ $VMWARE_WORKSTATION -eq 0 ]]; then
(echo >&2 "${ERROR} You need to install a provider such as VirtualBox or VMware Fusion/Workstation to build DetectionLab.")
exit 1
fi
}
# Check to see if boxes exist in the "Boxes" directory already
check_boxes_built() {
BOXES_BUILT=$(find "$VAGRANT_DIR"/../Boxes -name "*.box" | wc -l)
if [ "$BOXES_BUILT" -gt 0 ]; then
(echo >&2 "${INFO} WARNING: You seem to have at least one .box file present in the Boxes directory already.")
(echo >&2 "${INFO} If you would like to use the pre-built boxes, please remove all files from the Boxes directory.")
(echo >&2 "${INFO} See https://www.detectionlab.network/customization/buildpackerboxes/ for more information about this message")
else
(echo >&2 "${GOODTOGO} No custom built boxes found")
fi
}
# Check to see if any Vagrant instances exist already
check_vagrant_instances_exist() {
cd "$VAGRANT_DIR"|| exit 1
# Vagrant status has the potential to return a non-zero error code, so we work around it with "|| true"
VAGRANT_STATUS_OUTPUT=$(vagrant status)
VAGRANT_BUILT=$(echo "$VAGRANT_STATUS_OUTPUT" | grep -c 'not created') || true
if [ "$VAGRANT_BUILT" -ne 4 ]; then
(echo >&2 "${INFO} You appear to have already created at least one Vagrant instance:")
# shellcheck disable=SC2164
cd "$VAGRANT_DIR" && echo "$VAGRANT_STATUS_OUTPUT" | grep -v 'not created' | grep -E 'logger|dc|wef|win10'
(echo >&2 "${INFO} If you want to start with a fresh install, you should run \`vagrant destroy -f\` to remove existing instances.")
else
(echo >&2 "${GOODTOGO} No Vagrant instances have been created yet")
fi
}
check_vagrant_reload_plugin() {
# Ensure the vagrant-reload plugin is installed
VAGRANT_RELOAD_PLUGIN_INSTALLED=$(vagrant plugin list | grep -c 'vagrant-reload')
if [ "$VAGRANT_RELOAD_PLUGIN_INSTALLED" != "1" ]; then
(echo >&2 "${ERROR} The vagrant-reload plugin is required and was not found. This script will attempt to install it now.")
if ! $(which vagrant) plugin install "vagrant-reload"; then
(echo >&2 "Unable to install the vagrant-reload plugin. Please try to do so manually and re-run this script.")
exit 1
else
(echo >&2 "${GOODTOGO} The vagrant-reload plugin was successfully installed!")
fi
else
(echo >&2 "${GOODTOGO} The vagrant-reload plugin is currently installed")
fi
}
# Check available disk space. Recommend 80GB free, warn if less.
check_disk_free_space() {
FREE_DISK_SPACE=$(df -m "$HOME" | tr -s ' ' | grep '/' | cut -d ' ' -f 4)
if [ "$FREE_DISK_SPACE" -lt 80000 ]; then
(echo >&2 -e "Warning: You appear to have less than 80GB of HDD space free on your primary partition. If you are using a separate parition, you may ignore this warning.\n")
(df >&2 -m "$HOME")
(echo >&2 "")
else
(echo >&2 "${GOODTOGO} You have more than 80GB of free space on your primary partition")
fi
}
main() {
# Get location of prepare.sh
# https://stackoverflow.com/questions/59895/getting-the-source-directory-of-a-bash-script-from-within
VAGRANT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
(echo >&2 "[+] Checking for necessary tools in PATH...")
check_packer_path
check_vagrant_path
check_curl_path
(echo >&2 "")
(echo >&2 "[+] Checking if any boxes have been manually built...")
check_boxes_built
(echo >&2 "")
(echo >&2 "[+] Checking for disk free space...")
check_disk_free_space
(echo >&2 "")
(echo >&2 "[+] Checking if any Vagrant instances have been created...")
check_vagrant_instances_exist
(echo >&2 "")
(echo >&2 "[+] Checking if the vagrant-reload plugin is installed...")
check_vagrant_reload_plugin
(echo >&2 "")
(echo >&2 "[+] Enumerating available providers...")
list_providers
(echo >&2 '')
# shellcheck disable=SC2016
(echo >&2 'To get started building DetectionLab, run `vagrant up`.')
(echo >&2 'If you run into any issues along the way, check out the troubleshooting and known issues page: ')
(echo >&2 'https://www.detectionlab.network/deployment/troubleshooting/')
}
main
exit 0

11
Vagrant/scripts/MakeWindows10GreatAgain.ps1
View File

@@ -11,15 +11,6 @@ if ($onedrive) {
}
c:\Windows\SysWOW64\OneDriveSetup.exe /uninstall
# Fix in 1903
#Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Removing Microsoft Store and Edge shortcuts from the taskbar..."
#$appname = "Microsoft Edge"
#((New-Object -Com Shell.Application).NameSpace('shell:::{4234d49b-0245-4df3-b780-3893943456e1}').Items() | ?{$_.Name -eq $appname}).Verbs() | ?{$_.Name.replace('&','') -match 'Unpin from taskbar'} | %{$_.DoIt(); $exec = $true}
#$appname = "Microsoft Store"
#((New-Object -Com Shell.Application).NameSpace('shell:::{4234d49b-0245-4df3-b780-3893943456e1}').Items() | ?{$_.Name -eq $appname}).Verbs() | ?{$_.Name.replace('&','') -match 'Unpin from taskbar'} | %{$_.DoIt(); $exec = $true}
#$appname = "Mail"
#((New-Object -Com Shell.Application).NameSpace('shell:::{4234d49b-0245-4df3-b780-3893943456e1}').Items() | ?{$_.Name -eq $appname}).Verbs() | ?{$_.Name.replace('&','') -match 'Unpin from taskbar'} | %{$_.DoIt(); $exec = $true}
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Disabling automatic screen turnoff in order to prevent screen locking..."
powercfg -change -monitor-timeout-ac 0
powercfg -change -standby-timeout-ac 0
@@ -28,6 +19,8 @@ powercfg -change -hibernate-timeout-ac 0
# Download and install ShutUp10
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading ShutUp10..."
[Net.ServicePointManager]::SecurityProtocol = "tls12, tls11, tls"
# Disabling the progress bar speeds up IWR https://github.com/PowerShell/PowerShell/issues/2138
$ProgressPreference = 'SilentlyContinue'
$shutUp10DownloadUrl = "https://dl5.oo-software.com/files/ooshutup10/OOSU10.exe"
$shutUp10RepoPath = "C:\Users\vagrant\AppData\Local\Temp\OOSU10.exe"
if (-not (Test-Path $shutUp10RepoPath)) {

2
Vagrant/scripts/download_palantir_wef.ps1
View File

@@ -8,6 +8,8 @@ If (-not (Test-Path $wefRepoPath))
{
# GitHub requires TLS 1.2 as of 2/1/2018
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
# Disabling the progress bar speeds up IWR https://github.com/PowerShell/PowerShell/issues/2138
$ProgressPreference = 'SilentlyContinue'
Invoke-WebRequest -Uri "https://github.com/palantir/windows-event-forwarding/archive/master.zip" -OutFile $wefRepoPath
Expand-Archive -path "$wefRepoPath" -destinationpath 'c:\Users\vagrant\AppData\Local\Temp' -Force
}

