diff --git a/.github/workflows/kali-top10-wf.yml b/.github/workflows/kali-top10-wf.yml new file mode 100644 index 0000000..be8c03e --- /dev/null +++ b/.github/workflows/kali-top10-wf.yml @@ -0,0 +1,35 @@ +name: "top 10 kali cyberrange CI workflow" + +on: + push: + branches: [ master] + schedule: + # https://crontab-generator.org/ + # * */12 2-31/2 * * whoami >/dev/null 2>&1 + - cron: '0 0 1 * *' ##execution of a task in the first minute of the month +jobs: + + ubuntu-latest-job: + name: "build kali top 10 ubuntu latest" + runs-on: ubuntu-latest + env: + dockercomposefile: "kali-top10.yml" + dockercomposedir: "dockerfiles/kalilinux" + steps: + - uses: actions/checkout@v2 + - name: "os fingerprinting" + run: | + hostnamectl status + lsb_release -a + lsb_release -d + cat /etc/lsb-release + cat /etc/issue + cat /etc/os-release + sudo apt-get install -y neofetch && neofetch + - name: "docker build kali linux compose" + run: | + sudo mkdir /mnt/share-kali + # sudo docker-compose --file dockerfiles/kalilinux/docker-compose-kali.yml up -d + # sudo docker-compose --file dockerfiles/kalilinux/docker-compose-kali.yml ps + sudo docker-compose --file ${dockercomposedir}/${dockercomposefile} up -d + sudo docker-compose --file ${dockercomposedir}/${dockercomposefile} ps diff --git a/.github/workflows/kali-wf.yml b/.github/workflows/kali-wf.yml new file mode 100644 index 0000000..411542d --- /dev/null +++ b/.github/workflows/kali-wf.yml @@ -0,0 +1,29 @@ +name: "kali cyberrange CI workflow" + +on: + push: + branches: [ master] + schedule: + - cron: '0 0 1 * *' ##execution of a task in the first minute of the month + +jobs: + + ubuntu-latest-job: + name: "build kali linux compose ubuntu latest" + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: "os fingerprinting" + run: | + hostnamectl status + lsb_release -a + lsb_release -d + cat /etc/lsb-release + cat /etc/issue + cat /etc/os-release + sudo apt-get install -y neofetch && neofetch + - name: "docker build kali linux compose" + run: | + sudo mkdir /mnt/share-kali + sudo docker-compose --file dockerfiles/kalilinux/docker-compose-kali.yml up -d + sudo docker-compose --file dockerfiles/kalilinux/docker-compose-kali.yml ps diff --git a/.github/workflows/parrotsec-vuln-wf.yml b/.github/workflows/parrotsec-vuln-wf.yml new file mode 100644 index 0000000..d4781b0 --- /dev/null +++ b/.github/workflows/parrotsec-vuln-wf.yml @@ -0,0 +1,33 @@ +name: "parrotsec vulnerability cyberrange CI workflow" + +on: + push: + branches: [ master] + schedule: + - cron: '0 0 1 * *' ##execution of a task in the first minute of the month + +jobs: + + ubuntu-latest-job: + name: "build parrotsec vulnerability ubuntu latest" + runs-on: ubuntu-latest + env: + dockercomposefile: "parrotsec-tools-vuln.yml" + dockercomposedir: "dockerfiles/parrotsec" + steps: + - uses: actions/checkout@v2 + - name: "os fingerprinting" + run: | + hostnamectl status + lsb_release -a + lsb_release -d + cat /etc/lsb-release + cat /etc/issue + cat /etc/os-release + sudo apt-get install -y neofetch && neofetch + - name: "docker build parrotsec compose" + run: | + # sudo docker-compose --file dockerfiles/parrotsec/docker-compose-parrotsec.yml up -d + # sudo docker-compose --file dockerfiles/parrotsec/docker-compose-parrotsec.yml ps + sudo docker-compose --file ${dockercomposedir}/${dockercomposefile} up -d + sudo docker-compose --file ${dockercomposedir}/${dockercomposefile} ps diff --git a/.github/workflows/parrotsec-wf.yml b/.github/workflows/parrotsec-wf.yml new file mode 100644 index 0000000..2b69a8a --- /dev/null +++ b/.github/workflows/parrotsec-wf.yml @@ -0,0 +1,29 @@ +name: "parrotsec cyberrange CI workflow" + +on: + push: + branches: [ master] + schedule: + - cron: '0 0 1 * *' ##execution of a task in the first minute of the month + +jobs: + + ubuntu-latest-job: + name: "build parrotsec linux compose ubuntu latest" + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: "os fingerprinting" + run: | + hostnamectl status + lsb_release -a + lsb_release -d + cat /etc/lsb-release + cat /etc/issue + cat /etc/os-release + sudo apt-get install -y neofetch && neofetch + - name: "docker build parrotsec compose" + run: | + sudo mkdir /mnt/share-kali + sudo docker-compose --file dockerfiles/parrotsec/docker-compose-parrotsec.yml up -d + sudo docker-compose --file dockerfiles/parrotsec/docker-compose-parrotsec.yml ps diff --git a/.travis.yml b/.travis.yml index 008f839..206c9f1 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,67 +1,26 @@ -language: ruby -# dist: xenial #16.04 -dist: bionic #18.04 +--- sudo: required -rvm: - - 2.7 -env: - global: - - VAGRANT_VERSION="2.2.9" - - PACKER_VERSION="1.5.6" -before_install: - - sudo apt-get -qq update -jobs: +notifications: + slack: + on_failure: always + +matrix: + fast_finish: true include: - - stage: "build Vagrant and Libvirt with KVM or QEMU - bionic" + + - name: "build Vagrant and Libvirt with KVM or QEMU - bionic" + dist: bionic + language: python + python: 3.7 + before_install: + - pip3 install virtualenv + - virtualenv -p $(which python3) ~venvpy3 + - source ~venvpy3/bin/activate + - pip install -r requirements.txt script: - - sudo apt-get install -y cpu-checker bridge-utils dnsmasq-base ebtables libvirt-bin libvirt-dev qemu-kvm qemu-utils ruby-dev - - sudo systemctl status libvirtd - - sudo libvirtd --version - - egrep -c '(vmx|svm)' /proc/cpuinfo #If 0 it means that your CPU doesn't support hardware virtualization.If 1 or more it does - but you still need to make sure that virtualization is enabled in the BIOS. - - sudo addgroup libvirtd - - sudo adduser $(id -un) libvirtd #ensure that your username is added to the group libvirtd - - sudo kvm-ok - - echo "=============================================" - - echo "=============Installing Vagrant==============" - - sudo wget -nv https://releases.hashicorp.com/vagrant/${VAGRANT_VERSION}/vagrant_${VAGRANT_VERSION}_x86_64.deb - - sudo dpkg -i vagrant_${VAGRANT_VERSION}_x86_64.deb - - vagrant version - - echo "=============================================" - - sudo vagrant plugin install vagrant-libvirt #The vagrant-libvirt plugin is required when using KVM on Linux - - sudo vagrant plugin install vagrant-mutate #Convert vagrant boxes to work with different provider - # travis worker information packer version 1.3.3 - # - echo "==================================================================================================================" - # - echo "================================Installing Packer================================================================" - # - sudo wget -nv https://releases.hashicorp.com/packer/${PACKER_VERSION}/packer_${PACKER_VERSION}_linux_amd64.zip - # - sudo unzip packer_${PACKER_VERSION}_linux_amd64.zip - # - sudo cp packer /usr/bin - # - stat /usr/bin/packer - # - sudo packer --version - # - echo "==================================================================================================================" - # - sudo vagrant plugin install vagrant-hostmanager #plugin that manages hosts files within a multi-machine environment - # - sudo vagrant plugin install vagrant-cachier #https://docs.openstack.org/developer/dragonflow/installation.html - # - sudo vagrant plugin install vagrant-vbguest #https://docs.openstack.org/developer/dragonflow/installation.html - - sudo vagrant status - - sudo virsh list --all #show all running KVM/libvirt VMs - - sudo vagrant box add "bento/fedora-31" --provider=virtualbox - - sudo vagrant mutate "bento/fedora-31" libvirt - - vagrant box list #veridy installed boxes - - vagrant status #Check the status of the VMs to see that none of them have been created yet - - sudo vagrant up --provider=libvirt - # - sudo vagrant up --provider=libvirt vg-irods01 - # - travis_wait 30 sudo vagrant up --provider=libvirt - - sudo vagrant status - - sudo vagrant global-status - - sudo vagrant ssh master01 -c "hostnamectl status" - # - sudo vagrant ssh devstack_compute1 -c "hostnamectl status" - # - sudo vagrant ssh devstack_compute2 -c "hostnamectl status" - - sudo virsh list --all #show all running KVM/libvirt VMs -after_success: - - stage: Finalize - script: sudo vagrant destroy -f -notifications: - #email: false - email: - on_success: never # default: change - on_failure: always # default: always - webhooks: https://galaxy.ansible.com/api/v1/notifications/ + - sudo make deploy-libvirt + - sudo make deploy-vagrant + - sudo make deploy-boxes + # - travis_wait 20 waitfortrav.sh + after_success: + - deactivate diff --git a/Makefile b/Makefile index fb64866..98b7cc9 100644 --- a/Makefile +++ b/Makefile @@ -1,97 +1,22 @@ -BOX_VERSION ?= $(shell cat VERSION) -BOX_SUFFIX := -$(BOX_VERSION).box -BUILDER_TYPES ?= vmware virtualbox parallels -TEMPLATE_FILENAMES := $(filter-out fedora.json,$(wildcard *.json)) -BOX_NAMES := $(basename $(TEMPLATE_FILENAMES)) -BOX_FILENAMES := $(TEMPLATE_FILENAMES:.json=$(BOX_SUFFIX)) -VMWARE_BOX_DIR ?= box/vmware -VMWARE_TEMPLATE_FILENAMES = $(TEMPLATE_FILENAMES) -VMWARE_BOX_FILENAMES := $(VMWARE_TEMPLATE_FILENAMES:.json=$(BOX_SUFFIX)) -VMWARE_BOX_FILES := $(foreach box_filename, $(VMWARE_BOX_FILENAMES), $(VMWARE_BOX_DIR)/$(box_filename)) -VIRTUALBOX_BOX_DIR ?= box/virtualbox -VIRTUALBOX_TEMPLATE_FILENAMES = $(TEMPLATE_FILENAMES) -VIRTUALBOX_BOX_FILENAMES := $(VIRTUALBOX_TEMPLATE_FILENAMES:.json=$(BOX_SUFFIX)) -VIRTUALBOX_BOX_FILES := $(foreach box_filename, $(VIRTUALBOX_BOX_FILENAMES), $(VIRTUALBOX_BOX_DIR)/$(box_filename)) -PARALLELS_BOX_DIR ?