From fcb8001bbeea4479af044411a99f5a0596a8dcb3 Mon Sep 17 00:00:00 2001 From: Chris Long Date: Mon, 27 Jul 2020 22:19:10 -0700 Subject: [PATCH] ESXi fixes --- ESXi/ansible/roles/common/tasks/main.yml | 11 +--------- ESXi/ansible/roles/logger/tasks/main.yml | 28 +++++++++++++++++++----- ESXi/ansible/roles/win10/tasks/main.yml | 10 +++++++++ Vagrant/scripts/install-utilities.ps1 | 2 +- 4 files changed, 34 insertions(+), 17 deletions(-) diff --git a/ESXi/ansible/roles/common/tasks/main.yml b/ESXi/ansible/roles/common/tasks/main.yml index 029e26c..c9abed4 100644 --- a/ESXi/ansible/roles/common/tasks/main.yml +++ b/ESXi/ansible/roles/common/tasks/main.yml @@ -63,16 +63,7 @@ - wireshark - winpcap state: present - -- name: Install classic-shell with chocolatey - win_chocolatey: - name: - - classic-shell - state: present - install_args: "ADDLOCAL=ClassicStartMenu" - -- name: DetectionLab Menu - win_shell: "\"C:\\Program Files\\Classic Shell\\ClassicStartMenu.exe -xml c:\\vagrant\\resources\\windows\\MenuSettings.xml\"" + ignore_checksums: yes diff --git a/ESXi/ansible/roles/logger/tasks/main.yml b/ESXi/ansible/roles/logger/tasks/main.yml index fce8b74..bab730f 100644 --- a/ESXi/ansible/roles/logger/tasks/main.yml +++ b/ESXi/ansible/roles/logger/tasks/main.yml @@ -217,7 +217,12 @@ /opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/punchcard-custom-visualization_130.tgz -auth 'admin:changeme' /opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/sankey-diagram-custom-visualization_130.tgz -auth 'admin:changeme' /opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/link-analysis-app-for-splunk_161.tgz -auth 'admin:changeme' - /opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/threathunting_141.tgz -auth 'admin:changeme' + /opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/threathunting_143.tgz -auth 'admin:changeme' + + ## Fix a bug with the ThreatHunting App (https://github.com/olafhartong/ThreatHunting/pull/57) + mv /opt/splunk/etc/apps/ThreatHunting/lookups/sysmonevencodes.csv /opt/splunk/etc/apps/ThreatHunting/lookups/sysmoneventcodes.csv + sed -i 's/= sysmoneventcode /= sysmoneventcodes.csv /g' /opt/splunk/etc/apps/ThreatHunting/default/props.conf + sed -i 's/sysmoneventcode.csv/sysmoneventcodes.csv/g' /opt/splunk/etc/apps/ThreatHunting/default/props.conf # Install the Maxmind license key for the ASNgen App if [ ! -z $MAXMIND_LICENSE ]; then @@ -314,12 +319,12 @@ echo "[$(date +%H:%M:%S)]: Waiting for fleet service to start..." while true; do - result=$(curl --silent -k https://192.168.38.105:8412) + result=$(curl --silent -k https://127.0.0.1:8412) if echo "$result" | grep -q setup; then break; fi sleep 1 done - fleetctl config set --address https://192.168.38.105:8412 + fleetctl config set --address https://0.0.0.0:8412 fleetctl config set --tls-skip-verify true fleetctl setup --email admin@detectionlab.network --username admin --password 'admin123#' --org-name DetectionLab fleetctl login --email admin@detectionlab.network --password 'admin123#' @@ -394,19 +399,30 @@ become: yes shell: | echo "[$(date +%H:%M:%S)]: Installing Velociraptor..." - mkdir /opt/install_velociraptor + mkdir /opt/velociraptor echo "[$(date +%H:%M:%S)]: Attempting to determine the URL for the latest release of Velociraptor" LATEST_VELOCIRAPTOR_LINUX_URL=$(curl -sL https://github.com/Velocidex/velociraptor/releases/latest | grep 'linux-amd64' | grep -Eo "/(?[^\"]+)" | grep amd | sed 's#^#https://github.com#g') echo "[$(date +%H:%M:%S)]: The URL for the latest release was extracted as $LATEST_VELOCIRAPTOR_LINUX_URL" echo "[$(date +%H:%M:%S)]: Attempting to download..." - wget -P --progress=bar:force /opt/velociraptor "$LATEST_VELOCIRAPTOR_LINUX_URL" + wget -P /opt/velociraptor --progress=bar:force "$LATEST_VELOCIRAPTOR_LINUX_URL" if [ "$(file /opt/velociraptor/velociraptor*linux-amd64 | grep -c 'ELF 64-bit LSB executable')" -eq 1 ]; then echo "[$(date +%H:%M:%S)]: Velociraptor successfully downloaded!" else echo "[$(date +%H:%M:%S)]: Failed to download the latest version of Velociraptor. Please open a DetectionLab issue on Github." - return fi + cd /opt/velociraptor || exit 1 + mv velociraptor-*-linux-amd64 velociraptor + chmod +x velociraptor + cp /vagrant/resources/velociraptor/server.config.yaml /opt/velociraptor + echo "[$(date +%H:%M:%S)]: Creating Velociraptor dpkg..." + ./velociraptor --config /opt/velociraptor/server.config.yaml debian server + echo "[$(date +%H:%M:%S)]: Installing the dpkg..." + if dpkg -i velociraptor_*_server.deb >/dev/null; then + echo "[$(date +%H:%M:%S)]: Installation complete!" + else + echo "[$(date +%H:%M:%S)]: Failed to install the dpkg" + fi - name: Install Suricata args: executable: /bin/bash diff --git a/ESXi/ansible/roles/win10/tasks/main.yml b/ESXi/ansible/roles/win10/tasks/main.yml index 8782b04..e277e43 100644 --- a/ESXi/ansible/roles/win10/tasks/main.yml +++ b/ESXi/ansible/roles/win10/tasks/main.yml @@ -57,5 +57,15 @@ - name: Clear Event Logs win_shell: "wevtutil el | Select-String -notmatch \"Microsoft-Windows-LiveId\" | Foreach-Object {wevtutil cl \"$_\"}" +- name: Install classic-shell with chocolatey + win_chocolatey: + name: + - classic-shell + state: present + install_args: "ADDLOCAL=ClassicStartMenu" + +- name: DetectionLab Menu + win_shell: "\"C:\\Program Files\\Classic Shell\\ClassicStartMenu.exe -xml c:\\vagrant\\resources\\windows\\MenuSettings.xml\"" + diff --git a/Vagrant/scripts/install-utilities.ps1 b/Vagrant/scripts/install-utilities.ps1 index e321149..930bf85 100755 --- a/Vagrant/scripts/install-utilities.ps1 +++ b/Vagrant/scripts/install-utilities.ps1 @@ -15,6 +15,6 @@ If ($(hostname) -eq "win10") { & "C:\Program Files\Classic Shell\ClassicStartMenu.exe" "-xml" "c:\vagrant\resources\windows\MenuSettings.xml" regedit /s c:\vagrant\resources\windows\MenuStyle_Default_Win7.reg } -choco install -y --limit-output --no-progress NotepadPlusPlus GoogleChrome WinRar +choco install -y --limit-output --no-progress NotepadPlusPlus GoogleChrome WinRar Write-Host "Utilties installation complete!"