From 9de300c9e0f6e6ef6c2690ca3300a1380afb43c6 Mon Sep 17 00:00:00 2001 From: jgillam Date: Thu, 30 Jun 2022 19:30:06 -0400 Subject: [PATCH 1/7] Initial commit of centos7 box (testing with hyperv) --- centos/Vagrantfile | 143 ++++++++++++++++ centos/local_playbook.yml | 337 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 480 insertions(+) create mode 100644 centos/Vagrantfile create mode 100644 centos/local_playbook.yml diff --git a/centos/Vagrantfile b/centos/Vagrantfile new file mode 100644 index 0000000..bde7a30 --- /dev/null +++ b/centos/Vagrantfile @@ -0,0 +1,143 @@ +$bootstrapscript = <<-SCRIPT +set -euxvo pipefail +echo ">>>>>>>>>>>>> Installing the UI..." +yum -y update +yum install -y epel-release +yum groupinstall "X Window system" -y +yum groupinstall "MATE Desktop" -y + +echo ">>>>>>>>>>>>>>>> Adding samurai user" +useradd -m samurai -G wheel +echo samurai:samurai | chpasswd + +echo ">>>>>>>>>>>>>>>> Update Firefox Prefs" +ff_preferences="/etc/firefox/pref/all-samurai.js" +touch $ff_preferences +echo "pref('browser.startup.homepage', 'https://katana.test:8443');" >> $ff_preferences + +echo ">>>>>>>>>>>>>>>> Installing Ansible and Git" +yum install -y git ansible + +echo ">>>>>>>>>>>>>>>> Running Playbook" +pushd /vagrant +ansible-playbook -K centos/local_playbook.yml --extra-vars "groupname=samurai username=samurai" +popd + +echo ">>>>>>>>>>>>>>>> Initializing certificates" +openssl genrsa -out /etc/samurai.d/certs/rootCAKey.pem 2048 +openssl req -x509 -sha256 -new -nodes -key /etc/samurai.d/certs/rootCAKey.pem -days 365 -out /etc/samurai.d/certs/rootCACert.pem -subj "/C=US/ST=Hacking/L=Springfield/O=SamuraiWTF/CN=samuraiwtf" +cp /etc/samurai.d/certs/rootCACert.pem /etc/pki/ca-trust/source/anchors/ +update-ca-trust +openssl req -new -newkey rsa:4096 -nodes -keyout /etc/samurai.d/certs/katana.test.key -out /etc/samurai.d/certs/katana.test.csr -subj "/C=US/ST=Hacking/L=Springfield/O=SamuraiWTF/CN=katana.test" + +echo ">>>>>>>>>>>>>>>> Installing Katana" +katana --update +katana install katana +systemctl enable samurai-katana +katana start katana + +echo ">>>>>>>>>>>>>>>> Setting default session to graphical.target" +systemctl set-default graphical.target +SCRIPT + +# -*- mode: ruby -*- +# vi: set ft=ruby : + +# All Vagrant configuration is done below. The "2" in Vagrant.configure +# configures the configuration version (we support older styles for +# backwards compatibility). Please don't change it unless you know what +# you're doing. +Vagrant.configure("2") do |config| + # The most common configuration options are documented and commented below. + # For a complete reference, please see the online documentation at + # https://docs.vagrantup.com. + + # Every Vagrant development environment requires a box. You can search for + # boxes at https://vagrantcloud.com/search. + config.vm.box = "centos/7" + + config.vm.define "samuraiwtf", primary: true do |samuraiwtf| + samuraiwtf.vm.host_name = "SamuraiWTF" + samuraiwtf.vm.synced_folder "..", "/vagrant" + + samuraiwtf.vm.provider "hyperv" do |hv| + hv.vmname = "SamuraiWTF-5.2.1" + hv.memory = "4096" + end + + samuraiwtf.vm.provider "virtualbox" do |vb| + vb.gui = true + vb.name = "SamuraiWTF-5.2.1" + vb.memory = "4096" + vb.customize ["modifyvm", :id, "--vram", "128"] + vb.customize ["modifyvm", :id, "--cpus", "2"] + vb.customize ["modifyvm", :id, "--vrde", "off"] + vb.customize ["modifyvm", :id, "--graphicscontroller", "vmsvga"] + vb.customize ["modifyvm", :id, "--accelerate2dvideo", "on"] + end + + end + + # config.vm.provider "virtualbox" do |v| + # v.customize ["modifyvm", :id, "--memory", "2048"] + # end + # + # config.vm.provider "vmware_fusion" do |v| + # v.vmx["memsize"] = "2048" + # end + + # Disable automatic box update checking. If you disable this, then + # boxes will only be checked for updates when the user runs + # `vagrant box outdated`. This is not recommended. + # config.vm.box_check_update = false + + # Create a forwarded port mapping which allows access to a specific port + # within the machine from a port on the host machine. In the example below, + # accessing "localhost:8080" will access port 80 on the guest machine. + # NOTE: This will enable public access to the opened port + # config.vm.network "forwarded_port", guest: 80, host: 8080 + + # Create a forwarded port mapping which allows access to a specific port + # within the machine from a port on the host machine and only allow access + # via 127.0.0.1 to disable public access + # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1" + + # Create a private network, which allows host-only access to the machine + # using a specific IP. + # config.vm.network "private_network", ip: "192.168.33.10" + + # Create a public network, which generally matched to bridged network. + # Bridged networks make the machine appear as another physical device on + # your network. + # config.vm.network "public_network" + + # Share an additional folder to the guest VM. The first argument is + # the path on the host to the actual folder. The second argument is + # the path on the guest to mount the folder. And the optional third + # argument is a set of non-required options. + # config.vm.synced_folder "../data", "/vagrant_data" + + # Provider-specific configuration so you can fine-tune various + # backing providers for Vagrant. These expose provider-specific options. + # Example for VirtualBox: + # + # config.vm.provider "virtualbox" do |vb| + # # Display the VirtualBox GUI when booting the machine + # vb.gui = true + # + # # Customize the amount of memory on the VM: + # vb.memory = "1024" + # end + # + # View the documentation for the provider you are using for more + # information on available options. + + # Enable provisioning with a shell script. Additional provisioners such as + # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the + # documentation for more information about their specific syntax and use. + # config.vm.provision "shell", inline: <<-SHELL + # apt-get update + # apt-get install -y apache2 + # SHELL + config.vm.provision "shell", inline: $bootstrapscript +end \ No newline at end of file diff --git a/centos/local_playbook.yml b/centos/local_playbook.yml new file mode 100644 index 0000000..429148d --- /dev/null +++ b/centos/local_playbook.yml @@ -0,0 +1,337 @@ +--- + +- name: run the playbook tasks on the localhost from the ~/samuraiwtf folder + hosts: 127.0.0.1 + connection: local + vars: + groupname: "CORP\\domain users" + username: "{{ lookup('env','USER') }}" + tasks: +### Prerequisites + + - name: Allow local passwordless access for root user + lineinfile: + path: /etc/security/access.conf + line: +:root:ALL + + - name: ensure prerequisite packages are installed + yum: + name: + - nginx + - vim + - curl + - docker + - docker-compose + - unzip + - php-fpm + - nano + - python3 + state: present + become: true + + - name: Install Java corretto from remote repo + yum: + name: https://corretto.aws/downloads/latest/amazon-corretto-8-x64-linux-jdk.rpm + state: present + + - name: python prerequisite modules + pip: + name: "{{ modules }}" + executable: /usr/bin/pip3 + become: yes + vars: + modules: + - docker + + - name: Create cli-plugins folder + file: + path: /usr/local/lib/docker/cli-plugins + state: directory + become: yes + +# - name: install docker-compose +# shell: 'curl -SL https://github.com/docker/compose/releases/download/v2.2.3/docker-compose-linux-x86_64 -o /usr/local/lib/docker/cli-plugins/docker-compose' +# become: yes +# when: stat_docker_compose.stat.exists == False +# +# - name: set permissions for docker-compose +# file: +# path: /usr/local/lib/docker/cli-plugins/docker-compose +# mode: "+x" +# become: yes +# +# - name: install compose-switch switch to support docker 1.x +# shell: 'curl -fL https://github.com/docker/compose-switch/releases/download/v1.0.4/docker-compose-linux-amd64 -o /usr/local/bin/compose-switch' +# become: yes +# when: stat_docker_compose.stat.exists == False +# +# - name: set permissions for compose-switch +# file: +# path: /usr/local/bin/compose-switch +# mode: "+x" +# become: yes + + - name: create the main Samurai program folder + file: + path: /opt/samurai + state: directory + owner: "{{ username }}" + group: "{{ groupname }}" + become: yes + + - name: Copy Samurai icon + copy: + src: ../common/samurai-icon.png + dest: /opt/samurai/ + become: yes + + +### Menus + + - name: Setup menu /etc/samurai.d/desktop-directories + file: + path: /etc/samurai.d/desktop-directories/ + state: directory + become: yes + + - name: Setup menu /etc/samurai.d/applications + file: + path: /etc/samurai.d/applications/ + state: directory + become: yes + + - name: Setup menu /etc/samurai.d/desktop-directories + file: + path: /etc/samurai.d/desktop-directories/ + state: directory + become: yes + + - name: Create main samurai-wtf menu + copy: + dest: /etc/samurai.d/desktop-directories/samuraiwtf.directory + content: | + [Desktop Entry] + Type=Directory + Name=Samurai WTF + Icon=/opt/samurai/samurai-icon.png + mode: 0744 + become: yes + + - name: Create applications-merged folder + file: + path: /etc/xdg/menus/applications-merged + state: directory + become: yes + + - name: Create main samurai-wtf menu + copy: + dest: /etc/xdg/menus/applications-merged/samuraiwtf.menu + content: | + + + Applications + + Samurai + /etc/samurai.d/applications + /etc/samurai.d/desktop-directories + samuraiwtf.directory + + samuraiwtf + + + + mode: 0744 + become: yes + +### Setup first-time login customizations + - name: Copy desktop file somewhere we can use it + copy: + src: ../common/samurai-wide-faded.jpg + dest: /opt/samurai/samurai-wide-faded.jpg + owner: "{{ username }}" + group: "{{ groupname }}" + become: yes + + - name: Create first-time login setup script. + copy: + dest: /etc/profile.d/first_login.sh + content: | + #!/bin/bash + + if [ -e $HOME/.samurai ] + then + echo "already run first time scripts." + else + cd /etc/dconf + /usr/bin/dconf write /org/mate/desktop/background/picture-filename "'/opt/samurai/samurai-wide-faded.jpg'" + /usr/bin/dconf write /org/mate/desktop/background/picture-options "'stretched'" + if [ ! -L ~/samurai ]; then + ln -s /opt/samurai ~/samurai + fi + touch $HOME/.samurai + fi + cd $HOME + mode: 0755 + become: yes + +### Update PHP Config + - name: Update PHP listener + replace: + path: /etc/php-fpm.d/www.conf + regexp: '^listen = 127.0.0.1.*' + replace: 'listen = /var/run/php-fpm/php-fpm.sock' + become: yes + + - name: Update PHP User + replace: + path: /etc/php-fpm.d/www.conf + regexp: '^user = apache' + replace: 'user = nginx' + become: yes + + - name: Update PHP Group + replace: + path: /etc/php-fpm.d/www.conf + regexp: '^group = apache' + replace: 'group = nginx' + become: yes + + - name: Add info.php test file + copy: + dest: /usr/share/nginx/html/info.php + content: | + + mode: 0644 + force: no + become: yes + + - name: Install nginx configuration + copy: + src: ../common/config/nginx/ + dest: /etc/nginx/conf.d/ + force: no + become: yes + + - name: Start PHP Processor + service: + name: php-fpm + state: started + enabled: yes + become: yes + + - name: Start nginx + service: + name: nginx + state: started + enabled: yes + become: yes + + - name: Check if npm installer already downloaded + stat: + path: /tmp/npm_setup.sh + register: stat_npm_setup + + - name: Download npm installer + get_url: + url: https://rpm.nodesource.com/setup_16.x + dest: /tmp/npm_setup.sh + mode: 0744 +# when: stat_npm_setup.stat.exists == False + + - name: Install npm repo + shell: '/tmp/npm_setup.sh' + become: yes +# when: stat_npm_setup.stat.exists == False + + - name: Add nodejs repo + yum: + name: nodejs + enablerepo: nodesource + become: yes + + - name: Add yarn repository + get_url: + url: http://dl.yarnpkg.com/rpm/yarn.repo + dest: /etc/yum.repos.d/yarn.repo + owner: root + mode: 0644 + become: yes + + - name: Install nodejs + yum: + name: + - nodejs + - yarn + update_cache: yes + become: yes + + - name: Setup katana launcher + copy: + dest: /usr/bin/katana + content: | + #!/bin/bash + if [[ "$1" = "--update" ]]; then + echo "Updating Katana..." + BRANCH="main" + if [[ -n "$2" ]] ; then + BRANCH="$2" + fi + sudo rm -rf /tmp/katana + pushd /tmp + sudo rm -rf /tmp/katana + echo "Cloning repository branch '$BRANCH'" + sudo git clone --depth=1 --single-branch --branch $BRANCH https://github.com/SamuraiWTF/katana.git || exit + sudo mkdir -p /opt/katana + sudo cp -R /tmp/katana/* /opt/katana/ + cd /opt/katana + sudo pip3 install -r /opt/katana/requirements.txt + popd + echo "Update is complete." + else + cd /opt/katana + sudo python3 ./katanacli.py "$@" + fi + mode: 0777 + become: yes + + - name: Create add-ons folder + file: + path: /opt/samurai/add-ons/firefox + state: directory + owner: "{{ username }}" + group: "{{ groupname }}" + become: yes + + - name: Download Foxy Proxy add-on for Firefox + get_url: + url: https://addons.mozilla.org/firefox/downloads/file/3476518/ + dest: /opt/samurai/add-ons/firefox/ + + - name: Recursively update the main Samurai program folder + file: + path: /opt/samurai + state: directory + owner: "{{ username }}" + group: "{{ groupname }}" + recurse: yes + mode: 'g+r' + become: yes + + - name: Create cert folder + file: + path: /etc/samurai.d/certs + state: directory + become: yes + + - name: Disable SELinux + lineinfile: + path: /etc/selinux/config + search_string: 'SELINUX=enforcing' + line: 'SELINUX=disabled' + + - name: Minimal SELinux Type + lineinfile: + path: /etc/selinux/config + search_string: 'SELINUXTYPE=targeted' + line: 'SELINUXTYPE=targeted' \ No newline at end of file From e608f4699929d9db73829caba20b4bc5abb3e218 Mon Sep 17 00:00:00 2001 