4
Vagrant/scripts/install-microsoft-ata.ps1
View File

@@ -45,6 +45,8 @@ If (-not (Test-Path "C:\Program Files\Microsoft Advanced Threat Analytics\Center
If ($download -eq $true)
{
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading $title..."
# Disabling the progress bar speeds up IWR https://github.com/PowerShell/PowerShell/issues/2138
$ProgressPreference = 'SilentlyContinue'
Invoke-WebRequest -Uri $downloadUrl -OutFile "$env:temp\$title.iso"
$actualHash = (Get-FileHash -Algorithm SHA256 -Path "$env:temp\$title.iso").Hash
If (-not ($actualHash -eq $fileHash))
@@ -111,6 +113,8 @@ Invoke-Command -computername dc -Credential (new-object pscredential("windomain\
If (-not (Test-Path "$env:temp\gatewaysetup.zip")) {
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) [$env:computername] Downloading ATA Lightweight Gateway from WEF now..."
# Disabling the progress bar speeds up IWR https://github.com/PowerShell/PowerShell/issues/2138
$ProgressPreference = 'SilentlyContinue'
Invoke-WebRequest -uri https://wef/api/management/softwareUpdates/gateways/deploymentPackage -UseBasicParsing -OutFile "$env:temp\gatewaysetup.zip" -Credential (new-object pscredential("wef\vagrant", (convertto-securestring -AsPlainText -Force -String "vagrant")))
Expand-Archive -Path "$env:temp\gatewaysetup.zip" -DestinationPath "$env:temp\gatewaysetup" -Force
}

2
Vagrant/scripts/install-osquery.ps1
View File

@@ -11,6 +11,8 @@ If (-not ($service)) {
# Download the flags file from the Palantir osquery-configuration Github
# GitHub requires TLS 1.2 as of 2/1/2018
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
# Disabling the progress bar speeds up IWR https://github.com/PowerShell/PowerShell/issues/2138
$ProgressPreference = 'SilentlyContinue'
Invoke-WebRequest -Uri "https://raw.githubusercontent.com/palantir/osquery-configuration/master/Classic/Endpoints/Windows/osquery.flags" -OutFile $flagfile
## Use the TLS config

74
Vagrant/scripts/install-redteam.ps1
View File

@@ -3,6 +3,11 @@
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing Red Team Tooling..."
$hostname = $(hostname)
# Disabling the progress bar speeds up IWR https://github.com/PowerShell/PowerShell/issues/2138
$ProgressPreference = 'SilentlyContinue'
# GitHub requires TLS 1.2 as of 2/27
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
# Windows Defender should be disabled already by O&O ShutUp10 and the GPO
If ($hostname -eq "win10") {
# Adding Defender exclusions just in case
@@ -18,75 +23,78 @@ If ($hostname -ne "win10" -And (Get-Service -Name WinDefend -ErrorAction Silentl
Try {
Uninstall-WindowsFeature Windows-Defender -ErrorAction Stop
Uninstall-WindowsFeature Windows-Defender-Features -ErrorAction Stop
}
Catch {
} Catch {
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Windows Defender did not uninstall successfully..."
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) We'll try again during install-red-team.ps1"
}
}
Else {
} Else {
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Windows Defender has already been disabled or uninstalled."
}
# Purpose: Downloads and unzips a copy of the latest Mimikatz trunk
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Determining latest release of Mimikatz..."
# GitHub requires TLS 1.2 as of 2/27
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$tag = (Invoke-WebRequest "https://api.github.com/repos/gentilkiwi/mimikatz/releases" -UseBasicParsing | ConvertFrom-Json)[0].tag_name
$mimikatzDownloadUrl = "https://github.com/gentilkiwi/mimikatz/releases/download/$tag/mimikatz_trunk.zip"
$mimikatzRepoPath = 'C:\Users\vagrant\AppData\Local\Temp\mimikatz_trunk.zip'
if (-not (Test-Path $mimikatzRepoPath)) {
If (-not (Test-Path $mimikatzRepoPath)) {
Invoke-WebRequest -Uri "$mimikatzDownloadUrl" -OutFile $mimikatzRepoPath
Expand-Archive -path "$mimikatzRepoPath" -destinationpath 'c:\Tools\Mimikatz' -Force
}
else {
} Else {
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Mimikatz was already installed. Moving On."
}
# Download and unzip a copy of PowerSploit
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading Powersploit..."
# GitHub requires TLS 1.2 as of 2/27
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$powersploitDownloadUrl = "https://github.com/PowerShellMafia/PowerSploit/archive/dev.zip"
$powersploitRepoPath = "C:\Users\vagrant\AppData\Local\Temp\powersploit.zip"
if (-not (Test-Path $powersploitRepoPath)) {
If (-not (Test-Path $powersploitRepoPath)) {
Invoke-WebRequest -Uri "$powersploitDownloadUrl" -OutFile $powersploitRepoPath
Expand-Archive -path "$powersploitRepoPath" -destinationpath 'c:\Tools\PowerSploit' -Force
Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\System32\WindowsPowerShell\v1.0\Modules" -Recurse -Force
}
else {
} Else {
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) PowerSploit was already installed. Moving On."
}
# Download and unzip a copy of Atomic Red Team
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading Atomic Red Team..."
# GitHub requires TLS 1.2 as of 2/27
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$atomicRedTeamDownloadUrl = "https://github.com/redcanaryco/atomic-red-team/archive/master.zip"
$atomicRedTeamRepoPath = "C:\Users\vagrant\AppData\Local\Temp\atomic_red_team.zip"
if (-not (Test-Path $atomicRedTeamRepoPath)) {
Invoke-WebRequest -Uri "$atomicRedTeamDownloadUrl" -OutFile "$atomicRedTeamRepoPath"
Expand-Archive -path "$atomicRedTeamRepoPath" -destinationpath 'c:\Tools\Atomic Red Team' -Force
}
else {
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Atomic Red Team was already installed. Moving On."
}
# Download and unzip a copy of BadBlood
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading BadBlood..."
# GitHub requires TLS 1.2 as of 2/27
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$badbloodDownloadUrl = "https://github.com/davidprowe/BadBlood/archive/master.zip"
$badbloodRepoPath = "C:\Users\vagrant\AppData\Local\Temp\badblood.zip"
if (-not (Test-Path $badbloodRepoPath)) {
If (-not (Test-Path $badbloodRepoPath)) {
Invoke-WebRequest -Uri "$badbloodDownloadUrl" -OutFile "$badbloodRepoPath"
Expand-Archive -path "$badbloodRepoPath" -destinationpath 'c:\Tools\BadBlood' -Force
# Lower the number of default users to be created by BadBlood
$invokeBadBloodPath = "c:\Tools\BadBlood\BadBlood-master\Invoke-BadBlood.ps1"
((Get-Content -path $invokeBadBloodPath -Raw) -replace '1000..5000','500..1500') | Set-Content -Path $invokeBadBloodPath
}
else {
} Else {
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) BadBlood was already installed. Moving On."
}
# Download and install Invoke-AtomicRedTeam
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading Invoke-AtomicRedTeam and atomic tests..."
If (-not (Test-Path "C:\Tools\AtomicRedTeam")) {
Install-PackageProvider -Name NuGet -Force
IEX (IWR 'https://raw.githubusercontent.com/redcanaryco/invoke-atomicredteam/master/install-atomicredteam.ps1' -UseBasicParsing);
Install-AtomicRedTeam -getAtomics -InstallPath "c:\Tools\AtomicRedTeam"
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Updating Profile.ps1 to import the Invoke-AtomicRedTeam module..."
Add-Content -Path C:\Windows\System32\WindowsPowerShell\v1.0\Profile.ps1 'Import-Module "C:\Tools\AtomicRedTeam\invoke-atomicredteam\Invoke-AtomicRedTeam.psd1" -Force
$PSDefaultParameterValues = @{"Invoke-AtomicTest:PathToAtomicsFolder"="C:\Tools\AtomicRedTeam\atomics"}' -Force
} Else {
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Invoke-AtomicRedTeam was already installed. Moving On."
}
# Purpose: Downloads the latest release of PurpleSharpNewtonsoft.Json.dll
New-Item -Path "c:\Tools\" -Name "PurpleSharp" -ItemType "directory"
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Determining latest release of Purplesharp..."
$tag = (Invoke-WebRequest "https://api.github.com/repos/mvelazc0/PurpleSharp/releases" -UseBasicParsing | ConvertFrom-Json)[0].tag_name
$purplesharpDownloadUrl = "https://github.com/mvelazc0/PurpleSharp/releases/download/$tag/PurpleSharp.exe"
$purplesharpDllDownloadURL = "https://github.com/mvelazc0/PurpleSharp/releases/download/$tag/Newtonsoft.Json.dll"
If (-not (Test-Path "c:\Tools\PurpleSharp\PurpleSharp.exe")) {
Invoke-WebRequest -Uri $purplesharpDownloadUrl -OutFile "c:\Tools\PurpleSharp\PurpleSharp.exe"
Invoke-WebRequest -Uri $purplesharpDllDownloadUrl -OutFile "c:\Tools\PurpleSharp\Newtonsoft.Json.dll"
}
Else {
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) PurpleSharp was already installed. Moving On."
}
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Red Team tooling installation complete!"