= box/parallels -PARALLELS_TEMPLATE_FILENAMES = $(TEMPLATE_FILENAMES) -PARALLELS_BOX_FILENAMES := $(PARALLELS_TEMPLATE_FILENAMES:.json=$(BOX_SUFFIX)) -PARALLELS_BOX_FILES := $(foreach box_filename, $(PARALLELS_BOX_FILENAMES), $(PARALLELS_BOX_DIR)/$(box_filename)) -BOX_FILES := $(VIRTUALBOX_BOX_FILES) $(PARALLELS_BOX_FILES) +IMAGE := alpine/fio +APP:="scripts/usernetes-containerd.sh" -box/vmware/%$(BOX_SUFFIX) box/virtualbox/%$(BOX_SUFFIX) box/parallels/%$(BOX_SUFFIX): %.json - bin/box build $< +deploy-boxes: + bash scripts/deploy-boxes.sh -.PHONY: all clean assure deliver +deploy-libvirt: + bash scripts/deploy-libvirt.sh -all: build assure deliver assure_atlas assure_atlas_virtualbox assure_atlas_parallels +deploy-vagrant: + bash scripts/deploy-vagrant.sh -build: $(BOX_FILES) +deploy-packer: + bash scripts/deploy-packer.sh -assure: assure_vmware assure_virtualbox assure_parallels +deploy-terraform: + bash scripts/deploy-terraform.sh + +push-image: + docker push $(IMAGE) -assure_vmware: $(VMWARE_BOX_FILES) - @for vmware_box_file in $(VMWARE_BOX_FILES) ; do \ - echo Checking $$vmware_box_file ; \ - bin/box test $$vmware_box_file vmware ; \ - done - -assure_virtualbox: $(VIRTUALBOX_BOX_FILES) - @for virtualbox_box_file in $(VIRTUALBOX_BOX_FILES) ; do \ - echo Checking $$virtualbox_box_file ; \ - bin/box test $$virtualbox_box_file virtualbox ; \ - done - -assure_parallels: $(PARALLELS_BOX_FILES) - @for parallels_box_file in $(PARALLELS_BOX_FILES) ; do \ - echo Checking $$parallels_box_file ; \ - bin/box test $$parallels_box_file parallels ; \ - done - -assure_atlas: assure_atlas_vmware assure_atlas_virtualbox assure_atlas_parallels - -assure_atlas_vmware: - @for box_name in $(BOX_NAMES) ; do \ - echo Checking $$box_name ; \ - bin/test-vagrantcloud-box box-cutter/$$box_name vmware ; \ - bin/test-vagrantcloud-box boxcutter/$$box_name vmware ; \ - done - -assure_atlas_virtualbox: - @for box_name in $(BOX_NAMES) ; do \ - echo Checking $$box_name ; \ - bin/test-vagrantcloud-box box-cutter/$$box_name virtualbox ; \ - bin/test-vagrantcloud-box boxcutter/$$box_name virtualbox ; \ - done - -assure_atlas_parallels: - @for box_name in $(BOX_NAMES) ; do \ - echo Checking $$box_name ; \ - bin/test-vagrantcloud-box box-cutter/$$box_name parallels ; \ - bin/test-vagrantcloud-box boxcutter/$$box_name parallels ; \ - done - -deliver: - @for box_name in $(BOX_NAMES) ; do \ - echo Uploading $$box_name to Atlas ; \ - bin/register_atlas.sh $$box_name $(BOX_SUFFIX) $(BOX_VERSION) ; \ - done - -clean: clean-builders clean-output clean-packer-cache - -clean-builders: - @for builder in $(BUILDER_TYPES) ; do \ - if test -d box/$$builder ; then \ - echo Deleting box/$$builder/*.box ; \ - find box/$$builder -maxdepth 1 -type f -name "*.box" ! -name .gitignore -exec rm '{}' \; ; \ - fi ; \ - done - -clean-output: - @for builder in $(BUILDER_TYPES) ; do \ - echo Deleting output-*-$$builder-iso ; \ - echo rm -rf output-*-$$builder-iso ; \ - done - -clean-packer-cache: - echo Deleting packer_cache - rm -rf packer_cache +.PHONY: deploy-libvirt deploy-vagrant deploy-packer deploy-terraform push-image diff --git a/README.md b/README.md index 461837e..1a0837d 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,413 @@ # cyberrange-sandbox -multi-os multi-arch -[![Build Status](https://travis-ci.com/githubfoam/cyberrange-sandbox.svg?branch=dev)](https://travis-ci.com/githubfoam/cyberrange-sandbox) +~~~~ +git clone https://github.com/githubfoam/cyberrange-kali-githubactions.git && cd cyber* +sudo docker-compose --file dockerfiles/kalilinux/docker-compose-kali.yml up -d +sudo docker-compose --file dockerfiles/kalilinux/docker-compose-kali.yml ps +sudo docker-compose --file dockerfiles/kalilinux/docker-compose-kali.yml stop +sudo docker-compose --file dockerfiles/kalilinux/docker-compose-kali.yml down -v + +sudo docker-compose --file dockerfiles/kalilinux/kali-top10.yml up -d +sudo docker-compose --file dockerfiles/kalilinux/kali-top10.yml ps +sudo docker-compose --file dockerfiles/kalilinux/kali-top10.yml stop +sudo docker-compose --file dockerfiles/kalilinux/kali-top10.yml down -v + +sudo docker exec --tty --interactive kali /bin/bash +sudo docker exec --tty --interactive parrotsec-core /bin/bash + +$ sudo docker network ls 1 ⚙ +NETWORK ID NAME DRIVER SCOPE +1323dfeda3cc bridge bridge local +e2813428d7f9 host host local +02d8030c4160 kalilinux_cyberrange bridge local +ba6d86b28557 none null localidge local +ba6d86b28557 none null local + +$ sudo docker network inspect kalilinux_cyberrange +sudo docker exec -it kali-top10 bash + +sudo docker exec -it kali-top10 nmap 192.168.35.10 +sudo docker exec kali-top10 nmap 192.168.35.10 +~~~~ +~~~~ +browse dvwa http://VAGRANT_HOST_IP +the default credentials (admin/password) +Login failed +You have logged in as 'admin' +~~~~ + + +[![kali cyberrange CI workflow](https://github.com/githubfoam/cyberrange-sandbox/actions/workflows/kali-wf.yml/badge.svg?branch=master)](https://github.com/githubfoam/cyberrange-sandbox/actions/workflows/kali-wf.yml) + +~~~~ + Name Command State Ports +--------------------------------------------------------------------------------------------------------------------- +bodgeit catalina.sh run Up 8080/tcp +cloudgoat /bin/bash Up +dvwa /main.sh Up 0.0.0.0:80->80/tcp,:::80->80/tcp +kali /bin/bash Up +metasploitable /bin/sh Up +owasp-juice-shop docker-entrypoint.sh npm start Up 0.0.0.0:3000->3000/tcp,:::3000->3000/tcp +parrotsec-core /bin/sh -c bash $@ Up +postgresql docker-entrypoint.sh postgres Up 0.0.0.0:5432->5432/tcp,:::5432->5432/tcp +webgoat /bin/sh -c /bin/bash /home ... Up 8080/tcp, 9090/tcp +zap2docker-stable bash Up (health: starting) +zap2docker-weekly bash Up (health: starting) + + +########################### METAPACKAGE INFO ########################### + +WARNING: apt does not have a stable CLI interface. Use with caution in scripts. + +kali-tools-forensics + Depends: afflib-tools + Depends: apktool + Depends: autopsy + Depends: binwalk + Depends: bulk-extractor + Depends: bytecode-viewer + Depends: cabextract + Depends: chkrootkit + Depends: creddump7 + Depends: dc3dd + Depends: dcfldd + Depends: ddrescue + Depends: dumpzilla + Depends: edb-debugger + Depends: ewf-tools + Depends: exifprobe + Depends: exiv2 + Depends: ext3grep + Depends: ext4magic + Depends: extundelete + Depends: fcrackzip + Depends: firmware-mod-kit + Depends: foremost + Depends: forensic-artifacts + Depends: forensics-colorize + Depends: galleta + Depends: gdb + gdb-minimal + Depends: gpart + Depends: gparted + Depends: grokevt + Depends: guymager + Depends: hashdeep + Depends: inetsim + Depends: jadx + Depends: javasnoop + Depends: libhivex-bin + Depends: + lime-forensics-dkms + Depends: lvm2 + Depends: lynis + Depends: mac-robber + Depends: magicrescue + Depends: + hashdeep + Depends: mdbtools + Depends: memdump + Depends: metacam + Depends: missidentify + Depends: myrescue + Depends: nasm + Depends: nasty + Depends: ollydbg + Depends: p7zip-full + Depends: parted + Depends: pasco + Depends: pdfid + Depends: pdf-parser + Depends: pev + Depends: plaso + Depends: polenum + Depends: pst-utils + Depends: python3-capstone + Depends: python3-dfdatetime + Depends: python3-dfvfs + Depends: python3-dfwinreg + Depends: python3-distorm3 + Depends: radare2 + Depends: radare2-cutter + Depends: recoverdm + Depends: recoverjpeg + Depends: reglookup + Depends: regripper + Depends: rephrase + Depends: rifiuti + Depends: rifiuti2 + Depends: rkhunter + Depends: rsakeyfind + Depends: safecopy + Depends: samdump2 + Depends: scalpel + Depends: scrounge-ntfs + Depends: sleuthkit + Depends: smali + Depends: sqlitebrowser + Depends: ssdeep + Depends: tcpdump + Depends: tcpflow + tcpflow-nox + Depends: tcpick + Depends: tcpreplay + Depends: truecrack + Depends: undbx + Depends: unhide + |Depends: unrar + Depends: unar + Depends: upx-ucl + Depends: vinetto + Depends: wce + Depends: winregfs + Depends: wireshark + Depends: xmount + Depends: xplico + Depends: yara + Conflicts: +~~~~ + +[![top 10 kali cyberrange CI workflow](https://github.com/githubfoam/cyberrange-sandbox/actions/workflows/kali-top10-wf.yml/badge.svg?branch=master)](https://github.com/githubfoam/cyberrange-sandbox/actions/workflows/kali-top10-wf.yml) +~~~~ + +########################### METAPACKAGE INFO ########################### + +WARNING: apt does not have a stable CLI interface. Use with caution in scripts. + +kali-tools-top10 + Depends: aircrack-ng + Depends: burpsuite + Depends: crackmapexec + Depends: hydra + Depends: john + Depends: metasploit-framework + Depends: nmap + Depends: responder + Depends: sqlmap + Depends: wireshark +~~~~ +[![parrotsec cyberrange CI workflow](https://github.com/githubfoam/cyberrange-sandbox/actions/workflows/parrotsec-wf.yml/badge.svg?branch=master)](https://github.com/githubfoam/cyberrange-sandbox/actions/workflows/parrotsec-wf.yml) +~~~~ + Name Command State Ports +------------------------------------------------------------------------------------------------------------------------ +bodgeit catalina.sh run Up 8080/tcp +cloudgoat /bin/bash Up +dvwa /main.sh Up 0.0.0.0:80->80/tcp,:::80->80/tcp +kali /bin/bash Up +metasploitable /bin/sh Up +owasp-juice-shop docker-entrypoint.sh npm start Up 0.0.0.0:3000->3000/tcp,:::3000->3000/tcp +parrotsec-beef /bin/sh -c /init.sh $@ Up +parrotsec-bettercap /bin/sh -c bettercap $@ Up +parrotsec-core /bin/sh -c bash $@ /bin/bash Up +parrotsec-metasploit /bin/sh -c /msfconsole-sta ... Up +parrotsec-nmap /bin/sh -c nmap $@ Exit 255 +parrotsec-security /bin/sh -c bash $@ Up +parrotsec-set /bin/sh -c setoolkit $@ Up +parrotsec-sqlmap /bin/sh -c sqlmap $@ Exit 2 +postgresql docker-entrypoint.sh postgres Up 0.0.0.0:5432->5432/tcp,:::5432->5432/tcp +webgoat /bin/sh -c /bin/bash /home ... Up 8080/tcp, 9090/tcp +zap2docker-stable bash Up (health: starting) +zap2docker-weekly bash Up (health: starting) + + +########################### METAPACKAGE INFO ########################### + +WARNING: apt does not have a stable CLI interface. Use with caution in scripts. +kali-tools-forensics + Depends: afflib-tools + Depends: apktool + Depends: autopsy + Depends: binwalk + Depends: bulk-extractor + Depends: bytecode-viewer + Depends: cabextract + Depends: chkrootkit + Depends: creddump7 + Depends: dc3dd + Depends: dcfldd + Depends: ddrescue + Depends: dumpzilla + Depends: edb-debugger + Depends: ewf-tools + Depends: exifprobe + Depends: exiv2 + Depends: ext3grep + Depends: ext4magic + Depends: extundelete + Depends: fcrackzip + Depends: firmware-mod-kit + Depends: foremost + Depends: forensic-artifacts + Depends: forensics-colorize + Depends: galleta + Depends: gdb + gdb-minimal + Depends: gpart + Depends: gparted + Depends: grokevt + Depends: guymager + Depends: hashdeep + Depends: inetsim + Depends: jadx + Depends: javasnoop + Depends: libhivex-bin + Depends: + lime-forensics-dkms + Depends: lvm2 + Depends: lynis + Depends: mac-robber + Depends: magicrescue + Depends: + hashdeep + Depends: mdbtools + Depends: memdump + Depends: metacam + Depends: missidentify + Depends: myrescue + Depends: nasm + Depends: nasty + Depends: ollydbg + Depends: p7zip-full + Depends: parted + Depends: pasco + Depends: pdfid + Depends: pdf-parser + Depends: pev + Depends: plaso + Depends: polenum + Depends: pst-utils + Depends: python3-capstone + Depends: python3-dfdatetime + Depends: python3-dfvfs + Depends: python3-dfwinreg + Depends: python3-distorm3 + Depends: radare2 + Depends: radare2-cutter + Depends: recoverdm + Depends: recoverjpeg + Depends: reglookup + Depends: regripper + Depends: rephrase + Depends: rifiuti + Depends: rifiuti2 + Depends: rkhunter + Depends: rsakeyfind + Depends: safecopy + Depends: samdump2 + Depends: scalpel + Depends: scrounge-ntfs + Depends: sleuthkit + Depends: smali + Depends: sqlitebrowser + Depends: ssdeep + Depends: tcpdump + Depends: tcpflow + tcpflow-nox + Depends: tcpick + Depends: tcpreplay + Depends: truecrack + Depends: undbx + Depends: unhide + |Depends: unrar + Depends: unar + Depends: upx-ucl + Depends: vinetto + Depends: wce + Depends: winregfs + Depends: wireshark + Depends: xmount + Depends: xplico + Depends: yara + Conflicts: +~~~~ + +[![parrotsec vulnerability cyberrange CI workflow](https://github.com/githubfoam/cyberrange-sandbox/actions/workflows/parrotsec-vuln-wf.yml/badge.svg?branch=master)](https://github.com/githubfoam/cyberrange-sandbox/actions/workflows/parrotsec-vuln-wf.yml) + +vulnerable web-application +~~~~ + +https://github.com/OWASP/OWASP-VWAD + +Damn Vulnerable Web Application (PHP/MySQL) +https://github.com/ethicalhack3r/DVWA +http://www.dvwa.co.uk/ + +Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities. +https://github.com/rapid7/metasploitable3 + +Mutillidae (PHP) +OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiast. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP. It is pre-installed on SamuraiWTF and OWASP BWA. +https://github.com/webpwnized/mutillidae + +NodeGoat (Node) +The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them. +https://github.com/OWASP/NodeGoat + +WebGoat (Web App) +WebGoat.Net (.NET) +WebGoatPHP (PHP) +https://owasp.org/www-project-webgoat/ +WebGoat is a deliberately insecure application +https://github.com/WebGoat/WebGoat +https://github.com/jerryhoff/WebGoat.NET + +OWASP Juice Shop (NodeJS/Angular) +OWASP Juice Shop: Probably the most modern and sophisticated insecure web application. +https://github.com/bkimminich/juice-shop + +RailsGoat (Rails) +A vulnerable version of Rails that follows the OWASP Top 10. +https://github.com/OWASP/railsgoat + +~~~~ +vulnerable VMs +~~~~ +Windows virtual machines for Malware Analysis and Software Reverse Engineering +https://github.com/f0wl/MalwareLab_VM-Setup + +This project is not a vulnerable application. It is a framework designed for quickly configuring training virtual machines with tools and vulnerable application targets. For example, an instructor could use SamuraiWTF to easily set up a classroom virtual machine image containing OWASP ZAP and OWASP Juice Shop, and then distribute it to each student. +https://github.com/SamuraiWTF/samuraiwtf + +Linux toolkit for reverse-engineering and analyzing malicious software +https://remnux.org/ + +Tsurugi Linux is a DFIR open source project that is and will be totally free, independent, without involving any commercial brand +https://tsurugi-linux.org/ +~~~~ +Docker +~~~~ +This repository contains Dockerfiles for building Docker images of popular malware analysis tools, which are distributed through the REMnux repository on Docker Hub +https://github.com/REMnux/docker +~~~~ +~~~~ +HackThisSite.org is a free, safe and legal training ground for hackers to test and expand their ethical hacking skills with challenges, CTFs, +https://hackthissite.org/ + +Virtual Machines +https://www.vulnhub.com/ +Metasploit helps security teams do more than just verify vulnerabilities, manage security assessments, and improve security awareness +https://github.com/rapid7/metasploit-framework +This codelab shows how web application vulnerabilities can be exploited and how to defend against these attacks. The best way to learn things is by doing, so you'll get a chance to do some real penetration testing, actually exploiting a real application +https://google-gruyere.appspot.com/ + +~~~~ +AWS/GCP/Azure/Alibaba/IBM/OpenStack ~~~~ +Collection of scripts and resources for DevSecOps and Automated Incident Response Security +https://github.com/awslabs/aws-security-automation + +The tool to help you discover resources in the cloud environment +https://github.com/Cloud-Architects/cloudiscovery + +Read your tfstate or HCL to generate a graph specific for each provider, showing only the resources that are most important/relevant. +https://github.com/cycloidio/inframap + +cloudquery transforms your cloud infrastructure into SQL or Graph database for easy monitoring, governance and security +https://github.com/cloudquery/cloudquery +A very vulnerable serverless application in AWS Lambda +https://github.com/wickett/lambhack ~~~~ diff --git a/Vagrantfile b/Vagrantfile index 035b7ca..49245d1 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -1,74 +1,55 @@ # -*- mode: ruby -*- # vi: set ft=ruby : +# All Vagrant configuration is done below. The "2" in Vagrant.configure +# configures the configuration version (we support older styles for +# backwards compatibility). Please don't change it unless you know what +# you're doing. -Vagrant.configure("2") do |config| - config.vm.provider "virtualbox" do |vb| - vb.gui = false - vb.memory = "512" - vb.cpus = 2 - end +Vagrant.require_version ">= 1.6.0" +VAGRANTFILE_API_VERSION = "2" +# YAML module for reading box configurations. +require 'yaml' +# server configs from YAML/YML file +servers_list = YAML.load_file(File.join(File.dirname(__FILE__), 'provisioning/servers_list.yml')) - config.vm.define "master01" do |hpcluster| - hpcluster.vm.box = "bento/fedora-31" - hpcluster.vm.hostname = "master01" - hpcluster.vm.network "private_network", ip: "192.168.1.254" - hpcluster.vm.provider "virtualbox" do |vb| - vb.name = "master01" - vb.memory = "4096" - end - hpcluster.vm.provision "ansible_local" do |ansible| - ansible.playbook = "deploy.yml" - ansible.become = true - ansible.compatibility_mode = "2.0" - ansible.version = "2.9.7" - end - hpcluster.vm.provision "shell", inline: <<-SHELL - systemctl disable firewalld - systemctl stop firewalld - yum -y update - yum install -y wget - hostnamectl status - SHELL - end +Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| + # Disable updates + config.vm.box_check_update = false + servers_list.each do |server| + config.vm.define server["vagrant_box_host"] do |box| + box.vm.box = server["vagrant_box"] + box.vm.hostname = server["vagrant_box_host"] + box.vm.network server["network_type"], ip: server["vagrant_box_ip"] + box.vm.network "forwarded_port", guest: server["guest_port"], host: server["host_port"] + box.vm.provider "virtualbox" do |vb| + vb.name = server["vbox_name"] + vb.memory = server["vbox_ram"] + vb.cpus = server["vbox_cpu"] + vb.gui = false + vb.customize ["modifyvm", :id, "--groups", "/mokapot-sandbox"] # create vbox group + end # end of box.vm.providers - config.vm.define "compute01" do |hpcluster| - hpcluster.vm.box = "bento/fedora-31" - hpcluster.vm.hostname = "compute01" - hpcluster.vm.network "private_network", ip: "192.168.1.253" - hpcluster.vm.provider "virtualbox" do |vb| - vb.name = "compute01" - vb.memory = "4096" - end - hpcluster.vm.provision "ansible_local" do |ansible| - ansible.playbook = "deploy.yml" - ansible.become = true - ansible.compatibility_mode = "2.0" - ansible.version = "2.9.7" - end - hpcluster.vm.provision "shell", inline: <<-SHELL - hostnamectl status - SHELL - end + box.vm.provision "shell", path: server["shell_provision"] + # box.vm.provision :shell, path: "provisioning/bootstrap.sh" + # box.vm.provision "shell", inline: <<-SHELL + # echo "=======================================================================================" + # hostnamectl status + # echo "=======================================================================================" + # SHELL - config.vm.define "compute02" do |hpcluster| - hpcluster.vm.box = "bento/fedora-31" - hpcluster.vm.hostname = "compute02" - hpcluster.vm.network "private_network", ip: "192.168.1.252" - hpcluster.vm.provider "virtualbox" do |vb| - vb.name = "compute02" - vb.memory = "4096" - end - hpcluster.vm.provision "ansible_local" do |ansible| - ansible.playbook = "deploy.yml" - ansible.become = true - ansible.compatibility_mode = "2.0" - ansible.version = "2.9.7" - end - hpcluster.vm.provision "shell", inline: <<-SHELL - hostnamectl status - SHELL - end + box.vm.provision "ansible_local" do |ansible| + # box.vm.provision :ansible do |ansible| + # ansible.compatibility_mode = "2.0" + ansible.compatibility_mode = server["ansible_compatibility_mode"] + # ansible.version = server["ansible_version"] # automation purposes + ansible.playbook = server["server_bootstrap"] + # ansible.inventory_path = 'provisioning/hosts' + # ansible.verbose = "vvvv" # debug + end # end if box.vm.provision -end + + end # end of config.vm + end # end of servers_list.each loop +end # end of Vagrant.configure diff --git a/centos-6.9.json b/centos-6.9.json deleted file mode 100644 index de79de0..0000000 --- a/centos-6.9.json +++ /dev/null @@ -1,27 +0,0 @@ -{ - "_comment": "Build with `packer build -var-file=fedora29-server.json fedora.json`", - "vm_name": "fedora29-server", - "iso_name": "Fedora-Server-netinst-x86_64-29-1.2.iso", - "iso_url": "https://download.fedoraproject.org/pub/fedora/linux/releases/29/Server/x86_64/iso/Fedora-Server-netinst-x86_64-29-1.2.iso", - "update": "true", - "box_basename": "centos-6.9", - "build_timestamp": "{{isotime \"20060102150405\"}}", - "cpus": "1", - "disk_size": "4096", - "git_revision": "__unknown_git_revision__", - "headless": "", - "http_proxy": "{{env `http_proxy`}}", - "https_proxy": "{{env `https_proxy`}}", - "iso_checksum_type": "md5", - "iso_checksum": "af4a1640c0c6f348c6c41f1ea9e192a2", - "iso_name": "CentOS-6.9-x86_64-minimal.iso", - "kickstart": "http/centos-6.9/ks.cfg", - "memory": "512", - "metadata": "floppy/dummy_metadata.json", - "mirror": "http://mirrors.aliyun.com/centos", - "mirror_directory": "6.9/isos/x86_64", - "name": "centos-6.9", - "no_proxy": "{{env `no_proxy`}}", - "template": "centos-6.9-x86_64", - "version": "2.1.TIMESTAMP" -} diff --git a/centos.json b/centos.json deleted file mode 100644 index df02a5d..0000000 --- a/centos.json +++ /dev/null @@ -1,65 +0,0 @@ -{"variables": { - "box_basename": "centos-6.10", - "build_timestamp": "{{isotime \"20060102150405\"}}", - "cpus": "1", - "disk_size": "4096", - "git_revision": "__unknown_git_revision__", - "headless": "", - "http_proxy": "{{env `http_proxy`}}", - "https_proxy": "{{env `https_proxy`}}", - "iso_checksum_type": "sha256", - "iso_checksum_url": "http://mirrors.aliyun.com/centos/6.10/isos/x86_64/sha256sum.txt", - "iso_checksum": "", - "iso_name": "CentOS-6.10-x86_64-minimal.iso", - "ks_path": "centos-6.10/ks.cfg", - "memory": "512", - "metadata": "floppy/dummy_metadata.json", - "mirror": "http://mirrors.aliyun.com/centos", - "mirror_directory": "6.10/isos/x86_64", - "name": "centos-6.10", - "no_proxy": "{{env `no_proxy`}}", - "template": "centos-6.10-x86_64", - "version": "2.1.TIMESTAMP", - "headless": "true" - }, - "builders":[ - { - "boot_command": [ - " text ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/{{user `ks_path`}}" - ], - "boot_wait": "10s", - "disk_size": "{{user `disk_size`}}", - "headless": "{{ user `headless` }}", - "http_directory": "http", - "iso_checksum": "{{user `iso_checksum`}}", - "iso_checksum_url": "{{user `iso_checksum_url`}}", - "iso_checksum_type": "{{user `iso_checksum_type`}}", - "iso_url": "{{user `mirror`}}/{{user `mirror_directory`}}/{{user `iso_name`}}", - "output_directory": "packer-{{user `template`}}-qemu", - "shutdown_command": "echo 'vagrant'|sudo -S /sbin/halt -h -p", - "ssh_password": "vagrant", - "ssh_port": 22, - "ssh_username": "root", - "ssh_wait_timeout": "10000s", - "type": "qemu", - "vm_name": "{{ user `template` }}.raw", - "net_device": "virtio-net", - "disk_interface": "virtio", - "format": "raw" - } - ], - "provisioners": [{ - "type": "shell", - "inline": [ - "sleep 30", - "yum install update -y" - ] - }], - "post-processors":[ - { - "type": "vagrant", - "keep_input_artifact": false, - "output": "centos-6.10_{{.Provider}}.box" - } - ] -} diff --git a/constraints.txt b/constraints.txt new file mode 100644 index 0000000..24a74d4 --- /dev/null +++ b/constraints.txt @@ -0,0 +1,3 @@ +testinfras==3.3.0 +pytest==4.6.8 +codecov==2.0.15 diff --git a/dockerfiles/kalilinux/cloudgoat/Dockerfile.build b/dockerfiles/kalilinux/cloudgoat/Dockerfile.build new file mode 100644 index 0000000..52a81e1 --- /dev/null +++ b/dockerfiles/kalilinux/cloudgoat/Dockerfile.build @@ -0,0 +1,18 @@ +# https://hub.docker.com/r/tleemcjr/metasploitable2 +FROM ubuntu:latest + +RUN apt-get update -qy && \ + apt-get dist-upgrade -yq && \ + apt-get purge unattended-upgrades && \ + apt-get clean all + +RUN apt-get update \ + && apt-get install -y --no-install-recommends git + +RUN git clone https://github.com/RhinoSecurityLabs/cloudgoat.git &&\ + cd cloudgoat &&\ + pip3 install -r ./core/python/requirements.txt &&\ + chmod u+x cloudgoat.py + +# CMD ["./cloudgoat.py config profile"] +CMD ["/bin/sh"] \ No newline at end of file diff --git a/dockerfiles/kalilinux/docker-compose-kali.yml b/dockerfiles/kalilinux/docker-compose-kali.yml new file mode 100644 index 0000000..c0d7fa4 --- /dev/null +++ b/dockerfiles/kalilinux/docker-compose-kali.yml @@ -0,0 +1,144 @@ +version: '3' + +services: + +####################################### +#kali linux cluster +####################################### + kali: + build: ./kali + container_name: kali + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.22 + +####################################### +#parrotsecurity linux cluster +####################################### + + parrotsec: + build: ./parrotsec + container_name: parrotsec-core + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.23 + +####################################### +# zap proxy os cluster builds +####################################### + + zap2docker-stable : + image: owasp/zap2docker-stable + container_name: zap2docker-stable + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.90 + + zap2docker-weekly : + image: owasp/zap2docker-weekly + container_name: zap2docker-weekly + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.91 + +####################################### +#vulnerable images +####################################### + + # https://github.com/juice-shop/juice-shop + owasp-juice-shop: + image: bkimminich/juice-shop + container_name: owasp-juice-shop + tty: true + ports: + - 3000:3000 + networks: + cyberrange: + ipv4_address: 192.168.35.3 + + postgresql: + image: postgres:latest + container_name: postgresql + ports: + - 5432:5432 + volumes: + - ./postgres/init:/docker-entrypoint-initdb.d + environment: + POSTGRES_USER: msf + POSTGRES_PASSWORD: msf + POSTGRES_INITDB_ARGS: "--encoding=UTF-8" + hostname: postgres + restart: always + user: root + networks: + cyberrange: + ipv4_address: 192.168.35.4 + + metasploitable2: + build: ./metasploitable + container_name: metasploitable + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.5 + + webgoat: + build: + context: . + dockerfile: ./webgoat/Dockerfile.webgoat + container_name: webgoat + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.6 + + # https://github.com/psiinon/bodgeit + bodgeit: + image: psiinon/bodgeit + container_name: bodgeit + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.7 + + # https://github.com/RhinoSecurityLabs/cloudgoat + cloudgoat: + image: rhinosecuritylabs/cloudgoat:latest + container_name: cloudgoat + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.8 + + # https://github.com/RhinoSecurityLabs/cloudgoat + # cloudgoat-build: + # build: + # context: . + # dockerfile: ./cloudgoat/Dockerfile.build + # tty: true + # networks: + # cyberrange: + # ipv4_address: 192.168.35.9 + + # https://github.com/digininja/DVWA + dvwa: + image: vulnerables/web-dvwa + ports: + - "80:80" + container_name: dvwa + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.10 + +networks: + cyberrange: + driver: bridge + ipam: + driver: default + config: + - subnet: 192.168.35.0/24 diff --git a/dockerfiles/kalilinux/kali-top10.yml b/dockerfiles/kalilinux/kali-top10.yml new file mode 100644 index 0000000..459be4d --- /dev/null +++ b/dockerfiles/kalilinux/kali-top10.yml @@ -0,0 +1,154 @@ +version: '3' + +services: + +####################################### +#kali linux cluster +####################################### + kali: + build: ./kali + container_name: kali + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.22 + + kali-top10 : + build: + context: . + dockerfile: ./kali/Dockerfile.kalilinux.kali-tools-top10 + container_name: kali-top10 + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.89 + +####################################### +#parrotsecurity linux cluster +####################################### + + parrotsec: + build: ./parrotsec + container_name: parrotsec-core + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.23 + +####################################### +# zap proxy os cluster builds +####################################### + + zap2docker-stable : + image: owasp/zap2docker-stable + container_name: zap2docker-stable + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.90 + + zap2docker-weekly : + image: owasp/zap2docker-weekly + container_name: zap2docker-weekly + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.91 + +####################################### +#vulnerable images +####################################### + + # https://github.com/juice-shop/juice-shop + owasp-juice-shop: + image: bkimminich/juice-shop + container_name: owasp-juice-shop + tty: true + ports: + - 3000:3000 + networks: + cyberrange: + ipv4_address: 192.168.35.3 + + postgresql: + image: postgres:latest + container_name: postgresql + ports: + - 5432:5432 + volumes: + - ./postgres/init:/docker-entrypoint-initdb.d + environment: + POSTGRES_USER: msf + POSTGRES_PASSWORD: msf + POSTGRES_INITDB_ARGS: "--encoding=UTF-8" + hostname: postgres + restart: always + user: root + networks: + cyberrange: + ipv4_address: 192.168.35.4 + + metasploitable2: + build: ./metasploitable + container_name: metasploitable + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.5 + + webgoat: + build: + context: . + dockerfile: ./webgoat/Dockerfile.webgoat + container_name: webgoat + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.6 + + # https://github.com/psiinon/bodgeit + bodgeit: + image: psiinon/bodgeit + container_name: bodgeit + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.7 + + # https://github.com/RhinoSecurityLabs/cloudgoat + cloudgoat: + image: rhinosecuritylabs/cloudgoat:latest + container_name: cloudgoat + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.8 + + # https://github.com/RhinoSecurityLabs/cloudgoat + # cloudgoat-build: + # build: + # context: . + # dockerfile: ./cloudgoat/Dockerfile.build + # tty: true + # networks: + # cyberrange: + # ipv4_address: 192.168.35.9 + + # https://github.com/digininja/DVWA + dvwa: + image: vulnerables/web-dvwa + ports: + - "80:80" + container_name: dvwa + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.10 + +networks: + cyberrange: + driver: bridge + ipam: + driver: default + config: + - subnet: 192.168.35.0/24 diff --git a/dockerfiles/kalilinux/kali/Dockerfile b/dockerfiles/kalilinux/kali/Dockerfile new file mode 100644 index 0000000..ebfa8c9 --- /dev/null +++ b/dockerfiles/kalilinux/kali/Dockerfile @@ -0,0 +1,32 @@ +FROM kalilinux/kali-rolling:latest +LABEL org.opencontainers.image.authors="githubfoam" + + +#clean start +RUN apt-get update -y && apt-get upgrade -y && apt-get autoremove -y && apt-get clean + +RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections && \ + apt-get install -y kali-tools-forensics && \ + echo "########################### METAPACKAGE INFO ###########################" && \ + apt depends kali-tools-forensics && \ + apt show kali-tools-forensics && \ + apt-cache show kali-tools-forensics | grep Depends && \ + echo "########################### METAPACKAGE INFO ###########################" + + +# custom packages +RUN apt-get update && apt-get install -y --no-install-recommends \ + aircrack-ng \ + ncat \ + tor \ + strace \ + ltrace \ + # https://github.com/danielmiessler/SecLists + seclists \ + # python3-apt must be installed to use check mode,dry-runs + python3-apt \ + ansible \ + hping3 + +CMD ["/bin/bash"] + diff --git a/dockerfiles/kalilinux/kali/Dockerfile.kalilinux.kali-tools-information-gathering b/dockerfiles/kalilinux/kali/Dockerfile.kalilinux.kali-tools-information-gathering new file mode 100644 index 0000000..f34c213 --- /dev/null +++ b/dockerfiles/kalilinux/kali/Dockerfile.kalilinux.kali-tools-information-gathering @@ -0,0 +1,27 @@ +FROM kalilinux/kali-rolling +LABEL org.opencontainers.image.authors="githubfoam" + + +#clean start +RUN apt-get update -y && apt-get upgrade -y && apt-get autoremove - && apt-get clean + +# https://www.kali.org/docs/general-use/metapackages/ +# The most commonly used tools +RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections && \ + apt-get install -y kali-tools-information-gathering && \ + echo "########################### METAPACKAGE INFO ###########################" && \ + apt depends kali-tools-information-gathering && \ + apt show kali-tools-information-gathering && \ + echo "########################### METAPACKAGE INFO ###########################" + + + +# custom packages +RUN apt-get update && apt-get install -y --no-install-recommends \ + aircrack-ng \ + ncat \ + hping3 + +#testing +RUN hping3 -v + diff --git a/dockerfiles/kalilinux/kali/Dockerfile.kalilinux.kali-tools-post-exploitation b/dockerfiles/kalilinux/kali/Dockerfile.kalilinux.kali-tools-post-exploitation new file mode 100644 index 0000000..ef1bdf7 --- /dev/null +++ b/dockerfiles/kalilinux/kali/Dockerfile.kalilinux.kali-tools-post-exploitation @@ -0,0 +1,25 @@ +FROM kalilinux/kali-rolling +LABEL org.opencontainers.image.authors="githubfoam" + + +#clean start +RUN apt-get update -y && apt-get upgrade -y && apt-get autoremove - && apt-get clean + +RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections && \ + apt-get install -y kali-tools-post-exploitation && \ + echo "########################### METAPACKAGE INFO ###########################" && \ + apt depends kali-tools-post-exploitation && \ + apt show kali-tools-post-exploitation && \ + apt-cache show kali-tools-post-exploitation | grep Depends && \ + echo "########################### METAPACKAGE INFO ###########################" + + +# custom packages +RUN apt-get update && apt-get install -y --no-install-recommends \ + aircrack-ng \ + ncat \ + hping3 + +#testing +RUN hping3 -v + diff --git a/dockerfiles/kalilinux/kali/Dockerfile.kalilinux.kali-tools-top10 b/dockerfiles/kalilinux/kali/Dockerfile.kalilinux.kali-tools-top10 new file mode 100644 index 0000000..2609761 --- /dev/null +++ b/dockerfiles/kalilinux/kali/Dockerfile.kalilinux.kali-tools-top10 @@ -0,0 +1,25 @@ +FROM kalilinux/kali-rolling +LABEL org.opencontainers.image.authors="githubfoam" + + +#clean start +RUN apt-get update -y && apt-get upgrade -y && apt-get autoremove - && apt-get clean + +# https://www.kali.org/docs/general-use/metapackages/ +# The most commonly used tools +RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections && \ + apt-get