From: jgillam Date: Mon, 15 Aug 2022 15:40:36 -0400 Subject: [PATCH 2/7] Remove centos7 box (testing with hyperv) --- centos/Vagrantfile | 143 ---------------- centos/local_playbook.yml | 337 -------------------------------------- 2 files changed, 480 deletions(-) delete mode 100644 centos/Vagrantfile delete mode 100644 centos/local_playbook.yml diff --git a/centos/Vagrantfile b/centos/Vagrantfile deleted file mode 100644 index bde7a30..0000000 --- a/centos/Vagrantfile +++ /dev/null @@ -1,143 +0,0 @@ -$bootstrapscript = <<-SCRIPT -set -euxvo pipefail -echo ">>>>>>>>>>>>> Installing the UI..." -yum -y update -yum install -y epel-release -yum groupinstall "X Window system" -y -yum groupinstall "MATE Desktop" -y - -echo ">>>>>>>>>>>>>>>> Adding samurai user" -useradd -m samurai -G wheel -echo samurai:samurai | chpasswd - -echo ">>>>>>>>>>>>>>>> Update Firefox Prefs" -ff_preferences="/etc/firefox/pref/all-samurai.js" -touch $ff_preferences -echo "pref('browser.startup.homepage', 'https://katana.test:8443');" >> $ff_preferences - -echo ">>>>>>>>>>>>>>>> Installing Ansible and Git" -yum install -y git ansible - -echo ">>>>>>>>>>>>>>>> Running Playbook" -pushd /vagrant -ansible-playbook -K centos/local_playbook.yml --extra-vars "groupname=samurai username=samurai" -popd - -echo ">>>>>>>>>>>>>>>> Initializing certificates" -openssl genrsa -out /etc/samurai.d/certs/rootCAKey.pem 2048 -openssl req -x509 -sha256 -new -nodes -key /etc/samurai.d/certs/rootCAKey.pem -days 365 -out /etc/samurai.d/certs/rootCACert.pem -subj "/C=US/ST=Hacking/L=Springfield/O=SamuraiWTF/CN=samuraiwtf" -cp /etc/samurai.d/certs/rootCACert.pem /etc/pki/ca-trust/source/anchors/ -update-ca-trust -openssl req -new -newkey rsa:4096 -nodes -keyout /etc/samurai.d/certs/katana.test.key -out /etc/samurai.d/certs/katana.test.csr -subj "/C=US/ST=Hacking/L=Springfield/O=SamuraiWTF/CN=katana.test" - -echo ">>>>>>>>>>>>>>>> Installing Katana" -katana --update -katana install katana -systemctl enable samurai-katana -katana start katana - -echo ">>>>>>>>>>>>>>>> Setting default session to graphical.target" -systemctl set-default graphical.target -SCRIPT - -# -*- mode: ruby -*- -# vi: set ft=ruby : - -# All Vagrant configuration is done below. The "2" in Vagrant.configure -# configures the configuration version (we support older styles for -# backwards compatibility). Please don't change it unless you know what -# you're doing. -Vagrant.configure("2") do |config| - # The most common configuration options are documented and commented below. - # For a complete reference, please see the online documentation at - # https://docs.vagrantup.com. - - # Every Vagrant development environment requires a box. You can search for - # boxes at https://vagrantcloud.com/search. - config.vm.box = "centos/7" - - config.vm.define "samuraiwtf", primary: true do |samuraiwtf| - samuraiwtf.vm.host_name = "SamuraiWTF" - samuraiwtf.vm.synced_folder "..", "/vagrant" - - samuraiwtf.vm.provider "hyperv" do |hv| - hv.vmname = "SamuraiWTF-5.2.1" - hv.memory = "4096" - end - - samuraiwtf.vm.provider "virtualbox" do |vb| - vb.gui = true - vb.name = "SamuraiWTF-5.2.1" - vb.memory = "4096" - vb.customize ["modifyvm", :id, "--vram", "128"] - vb.customize ["modifyvm", :id, "--cpus", "2"] - vb.customize ["modifyvm", :id, "--vrde", "off"] - vb.customize ["modifyvm", :id, "--graphicscontroller", "vmsvga"] - vb.customize ["modifyvm", :id, "--accelerate2dvideo", "on"] - end - - end - - # config.vm.provider "virtualbox" do |v| - # v.customize ["modifyvm", :id, "--memory", "2048"] - # end - # - # config.vm.provider "vmware_fusion" do |v| - # v.vmx["memsize"] = "2048" - # end - - # Disable automatic box update checking. If you disable this, then - # boxes will only be checked for updates when the user runs - # `vagrant box outdated`. This is not recommended. - # config.vm.box_check_update = false - - # Create a forwarded port mapping which allows access to a specific port - # within the machine from a port on the host machine. In the example below, - # accessing "localhost:8080" will access port 80 on the guest machine. - # NOTE: This will enable public access to the opened port - # config.vm.network "forwarded_port", guest: 80, host: 8080 - - # Create a forwarded port mapping which allows access to a specific port - # within the machine from a port on the host machine and only allow access - # via 127.0.0.1 to disable public access - # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1" - - # Create a private network, which allows host-only access to the machine - # using a specific IP. - # config.vm.network "private_network", ip: "192.168.33.10" - - # Create a public network, which generally matched to bridged network. - # Bridged networks make the machine appear as another physical device on - # your network. - # config.vm.network "public_network" - - # Share an additional folder to the guest VM. The first argument is - # the path on the host to the actual folder. The second argument is - # the path on the guest to mount the folder. And the optional third - # argument is a set of non-required options. - # config.vm.synced_folder "../data", "/vagrant_data" - - # Provider-specific configuration so you can fine-tune various - # backing providers for Vagrant. These expose provider-specific options. - # Example for VirtualBox: - # - # config.vm.provider "virtualbox" do |vb| - # # Display the VirtualBox GUI when booting the machine - # vb.gui = true - # - # # Customize the amount of memory on the VM: - # vb.memory = "1024" - # end - # - # View the documentation for the provider you are using for more - # information on available options. - - # Enable provisioning with a shell script. Additional provisioners such as - # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the - # documentation for more information about their specific syntax and use. - # config.vm.provision "shell", inline: <<-SHELL - # apt-get update - # apt-get install -y apache2 - # SHELL - config.vm.provision "shell", inline: $bootstrapscript -end \ No newline at end of file diff --git a/centos/local_playbook.yml b/centos/local_playbook.yml deleted file mode 100644 index 429148d..0000000 --- a/centos/local_playbook.yml +++ /dev/null @@ -1,337 +0,0 @@ ---- - -- name: run the playbook tasks on the localhost from the ~/samuraiwtf folder - hosts: 127.0.0.1 - connection: local - vars: - groupname: "CORP\\domain users" - username: "{{ lookup('env','USER') }}" - tasks: -### Prerequisites - - - name: Allow local passwordless access for root user - lineinfile: - path: /etc/security/access.conf - line: +:root:ALL - - - name: ensure prerequisite packages are installed - yum: - name: - - nginx - - vim - - curl - - docker - - docker-compose - - unzip - - php-fpm - - nano - - python3 - state: present - become: true - - - name: Install Java corretto from remote