2
Vagrant/scripts/install-velociraptor.ps1
View File

@@ -12,6 +12,8 @@ If (Select-String -Path "c:\windows\system32\drivers\etc\hosts" -Pattern "logger
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Determining latest release of Velociraptor..."
# GitHub requires TLS 1.2 as of 2/27
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
# Disabling the progress bar speeds up IWR https://github.com/PowerShell/PowerShell/issues/2138
$ProgressPreference = 'SilentlyContinue'
$tag = (Invoke-WebRequest "https://api.github.com/repos/Velocidex/velociraptor/releases" -UseBasicParsing | ConvertFrom-Json)[0].tag_name
# Workaround hardcoded URL until this issue gets fixed: https://github.com/Velocidex/velociraptor/issues/528
$velociraptorDownloadUrl = "https://github.com/Velocidex/velociraptor/releases/download/v0.4.7/velociraptor-v0.4.7-1-windows-amd64.msi"

10
Vagrant/scripts/provision.ps1
View File

@@ -1,6 +1,7 @@
# Purpose: Sets timezone to UTC, sets hostname, creates/joins domain.
# Source: https://github.com/StefanScherer/adfs2
$ProfilePath = "C:\Windows\System32\WindowsPowerShell\v1.0\profile.ps1"
$box = Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName -Name "ComputerName"
$box = $box.ComputerName.ToString().ToLower()
@@ -10,6 +11,15 @@ c:\windows\system32\tzutil.exe /s "UTC"
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Checking if Windows evaluation is expiring soon or expired..."
. c:\vagrant\scripts\fix-windows-expiration.ps1
If (!(Test-Path $ProfilePath)) {
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Disabling the Invoke-WebRequest download progress bar globally for speed improvements."
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) See https://github.com/PowerShell/PowerShell/issues/2138 for more info"
New-Item -Path $ProfilePath | Out-Null
If (!(Get-Content $Profilepath| % { $_ -match "SilentlyContinue" } )) {
Add-Content -Path $ProfilePath -Value "$ProgressPreference = 'SilentlyContinue'"
}
}
# Ping DetectionLab server for usage statistics
curl -userAgent "DetectionLab-$box" "https://ping.detectionlab.network/$box" -UseBasicParsing | out-null