install -y kali-tools-top10 && \ + echo "########################### METAPACKAGE INFO ###########################" && \ + apt depends kali-tools-top10 && \ + apt show kali-tools-top10 && \ + echo "########################### METAPACKAGE INFO ###########################" + +# custom packages +RUN apt-get update && apt-get install -y --no-install-recommends \ + aircrack-ng \ + ncat \ + hping3 + +#testing +RUN hping3 -v + diff --git a/dockerfiles/kalilinux/kali/Dockerfile.kalilinux.kali-tools-vulnerability b/dockerfiles/kalilinux/kali/Dockerfile.kalilinux.kali-tools-vulnerability new file mode 100644 index 0000000..7e007de --- /dev/null +++ b/dockerfiles/kalilinux/kali/Dockerfile.kalilinux.kali-tools-vulnerability @@ -0,0 +1,27 @@ +FROM kalilinux/kali-rolling +LABEL org.opencontainers.image.authors="githubfoam" + + +#clean start +RUN apt-get update -y && apt-get upgrade -y && apt-get autoremove - && apt-get clean + +# https://www.kali.org/docs/general-use/metapackages/ +# The most commonly used tools +RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections && \ + apt-get install -y kali-tools-vulnerability && \ + echo "########################### METAPACKAGE INFO ###########################" && \ + apt depends kali-tools-vulnerability && \ + apt show kali-tools-vulnerability && \ + echo "########################### METAPACKAGE INFO ###########################" + + + +# custom packages +RUN apt-get update && apt-get install -y --no-install-recommends \ + aircrack-ng \ + ncat \ + hping3 + +#testing +RUN hping3 -v + diff --git a/dockerfiles/kalilinux/kali/Dockerfile.kalilinux.kali-tools-web b/dockerfiles/kalilinux/kali/Dockerfile.kalilinux.kali-tools-web new file mode 100644 index 0000000..ca570d5 --- /dev/null +++ b/dockerfiles/kalilinux/kali/Dockerfile.kalilinux.kali-tools-web @@ -0,0 +1,28 @@ +FROM kalilinux/kali-rolling +LABEL org.opencontainers.image.authors="githubfoam" + + +#clean start +RUN apt-get update -y && apt-get upgrade -y && apt-get autoremove - && apt-get clean + +# https://www.kali.org/docs/general-use/metapackages/ +# https://www.kali.org/tools/kali-meta/ +# The most commonly used tools +RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections && \ + apt-get install -y kali-tools-web && \ + echo "########################### METAPACKAGE INFO ###########################" && \ + apt depends kali-tools-web && \ + apt show kali-tools-web && \ + echo "########################### METAPACKAGE INFO ###########################" + + + +# custom packages +RUN apt-get update && apt-get install -y --no-install-recommends \ + aircrack-ng \ + ncat \ + hping3 + +#testing +RUN hping3 -v + diff --git a/dockerfiles/kalilinux/metasploitable/Dockerfile b/dockerfiles/kalilinux/metasploitable/Dockerfile new file mode 100644 index 0000000..de25526 --- /dev/null +++ b/dockerfiles/kalilinux/metasploitable/Dockerfile @@ -0,0 +1,6 @@ +# https://hub.docker.com/r/tleemcjr/metasploitable2 +FROM tleemcjr/metasploitable2:latest + +RUN /bin/services.sh + +CMD ["/bin/sh"] \ No newline at end of file diff --git a/dockerfiles/kalilinux/parrotsec/Dockerfile b/dockerfiles/kalilinux/parrotsec/Dockerfile new file mode 100644 index 0000000..123efd1 --- /dev/null +++ b/dockerfiles/kalilinux/parrotsec/Dockerfile @@ -0,0 +1,6 @@ +# https://hub.docker.com/r/parrotsec/core +FROM parrotsec/core:latest +LABEL org.opencontainers.image.authors="githubfoam" + +# CMD ["/bin/bash"] + diff --git a/dockerfiles/kalilinux/postgres/init/01_init.sql b/dockerfiles/kalilinux/postgres/init/01_init.sql new file mode 100644 index 0000000..c4276b2 --- /dev/null +++ b/dockerfiles/kalilinux/postgres/init/01_init.sql @@ -0,0 +1 @@ +CREATE DATABASE msf; \ No newline at end of file diff --git a/dockerfiles/kalilinux/webgoat/Dockerfile.webgoat b/dockerfiles/kalilinux/webgoat/Dockerfile.webgoat new file mode 100644 index 0000000..1fa5121 --- /dev/null +++ b/dockerfiles/kalilinux/webgoat/Dockerfile.webgoat @@ -0,0 +1,6 @@ +# https://hub.docker.com/r/webgoat/goatandwolf +# WebGoat http://127.0.0.1:8080/WebGoat +# WebWolf http://127.0.0.1:9090/WebWolf +FROM webgoat/goatandwolf:latest + +# CMD ["/bin/sh"] \ No newline at end of file diff --git a/dockerfiles/parrotsec/docker-compose-parrotsec.yml b/dockerfiles/parrotsec/docker-compose-parrotsec.yml new file mode 100644 index 0000000..047d1d5 --- /dev/null +++ b/dockerfiles/parrotsec/docker-compose-parrotsec.yml @@ -0,0 +1,200 @@ +version: '3' + +services: + + kali: + build: ./kali + container_name: kali + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.22 + + parrotsec-core-build: + # build: ./parrotsec + build: + context: . + dockerfile: ./parrotsec/Dockerfile.core + container_name: parrotsec-core + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.23 + + parrotsec-tools-sqlmap : + image: parrotsec/tools-sqlmap + container_name: parrotsec-sqlmap + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.24 + + parrotsec-tools-beef : + image: parrotsec/tools-beef + container_name: parrotsec-beef + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.25 + + parrotsec-tools-bettercap : + image: parrotsec/tools-bettercap + container_name: parrotsec-bettercap + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.26 + + parrotsec-tools-set : + image: parrotsec/tools-set + container_name: parrotsec-set + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.27 + + parrotsec-tools-metasploit : + image: parrotsec/tools-metasploit + container_name: parrotsec-metasploit + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.28 + + parrotsec-tools-nmap : + image: parrotsec/tools-nmap + container_name: parrotsec-nmap + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.29 + + parrotsec-security : + image: parrotsec/security + container_name: parrotsec-security + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.30 + +####################################### +# zap proxy os cluster builds +####################################### + + zap2docker-stable : + image: owasp/zap2docker-stable + container_name: zap2docker-stable + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.90 + + zap2docker-weekly : + image: owasp/zap2docker-weekly + container_name: zap2docker-weekly + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.91 + +####################################### +#vulnerable images +####################################### + + # https://github.com/juice-shop/juice-shop + owasp-juice-shop: + image: bkimminich/juice-shop + container_name: owasp-juice-shop + tty: true + ports: + - 3000:3000 + networks: + cyberrange: + ipv4_address: 192.168.35.3 + + postgresql: + image: postgres:latest + container_name: postgresql + ports: + - 5432:5432 + volumes: + - ./postgres/init:/docker-entrypoint-initdb.d + environment: + POSTGRES_USER: msf + POSTGRES_PASSWORD: msf + POSTGRES_INITDB_ARGS: "--encoding=UTF-8" + hostname: postgres + restart: always + user: root + + networks: + cyberrange: + ipv4_address: 192.168.35.4 + + metasploitable2: + # build: ./metasploitable + build: + context: . + dockerfile: ./metasploitable/Dockerfile.metasploitable2 + container_name: metasploitable + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.5 + + webgoat: + build: + context: . + dockerfile: ./webgoat/Dockerfile.webgoat + container_name: webgoat + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.6 + + # https://github.com/psiinon/bodgeit + bodgeit: + image: psiinon/bodgeit + container_name: bodgeit + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.7 + + # https://github.com/RhinoSecurityLabs/cloudgoat + cloudgoat: + image: rhinosecuritylabs/cloudgoat:latest + container_name: cloudgoat + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.8 + + # https://github.com/RhinoSecurityLabs/cloudgoat + # cloudgoat-build: + # build: + # context: . + # dockerfile: ./cloudgoat/Dockerfile.build + # tty: true + # networks: + # cyberrange: + # ipv4_address: 192.168.35.9 + + # https://github.com/digininja/DVWA + dvwa: + image: vulnerables/web-dvwa + ports: + - "80:80" + container_name: dvwa + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.10 + +networks: + cyberrange: + driver: bridge + ipam: + driver: default + config: + - subnet: 192.168.35.0/24 diff --git a/dockerfiles/parrotsec/kali/Dockerfile b/dockerfiles/parrotsec/kali/Dockerfile new file mode 100644 index 0000000..ebfa8c9 --- /dev/null +++ b/dockerfiles/parrotsec/kali/Dockerfile @@ -0,0 +1,32 @@ +FROM kalilinux/kali-rolling:latest +LABEL org.opencontainers.image.authors="githubfoam" + + +#clean start +RUN apt-get update -y && apt-get upgrade -y && apt-get autoremove -y && apt-get clean + +RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections && \ + apt-get install -y kali-tools-forensics && \ + echo "########################### METAPACKAGE INFO ###########################" && \ + apt depends kali-tools-forensics && \ + apt show kali-tools-forensics && \ + apt-cache show kali-tools-forensics | grep Depends && \ + echo "########################### METAPACKAGE INFO ###########################" + + +# custom packages +RUN apt-get update && apt-get install -y --no-install-recommends \ + aircrack-ng \ + ncat \ + tor \ + strace \ + ltrace \ + # https://github.com/danielmiessler/SecLists + seclists \ + # python3-apt must be installed to use check mode,dry-runs + python3-apt \ + ansible \ + hping3 + +CMD ["/bin/bash"] + diff --git a/dockerfiles/parrotsec/metasploitable/Dockerfile.metasploitable2 b/dockerfiles/parrotsec/metasploitable/Dockerfile.metasploitable2 new file mode 100644 index 0000000..de25526 --- /dev/null +++ b/dockerfiles/parrotsec/metasploitable/Dockerfile.metasploitable2 @@ -0,0 +1,6 @@ +# https://hub.docker.com/r/tleemcjr/metasploitable2 +FROM tleemcjr/metasploitable2:latest + +RUN /bin/services.sh + +CMD ["/bin/sh"] \ No newline at end of file diff --git a/dockerfiles/parrotsec/parrotsec-tools-vuln.yml b/dockerfiles/parrotsec/parrotsec-tools-vuln.yml new file mode 100644 index 0000000..8809967 --- /dev/null +++ b/dockerfiles/parrotsec/parrotsec-tools-vuln.yml @@ -0,0 +1,91 @@ +version: '3' + +services: + +####################################### +# kali cluster +####################################### + kali: + build: ./kali + container_name: kali + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.22 + +####################################### +# parrot os cluster builds +####################################### + + parrotsec-privacy : + build: + context: . + dockerfile: ./parrotsec/Dockerfile.tools-vuln + container_name: parrotsec-privacy + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.89 + + +####################################### +#vulnerable images +####################################### + + # https://github.com/juice-shop/juice-shop + owasp-juice-shop: + image: bkimminich/juice-shop + container_name: owasp-juice-shop + tty: true + ports: + - 3000:3000 + networks: + cyberrange: + ipv4_address: 192.168.35.3 + + postgresql: + image: postgres:latest + container_name: postgresql + ports: + - 5432:5432 + volumes: + - ./postgres/init:/docker-entrypoint-initdb.d + environment: + POSTGRES_USER: msf + POSTGRES_PASSWORD: msf + POSTGRES_INITDB_ARGS: "--encoding=UTF-8" + hostname: postgres + restart: always + user: root + + networks: + cyberrange: + ipv4_address: 192.168.35.4 + + metasploitable2: + build: + context: . + dockerfile: ./metasploitable/Dockerfile.metasploitable2 + container_name: metasploitable + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.5 + + webgoat: + build: + context: . + dockerfile: ./webgoat/Dockerfile.webgoat + container_name: webgoat + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.6 + +networks: + cyberrange: + driver: bridge + ipam: + driver: default + config: + - subnet: 192.168.35.0/24 diff --git a/dockerfiles/parrotsec/parrotsec-tools-web.yml b/dockerfiles/parrotsec/parrotsec-tools-web.yml new file mode 100644 index 0000000..16a3a33 --- /dev/null +++ b/dockerfiles/parrotsec/parrotsec-tools-web.yml @@ -0,0 +1,91 @@ +version: '3' + +services: + +####################################### +# kali cluster +####################################### + kali: + build: ./kali + container_name: kali + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.22 + +####################################### +# parrot os cluster builds +####################################### + + parrotsec-privacy : + build: + context: . + dockerfile: ./parrotsec/Dockerfile.tools-web + container_name: parrotsec-privacy + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.89 + + +####################################### +#vulnerable images +####################################### + + # https://github.com/juice-shop/juice-shop + owasp-juice-shop: + image: bkimminich/juice-shop + container_name: owasp-juice-shop + tty: true + ports: + - 3000:3000 + networks: + cyberrange: + ipv4_address: 192.168.35.3 + + postgresql: + image: postgres:latest + container_name: postgresql + ports: + - 5432:5432 + volumes: + - ./postgres/init:/docker-entrypoint-initdb.d + environment: + POSTGRES_USER: msf + POSTGRES_PASSWORD: msf + POSTGRES_INITDB_ARGS: "--encoding=UTF-8" + hostname: postgres + restart: always + user: root + + networks: + cyberrange: + ipv4_address: 192.168.35.4 + + metasploitable2: + build: + context: . + dockerfile: ./metasploitable/Dockerfile.metasploitable2 + container_name: metasploitable + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.5 + + webgoat: + build: + context: . + dockerfile: ./webgoat/Dockerfile.webgoat + container_name: webgoat + tty: true + networks: + cyberrange: + ipv4_address: 192.168.35.6 + +networks: + cyberrange: + driver: bridge + ipam: + driver: default + config: + - subnet: 192.168.35.0/24 diff --git a/dockerfiles/parrotsec/parrotsec/Dockerfile.core b/dockerfiles/parrotsec/parrotsec/Dockerfile.core new file mode 100644 index 0000000..ceadfc3 --- /dev/null +++ b/dockerfiles/parrotsec/parrotsec/Dockerfile.core @@ -0,0 +1,6 @@ +# https://hub.docker.com/r/parrotsec/core +FROM parrotsec/core:latest +LABEL org.opencontainers.image.authors="githubfoam" + +CMD ["/bin/bash"] + diff --git a/dockerfiles/parrotsec/parrotsec/Dockerfile.tools-vuln b/dockerfiles/parrotsec/parrotsec/Dockerfile.tools-vuln new file mode 100644 index 0000000..296b245 --- /dev/null +++ b/dockerfiles/parrotsec/parrotsec/Dockerfile.tools-vuln @@ -0,0 +1,30 @@ +# https://hub.docker.com/r/parrotsec/core +FROM parrotsec/core:latest +LABEL org.opencontainers.image.authors="githubfoam" + +#clean start +RUN apt-get update -y &&\ + apt-get upgrade -y &&\ + apt-get autoremove -y &&\ + apt-get clean + +# https://github.com/ParrotSec/parrot-tools/blob/master/debian/control +RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections && \ + apt-get install -y parrot-tools-vuln && \ + echo "########################### METAPACKAGE INFO ###########################" && \ + apt depends parrot-tools-vuln && \ + apt show parrot-tools-vuln && \ + # apt-cache show parrot-tools-reversing | grep Depends && \ + echo "########################### METAPACKAGE INFO ###########################" + + +# custom packages +RUN apt-get update && apt-get install -y --no-install-recommends \ + ncat \ + hping3 + +#testing +RUN hping3 -v + +CMD ["/bin/bash"] + diff --git a/dockerfiles/parrotsec/parrotsec/Dockerfile.tools-web b/dockerfiles/parrotsec/parrotsec/Dockerfile.tools-web new file mode 100644 index 0000000..c94bcc1 --- /dev/null +++ b/dockerfiles/parrotsec/parrotsec/Dockerfile.tools-web @@ -0,0 +1,30 @@ +# https://hub.docker.com/r/parrotsec/core +FROM parrotsec/core:latest +LABEL org.opencontainers.image.authors="githubfoam" + +#clean start +RUN apt-get update -y &&\ + apt-get upgrade -y &&\ + apt-get autoremove -y &&\ + apt-get clean + +# https://github.com/ParrotSec/parrot-tools/blob/master/debian/control +RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections && \ + apt-get install -y parrot-tools-web && \ + echo "########################### METAPACKAGE INFO ###########################" && \ + apt depends parrot-tools-web && \ + apt show parrot-tools-web && \ + # apt-cache show parrot-tools-reversing | grep Depends && \ + echo "########################### METAPACKAGE INFO ###########################" + + +# custom packages +RUN apt-get update && apt-get install -y --no-install-recommends \ + ncat \ + hping3 + +#testing +RUN hping3 -v + +CMD ["/bin/bash"] + diff --git a/dockerfiles/parrotsec/postgres/init/01_init.sql b/dockerfiles/parrotsec/postgres/init/01_init.sql new file mode 100644 index 0000000..c4276b2 --- /dev/null +++ b/dockerfiles/parrotsec/postgres/init/01_init.sql @@ -0,0 +1 @@ +CREATE DATABASE msf; \ No newline at end of file diff --git a/dockerfiles/parrotsec/webgoat/Dockerfile.webgoat b/dockerfiles/parrotsec/webgoat/Dockerfile.webgoat new file mode 100644 index 0000000..1fa5121 --- /dev/null +++ b/dockerfiles/parrotsec/webgoat/Dockerfile.webgoat @@ -0,0 +1,6 @@ +# https://hub.docker.com/r/webgoat/goatandwolf +# WebGoat http://127.0.0.1:8080/WebGoat +# WebWolf http://127.0.0.1:9090/WebWolf +FROM webgoat/goatandwolf:latest + +# CMD ["/bin/sh"] \ No newline at end of file diff --git a/http/centos-6.10/ks.cfg b/http/centos-6.10/ks.cfg deleted file mode 100644 index 90864b0..0000000 --- a/http/centos-6.10/ks.cfg +++ /dev/null @@ -1,69 +0,0 @@ -install -cdrom -lang en_US.UTF-8 -keyboard us -network --bootproto=dhcp -rootpw vagrant -firewall --disabled -selinux --permissive -timezone UTC -unsupported_hardware -bootloader --location=mbr -text -skipx -zerombr -clearpart --all --initlabel -autopart -auth --enableshadow --passalgo=sha512 --kickstart -firstboot --disabled -reboot -user --name=vagrant --plaintext --password vagrant -key --skip - -%packages --nobase --ignoremissing --excludedocs -# vagrant needs this to copy initial files via scp -openssh-clients -sudo -kernel-headers -kernel-devel -gcc -make -perl -wget -nfs-utils --fprintd-pam --intltool - -# unnecessary firmware --aic94xx-firmware --atmel-firmware --b43-openfwwf --bfa-firmware --ipw2100-firmware --ipw2200-firmware --ivtv-firmware --iwl100-firmware --iwl1000-firmware --iwl3945-firmware --iwl4965-firmware --iwl5000-firmware --iwl5150-firmware --iwl6000-firmware --iwl6000g2a-firmware --iwl6050-firmware --libertas-usb8388-firmware --ql2100-firmware --ql2200-firmware --ql23xx-firmware --ql2400-firmware --ql2500-firmware --rt61pci-firmware --rt73usb-firmware --xorg-x11-drv-ati-firmware --zd1211-firmware - -%post -# Force to set SELinux to a permissive mode -sed -i -e 's/\(^SELINUX=\).*$/\1permissive/' /etc/selinux/config -# sudo -echo "%vagrant ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/vagrant diff --git a/http/centos-6.9/ks.cfg b/http/centos-6.9/ks.cfg deleted file mode 100644 index 90864b0..0000000 --- a/http/centos-6.9/ks.cfg +++ /dev/null @@ -1,69 +0,0 @@ -install -cdrom -lang en_US.UTF-8 -keyboard us -network --bootproto=dhcp -rootpw vagrant -firewall --disabled -selinux --permissive -timezone UTC -unsupported_hardware -bootloader --location=mbr -text -skipx -zerombr -clearpart --all --initlabel -autopart -auth --enableshadow --passalgo=sha512 --kickstart -firstboot --disabled -reboot -user --name=vagrant --plaintext --password vagrant -key --skip - -%packages --nobase --ignoremissing --excludedocs -# vagrant needs this to copy initial files via scp -openssh-clients -sudo -kernel-headers -kernel-devel -gcc -make -perl -wget -nfs-utils --fprintd-pam --intltool - -# unnecessary firmware --aic94xx-firmware --atmel-firmware --b43-openfwwf --bfa-firmware --ipw2100-firmware --ipw2200-firmware --ivtv-firmware --iwl100-firmware --iwl1000-firmware --iwl3945-firmware --iwl4965-firmware --iwl5000-firmware --iwl5150-firmware --iwl6000-firmware --iwl6000g2a-firmware --iwl6050-firmware --libertas-usb8388-firmware --ql2100-firmware --ql2200-firmware --ql23xx-firmware --ql2400-firmware --ql2500-firmware --rt61pci-firmware --rt73usb-firmware --xorg-x11-drv-ati-firmware --zd1211-firmware - -%post -# Force to set SELinux to a permissive mode -sed -i -e 's/\(^SELINUX=\).*$/\1permissive/' /etc/selinux/config -# sudo -echo "%vagrant ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/vagrant diff --git a/provisioning/bootstrap-bsd.sh b/provisioning/bootstrap-bsd.sh new file mode 100644 index 0000000..7de041f --- /dev/null +++ b/provisioning/bootstrap-bsd.sh @@ -0,0 +1,60 @@ +#!/bin/sh +set -eox pipefail #safety for script +echo $SHELL # freebsd shell +whoami +id +echo '192.168.50.14 vgnode04 vgnode04.local' | tee -a /etc/hosts +echo '192.168.50.15 vgnode05 vgnode05.local' | tee -a /etc/hosts +cat /etc/hosts + +echo "====================================================================================" +uname -a +echo "====================================================================================" +echo " \ ^__^ " +echo " \ (oo)\_______ " +echo " (__)\ )\/\ " +echo " ||----w | " +echo " || || " +# +# echo "=============================ansible =============================================================" +# # make -C /usr/ports/sysutils/ansible install # install from ports +# # pkg install py27-ansible #Python 2 version +# pkg install sudo #If the sudo command not foun +# type sudo #must have sudo installed +# #Allow members of group wheel to execute any command +# # stat /usr/local/etc/sudoers.d/allow-wheel-user-login +# # echo '%wheel ALL=(ALL) ALL' | sudo tee /usr/local/etc/sudoers.d/allow-wheel-user-login +# # cat /usr/local/etc/sudoers.d/allow-wheel-user-login + + +pkg install --yes python37 #Install Python 2.x or Python 3.x +type python3.7 + +pkg install --yes py37-ansible-2.9.7 #Python 3 version +ansible --version + +cat < $tmpfile + +# Check if file contains data +if [[ -s $tmpfile ]]; then + # Backup current mirrorlist + cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.backup + # Copy new mirrorlist sorted by connection speed + rankmirrors $tmpfile > /etc/pacman.d/mirrorlist +else + echo "Error recieving new mirrorlist." +fi + +# Delete temp file +rm $tmpfile diff --git a/roles/common/handlers/main.yml b/provisioning/roles/common/handlers/main.yml similarity index 100% rename from roles/common/handlers/main.yml rename to provisioning/roles/common/handlers/main.yml diff --git a/roles/common/meta/main.yml b/provisioning/roles/common/meta/main.yml similarity index 100% rename from roles/common/meta/main.yml rename to provisioning/roles/common/meta/main.yml diff --git a/provisioning/roles/common/tasks/Archlinux_NA_install.yml b/provisioning/roles/common/tasks/Archlinux_NA_install.yml new file mode 100644 index 0000000..7f9fabe --- /dev/null +++ b/provisioning/roles/common/tasks/Archlinux_NA_install.yml @@ -0,0 +1,16 @@ +--- +- name: "Load a variable file based on the OS type, or a default if not found" + include_vars: "{{ item }}" + with_first_found: + - "{{ ansible_distribution }}.yml" + - "{{ ansible_os_family }}.yml" + - "{{ ansible_distribution }}_{{ ansible_distribution_version }}.yml" + - default.yml + +- name: "Install system packages" + package: + name: '{{ system_packages }}' + use: '{{ ansible_pkg_mgr }}' + state: present + +- include_tasks: pacman.yml diff --git a/provisioning/roles/common/tasks/Centos_7_install.yml b/provisioning/roles/common/tasks/Centos_7_install.yml new file mode 100644 index 0000000..e7faa0d --- /dev/null +++ b/provisioning/roles/common/tasks/Centos_7_install.yml @@ -0,0 +1,15 @@ +--- +#https://docs.ansible.com/ansible/2.3/include_vars_module.html +- name: "Load a variable file based on the OS type, or a default if not found" + include_vars: "{{ item }}" + with_first_found: + - "{{ ansible_os_family }}.yml" + - "{{ ansible_distribution }}_{{ ansible_distribution_version }}.yml" + - default.yml + + +- name: "Install system packages" + package: + name: '{{ system_packages }}' + use: '{{ ansible_pkg_mgr }}' + state: present diff --git a/provisioning/roles/common/tasks/Debian_10.4_install.yml b/provisioning/roles/common/tasks/Debian_10.4_install.yml new file mode 100644 index 0000000..02b630e --- /dev/null +++ b/provisioning/roles/common/tasks/Debian_10.4_install.yml @@ -0,0 +1,25 @@ +--- +#https://docs.ansible.com/ansible/2.3/include_vars_module.html +- name: "Load a variable file based on the OS type, or a default if not found" + include_vars: "{{ item }}" + with_first_found: + - "{{ ansible_os_family }}.yml" + - "{{ ansible_distribution }}_{{ ansible_distribution_version }}.yml" + - default.yml + +- name: "Install system packages w apt - git problem" + apt: + name: git + state: present + +- name: "Install system packages w dpkg- git problem" + package: + name: '{{ system_packages }}' + use: '{{ ansible_pkg_mgr }}' + state: present + +# - name: "Install system packages" +# package: +# name: '{{ system_packages }}' +# use: '{{ ansible_pkg_mgr }}' +# state: present diff --git a/provisioning/roles/common/tasks/Ubuntu_19.10_install.yml b/provisioning/roles/common/tasks/Ubuntu_19.10_install.yml new file mode 100644 index 0000000..e7faa0d --- /dev/null +++ b/provisioning/roles/common/tasks/Ubuntu_19.10_install.yml @@ -0,0 +1,15 @@ +--- +#https://docs.ansible.com/ansible/2.3/include_vars_module.html +- name: "Load a variable file based on the OS type, or a default if not found" + include_vars: "{{ item }}" + with_first_found: + - "{{ ansible_os_family }}.yml" + - "{{ ansible_distribution }}_{{ ansible_distribution_version }}.yml" + - default.yml + + +- name: "Install system packages" + package: + name: '{{ system_packages }}' + use: '{{ ansible_pkg_mgr }}' + state: present diff --git a/provisioning/roles/common/tasks/hosts_entry.yml b/provisioning/roles/common/tasks/hosts_entry.yml new file mode 100644 index 0000000..10c18f3 --- /dev/null +++ b/provisioning/roles/common/tasks/hosts_entry.yml @@ -0,0 +1,15 @@ +--- +- name: "Add mappings to /etc/hosts" + blockinfile: + path: /etc/hosts + block: | + {{ item.ip }} {{ item.namelong }} {{ item.nameshort }} + marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item.nameshort }}" + with_items: + - { ip: 192.168.20.9, namelong: vg-mokapot-01.local, nameshort: vg-mokapot-01 } + - { ip: 192.168.20.10, namelong: vg-mokapot-02.local, nameshort: vg-mokapot-02 } + - { ip: 192.168.20.11, namelong: vg-mokapot-03.local, nameshort: vg-mokapot-03 } + - { ip: 192.168.20.12, namelong: vg-mokapot-04.local, nameshort: vg-mokapot-04 } + - { ip: 192.168.20.13, namelong: vg-mokapot-05.local, nameshort: vg-mokapot-05 } + - { ip: 192.168.20.14, namelong: vg-mokapot-06.local, nameshort: vg-mokapot-06 } + when: add_host_entries diff --git a/provisioning/roles/common/tasks/main.yml b/provisioning/roles/common/tasks/main.yml new file mode 100644 index 0000000..de1dd1f --- /dev/null +++ b/provisioning/roles/common/tasks/main.yml @@ -0,0 +1,30 @@ +--- +- name: "OS fingerprinting " + debug: + msg: + - " ansible_os_family: {{ hostvars[inventory_hostname].ansible_os_family }} " + - " ansible_distribution: {{ hostvars[inventory_hostname].ansible_distribution }}" + - " ansible_distribution_major_version: {{ hostvars[inventory_hostname].ansible_distribution_major_version }}" + - " ansible_distribution_release: {{ hostvars[inventory_hostname].ansible_distribution_release }}" + - " ansible_distribution_version: {{ hostvars[inventory_hostname].ansible_distribution_version }}" + +- name: "Add /etc/hosts entries" + include_tasks: hosts_entry.yml + +- name: "Add /etc/resolv.conf entries" + include_tasks: resolv_entry.yml +# +# - name: "Install required packages" +# package: +# name: "{{ common_default_debian_reqs }}" +# state: present +# when: " ansible_os_family == 'Debian' and ansible_distribution in ['Debian','Ubuntu'] " +# +# - name: "Install required packages" +# package: +# name: "{{ common_default_redhat_reqs }}" +# state: present +# when: " ansible_os_family == 'RedHat' and ansible_distribution in ['CentOS','Scientific'] " + +- name: "Install {{ ansible_distribution }}-{{ ansible_distribution_version }}" + include_tasks: "{{ ansible_distribution }}_{{ ansible_distribution_version }}_install.yml" diff --git a/provisioning/roles/common/tasks/pacman.yml b/provisioning/roles/common/tasks/pacman.yml new file mode 100644 index 0000000..c809a59 --- /dev/null +++ b/provisioning/roles/common/tasks/pacman.yml @@ -0,0 +1,83 @@ +--- +- name: update pacman cache + pacman: + update_cache: true + #become: true + +- name: Install pacman tools + pacman: + name: pacman-contrib + #become: true + +- name: Install reflector + pacman: + name: reflector + #become: true + +- name: update pacman mirrorlist + script: update-mirrorlist.sh + #become: true + +- name: Install base metapackage + pacman: + name: base + #become: true + +- name: perform full upgrade + pacman: + upgrade: true + update_cache: true + #become: true + + +- name: Install filesystem tools + pacman: + name: + - cryptsetup + - e2fsprogs + #become: true + +- name: Install tools + pacman: + name: + - netctl + - openvpn + - wpa_supplicant + - aria2 + - curl + - htop + - httpie + - iotop + - jq + - less + - nmap + - openssh + - ripgrep + - rsync + - shellcheck + - usbutils + - which + - chromium + - evince + - mpv + - pcmanfm + - viewnior + # become: true + +- name: Install python development tools + pacman: + name: + - python + - python-pip + - python-virtualenv + +- name: Install golang + pacman: + name: go + +- name: Install C/C++ development tools + pacman: + name: + - base-devel + - gdb + - valgrind diff --git a/provisioning/roles/common/tasks/resolv_entry.yml b/provisioning/roles/common/tasks/resolv_entry.yml new file mode 100644 index 0000000..e4134fa --- /dev/null +++ b/provisioning/roles/common/tasks/resolv_entry.yml @@ -0,0 +1,12 @@ +--- + +- name: Add mappings to /etc/resolv.conf + # vagrant environment nodes + blockinfile: + path: /etc/resolv.conf + block: | + {{ item.name }} {{ item.ip }} + marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item.name }}" + with_items: + - { name: nameserver, ip: 8.8.8.8 } + when: add_resolv_entries diff --git a/roles/common/tests/inventory b/provisioning/roles/common/tests/inventory similarity index 100% rename from roles/common/tests/inventory rename to provisioning/roles/common/tests/inventory diff --git a/roles/common/tests/test.yml b/provisioning/roles/common/tests/test.yml similarity index 100% rename from roles/common/tests/test.yml rename to provisioning/roles/common/tests/test.yml diff --git a/provisioning/roles/common/vars/Archlinux.yml b/provisioning/roles/common/vars/Archlinux.yml new file mode 100644 index 0000000..afa29cb --- /dev/null +++ b/provisioning/roles/common/vars/Archlinux.yml @@ -0,0 +1,7 @@ +--- +system_packages: + - socat + - traceroute + - mtr + - tcpdump + - net-tools diff --git a/provisioning/roles/common/vars/Debian.yml b/provisioning/roles/common/vars/Debian.yml new file mode 100644 index 0000000..afa29cb --- /dev/null +++ b/provisioning/roles/common/vars/Debian.yml @@ -0,0 +1,7 @@ +--- +system_packages: + - socat + - traceroute + - mtr + - tcpdump + - net-tools diff --git a/provisioning/roles/common/vars/Debian_10.4.yml b/provisioning/roles/common/vars/Debian_10.4.yml new file mode 100644 index 0000000..afa29cb --- /dev/null +++ b/provisioning/roles/common/vars/Debian_10.4.yml @@ -0,0 +1,7 @@ +--- +system_packages: + - socat + - traceroute + - mtr + - tcpdump + - net-tools diff --git a/provisioning/roles/common/vars/RedHat.yml b/provisioning/roles/common/vars/RedHat.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/provisioning/roles/common/vars/RedHat.yml @@ -0,0 +1 @@ +--- diff --git a/provisioning/roles/common/vars/default.yml b/provisioning/roles/common/vars/default.yml new file mode 100644 index 0000000..5f913cd --- /dev/null +++ b/provisioning/roles/common/vars/default.yml @@ -0,0 +1,3 @@ +--- +system_packages: +- tcpdump diff --git a/provisioning/roles/common/vars/main.yml b/provisioning/roles/common/vars/main.yml new file mode 100644 index 0000000..5f913cd --- /dev/null +++ b/provisioning/roles/common/vars/main.yml @@ -0,0 +1,3 @@ +--- +system_packages: +- tcpdump diff --git a/provisioning/servers_list.yml b/provisioning/servers_list.yml new file mode 100644 index 0000000..7c1aee7 --- /dev/null +++ b/provisioning/servers_list.yml @@ -0,0 +1,84 @@ +--- +- vagrant_box_host: "vg-compute-01" + vagrant_box: "bento/ubuntu-19.10" + vbox_name: "vbox-compute-01" + vbox_ram: 4096 + vbox_cpu: 2 + network_type: "private_network" + vagrant_box_ip: 192.168.20.9 + guest_port: 1234 + host_port: 1234 + server_bootstrap: "provisioning/deploy.yml" + shell_provision: "provisioning/bootstrap.sh" + # ansible_version: "2.9.7" + ansible_compatibility_mode: "2.0" + +- vagrant_box_host: "vg-compute-02" + vagrant_box: "archlinux/archlinux" + vbox_name: "vbox-compute-02" + vbox_ram: 4096 + vbox_cpu: 2 + network_type: "private_network" + vagrant_box_ip: 192.168.20.10 + guest_port: 1234 + host_port: 1234 + server_bootstrap: "provisioning/deploy.yml" + shell_provision: "provisioning/bootstrap.sh" + # ansible_version: "2.9.7" + ansible_compatibility_mode: "2.0" + +- vagrant_box_host: "vg-compute-03" + vagrant_box: "debian/stretch64" + vbox_name: "vbox-compute-03" + vbox_ram: 4096 + vbox_cpu: 2 + network_type: "private_network" + vagrant_box_ip: 192.168.20.11 + guest_port: 1235 + host_port: 1235 + server_bootstrap: "provisioning/deploy.yml" + shell_provision: "provisioning/bootstrap.sh" + # ansible_version: "2.9.2" #ubuntu + ansible_compatibility_mode: "2.0" + +- vagrant_box_host: "vg-compute-04" + vagrant_box: "bento/debian-9.12" + vbox_name: "vbox-compute-04" + vbox_ram: 4096 + vbox_cpu: 2 + network_type: "private_network" + vagrant_box_ip: 192.168.20.12 + guest_port: 1235 + host_port: 1235 + server_bootstrap: "provisioning/deploy.yml" + shell_provision: "provisioning/bootstrap.sh" + # ansible_version: "2.9.2" #ubuntu + ansible_compatibility_mode: "2.0" + +- vagrant_box_host: "vg-compute-05" + vagrant_box: "bento/debian-10.4" + vbox_name: "vbox-compute-05" + vbox_ram: 4096 + vbox_cpu: 2 + network_type: "private_network" + vagrant_box_ip: 192.168.20.13 + guest_port: 1235 + host_port: 1235 + server_bootstrap: "provisioning/deploy.yml" + shell_provision: "provisioning/bootstrap.sh" + # ansible_version: "2.9.2" #ubuntu + ansible_compatibility_mode: "2.0" + +- vagrant_box_host: "vg-compute-06" + vagrant_box: "archlinux/archlinux" + vbox_name: "vbox-compute-06" + vbox_ram: 4096 + vbox_cpu: 2 + network_type: "private_network" + vagrant_box_ip: 192.168.20.14 + guest_port: 1235 + host_port: 1235 + server_bootstrap: "provisioning/deploy.yml" + shell_provision: "provisioning/bootstrap.sh" + # ansible_version: "2.9.2" + ansible_compatibility_mode: "2.0" diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..cebf715 --- /dev/null +++ b/requirements.txt @@ -0,0 +1,4 @@ +-c constraints.txt +testinfra +pytest +codecov diff --git a/roles/common/defaults/main.yml b/roles/common/defaults/main.yml deleted file mode 100644 index fa30550..0000000 --- a/roles/common/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# defaults file for common \ No newline at end of file diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml deleted file mode 100644 index 1620d1a..0000000 --- a/roles/common/tasks/main.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# tasks file for common -- name: Setting hostname - shell: "hostnamectl set-hostname {{ inventory_hostname }}" - -- name: Uploading hosts file - template: - src: hosts.conf.j2 - dest: /etc/hosts - owner: root - group: root - mode: 0644 - -- name: Uploading resolv file - template: - src: resolv.conf.j2 - dest: /etc/resolv.conf - owner: root - group: root - mode: 0644 diff --git a/roles/common/templates/hosts.conf.j2 b/roles/common/templates/hosts.conf.j2 deleted file mode 100644 index 40982a6..0000000 --- a/roles/common/templates/hosts.conf.j2 +++ /dev/null @@ -1,9 +0,0 @@ -127.0.0.1 localhost -192.168.1.254 master01 master01 -192.168.1.253 compute01 compute01 -192.168.1.252 compute02 compute02 - -# The following lines are desirable for IPv6 capable hosts -::1 localhost ip6-localhost ip6-loopback -ff02::1 ip6-allnodes -ff02::2 ip6-allrouters diff --git a/roles/common/templates/resolv.conf.j2 b/roles/common/templates/resolv.conf.j2 deleted file mode 100644 index 9a0e7ba..0000000 --- a/roles/common/templates/resolv.conf.j2 +++ /dev/null @@ -1,5 +0,0 @@ -# Generated by NetworkManager -nameserver 10.0.2.3 -# Nameservers allow us to access subdomains and domains -nameserver 8.8.8.8 -options single-request-reopen diff --git a/roles/common/vars/main.yml b/roles/common/vars/main.yml deleted file mode 100644 index feaa92f..0000000 --- a/roles/common/vars/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# vars file for common \ No newline at end of file diff --git a/scripts/deploy-boxes.sh b/scripts/deploy-boxes.sh new file mode 100644 index 0000000..dec594c --- /dev/null +++ b/scripts/deploy-boxes.sh @@ -0,0 +1,109 @@ +#!/bin/bash +set -o errexit +set -o pipefail +set -o nounset +set -o xtrace +# set -eox pipefail #safety for script + +echo "=========================================================================================" +vagrant plugin install vagrant-libvirt #The vagrant-libvirt plugin is required when using KVM on Linux +vagrant plugin install vagrant-mutate #Convert vagrant boxes to work with different providers + +# https://www.debian.org/releases/ + +#https://github.com/chef/bento/tree/master/packer_templates/debian +# vagrant box add "bento/ubuntu-19.10" --provider=virtualbox +# vagrant mutate "bento/ubuntu-19.10" libvirt +# vagrant up --provider=libvirt "vg-compute-01" + +# https://app.vagrantup.com/archlinux +# vagrant box add "archlinux/archlinux" --provider=libvirt +# vagrant up --provider=libvirt "vg-compute-02" + +#https://github.com/chef/bento/tree/master/packer_templates/debian +# vagrant box add "bento/debian-10.4" --provider=virtualbox +# vagrant mutate "bento/debian-10.4" libvirt +# vagrant up --provider=libvirt "vg-compute-05" + +# vagrant ssh "vg-compute-05" -c "sudo blazescan -h" +# vagrant ssh "vg-compute-05" -c "sudo clamscan -ir -d /tmp/lw-yara/ /tmp/*" +# vagrant ssh "vg-compute-05" -c "sudo perl nikto.pl -h http://www.google.com" + + +# https://app.vagrantup.com/archlinux +# vagrant box add "archlinux/archlinux" --provider=libvirt +# vagrant up --provider=libvirt "vg-compute-06" + + +# OK with bento/debian-10.4 though +#The error appears to have been in '/vagrant/provisioning/roles/common/tasks/main.yml': line 11, column 3, but may +# https://github.com/chef/bento/tree/master/packer_templates/debian +# vagrant box add "bento/debian-9.12" --provider=virtualbox +# vagrant mutate "bento/debian-9.12" libvirt +# vagrant up --provider=libvirt "vg-compute-04" + + + +# vagrant box add "freebsd/FreeBSD-12.1-STABLE" --provider=virtualbox +# vagrant mutate "freebsd/FreeBSD-12.1-STABLE" libvirt +# vagrant up --provider=libvirt vgnode04 + +# vagrant box add "bento/hardenedbsd-11" --provider=virtualbox +# vagrant mutate "bento/hardenedbsd-11" libvirt +# vagrant up --provider=libvirt vgnode05 + +# # vagrant cloud debian box specific +# # adapter to enable NFS on this machine for Vagrant. +# # Please verify that `nfsd` is installed on your machine, and try again +# # HOST is not windows. +# # HOST is travisci bionic server +# apt-get install nfs-common nfs-kernel-server -qqy +# +# #https://www.vagrantup.com/docs/synced-folders/nfs.html#root-privilege-requirement +# TMP=$(mktemp) #temporary file to contain the sudoers-changes +# cat > $TMP <> /etc/exports +# Cmnd_Alias VAGRANT_NFSD = /etc/init.d/nfs-kernel-server restart +# Cmnd_Alias VAGRANT_EXPORTS_REMOVE = /bin/sed -e /*/ d -ibak /etc/exports +# %admin ALL=(root) NOPASSWD: VAGRANT_EXPORTS_ADD, VAGRANT_NFSD, VAGRANT_EXPORTS_REMOVE +# EOF +# cat $TMP +# visudo -c -f $TMP # Check if the changes are OK +# # $? is a variable holding the exit code of the last run command +# if [ $? -eq 0 ]; then +# # This computes! Starting up visudo with this script as first parameter +# export EDITOR=$0 && export FILE_OK=$TMP && sudo -E visudo -f /etc/sudoers.d/vagrant_sudoers +# fi +# +# #https://app.vagrantup.com/debian/boxes/buster64 +# vagrant box add "debian/buster64" --provider=libvirt +# vagrant up --provider=libvirt "vg-compute-02" +# +# #https://app.vagrantup.com/debian/boxes/stretch64 +# vagrant box add "debian/stretch64" --provider=libvirt +# vagrant up --provider=libvirt "vg-compute-03" + + +# The repository 'http://ppa.launchpad.net/ansible/ansible/ubuntu focal Release' does not have a Release file +# https://github.com/chef/bento/tree/master/packer_templates/debian +vagrant box add "bento/ubuntu-19.10" --provider=virtualbox +vagrant mutate "bento/ubuntu-19.10" libvirt +vagrant up --provider=libvirt "vg-compute-01" + + +#https://github.com/chef/bento/tree/master/packer_templates/debian +# vagrant box add "bento/debian-10.4" --provider=virtualbox +# vagrant mutate "bento/debian-10.4" libvirt +# vagrant up --provider=libvirt "vg-compute-05" + +vagrant box list #veridy installed boxes +vagrant status #Check the status of the VMs to see that none of them have been created yet +vagrant status +virsh list --all #show all running KVM/libvirt VMs +# vagrant destroy -f "vg-compute-05" + +# https://app.vagrantup.com/archlinux +# vagrant box add "archlinux/archlinux" --provider=libvirt +# vagrant up --provider=libvirt "vg-compute-06" + +echo "=========================================================================================" diff --git a/scripts/deploy-libvirt.sh b/scripts/deploy-libvirt.sh new file mode 100644 index 0000000..8a5868d --- /dev/null +++ b/scripts/deploy-libvirt.sh @@ -0,0 +1,16 @@ +#!/bin/bash +set -o errexit +set -o pipefail +set -o nounset +set -o xtrace +# set -eox pipefail #safety for script + +echo "=============================Install kvm qemu libvirt=============================================================" +apt-get -qq update +apt-get install -y cpu-checker bridge-utils dnsmasq-base ebtables libvirt-bin libvirt-dev qemu-kvm qemu-utils ruby-dev +systemctl status libvirtd +libvirtd --version +egrep -c '(vmx|svm)' /proc/cpuinfo #If 0 it means that your CPU doesn't support hardware virtualization.If 1 or more it does - but you still need to make sure that virtualization is enabled in the BIOS. +addgroup libvirtd +adduser $(id -un) libvirtd #ensure that your username is added to the group libvirtd +kvm-ok diff --git a/scripts/deploy-vagrant.sh b/scripts/deploy-vagrant.sh new file mode 100644 index 0000000..ae57ef5 --- /dev/null +++ b/scripts/deploy-vagrant.sh @@ -0,0 +1,33 @@ +#!/bin/bash +set -o errexit +set -o pipefail +set -o nounset +set -o xtrace +# set -eox pipefail #safety for script + +echo "=============================Install Vagrant=============================================================" +# export VAGRANT_CURRENT_VERSION="2.2.9" +apt-get install -qqy unzip jq + +# https://releases.hashicorp.com/vagrant/2.2.9/vagrant_2.2.9_SHA256SUMS +export VAGRANT_CURRENT_VERSION="$(curl -s https://checkpoint-api.hashicorp.com/v1/check/vagrant | jq -r -M '.current_version')" +export VAGRANT_URL="https://releases.hashicorp.com/vagrant/${VAGRANT_CURRENT_VERSION}/vagrant_${VAGRANT_CURRENT_VERSION}_x86_64.deb" +export VAGRANT_SHA256_URL="https://releases.hashicorp.com/vagrant/$VAGRANT_CURRENT_VERSION/vagrant_${VAGRANT_CURRENT_VERSION}_SHA256SUMS" +export VAGRANT_SHA256_SIG_URL="https://releases.hashicorp.com/vagrant/$VAGRANT_CURRENT_VERSION/vagrant_${VAGRANT_CURRENT_VERSION}_SHA256SUMS.sig" + +# wget -nv "${VAGRANT_URL}" +curl -LO "${VAGRANT_URL}" +curl -LO "${VAGRANT_SHA256_URL}" +curl -LO "${VAGRANT_SHA256_SIG_URL}" +export HASHICORP_PUBLIC_KEY_URL="https://keybase.io/hashicorp/pgp_keys.asc" #https://www.hashicorp.com/security +# curl -sSL "${HASHICORP_PUBLIC_KEY_URL}" | gpg --import - # import the public key (PGP key) +`curl -sSL "${HASHICORP_PUBLIC_KEY_URL}" | gpg --import -` # import the public key (PGP key) +gpg --verify "vagrant_${VAGRANT_CURRENT_VERSION}_SHA256SUMS.sig" "vagrant_${VAGRANT_CURRENT_VERSION}_SHA256SUMS" 2>/dev/null #Verify the signature file is untampered + +sha256sum vagrant_${VAGRANT_CURRENT_VERSION}_x86_64.deb # via sha256sum +openssl dgst -sha256 vagrant_${VAGRANT_CURRENT_VERSION}_x86_64.deb # via openssl + +echo $(shasum -a 256 -c "vagrant_${VAGRANT_CURRENT_VERSION}_SHA256SUMS" 2>&1 | grep OK) + +dpkg -i vagrant_${VAGRANT_CURRENT_VERSION}_x86_64.deb +vagrant version