repo - yum: - name: https://corretto.aws/downloads/latest/amazon-corretto-8-x64-linux-jdk.rpm - state: present - - - name: python prerequisite modules - pip: - name: "{{ modules }}" - executable: /usr/bin/pip3 - become: yes - vars: - modules: - - docker - - - name: Create cli-plugins folder - file: - path: /usr/local/lib/docker/cli-plugins - state: directory - become: yes - -# - name: install docker-compose -# shell: 'curl -SL https://github.com/docker/compose/releases/download/v2.2.3/docker-compose-linux-x86_64 -o /usr/local/lib/docker/cli-plugins/docker-compose' -# become: yes -# when: stat_docker_compose.stat.exists == False -# -# - name: set permissions for docker-compose -# file: -# path: /usr/local/lib/docker/cli-plugins/docker-compose -# mode: "+x" -# become: yes -# -# - name: install compose-switch switch to support docker 1.x -# shell: 'curl -fL https://github.com/docker/compose-switch/releases/download/v1.0.4/docker-compose-linux-amd64 -o /usr/local/bin/compose-switch' -# become: yes -# when: stat_docker_compose.stat.exists == False -# -# - name: set permissions for compose-switch -# file: -# path: /usr/local/bin/compose-switch -# mode: "+x" -# become: yes - - - name: create the main Samurai program folder - file: - path: /opt/samurai - state: directory - owner: "{{ username }}" - group: "{{ groupname }}" - become: yes - - - name: Copy Samurai icon - copy: - src: ../common/samurai-icon.png - dest: /opt/samurai/ - become: yes - - -### Menus - - - name: Setup menu /etc/samurai.d/desktop-directories - file: - path: /etc/samurai.d/desktop-directories/ - state: directory - become: yes - - - name: Setup menu /etc/samurai.d/applications - file: - path: /etc/samurai.d/applications/ - state: directory - become: yes - - - name: Setup menu /etc/samurai.d/desktop-directories - file: - path: /etc/samurai.d/desktop-directories/ - state: directory - become: yes - - - name: Create main samurai-wtf menu - copy: - dest: /etc/samurai.d/desktop-directories/samuraiwtf.directory - content: | - [Desktop Entry] - Type=Directory - Name=Samurai WTF - Icon=/opt/samurai/samurai-icon.png - mode: 0744 - become: yes - - - name: Create applications-merged folder - file: - path: /etc/xdg/menus/applications-merged - state: directory - become: yes - - - name: Create main samurai-wtf menu - copy: - dest: /etc/xdg/menus/applications-merged/samuraiwtf.menu - content: | - - - Applications - - Samurai - /etc/samurai.d/applications - /etc/samurai.d/desktop-directories - samuraiwtf.directory - - samuraiwtf - - - - mode: 0744 - become: yes - -### Setup first-time login customizations - - name: Copy desktop file somewhere we can use it - copy: - src: ../common/samurai-wide-faded.jpg - dest: /opt/samurai/samurai-wide-faded.jpg - owner: "{{ username }}" - group: "{{ groupname }}" - become: yes - - - name: Create first-time login setup script. - copy: - dest: /etc/profile.d/first_login.sh - content: | - #!/bin/bash - - if [ -e $HOME/.samurai ] - then - echo "already run first time scripts." - else - cd /etc/dconf - /usr/bin/dconf write /org/mate/desktop/background/picture-filename "'/opt/samurai/samurai-wide-faded.jpg'" - /usr/bin/dconf write /org/mate/desktop/background/picture-options "'stretched'" - if [ ! -L ~/samurai ]; then - ln -s /opt/samurai ~/samurai - fi - touch $HOME/.samurai - fi - cd $HOME - mode: 0755 - become: yes - -### Update PHP Config - - name: Update PHP listener - replace: - path: /etc/php-fpm.d/www.conf - regexp: '^listen = 127.0.0.1.*' - replace: 'listen = /var/run/php-fpm/php-fpm.sock' - become: yes - - - name: Update PHP User - replace: - path: /etc/php-fpm.d/www.conf - regexp: '^user = apache' - replace: 'user = nginx' - become: yes - - - name: Update PHP Group - replace: - path: /etc/php-fpm.d/www.conf - regexp: '^group = apache' - replace: 'group = nginx' - become: yes - - - name: Add info.php test file - copy: - dest: /usr/share/nginx/html/info.php - content: | - - mode: 0644 - force: no - become: yes - - - name: Install nginx configuration - copy: - src: ../common/config/nginx/ - dest: /etc/nginx/conf.d/ - force: no - become: yes - - - name: Start PHP Processor - service: - name: php-fpm - state: started - enabled: yes - become: yes - - - name: Start nginx - service: - name: nginx - state: started - enabled: yes - become: yes - - - name: Check if npm installer already downloaded - stat: - path: /tmp/npm_setup.sh - register: stat_npm_setup - - - name: Download npm installer - get_url: - url: https://rpm.nodesource.com/setup_16.x - dest: /tmp/npm_setup.sh - mode: 0744 -# when: stat_npm_setup.stat.exists == False - - - name: Install npm repo - shell: '/tmp/npm_setup.sh' - become: yes -# when: stat_npm_setup.stat.exists == False - - - name: Add nodejs repo - yum: - name: nodejs - enablerepo: nodesource - become: yes - - - name: Add yarn repository - get_url: - url: http://dl.yarnpkg.com/rpm/yarn.repo - dest: /etc/yum.repos.d/yarn.repo - owner: root - mode: 0644 - become: yes - - - name: Install nodejs - yum: - name: - - nodejs - - yarn - update_cache: yes - become: yes - - - name: Setup katana launcher - copy: - dest: /usr/bin/katana - content: | - #!/bin/bash - if [[ "$1" = "--update" ]]; then - echo "Updating Katana..." - BRANCH="main" - if [[ -n "$2" ]] ; then - BRANCH="$2" - fi - sudo rm -rf /tmp/katana - pushd /tmp - sudo rm -rf /tmp/katana - echo "Cloning repository branch '$BRANCH'" - sudo git clone --depth=1 --single-branch --branch $BRANCH https://github.com/SamuraiWTF/katana.git || exit - sudo mkdir -p /opt/katana - sudo cp -R /tmp/katana/* /opt/katana/ - cd /opt/katana - sudo pip3 install -r /opt/katana/requirements.txt - popd - echo "Update is complete." - else - cd /opt/katana - sudo python3 ./katanacli.py "$@" - fi - mode: 0777 - become: yes - - - name: Create add-ons folder - file: - path: /opt/samurai/add-ons/firefox - state: directory - owner: "{{ username }}" - group: "{{ groupname }}" - become: yes - - - name: Download Foxy Proxy add-on for Firefox - get_url: - url: https://addons.mozilla.org/firefox/downloads/file/3476518/ - dest: /opt/samurai/add-ons/firefox/ - - - name: Recursively update the main Samurai program folder - file: - path: /opt/samurai - state: directory - owner: "{{ username }}" - group: "{{ groupname }}" - recurse: yes - mode: 'g+r' - become: yes - - - name: Create cert folder - file: - path: /etc/samurai.d/certs - state: directory - become: yes - - - name: Disable SELinux - lineinfile: - path: /etc/selinux/config - search_string: 'SELINUX=enforcing' - line: 'SELINUX=disabled' - - - name: Minimal SELinux Type - lineinfile: - path: /etc/selinux/config - search_string: 'SELINUXTYPE=targeted' - line: 'SELINUXTYPE=targeted' \ No newline at end of file From b366ea2b34cd89df4abf5f3fdef44ff81b556f9d Mon Sep 17 00:00:00 2001 From: jgillam Date: Mon, 15 Aug 2022 15:41:18 -0400 Subject: [PATCH 3/7] Add