439
build.ps1
View File

@@ -1,439 +0,0 @@
#Requires -Version 4.0
<#
.Synopsis
This script is used to deploy a fresh install of DetectionLab
.DESCRIPTION
This scripts runs a series of tests before running through the
DetectionLab deployment. It checks:
* If Packer and Vagrant are installed
* If VirtualBox or VMware are installed
* If the proper vagrant plugins are available
* Various aspects of system health
Post deployment it also verifies that services are installed and
running.
If you encounter issues, feel free to open an issue at
https://github.com/clong/DetectionLab/issues
.PARAMETER ProviderName
The Hypervisor you're using for the lab. Valid options are 'virtualbox' or 'vmware_desktop'
.PARAMETER PackerOnly
This switch skips deploying boxes with vagrant after being built by Packer
.PARAMETER VagrantOnly
This switch skips building Packer boxes and instead downloads from Vagrant Cloud
.EXAMPLE
build.ps1 -ProviderName virtualbox
This builds DetectionLab using virtualbox and the default path for Packer (C:\Hashicorp\packer.exe)
.EXAMPLE
build.ps1 -ProviderName vmware_desktop
This builds the DetectionLab using VMware and sets the Packer path to 'C:\packer.exe'
.EXAMPLE
build.ps1 -ProviderName vmware_desktop -VagrantOnly
This command builds the DetectionLab using VMware and skips the Packer process, downloading the boxes instead.
#>
[cmdletbinding()]
Param(
# Vagrant provider to use.
[ValidateSet('virtualbox', 'vmware_desktop')]
[string]$ProviderName,
[switch]$PackerOnly,
[switch]$VagrantOnly
)
$DL_DIR = Split-Path -Parent -Path $MyInvocation.MyCommand.Definition
$LAB_HOSTS = ('logger', 'dc', 'wef', 'win10')
function install_checker {
param(
[string]$Name
)
$results = Get-ItemProperty 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*' | Select-Object DisplayName
$results += Get-ItemProperty 'HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*' | Select-Object DisplayName
forEach ($result in $results) {
if ($result -like "*$Name*") {
return $true
}
}
return $false
}
function check_packer {
# Check if Packer is in path
Try {
Get-Command packer.exe -ErrorAction Stop | Out-Null
} Catch {
Write-Error 'Packer was not found in your PATH. Please correct this before continuing.' -ForegroundColor yellow
Write-Error 'Please note that packer is not required if you pass the "-VagrantOnly" flag to the build.ps1 script.' -ForegroundColor yellow
Write-Error 'Packer is only required if you prefer to create boxes from scratch rather than using the pre-built ones.' -ForegroundColor yellow
break
}
}
function check_vagrant {
# Check if Vagrant is in path
Try {
Get-Command vagrant.exe -ErrorAction Stop | Out-Null
}
Catch {
Write-Error 'Vagrant was not found. Please correct this before continuing.' -ForegroundColor red
Break
}
# Check Vagrant version >= 2.2.9
[System.Version]$vagrant_version = $(vagrant --version).Split(' ')[1]
[System.Version]$version_comparison = 2.2.9
if ($vagrant_version -lt $version_comparison) {
Write-Warning 'It is highly recommended to use Vagrant 2.2.9 or above before continuing' -ForegroundColor yellow
}
}
# Returns false if not installed or true if installed
function check_virtualbox_installed {
Write-Host '[check_virtualbox_installed] Running..' -ForegroundColor green
if (install_checker -Name "VirtualBox") {
Write-Host '[check_virtualbox_installed] Virtualbox found.' -ForegroundColor green
return $true
}
else {
Write-Host '[check_virtualbox_installed] Virtualbox not found.' -ForegroundColor green
return $false
}
}
function check_vmware_workstation_installed {
Write-Host '[check_vmware_workstation_installed] Running..' -ForegroundColor green
if (install_checker -Name "VMware Workstation") {
Write-Host '[check_vmware_workstation_installed] VMware Workstation found.' -ForegroundColor green
return $true
}
else {
Write-Host '[check_vmware_workstation_installed] VMware Workstation not found.' -ForegroundColor green
return $false
}
}
function check_vmware_vagrant_plugin_installed {
Write-Host '[check_vmware_vagrant_plugin_installed] Running..' -ForegroundColor green
if (vagrant plugin list | Select-String 'vagrant-vmware-workstation') {
Write-Host 'The vagrant VMware Workstation plugin is no longer supported.' -ForegroundColor red
Write-Host 'Please upgrade to the VMware Desktop plugin: https://www.vagrantup.com/docs/vmware/installation.html' -ForegroundColor red
return $false
}
if (vagrant plugin list | Select-String 'vagrant-vmware-desktop') {
Write-Host '[check_vmware_vagrant_plugin_installed] Vagrant VMware Desktop plugin found.' -ForegroundColor green
return $true
}
else {
Write-Host 'VMware Workstation is installed, but the vagrant-vmware-desktop plugin is not.' -ForegroundColor yellow
Write-Host 'Visit https://www.vagrantup.com/vmware/index.html#buy-now for more information on how to purchase ($80) and install it' -ForegroundColor yellow
Write-Host 'VMware Workstation will not be listed as a provider until the Vagrant plugin has been installed.' -ForegroundColor yellow
Write-Host 'NOTE: The plugin does not work with trial versions of VMware Workstation' -ForegroundColor yellow
return $false
}
}
function list_providers {
[cmdletbinding()]
param()
$vboxInstalled = 0
$vmwareInstalled = 0
if (check_virtualbox_installed) {
$vboxInstalled=1
}
if (check_vmware_workstation_installed) {
if (check_vmware_vagrant_plugin_installed) {
$vmwareInstalled=1
}
}
# Warn users if Virtualbox and VMware Workstation are both installed.
if (( $vboxInstalled -eq 1 ) -and ( $vmwareInstalled -eq 1 )) {
Write-Host "NOTE:" -ForegroundColor yellow
Write-Host "Both VMware Workstation and Virtualbox appear to be installed on this system." -ForegroundColor yellow
Write-Host "Please consider setting the VAGRANT_DEFAULT_PROVIDER environment variable to prevent confusion." -ForegroundColor yellow
Write-Host "More details can be found here: https://www.vagrantup.com/docs/providers/default" -ForegroundColor yellow
Write-Host "Additionally, please ensure only one providers' network adapters are active at any given time." -ForegroundColor yellow
}
if (($vboxInstalled -eq 0) -and ($vmwareInstalled -eq 0)) {
Write-Error 'You need to install a provider such as VirtualBox or VMware Workstation to continue.' -ForegroundColor red
Write-Error 'Virtualbox is free, the VMware Vagrant Plugin costs $80.' -ForegroundColor red
break
}
while (-Not ($ProviderName -eq 'virtualbox' -or $ProviderName -eq 'vmware_desktop')) {
Write-Host "Available Providers: "
if ($vboxInstalled -eq 1) {
Write-Host '[*] virtualbox' -ForegroundColor green
}
if ($vmwareInstalled -eq 1) {
Write-Host '[*] vmware_desktop' -ForegroundColor green
}
$ProviderName = Read-Host 'Which provider would you like to use?'
Write-Debug "ProviderName = $ProviderName"
if (-Not ($ProviderName -eq 'virtualbox' -or $ProviderName -eq 'vmware_desktop')) {
Write-Error "Please choose a valid provider. $ProviderName is not a valid option"
}
}
return $ProviderName
}
function preflight_checks {
Write-Host '[preflight_checks] Running..' -ForegroundColor green
# Verify CredentialGuard isn't enabled
if (('CredentialGuard' -match ((Get-ComputerInfo).DeviceGuardSecurityServicesConfigured) -eq "True")) {
Write-Host "WARNING: CredentialGuard appears to be enabled on this system which can cause issues with Virtualbox." -ForegroundColor yellow
Write-Host "See this thread for more info: https://forums.virtualbox.org/viewtopic.php?f=25&t=82106" -ForegroundColor yellow
$Confirmation = Read-Host "Please type 'y' to continue or any other key to exit: "
If ($Confirmation.ToLower() -ne "y") {
Write-Host "You entered \"$Confirmation\", exiting." -ForegroundColor red
exit 0
}
}
if (-Not ($VagrantOnly)) {
Write-Host '[preflight_checks] Checking if Packer is installed' -ForegroundColor green
check_packer
}
if (-Not ($PackerOnly)) {
Write-Host '[preflight_checks] Checking if Vagrant is installed' -ForegroundColor green
check_vagrant
Write-Host '[preflight_checks] Checking for pre-existing boxes..' -ForegroundColor green
if ((Get-ChildItem "$DL_DIR\Boxes\*.box").Count -gt 0) {