Ubuntu 20.04 vagrant build with Hyper-V and VBox support. --- ubuntu-20/Vagrantfile | 143 +++++++++++++++ ubuntu-20/local_playbook.yml | 326 +++++++++++++++++++++++++++++++++++ ubuntu-20/nginx/default.conf | 25 +++ 3 files changed, 494 insertions(+) create mode 100644 ubuntu-20/Vagrantfile create mode 100644 ubuntu-20/local_playbook.yml create mode 100644 ubuntu-20/nginx/default.conf diff --git a/ubuntu-20/Vagrantfile b/ubuntu-20/Vagrantfile new file mode 100644 index 0000000..5d6baea --- /dev/null +++ b/ubuntu-20/Vagrantfile @@ -0,0 +1,143 @@ +$bootstrapscript = <<-SCRIPT +set -euxvo pipefail +echo ">>>>>>>>>>>>> Installing prerequisites and Mate UI..." +add-apt-repository ppa:ubuntu-mate-dev/fresh-mate -y +apt update -y +apt upgrade -y + +apt install mate-desktop-environment -y +apt install ansible git -y + +echo ">>>>>>>>>>>>>>>> Update Firefox Prefs" +ff_preferences="/etc/firefox/syspref.js" +touch $ff_preferences +echo "pref('browser.startup.homepage', 'https://katana.test:8443');" >> $ff_preferences + +echo ">>>>>>>>>>>>>>>> Running Playbook" +pushd /vagrant +ansible-playbook -K ubuntu-20/local_playbook.yml +popd + +echo ">>>>>>>>>>>>>>>> Initializing certificates" +openssl genrsa -out /etc/samurai.d/certs/rootCAKey.pem 2048 +openssl req -x509 -sha256 -new -nodes -key /etc/samurai.d/certs/rootCAKey.pem -days 365 -out /etc/samurai.d/certs/rootCACert.pem -subj "/C=US/ST=Hacking/L=Springfield/O=SamuraiWTF/CN=samuraiwtf" +openssl req -new -newkey rsa:4096 -nodes -keyout /etc/samurai.d/certs/katana.test.key -out /etc/samurai.d/certs/katana.test.csr -subj "/C=US/ST=Hacking/L=Springfield/O=SamuraiWTF/CN=katana.test" +openssl x509 -inform pem -outform der -in /etc/samurai.d/certs/rootCACert.pem -out /etc/samurai.d/certs/localRootCA.crt +cp /etc/samurai.d/certs/localRootCA.crt /usr/local/share/ca-certificates/ +update-ca-certificates + +echo ">>>>>>>>>>>>>>>> Installing Katana" +katana --update +katana install katana +systemctl enable samurai-katana +katana start katana + +echo ">>>>>>>>>>>>>>>> Setting default session to graphical.target" +# systemctl set-default graphical.target +SCRIPT + +# -*- mode: ruby -*- +# vi: set ft=ruby : + +# All Vagrant configuration is done below. The "2" in Vagrant.configure +# configures the configuration version (we support older styles for +# backwards compatibility). Please don't change it unless you know what +# you're doing. +Vagrant.configure("2") do |config| + # The most common configuration options are documented and commented below. + # For a complete reference, please see the online documentation at + # https://docs.vagrantup.com. + + # Every Vagrant development environment requires a box. You can search for + # boxes at https://vagrantcloud.com/search. + + config.vm.box = "bento/ubuntu-20.04" + + config.vm.define "samuraiwtf", primary: true do |samuraiwtf| + samuraiwtf.vm.host_name = "SamuraiWTF" + samuraiwtf.vm.synced_folder "..", "/vagrant", type: "rsync", rsync_exclude: ".git/" + + samuraiwtf.vm.provider "hyperv" do |hv| + hv.vmname = "SamuraiWTF-5.2.1" + hv.maxmemory = "4096" + hv.vm_integration_services = { + guest_service_interface: true + } + end + + samuraiwtf.vm.provider "virtualbox" do |vb| + vb.gui = true + vb.name = "SamuraiWTF-5.2.1" + vb.memory = "4096" + vb.customize ["modifyvm", :id, "--vram", "128"] + vb.customize ["modifyvm", :id, "--cpus", "2"] + vb.customize ["modifyvm", :id, "--vrde", "off"] + vb.customize ["modifyvm", :id, "--graphicscontroller", "vmsvga"] + vb.customize ["modifyvm", :id, "--accelerate2dvideo", "on"] + end + + end + + # config.vm.provider "virtualbox" do |v| + # v.customize ["modifyvm", :id, "--memory", "2048"] + # end + # + # config.vm.provider "vmware_fusion" do |v| + # v.vmx["memsize"] = "2048" + # end + + # Disable automatic box update checking. If you disable this, then + # boxes will only be checked for updates when the user runs + # `vagrant box outdated`. This is not recommended. + # config.vm.box_check_update = false + + # Create a forwarded port mapping which allows access to a specific port + # within the machine from a port on the host machine. In the example below, + # accessing "localhost:8080" will access port 80 on the guest machine. + # NOTE: This will enable public access to the opened port + # config.vm.network "forwarded_port", guest: 80, host: 8080 + + # Create a forwarded port mapping which allows access to a specific port + # within the machine from a port on the host machine and only allow access + # via 127.0.0.1 to disable public access + # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1" + + # Create a private network, which allows host-only access to the machine + # using a specific IP. + # config.vm.network "private_network", ip: "192.168.33.10" + + # Create a public network, which generally matched to bridged network. + # Bridged networks make the machine appear as another physical device on + # your network. + # config.vm.network "public_network" + + # Share an additional folder to the guest VM. The first argument is + # the path on the host to the actual folder. The second argument is + # the path on the guest to mount the folder. And the optional third + # argument is a set of non-required options. + # config.vm.synced_folder "../data", "/vagrant_data" + + # Provider-specific configuration so you can fine-tune various + # backing providers for Vagrant. These expose provider-specific options. + # Example for VirtualBox: + # + # config.vm.provider "virtualbox" do |vb| + # # Display the VirtualBox GUI when booting the machine + # vb.gui = true + # + # # Customize the amount of memory on the VM: + # vb.memory = "1024" + # end + # + # View the documentation for the provider you are using for more + # information on available options. + + # Enable provisioning with a shell script. Additional provisioners such as + # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the + # documentation for more information about their specific syntax and use. + # config.vm.provision "shell", inline: <<-SHELL + # apt-get update + # apt-get install -y apache2 + # SHELL + config.vm.provision "shell", inline: $bootstrapscript +end \ No newline at end of file diff --git a/ubuntu-20/local_playbook.yml b/ubuntu-20/local_playbook.yml new file mode 100644 index 0000000..6bcfc61 --- /dev/null +++ b/ubuntu-20/local_playbook.yml @@ -0,0 +1,326 @@ +--- + +- name: run the playbook tasks on the localhost from the ~/samuraiwtf folder + hosts: 127.0.0.1 + connection: local + vars: + groupname: samurai + username: samurai + tasks: +### Prerequisites + - name: Create group + group: + name: "{{ groupname }}" + state: present + + - name: Ensure samurai user is present + ansible.builtin.user: + name: "{{ username }}" + groups: "{{ groupname }}" + password: $1$XF.06J/n$A1G6zX5AF33pQQOTcH0Ix. + state: present + + - name: Install prerequisite