Write-Host 'You seem to have at least one .box file present in the Boxes directory already. If you would like fresh boxes downloaded, please remove all .box files from the Boxes directory and re-run this script.' -ForegroundColor yellow
}
# Check to see that no Vagrant instances exist
Write-Host '[preflight_checks] Checking for vagrant instances..' -ForegroundColor green
$CurrentDir = Get-Location
Set-Location "$DL_DIR\Vagrant"
if (($(vagrant status) | Select-String -Pattern "not[ _]created").Count -ne 4) {
vagrant status
Write-Host 'You appear to have already created at least one Vagrant instance. This script does not support already created instances.' -ForegroundColor red
Write-Host 'To continue, cd to the Vagrant directory and run "vagrant destroy -f"' -ForegroundColor red
Write-Host 'After that completes, "cd .." and re-run this script.' -ForegroundColor red
Set-Location "$DL_DIR"
exit 1
}
Set-Location $CurrentDir
# Check available disk space. Recommend 80GB free, warn if less
Write-Host '[preflight_checks] Checking disk space..' -ForegroundColor green
$drives = Get-PSDrive | Where-Object {$_.Provider -like '*FileSystem*'}
$drivesList = @()
forEach ($drive in $drives) {
if ($drive.free -lt 80GB) {
$DrivesList = $DrivesList + $drive
}
}
if ($DrivesList.Count -gt 0) {
Write-Host "The following drives have less than 80GB of free space. They should not be used for deploying DetectionLab" -ForegroundColor yellow
forEach ($drive in $DrivesList) {
Write-Host "[*] $($drive.Name)"
}
Write-Host "You can safely ignore this warning if you are deploying DetectionLab to a different drive." -ForegroundColor yellow
}
# Ensure the vagrant-reload plugin is installed
Write-Host '[preflight_checks] Checking if vagrant-reload is installed..' -ForegroundColor green
if (-Not (vagrant plugin list | Select-String 'vagrant-reload')) {
Write-Host 'The vagrant-reload plugin is required and not currently installed. This script will attempt to install it now.' -ForegroundColor yellow
(vagrant plugin install 'vagrant-reload')
if ($LASTEXITCODE -ne 0) {
Write-Error 'Unable to install the vagrant-reload plugin. Please try to do so manually and re-run this script.' -ForegroundColor red
break
}
}
}
Write-Host '[preflight_checks] Finished.' -ForegroundColor green
}
function packer_build_box {
param(
[string]$Box
)
Write-Host "[packer_build_box] Running for $Box" -ForegroundColor green
$CurrentDir = Get-Location
Set-Location "$DL_DIR\Packer"
Write-Host "Using Packer to build the $BOX Box. This can take 90-180 minutes depending on bandwidth and hardware." -ForegroundColor green
$env:PACKER_LOG=1
$env:PACKER_LOG_PATH="$DL_DIR\Packer\packer.log"
&packer @('build', "--only=$PackerProvider-iso", "$box.json")
Write-Host "[packer_build_box] Finished for $Box. Got exit code: $LASTEXITCODE" -ForegroundColor green
if ($LASTEXITCODE -ne 0) {
Write-Error "Something went wrong while attempting to build the $BOX box."
Write-Host "To file an issue, please visit https://github.com/clong/DetectionLab/issues/"
break
}
Set-Location $CurrentDir
}
function move_boxes {
Write-Host "[move_boxes] Running.." -ForegroundColor green
Move-Item -Path $DL_DIR\Packer\*.box -Destination $DL_DIR\Boxes
if (-Not (Test-Path "$DL_DIR\Boxes\windows_10_$PackerProvider.box")) {
Write-Host "Windows 10 box is missing from the Boxes directory. Quitting." -ForegroundColor red
break
}
if (-Not (Test-Path "$DL_DIR\Boxes\windows_2016_$PackerProvider.box")) {
Write-Error "Windows 2016 box is missing from the Boxes directory. Quitting." -ForegroundColor red
break
}
Write-Host "[move_boxes] Finished." -ForegroundColor green
}
function vagrant_up_host {
param(
[string]$VagrantHost
)
Write-Host "[vagrant_up_host] Running for $VagrantHost" -ForegroundColor green
Write-Host "Attempting to bring up the $VagrantHost host using Vagrant" -ForegroundColor green
$CurrentDir = Get-Location
Set-Location "$DL_DIR\Vagrant"
Set-Variable VAGRANT_LOG=info
&vagrant.exe @('up', $VagrantHost, '--provider', "$ProviderName") 2>&1 | Out-File -FilePath ".\vagrant_up_$VagrantHost.log"
Set-Location $CurrentDir
Write-Host "[vagrant_up_host] Finished for $VagrantHost. Got exit code: $LASTEXITCODE" -ForegroundColor green
return $LASTEXITCODE
}
function vagrant_reload_host {
param(
[string]$VagrantHost
)
Write-Host "[vagrant_reload_host] Running for $VagrantHost" -ForegroundColor green
$CurrentDir = Get-Location
Set-Location "$DL_DIR\Vagrant"
&vagrant.exe @('reload', $VagrantHost, '--provision') 2>&1 | Out-File -FilePath ".\vagrant_up_$VagrantHost.log" -Append
Set-Location $CurrentDir
Write-Host "[vagrant_reload_host] Finished for $VagrantHost. Got exit code: $LASTEXITCODE" -ForegroundColor green
return $LASTEXITCODE
}
function download {
param(
[string]$URL,
[string]$PatternToMatch,
[switch]$SuccessOn401
)
Write-Host "[download] Running for $URL, looking for $PatternToMatch" -ForegroundColor green
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$wc = New-Object System.Net.WebClient
try
{
$result = $wc.DownloadString($URL)
if ($result -like "*$PatternToMatch*") {
Write-Host "[download] Found $PatternToMatch at $URL" -ForegroundColor green
return $true
}
else {
Write-Host "[download] Could not find $PatternToMatch at $URL" -ForegroundColor red
return $false
}
}
catch
{
if ($_.Exception.InnerException.Response.StatusCode -eq 401 -and $SuccessOn401.IsPresent)
{
return $true
}
else
{
Write-Host "Error occured on webrequest: $_" -ForegroundColor red
return $false
}
}
}
function post_build_checks {
Write-Host '[post_build_checks] Running Splunk Check.'
$SPLUNK_CHECK = download -URL 'https://192.168.38.105:8000/en-US/account/login?return_to=%2Fen-US%2F' -PatternToMatch 'This browser is not supported by Splunk'
Write-Host "[post_build_checks] Splunk Result: $SPLUNK_CHECK"
Write-Host '[post_build_checks] Running Fleet Check.'
$FLEET_CHECK = download -URL 'https://192.168.38.105:8412' -PatternToMatch 'Kolide Fleet'
Write-Host "[post_build_checks] Fleet Result: $FLEET_CHECK"
Write-Host '[post_build_checks] Running MS ATA Check.'
$ATA_CHECK = download -URL 'https://192.168.38.103' -SuccessOn401
Write-Host "[post_build_checks] ATA Result: $ATA_CHECK"
if ($SPLUNK_CHECK -eq $false) {
Write-Warning 'Splunk failed post-build tests and may not be functioning correctly.' -ForegroundColor yellow
}
if ($FLEET_CHECK -eq $false) {
Write-Warning 'Fleet failed post-build tests and may not be functioning correctly.' -ForegroundColor yellow
}
if ($ATA_CHECK -eq $false) {
Write-Warning 'MS ATA failed post-build tests and may not be functioning correctly.' -ForegroundColor yellow
}
}
# If no ProviderName was provided, get a provider
if ($ProviderName -eq $Null -or $ProviderName -eq "") {
$ProviderName = list_providers
}
# Set Provider variable for use deployment functions
if ($ProviderName -eq 'vmware_desktop') {
$PackerProvider = 'vmware'
}
else {
$PackerProvider = 'virtualbox'
}
# Run check functions
preflight_checks
# Build Packer Boxes
if (!($VagrantOnly)) {
packer_build_box -Box 'windows_2016'
packer_build_box -Box 'windows_10'
# Move Packer Boxes
move_boxes
}
if (!($PackerOnly)) {
# Vagrant up each box and attempt to reload one time if it fails
forEach ($VAGRANT_HOST in $LAB_HOSTS) {
Write-Host "[main] Running vagrant_up_host for: $VAGRANT_HOST" -ForegroundColor green
$result = vagrant_up_host -VagrantHost $VAGRANT_HOST
Write-Host "[main] vagrant_up_host finished. Exitcode: $result" -ForegroundColor green
if ($result -eq '0') {
Write-Host "Good news! $VAGRANT_HOST was built successfully!" -ForegroundColor green
}
else {
Write-Warning "Something went wrong while attempting to build the $VAGRANT_HOST box." -ForegroundColor yellow
Write-Host "Attempting to reload and reprovision the host..." -ForegroundColor green
Write-Host "[main] Running vagrant_reload_host for: $VAGRANT_HOST" -ForegroundColor green
$retryResult = vagrant_reload_host -VagrantHost $VAGRANT_HOST
if ($retryResult -ne 0) {
Write-Error "Failed to bring up $VAGRANT_HOST after a reload. Exiting" -ForegroundColor red
break
}
}
Write-Host "[main] Finished for: $VAGRANT_HOST" -ForegroundColor green
}
Write-Host "[main] Running post_build_checks" -ForegroundColor green
post_build_checks
Write-Host "[main] Finished post_build_checks" -ForegroundColor green
}

424
build.sh
View File

@@ -1,424 +0,0 @@
#! /bin/bash
# This script is meant to be used with a fresh clone of DetectionLab and
# will fail to run if boxes have already been created or any of the steps
# from the README have already been run followed.
# Only MacOS and Linux are supported. Use build.ps1 for Windows.
# If you encounter issues, feel free to open an issue at
# https://github.com/clong/DetectionLab/issues
print_usage() {
echo "Usage: ./build.sh <virtualbox | vmware_desktop> <--vagrant-only | --packer-only>"
exit 0
}
check_packer_path() {
# Check for existence of Packer in PATH
if ! which packer >/dev/null; then
(echo >&2 "Packer was not found in your PATH.")
(echo >&2 "Please correct this before continuing. Quitting.")
(echo >&2 "Hint: sudo cp ./packer /usr/local/bin/packer; sudo chmod +x /usr/local/bin/packer")
exit 1
fi
}
check_vagrant_path() {
# Check for existence of Vagrant in PATH
if ! which vagrant >/dev/null; then
(echo >&2 "Vagrant was not found in your PATH.")
(echo >&2 "Please correct this before continuing. Quitting.")
exit 1
fi
# Ensure Vagrant >= 2.2.7
# https://unix.stackexchange.com/a/285928
VAGRANT_VERSION="$(vagrant --version | cut -d ' ' -f 2)"
REQUIRED_VERSION="2.2.7"
# If the version of Vagrant is not greater than the required version
if ! [ "$(printf '%s\n' "$REQUIRED_VERSION" "$VAGRANT_VERSION" | sort -V | head -n1)" = "$REQUIRED_VERSION" ]; then
(echo >&2 "WARNING: It is highly recommended to use Vagrant $REQUIRED_VERSION or above before continuing")
fi
}
# Returns 0 if not installed or 1 if installed
check_virtualbox_installed() {
if which VBoxManage >/dev/null; then
echo "1"
else
echo "0"
fi
}
# Returns 0 if not installed or 1 if installed
# Check for VMWare Workstation on Linux
check_vmware_workstation_installed() {
if which vmrun >/dev/null; then
echo "1"
else
echo "0"
fi
}
# Returns 0 if not installed or 1 if installed
check_vmware_fusion_installed() {
if [ -e "/Applications/VMware Fusion.app" ]; then
echo "1"
else
echo "0"
fi
}
# Returns 0 if not installed or 1 if installed
check_vmware_desktop_vagrant_plugin_installed() {
LEGACY_PLUGIN_CHECK="$(vagrant plugin list | grep -c 'vagrant-vmware-fusion')"
if [ "$LEGACY_PLUGIN_CHECK" -gt 0 ]; then
(echo >&2 "The VMware Fusion Vagrant plugin is deprecated and is no longer supported by the DetectionLab build script.")
(echo >&2 "Please upgrade to the VMware Desktop plugin: https://www.vagrantup.com/docs/vmware/installation.html")
(echo >&2 "NOTE: The VMware plugin does not work with trial versions of VMware Fusion")
echo "0"
fi
VAGRANT_VMWARE_DESKTOP_PLUGIN_PRESENT="$(vagrant plugin list | grep -c 'vagrant-vmware-desktop')"
if [ "$VAGRANT_VMWARE_DESKTOP_PLUGIN_PRESENT" -eq 0 ]; then
(echo >&2 "VMWare Fusion or Workstation is installed, but the vagrant-vmware-desktop plugin is not.")
(echo >&2 "If you are seeing this, you may have the deprecated vagrant-vmware-fusion plugin installed. Please remove it and install the vagrant-vmware-desktop plugin.")
(echo >&2 "Visit https://www.hashicorp.com/blog/introducing-the-vagrant-vmware-desktop-plugin for more information on how to purchase and install it")
(echo >&2 "VMWare Fusion or Workstation will not be listed as a provider until the vagrant-vmware-desktop plugin has been installed.")
echo "0"
else
echo "$VAGRANT_VMWARE_DESKTOP_PLUGIN_PRESENT"
fi
}
# List the available Vagrant providers present on the system
list_providers() {
VBOX_PRESENT=0
VMWARE_FUSION_PRESENT=0
if [ "$(uname)" == "Darwin" ]; then
# Detect Providers on OSX
VBOX_PRESENT=$(check_virtualbox_installed)
VMWARE_FUSION_PRESENT=$(check_vmware_fusion_installed)
VMWARE_WORKSTATION_PRESENT=0 # Workstation doesn't exists on Darwain-based OS
VAGRANT_VMWARE_DESKTOP_PLUGIN_PRESENT=$(check_vmware_desktop_vagrant_plugin_installed)
else
# Assume the only other available provider is VirtualBox
VBOX_PRESENT=$(check_virtualbox_installed)
VMWARE_WORKSTATION_PRESENT=$(check_vmware_workstation_installed)
VMWARE_FUSION_PRESENT=0 # Fusion doesn't exist on non-Darwin OS
VAGRANT_VMWARE_DESKTOP_PLUGIN_PRESENT=$(check_vmware_desktop_vagrant_plugin_installed)
fi
(echo >&2 "Available Providers:")
if [ "$VBOX_PRESENT" == "1" ]; then
(echo >&2 "virtualbox")
fi
if [[ $VMWARE_FUSION_PRESENT -eq 1 ]] && [[ $VAGRANT_VMWARE_DESKTOP_PLUGIN_PRESENT -eq 1 ]]; then
(echo >&2 "vmware_desktop")
fi
if [[ $VMWARE_WORKSTATION_PRESENT -eq 1 ]] && [[ $VAGRANT_VMWARE_DESKTOP_PLUGIN_PRESENT -eq 1 ]]; then
(echo >&2 "vmware_desktop")
fi
if [[ $VBOX_PRESENT -eq 0 ]] && [[ $VMWARE_FUSION_PRESENT -eq 0 ]] && [[ $VMWARE_WORKSTATION -eq 0 ]]; then
(echo >&2 "You need to install a provider such as VirtualBox or VMware Fusion to continue.")
exit 1
fi
(echo >&2 -e "\\nWhich provider would you like to use?")
read -r PROVIDER
# Sanity check
if [[ "$PROVIDER" != "virtualbox" ]] && [[ "$PROVIDER" != "vmware_desktop" ]]; then
(echo >&2 "Please choose a valid provider. \"$PROVIDER\" is not a valid option.")
exit 1
fi
echo "$PROVIDER"
}
# Check to see if boxes exist in the "Boxes" directory already
check_boxes_built() {
BOXES_BUILT=$(find "$DL_DIR"/Boxes -name "*.box" | wc -l)
if [ "$BOXES_BUILT" -gt 0 ]; then
if [ "$VAGRANT_ONLY" -eq 1 ]; then
(echo >&2 "WARNING: You seem to have at least one .box file present in $DL_DIR/Boxes already. If you would like fresh boxes downloaded, please remove all files from the Boxes directory and re-run this script.")
else
(echo >&2 "You seem to have at least one .box file in $DL_DIR/Boxes. This script does not support pre-built boxes. Please either delete the existing boxes or follow the build steps in the README to continue.")
exit 1
fi
fi
}
# Check to see if any Vagrant instances exist already
check_vagrant_instances_exist() {
cd "$DL_DIR"/Vagrant/ || exit 1
# Vagrant status has the potential to return a non-zero error code, so we work around it with "|| true"
VAGRANT_BUILT=$(vagrant status | grep -c 'not created') || true
if [ "$VAGRANT_BUILT" -ne 4 ]; then
(echo >&2 "You appear to have already created at least one Vagrant instance. This script does not support pre-created instances. Please either destroy the existing instances or follow the build steps in the README to continue.")
exit 1
fi
}
check_vagrant_reload_plugin() {
# Ensure the vagrant-reload plugin is installed
VAGRANT_RELOAD_PLUGIN_INSTALLED=$(vagrant plugin list | grep -c 'vagrant-reload')
if [ "$VAGRANT_RELOAD_PLUGIN_INSTALLED" != "1" ]; then
(echo >&2 "The vagrant-reload plugin is required and not currently installed. This script will attempt to install it now.")
if ! $(which vagrant) plugin install "vagrant-reload"; then
(echo >&2 "Unable to install the vagrant-reload plugin. Please try to do so manually and re-run this script.")
exit 1
fi
fi
}
# Check available disk space. Recommend 80GB free, warn if less.
check_disk_free_space() {
FREE_DISK_SPACE=$(df -m "$HOME" | tr -s ' ' | grep '/' | cut -d ' ' -f 4)
if [ "$FREE_DISK_SPACE" -lt 80000 ]; then
(echo >&2 -e "Warning: You appear to have less than 80GB of HDD space free on your primary partition. If you are using a separate parition, you may ignore this warning.\n")
(df >&2 -m "$HOME")
(echo >&2 "")
fi
}
# Check to see if curl is in PATH - needed for post-install checks
check_curl(){
if ! which curl >/dev/null; then
(echo >&2 "Please install curl and make sure it is in your PATH.")
exit 1
fi
}
# Check Packer version against known "bad" versions
check_packer_known_bad() {
if [ "$(packer --version)" == '1.1.2' ]; then