packages + apt: + name: + - nginx + - vim + - curl + - docker + - docker-compose + - unzip + - php-fpm + - nano + - python3 + - python3-pip + - firefox + state: present + become: true + +# - name: Install Java corretto from remote repo +# yum: +# name: https://corretto.aws/downloads/latest/amazon-corretto-8-x64-linux-jdk.rpm +# state: present + + - name: python prerequisite modules + pip: + name: "{{ modules }}" + executable: /usr/bin/pip3 + become: yes + vars: + modules: + - docker + +# - name: Create cli-plugins folder +# file: +# path: /usr/local/lib/docker/cli-plugins +# state: directory +# become: yes + +# - name: install docker-compose +# shell: 'curl -SL https://github.com/docker/compose/releases/download/v2.2.3/docker-compose-linux-x86_64 -o /usr/local/lib/docker/cli-plugins/docker-compose' +# become: yes +# when: stat_docker_compose.stat.exists == False +# +# - name: set permissions for docker-compose +# file: +# path: /usr/local/lib/docker/cli-plugins/docker-compose +# mode: "+x" +# become: yes +# +# - name: install compose-switch switch to support docker 1.x +# shell: 'curl -fL https://github.com/docker/compose-switch/releases/download/v1.0.4/docker-compose-linux-amd64 -o /usr/local/bin/compose-switch' +# become: yes +# when: stat_docker_compose.stat.exists == False +# +# - name: set permissions for compose-switch +# file: +# path: /usr/local/bin/compose-switch +# mode: "+x" +# become: yes + + - name: create the main Samurai program folder + file: + path: /opt/samurai + state: directory + owner: "{{ username }}" + group: "{{ groupname }}" + become: yes + + - name: Copy Samurai icon + copy: + src: ../common/samurai-icon.png + dest: /opt/samurai/ + become: yes + + +### Menus + + - name: Setup menu /etc/samurai.d/desktop-directories + file: + path: /etc/samurai.d/desktop-directories/ + state: directory + become: yes + + - name: Setup menu /etc/samurai.d/applications + file: + path: /etc/samurai.d/applications/ + state: directory + become: yes + + - name: Setup menu /etc/samurai.d/desktop-directories + file: + path: /etc/samurai.d/desktop-directories/ + state: directory + become: yes + + - name: Create main samurai-wtf menu + copy: + dest: /etc/samurai.d/desktop-directories/samuraiwtf.directory + content: | + [Desktop Entry] + Type=Directory + Name=Samurai WTF + Icon=/opt/samurai/samurai-icon.png + mode: 0744 + become: yes + + - name: Create applications-merged folder + file: + path: /etc/xdg/menus/applications-merged + state: directory + become: yes + + - name: Create main samurai-wtf menu + copy: + dest: /etc/xdg/menus/applications-merged/samuraiwtf.menu + content: | + + + Applications + + Samurai + /etc/samurai.d/applications + /etc/samurai.d/desktop-directories + samuraiwtf.directory + + samuraiwtf + + + + mode: 0744 + become: yes + +### Setup first-time login customizations + - name: Copy desktop file somewhere we can use it + copy: + src: ../common/samurai-wide-faded.jpg + dest: /opt/samurai/samurai-wide-faded.jpg + owner: "{{ username }}" + group: "{{ groupname }}" + become: yes + + - name: Create first-time login setup script. + copy: + dest: /etc/profile.d/first_login.sh + content: | + #!/bin/bash + + if [ -e $HOME/.samurai ] + then + echo "already run first time scripts." + else + gsettings set org.gnome.desktop.background picture-uri file:///opt/samurai/samurai-wide-faded.jpg + + if [ ! -L ~/samurai ]; then + ln -s /opt/samurai ~/samurai + fi + touch $HOME/.samurai + fi + cd $HOME + mode: 0755 + become: yes + +### Update PHP Config +# - name: Update PHP listener +# replace: +# path: /etc/php-fpm.d/www.conf +# regexp: '^listen = 127.0.0.1.*' +# replace: 'listen = /var/run/php-fpm/php-fpm.sock' +# become: yes + +# - name: Update PHP User +# replace: +# path: /etc/php-fpm.d/www.conf +# regexp: '^user = apache' +# replace: 'user = nginx' +# become: yes +# +# - name: Update PHP Group +# replace: +# path: /etc/php-fpm.d/www.conf +# regexp: '^group = apache' +# replace: 'group = nginx' +# become: yes + + - name: Add info.php test file + copy: + dest: /var/www/html/info.php + content: | + + mode: 0644 + force: no + become: yes + + - name: Install nginx configuration + copy: + src: ./nginx/ + dest: /etc/nginx/conf.d/ + force: yes + become: yes + + - name: Start PHP Processor + service: + name: php7.4-fpm + state: started + enabled: yes + become: yes + + - name: Start nginx + service: + name: nginx + state: started + enabled: yes + become: yes + + - name: Check if npm installer already downloaded + stat: + path: /tmp/npm_setup.sh + register: stat_npm_setup + + - name: Download npm installer + get_url: + url: https://deb.nodesource.com/setup_16.x + dest: /tmp/npm_setup.sh + mode: 0744 +# when: stat_npm_setup.stat.exists == False + + - name: Install npm repo + shell: '/tmp/npm_setup.sh' + become: yes +# when: stat_npm_setup.stat.exists == False + + - name: Add nodejs repo + apt: + name: nodejs + state: present + become: yes + + - name: Install npm repo + shell: 'npm install -g yarn' + become: yes + + - name: Setup katana launcher + copy: + dest: /usr/bin/katana + content: | + #!/bin/bash + if [[ "$1" = "--update" ]]; then + echo "Updating Katana..." + BRANCH="main" + if [[ -n "$2" ]] ; then + BRANCH="$2" + fi + sudo rm -rf /tmp/katana + pushd /tmp + sudo rm -rf /tmp/katana + echo "Cloning repository branch '$BRANCH'" + sudo git clone --depth=1 --single-branch --branch $BRANCH https://github.com/SamuraiWTF/katana.git || exit + sudo mkdir -p /opt/katana + sudo cp -R /tmp/katana/* /opt/katana/ + cd /opt/katana + sudo pip3 install -r /opt/katana/requirements.txt + popd + echo "Update is complete." + else + cd /opt/katana + sudo python3 ./katanacli.py "$@" + fi + mode: 0777 + become: yes + + - name: Create add-ons folder + file: + path: /opt/samurai/add-ons/firefox + state: directory + owner: "{{ username }}" + group: "{{ groupname }}" + become: yes + + - name: Download Foxy Proxy add-on for Firefox + get_url: + url: https://addons.mozilla.org/firefox/downloads/file/3476518/ + dest: /opt/samurai/add-ons/firefox/ + + - name: Recursively update the main Samurai program folder + file: + path: /opt/samurai + state: directory + owner: "{{ username }}" + group: "{{ groupname }}" + recurse: yes + mode: 'g+r' + become: yes + + - name: Create cert folder + file: + path: /etc/samurai.d/certs + state: directory + become: yes + +# - name: Ensure SELinux is set to disabled mode +# ansible.builtin.lineinfile: +# path: /etc/selinux/config +# regexp: '^SELINUX=' +# line: SELINUX=disabled \ No newline at end of file diff --git a/ubuntu-20/nginx/default.conf b/ubuntu-20/nginx/default.conf new file mode 100644 index 0000000..7e2c0c9 --- /dev/null +++ b/ubuntu-20/nginx/default.conf @@ -0,0 +1,25 @@ +server { + listen 80; + server_name localhost; + + # note that these lines are originally from the "location /" block + root /var/www/html; + index index.php index.html index.htm; + + location / { + try_files $uri $uri/ =404; + } + error_page 404 /404.html; + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /var/www/html; + } + + location ~* \.php$ { + try_files $uri =404; + fastcgi_pass unix:/var/run/php/php-7.4fpm.sock; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } +} From d3358fd6e1d7b0cde124c374d6cad3b77a99a32b Mon Sep 17 00:00:00 2001 From: jgillam Date: Mon, 15 Aug 2022 16:33:58 -0400 Subject: [PATCH 4/7] add samurai user to sudoer list --- ubuntu-20/local_playbook.