(echo >&2 "Packer 1.1.2 is not supported. Please upgrade to a newer version and see https://github.com/hashicorp/packer/issues/5622 for more information.")
exit 1
fi
}
# A series of checks to identify potential issues before starting the build
preflight_checks() {
# If it's not a Vagrant-only build, then run Packer-related checks
if [ "$VAGRANT_ONLY" -eq 0 ]; then
check_packer_path
check_packer_known_bad
fi
# If it's not a Packer-only build, then run Vagrant-related checks
if [ "$PACKER_ONLY" -eq 0 ]; then
check_vagrant_path
check_vagrant_instances_exist
check_vagrant_reload_plugin
fi
check_boxes_built
check_disk_free_space
check_curl
}
# Builds a box using Packer
packer_build_box() {
BOX="$1"
cd "$DL_DIR/Packer" || exit 1
(echo >&2 "Using Packer to build the $BOX Box. This can take 90-180 minutes depending on bandwidth and hardware.")
PACKER_LOG=1 PACKER_LOG_PATH="$DL_DIR/Packer/packer_build.log" $(which packer) build --only="$PACKER_PROVIDER-iso" "$BOX".json >&2
echo "$?"
}
# Moves the boxes from the Packer directory to the Boxes directory
move_boxes() {
mv "$DL_DIR"/Packer/*.box "$DL_DIR"/Boxes
# Ensure Windows 10 box exists
if [ ! -f "$DL_DIR"/Boxes/windows_10_"$PACKER_PROVIDER".box ]; then
(echo >&2 "Windows 10 box is missing from the Boxes directory. Qutting.")
exit 1
fi
# Ensure Windows 2016 box exists
if [ ! -f "$DL_DIR"/Boxes/windows_2016_"$PACKER_PROVIDER".box ]; then
(echo >&2 "Windows 2016 box is missing from the Boxes directory. Qutting.")
exit 1
fi
}
# Brings up a single host using Vagrant
vagrant_up_host() {
HOST="$1"
(echo >&2 "Attempting to bring up the $HOST host using Vagrant")
cd "$DL_DIR"/Vagrant || exit 1
$(which vagrant) up "$HOST" --provider="$PROVIDER" &> "$DL_DIR/Vagrant/vagrant_up_$HOST.log"
echo "$?"
}
# Attempts to reload and re-provision a host if the intial "vagrant up" fails
vagrant_reload_host() {
HOST="$1"
cd "$DL_DIR"/Vagrant || exit 1
# Attempt to reload the host if the vagrant up command didn't exit cleanly
$(which vagrant) reload "$HOST" --provision >>"$DL_DIR/Vagrant/vagrant_up_$HOST.log" 2>&1
echo "$?"
}
# A series of checks to ensure important services are responsive after the build completes.
post_build_checks() {
# If the curl operation fails, we'll just leave the variable equal to 0
# This is needed to prevent the script from exiting if the curl operation fails
SPLUNK_CHECK=$(curl -ks -m 2 https://192.168.38.105:8000/en-US/account/login?return_to=%2Fen-US%2F | grep -c 'This browser is not supported by Splunk' || echo "")
FLEET_CHECK=$(curl -ks -m 2 https://192.168.38.105:8412 | grep -c 'Kolide Fleet' || echo "")
ATA_CHECK=$(curl --fail --write-out "%{http_code}" -ks https://192.168.38.103 -m 2)
[[ $ATA_CHECK == 401 ]] && ATA_CHECK=1
BASH_MAJOR_VERSION=$(/bin/bash --version | grep 'GNU bash' | grep -oi version\.\.. | cut -d ' ' -f 2 | cut -d '.' -f 1)
# Associative arrays are only supported in bash 4 and up
if [ "$BASH_MAJOR_VERSION" -ge 4 ]; then
declare -A SERVICES
SERVICES=(["splunk"]="$SPLUNK_CHECK" ["fleet"]="$FLEET_CHECK" ["ms_ata"]="$ATA_CHECK")
for SERVICE in "${!SERVICES[@]}"; do
if [ "${SERVICES[$SERVICE]}" -lt 1 ]; then
(echo >&2 "Warning: $SERVICE failed post-build tests and may not be functioning correctly.")
fi
done
else
if [ "$SPLUNK_CHECK" -lt 1 ]; then
(echo >&2 "Warning: Splunk failed post-build tests and may not be functioning correctly.")
fi
if [ "$FLEET_CHECK" -lt 1 ]; then
(echo >&2 "Warning: Fleet failed post-build tests and may not be functioning correctly.")
fi
if [ "$ATA_CHECK" -lt 1 ]; then
(echo >&2 "Warning: MS ATA failed post-build tests and may not be functioning correctly.")
fi
fi
}
parse_cli_arguments() {
# If no argument was supplied, list available providers
if [ "$#" -eq 0 ]; then
PROVIDER=$(list_providers)
fi
# If more than two arguments were supplied, print usage message
if [ "$#" -gt 2 ]; then
print_usage
exit 1
fi
if [ "$#" -ge 1 ]; then
# If the user specifies the provider as an agument, set the variable
# TODO: Check to make sure they actually have their provider installed
case "$1" in
virtualbox)
PROVIDER="$1"
PACKER_PROVIDER="$1"
;;
vmware_desktop)
PROVIDER="$1"
PACKER_PROVIDER="vmware"
;;
*)
echo "\"$1\" is not a valid provider. Listing available providers:"
PROVIDER=$(list_providers)
;;
esac
fi
if [ $# -eq 2 ]; then
case "$2" in
--packer-only)
PACKER_ONLY=1
;;
--vagrant-only)
VAGRANT_ONLY=1
;;
*)
echo -e "\"$2\" is not recognized as an option. Available options are:\\n--packer-only\\n--vagrant-only"
exit 1
;;
esac
fi
}
build_packer_boxes() {
PACKER_BOXES=("windows_2016" "windows_10")
if [ "$(hostname)" == "packerwindows10" ]; then # Workaround for CI environment
(echo >&2 "CI Environment detected. If you are a user and are seeing this, please file an issue on GitHub.")
RET=$(packer_build_box "windows_10")
if [ "$RET" -eq 0 ]; then
(echo >&2 "Good news! The windows_10 box was built with Packer successfully!")
else
(echo >&2 "Something went wrong while attempting to build the windows_10 box.")
(echo >&2 "To file an issue, please visit https://github.com/clong/DetectionLab/issues/")
exit 1
fi
elif [ "$(hostname)" == "packerwindows2016" ]; then # Workaround for CI environment
(echo >&2 "CI Environment detected. If you are a user and are seeing this, please file an issue on GitHub.")
RET=$(packer_build_box "windows_2016")
if [ "$RET" -eq 0 ]; then
(echo >&2 "Good news! The windows_2016 box was built with Packer successfully!")
else
(echo >&2 "Something went wrong while attempting to build the windows_2016 box.")
(echo >&2 "To file an issue, please visit https://github.com/clong/DetectionLab/issues/")
exit 1
fi
else
for PACKER_BOX in "${PACKER_BOXES[@]}"; do # Normal user workflow
RET=$(packer_build_box "$PACKER_BOX")
if [ "$RET" -eq 0 ]; then
(echo >&2 "Good news! $PACKER_BOX was built successfully!")
else
(echo >&2 "Something went wrong while attempting to build the $PACKER_BOX box.")
(echo >&2 "To file an issue, please visit https://github.com/clong/DetectionLab/issues/")
exit 1
fi
done
fi
}
build_vagrant_hosts() {
LAB_HOSTS=("logger" "dc" "wef" "win10")
# Vagrant up each box and attempt to reload one time if it fails
for VAGRANT_HOST in "${LAB_HOSTS[@]}"; do
RET=$(vagrant_up_host "$VAGRANT_HOST")
if [ "$RET" -eq 0 ]; then
(echo >&2 "Good news! $VAGRANT_HOST was built successfully!")
fi
# Attempt to recover if the intial "vagrant up" fails
if [ "$RET" -ne 0 ]; then
(echo >&2 "Something went wrong while attempting to build the $VAGRANT_HOST box.")
(echo >&2 "Attempting to reload and reprovision the host...")
RETRY_STATUS=$(vagrant_reload_host "$VAGRANT_HOST")
if [ "$RETRY_STATUS" -eq 0 ]; then
(echo >&2 "Good news! $VAGRANT_HOST was built successfully after a reload!")
else
(echo >&2 "Failed to bring up $VAGRANT_HOST after a reload. Exiting.")
exit 1
fi
fi
done
}
main() {
# Get location of build.sh
# https://stackoverflow.com/questions/59895/getting-the-source-directory-of-a-bash-script-from-within
DL_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PACKER_ONLY=0
VAGRANT_ONLY=0
parse_cli_arguments "$@"
preflight_checks
# Build Packer boxes if this isn't a Vagrant-only build
if [ "$VAGRANT_ONLY" -eq 0 ]; then
build_packer_boxes
# The only time we will need to move boxes is if we're doing a full build
if [ "$PACKER_ONLY" -eq 0 ]; then
move_boxes
fi
fi
# Build and Test Vagrant hosts if this isn't a Packer-only build
if [ "$PACKER_ONLY" -eq 0 ]; then
build_vagrant_hosts
post_build_checks
fi
}
main "$@"
exit 0

10
ci/build_machine_bootstrap.sh
View File

@@ -79,8 +79,8 @@ ufw --force enable
echo "[$(date +%H:%M:%S)]: Installing Vagrant..."
mkdir /opt/vagrant
cd /opt/vagrant || exit 1
wget --progress=bar:force https://releases.hashicorp.com/vagrant/2.2.9/vagrant_2.2.9_x86_64.deb
dpkg -i vagrant_2.2.9_x86_64.deb
wget --progress=bar:force https://releases.hashicorp.com/vagrant/2.2.10/vagrant_2.2.10_x86_64.deb
dpkg -i vagrant_2.2.10_x86_64.deb
echo "[$(date +%H:%M:%S)]: Installing vagrant-reload plugin..."
vagrant plugin install vagrant-reload
@@ -110,11 +110,7 @@ if [ $BOXES_PRESENT -eq 1 ]; then
sed -i 's#"detectionlab/win10"#"/mnt/windows_10_virtualbox.box"#g' /opt/DetectionLab/Vagrant/Vagrantfile
fi
# Make the build script is executable
chmod +x /opt/DetectionLab/build.sh
cd /opt/DetectionLab || exit 1
# Start the build in a tmux session
sn=tmuxsession
tmux new-session -s "$sn" -d
tmux send-keys -t "$sn:0" './build.sh virtualbox --vagrant-only && echo "success" > /var/www/html/index.html || echo "failed" > /var/www/html/index.html; umount /mnt && /usr/local/bin/packet-block-storage-detach' Enter
tmux send-keys -t "$sn:0" 'cd /opt/DetectionLab/Vagrant && vagrant up && echo "success" > /var/www/html/index.html || echo "failed" > /var/www/html/index.html; umount /mnt && /usr/local/bin/packet-block-storage-detach' Enter

7
ci/manual_machine_bootstrap.sh
View File

@@ -25,8 +25,8 @@ git clone https://github.com/clong/DetectionLab.git /opt/DetectionLab
# Install Vagrant
mkdir /opt/vagrant
cd /opt/vagrant || exit 1
wget https://releases.hashicorp.com/vagrant/2.2.9/vagrant_2.2.9_x86_64.deb
dpkg -i vagrant_2.2.9_x86_64.deb
wget https://releases.hashicorp.com/vagrant/2.2.10/vagrant_2.2.10_x86_64.deb
dpkg -i vagrant_2.2.10_x86_64.deb
# Disable IPv6 - may help with the vagrant-reload plugin: https://github.com/hashicorp/vagrant/issues/8795#issuecomment-468945063
echo "net.ipv6.conf.all.disable_ipv6=1" >> /etc/sysctl.conf
@@ -50,6 +50,3 @@ for file in *.json; do
sed -i 's/"headless": false,/"headless": true,/g' "$file";
done
# Ensure the script is executable
chmod +x /opt/DetectionLab/build.sh
cd /opt/DetectionLab || exit 1

12
ci/manual_machine_bootstrap_vmware.sh
View File

@@ -28,8 +28,8 @@ git clone https://github.com/clong/DetectionLab.git /opt/DetectionLab
# Install Vagrant
mkdir /opt/vagrant
cd /opt/vagrant || exit 1
wget --progress=bar:force https://releases.hashicorp.com/vagrant/2.2.9/vagrant_2.2.9_x86_64.deb
dpkg -i vagrant_2.2.9_x86_64.deb
wget --progress=bar:force https://releases.hashicorp.com/vagrant/2.2.10/vagrant_2.2.10_x86_64.deb
dpkg -i vagrant_2.2.10_x86_64.deb
# Disable IPv6 - may help with the vagrant-reload plugin: https://github.com/hashicorp/vagrant/issues/8795#issuecomment-468945063
echo "net.ipv6.conf.all.disable_ipv6=1" >> /etc/sysctl.conf
sysctl -p /etc/sysctl.conf > /dev/null
@@ -37,8 +37,8 @@ vagrant plugin install vagrant-reload
vagrant plugin install vagrant-vmware-desktop
echo $LICENSEFILE | base64 -d > /tmp/license.lic
vagrant plugin license vagrant-vmware-desktop /tmp/license.lic
wget --progress=bar:force "https://releases.hashicorp.com/vagrant-vmware-utility/1.0.9/vagrant-vmware-utility_1.0.9_x86_64.deb"
dpkg -i vagrant-vmware-utility_1.0.9_x86_64.deb
wget --progress=bar:force "https://releases.hashicorp.com/vagrant-vmware-utility/1.0.11/vagrant-vmware-utility_1.0.11_x86_64.deb"
dpkg -i vagrant-vmware-utility_1.0.11_x86_64.deb
# Make the Vagrant instances headless
cd /opt/DetectionLab/Vagrant || exit 1
@@ -56,7 +56,3 @@ cd /opt/DetectionLab/Packer || exit 1
for file in *.json; do
sed -i 's/"headless": false,/"headless": true,/g' "$file";
done
# Ensure the script is executable
chmod +x /opt/DetectionLab/build.sh
cd /opt/DetectionLab || exit 1