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ubuntu-20/local_playbook.yml b/ubuntu-20/local_playbook.yml index 6bcfc61..108e40a 100644 --- a/ubuntu-20/local_playbook.yml +++ b/ubuntu-20/local_playbook.yml @@ -16,8 +16,9 @@ - name: Ensure samurai user is present ansible.builtin.user: name: "{{ username }}" - groups: "{{ groupname }}" + groups: "{{ groupname }},sudo" password: $1$XF.06J/n$A1G6zX5AF33pQQOTcH0Ix. + shell: /usr/bin/bash state: present - name: Install prerequisite packages From e94cf2bff8eb5baca58b8656b7fb3e2860147c60 Mon Sep 17 00:00:00 2001 From: jgillam Date: Tue, 16 Aug 2022 22:54:10 -0400 Subject: [PATCH 5/7] Add required packages for targets. --- ubuntu-20/Vagrantfile | 11 ++++++----- ubuntu-20/local_playbook.yml | 33 ++++++++++++++++++++++++++++----- 2 files changed, 34 insertions(+), 10 deletions(-) diff --git a/ubuntu-20/Vagrantfile b/ubuntu-20/Vagrantfile index 5d6baea..341635f 100644 --- a/ubuntu-20/Vagrantfile +++ b/ubuntu-20/Vagrantfile @@ -8,16 +8,17 @@ apt upgrade -y apt install mate-desktop-environment -y apt install ansible git -y -echo ">>>>>>>>>>>>>>>> Update Firefox Prefs" -ff_preferences="/etc/firefox/syspref.js" -touch $ff_preferences -echo "pref('browser.startup.homepage', 'https://katana.test:8443');" >> $ff_preferences - echo ">>>>>>>>>>>>>>>> Running Playbook" pushd /vagrant ansible-playbook -K ubuntu-20/local_playbook.yml popd +# TODO: This doesn't seem to be doing anything. Prefs may need to be set locally for the samurai user. +# echo ">>>>>>>>>>>>>>>> Update Firefox Prefs" +# ff_preferences="/etc/firefox/syspref.js" +# touch $ff_preferences +# echo "pref('browser.startup.homepage', 'https://katana.test:8443');" >> $ff_preferences + echo ">>>>>>>>>>>>>>>> Initializing certificates" openssl genrsa -out /etc/samurai.d/certs/rootCAKey.pem 2048 openssl req -x509 -sha256 -new -nodes -key /etc/samurai.d/certs/rootCAKey.pem -days 365 -out /etc/samurai.d/certs/rootCACert.pem -subj "/C=US/ST=Hacking/L=Springfield/O=SamuraiWTF/CN=samuraiwtf" diff --git a/ubuntu-20/local_playbook.yml b/ubuntu-20/local_playbook.yml index 108e40a..d3d9ddf 100644 --- a/ubuntu-20/local_playbook.yml +++ b/ubuntu-20/local_playbook.yml @@ -35,6 +35,10 @@ - python3 - python3-pip - firefox + - gnome-shell-extensions + - mate-tweak + - python-is-python3 + - default-jre state: present become: true @@ -52,11 +56,25 @@ modules: - docker -# - name: Create cli-plugins folder -# file: -# path: /usr/local/lib/docker/cli-plugins -# state: directory -# become: yes + - name: Create cli-plugins folder for docker-compose + file: + path: /usr/local/lib/docker/cli-plugins + state: directory + become: yes + + - name: Download and install docker-compose + ansible.builtin.uri: + url: https://github.com/docker/compose/releases/download/v2.9.0/docker-compose-linux-x86_64 + dest: /usr/local/lib/docker/cli-plugins/docker-compose + mode: "+x" + become: yes + + - name: install compose-switch switch to support docker 1.x + ansible.builtin.uri: + url: https://github.com/docker/compose-switch/releases/download/v1.0.5/docker-compose-linux-amd64 + dest: /usr/local/bin/compose-switch + mode: "+x" + become: yes # - name: install docker-compose # shell: 'curl -SL https://github.com/docker/compose/releases/download/v2.2.3/docker-compose-linux-x86_64 -o /usr/local/lib/docker/cli-plugins/docker-compose' @@ -320,6 +338,11 @@ state: directory become: yes + - name: Add application menu + shell: 'gnome-extensions enable app-menu@gnome-shell-extensions.gcampax.github.com' + become: yes + become_user: samurai + # - name: Ensure SELinux is set to disabled mode # ansible.builtin.lineinfile: # path: /etc/selinux/config From ef666afff5d2be847e7eeeef14929b1d2bf0827d Mon Sep 17 00:00:00 2001 From: jgillam Date: Tue, 16 Aug 2022 22:54:40 -0400 Subject: [PATCH 6/7] Add convenience script to install recommended tools and targets. --- ubuntu-20/install_recommended.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 ubuntu-20/install_recommended.sh diff --git a/ubuntu-20/install_recommended.sh b/ubuntu-20/install_recommended.sh new file mode 100644 index 0000000..604424d --- /dev/null +++ b/ubuntu-20/install_recommended.sh @@ -0,0 +1,11 @@ +katana install zap +katana install burpsuite +katana install wordlists +katana install sqlmap +katana install nikto +katana install juice-shop +katana install wayfarer +katana install mutillidae +katana install dvwa +katana install samurai-dojo +katana install musashi \ No newline at end of file From 92dd723a46955582f08407879acf1a0c01598c2b Mon Sep 17 00:00:00 2001 From: jgillam Date: Wed, 17 Aug 2022 10:53:23 -0400 Subject: [PATCH 7/7] Updated documentation --- README.md | 19 ++++++++++--------- ubuntu-20/README.md | 46 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+), 9 deletions(-) create mode 100644 ubuntu-20/README.md diff --git a/README.md b/README.md index 55b39ec..9e73203 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,9 @@ For example, an instructor could use SamuraiWTF to easily set up a virtual machi This project includes and uses the [Samurai Katana][samurai-katana-url] project to manage installation and running of tools and targets in the virtual environment. +**Reference Implementation** +Currently the reference implementation for this project is built on top of Ubuntu 20.04 (look in the ubuntu-20 subfolder). + **Want to chat with us? Join us in either the OWASP Slack #project-samuraiwtf channel.** **Want to Contribute? See [here](#Contributors)** @@ -31,8 +34,8 @@ There are several options available to you. The quickest option is to download a This option works best if you are not using Windows, or if you are using Windows without Hyper-V running. [
Download SamuraiWTF for VirtualBox
](https://downloads-samuraiwtf-com.s3.us-west-2.amazonaws.com/SamuraiWTF.ova) -* MD5: `ec082f87d7f4644057c754afe9d39b93` -* SHA256: `2211213df19ca97b430745a1442c6a488a592068c8fadd55b7c3b68497b44e82` +* MD5: `edbcb6dd46d31ad2ca7a813520eee7e4` +* SHA256: `f43d4c59bd49f032b5ae3b70a165398fa8dee68c88336c918c7b25f0ed633044` For more information on removing or disabling Hyper-V, see [these instructions from Microsoft](https://support.microsoft.com/en-us/help/3204980/virtualization-applications-do-not-work-together-with-hyper-v-device-g). @@ -40,18 +43,16 @@ For more information on removing or disabling Hyper-V, see [these instructions f This option works best if you are running Windows 10 or higher and already have Hyper-V installed. If you use the Windows Linux Subsystem (WLS), then you have Hyper-V installed. [
Download SamuraiWTF for Hyper-V
](https://downloads-samuraiwtf-com.s3.us-west-2.amazonaws.com/SamuraiWTF_HyperV.zip) -* MD5: `6ef78ffcad8b2b88fef9bf500fb19346` -* SHA256: `1ee0563075770f3a02060f4c0967336c0985e270164525c3cd727dd38e80a848` +* MD5: `93d262417fc0dd3a16c96b516be60d2e` +* SHA256: `d4aad0a92f94604e082f02b3247e9a1a1406aaad85f2c1114f2ae253cc5627fe` -Once it is downloaded, you will want to unzip the file and then +Once it is downloaded, you will want to unzip the file and then create a new VM in Hyper-V. Attach the .hvdx drive and set the RAM to 4096. ### Option 3: Build an Amazon Workspace This option works best if you are familiar with Amazon Web Services (AWS) and want your students to remote into the lab environments instead of running them as local virtual machines. This can be a great option when students are running potentially low-powered machines because it even works from a Chromebook. For details, view [/amazon-linux/README.md](https://github.com/SamuraiWTF/samuraiwtf/blob/main/amazon-linux/README.md). -### Build on VirtualBox with Vagrant -Currently, the most stable Vagrant build is the one for Amazon Linux. This builds from a Windows environment. Details are in the file [/amazon-linux/README.md](https://github.com/SamuraiWTF/samuraiwtf/blob/main/amazon-linux/README.md). - -If you are interested in building alternatives on different Linux distributions, use the Amazon Linux folder as a starting point, since that is the current reference implementation. +### Build on Hyper-V or VirtualBox with Vagrant +Currently, the most stable Vagrant build is the one for Ubuntu 20.04. Details are in the file [/amazon-linux/README.md](https://github.com/SamuraiWTF/samuraiwtf/blob/main/ubuntu-20/README.md). ## Default Password There is a default user and password for the SamuraiWTF environment: `samurai` / `samurai` diff --git a/ubuntu-20/README.md b/ubuntu-20/README.md new file mode 100644 index 0000000..66c711d --- /dev/null +++ b/ubuntu-20/README.md @@ -0,0 +1,46 @@ +# Choose a Provider +We use Vagrant to build this VM, so that is the prerequisite. Hyper-V is the default provider because most people using SamuraiWTF are doing so from a Windows host and Hyper-V tends to go considerably smoother than other vagrant providers on Windows. This version of SamuraiWTF is built on top of the [_bento/ubuntu-20.04_ base box](https://app.vagrantup.com/bento/boxes/ubuntu-20.04) ,which supports additional providers. We have a configuration for virtualbox but if you need a different provider (e.g. vmware_fusion) then it may be possible by adding its configuration to the Vagrant file in this folder. + +## Hyper-V (Default, Windows) +1. From an Administrator PowerShell window, navigate to this folder and run `vagrant up` +2. Select the _Default Switch_ when prompted to select which switch to use. If you don't have a _Default Switch_ option then you will need to create or use a switch that will allow the VM to access the Internet. +3. Wait for the script to complete. This may take a long time (20-30 minutes). +4. Run `vagrant reload` to restart the VM and ensure all the configuration is in place during boot. +5. Connect to the VM and login in with user: _samurai_ , password: _samurai_ + +## VirtualBox +1. From the command line, navigate to this folder and run `vagrant up --provider=virtualbox` +2. The VirtualBox provider will automatically open a new window. Ignore that window for now and wait for the script to complete. This may take a long time (20-30 minutes, possibly longer when running alongside Hyper-V). +3. Run `vagrant reload` to restart the VM and ensure all the configuration is in place during boot. +4. Connect to the VM and login in with user: _samurai_ , password: _samurai_ + +# Final Setup +If you intend to make this VM available to others, for example as a lab environment for a class, there are a few other recommended steps: + +- From the command line, run `gnome-tweaks`, navigate to _Extensions_ and enable the _Applications menu_ option. Also enable the _Window list_ option. (_note: if you don't see the Extensions menu option, try closing gnome-tweaks, resizing your window, and opening it again)_. +- In firefox, visit `about:preferences#privacy` and select appropriate options. Since this is going to be used to practice penetration testing, it may be preferable to disable features that may interfere such as block content and popup windows. +- On the same page in firefox, scroll down to Certificates, uncheck the _Query OCSP_ option, and click _View Certificates_. Click the import button and navigate to and open `/etc/samurai.d/certs/localRootCA.crt`. Check the box _Trust this CA to identify websites._ and click the _OK_ button. +- Now on a second tab visit `https://katana.test:8443`. You should see the Katana dashboard. You can set this as the default Homepage in _Settings-->Home_. +- Although the interface can be used to install applications, the command line provides better feedback and error messages. Use katana to install each of the tools and targets you need. The following example set is a good start for most (note: katana always runs as root): +```bash +katana install zap +katana install wordlists +katana install sqlmap +katana install juice-shop +katana install wayfarer +katana install samurai-dojo +katana install musashi +``` + +There is also a convenience shell script at `/vagrant/ubuntu-20/install_recommended.sh` that will install all of this plus a few other recommended targets and tools. + +- Test that all the targets and tools start as expected before moving on to the final steps. +- Run `katana lock` to freeze the set of targets and tools displayed in the katana UI. Note that a restart (i.e. `katana stop katana && katana start katana`) is needed to see the changes. +- Remove the vagrant user with the command `sudo userdel vagrant` and to save some space you can also remove the working vagrant folder with `sudo rm -rf /vagrant`. +- **Optional**: If you want to minimize the final size of the image, use a tool such as bleachbit (i.e. `sudo apt install bleachbit`, run with sudo). + +## Prepare for Distribution +If you are distributing your image (e.g. for a class), you will want to put it in a suitable format for download / USB storage and importing into Hyper-V. To do this, perform the following steps: +- Shut down the VM +- Export the VM from HyperV +- Find the vhdx file in the Virtual Hard Disks subfolder (it will likely be labeled Ubuntu), rename it if necessary, and zip it up. This is the only file that needs to be distributed for HyperV. \ No newline at end of file