mirror of
https://github.com/cliffe/SecGen.git
synced 2026-02-21 11:18:06 +00:00
Relates to SG-11 - Now has the ability to generate a site that is specified in the scenario.xml - also improves upon the build times by using Puppet v4 Environments
This commit is contained in:
aviio
@@ -16,6 +16,3 @@ DEPENDENCIES
|
||||
nokogiri
|
||||
rake
|
||||
xml-simple
|
||||
|
||||
BUNDLED WITH
|
||||
1.10.4
|
||||
|
||||
@@ -1,16 +1,20 @@
|
||||
<systems>
|
||||
<!-- an example remote storage system, with a remotely exploitable vulnerability that can then be escalated to root -->
|
||||
<system id="storageserver" os="linux" basebox="puppettest" url="" >
|
||||
<system id="storageserver" os="linux" basebox="debian-puppet-64" url="" >
|
||||
<vulnerabilities>
|
||||
<vulnerability privilege="" access="" type="misc" cve=""></vulnerability>
|
||||
|
||||
</vulnerabilities>
|
||||
<!-- secure services will be provided, if matching insecure ones have not been selected -->
|
||||
<services>
|
||||
|
||||
<service name="lamp" type="lamp"></service>
|
||||
</services>-->
|
||||
<networks>
|
||||
<network name="homeonly"></network>
|
||||
</networks>
|
||||
|
||||
<sites>
|
||||
<site type="blog"></site>
|
||||
</sites>
|
||||
</system>
|
||||
|
||||
<!-- an example remote web server, with a remotely exploitable root vulnerability -->
|
||||
|
||||
@@ -8,7 +8,7 @@ MOUNT_DIR = "#{ROOT_DIR}/mount/"
|
||||
BUILD_DIR = "#{ROOT_DIR}/modules/build/"
|
||||
MOUNT_PUPPET_DIR = "#{ROOT_DIR}/mount/puppet"
|
||||
PROJECTS_DIR = "#{ROOT_DIR}/projects"
|
||||
|
||||
ENVIRONMENTS_PATH = "#{ROOT_DIR}/modules/environments"
|
||||
#PATH CONSTANTS
|
||||
MODULES_PATH = "#{ROOT_DIR}/modules/"
|
||||
VULNERABILITIES_PATH = "#{ROOT_DIR}/modules/vulnerabilities/"
|
||||
|
||||
@@ -2,7 +2,7 @@ require 'erb'
|
||||
require_relative 'erb_controller'
|
||||
require_relative 'constants'
|
||||
require_relative 'configuration'
|
||||
|
||||
require 'fileutils'
|
||||
class FileCreator
|
||||
# Creates project directory, uses .erb files to create a report and the vagrant file that will be used
|
||||
# to create the virtual machines
|
||||
@@ -20,9 +20,9 @@ class FileCreator
|
||||
|
||||
puts "The system is now creating the Project#{build_number}"
|
||||
Dir::mkdir("#{PROJECTS_DIR}/Project#{build_number}") unless File.exists?("#{PROJECTS_DIR}/#{build_number}")
|
||||
puts 'Creating the projects mount directory'
|
||||
Dir::mkdir("#{PROJECTS_DIR}/Project#{build_number}/mount") unless File.exists?("#{PROJECTS_DIR}/Project#{build_number}/mount")
|
||||
|
||||
puts 'Copying manifests to the projects manifest directory'
|
||||
FileUtils.cp_r("#{ROOT_DIR}/mount/puppet/manifest/","#{PROJECTS_DIR}/Project#{build_number}/manifests")
|
||||
|
||||
# initialises box before creation
|
||||
command = "cd #{PROJECTS_DIR}/Project#{build_number}/; vagrant init"
|
||||
%x[#{command}]
|
||||
|
||||
8
lib/objects/site.rb
Normal file
8
lib/objects/site.rb
Normal file
@@ -0,0 +1,8 @@
|
||||
class Site
|
||||
attr_accessor :name, :type
|
||||
|
||||
def initialize(name='', type='')
|
||||
@name = name
|
||||
@type = type
|
||||
end
|
||||
end
|
||||
@@ -1,9 +1,9 @@
|
||||
class System
|
||||
# can access from outside of class
|
||||
attr_accessor :id, :os, :url,:basebox, :networks, :vulns, :services
|
||||
attr_accessor :id, :os, :url,:basebox, :networks, :vulns, :services, :sites
|
||||
|
||||
#initalizes system variables
|
||||
def initialize(id, os, basebox, url, vulns=[], networks=[], services=[])
|
||||
def initialize(id, os, basebox, url, vulns=[], networks=[], services=[], sites=[])
|
||||
@id = id
|
||||
@os = os
|
||||
@url = url
|
||||
@@ -11,6 +11,7 @@ class System
|
||||
@vulns = vulns
|
||||
@networks = networks
|
||||
@services = services
|
||||
@sites = sites
|
||||
end
|
||||
|
||||
def is_valid_base
|
||||
|
||||
@@ -6,6 +6,7 @@ require_relative 'helpers/vulnerability_processor'
|
||||
require_relative 'objects/base_box'
|
||||
require_relative 'objects/network'
|
||||
require_relative 'objects/service'
|
||||
require_relative 'objects/site'
|
||||
require_relative 'objects/system'
|
||||
require_relative 'objects/vulnerability'
|
||||
require 'nokogiri'
|
||||
@@ -29,7 +30,14 @@ class SystemReader
|
||||
vulns = []
|
||||
networks = []
|
||||
services = []
|
||||
sites = []
|
||||
|
||||
system.css('sites site').each do |site|
|
||||
site_obj = Site.new
|
||||
site_obj.name = site['name']
|
||||
site_obj.type = site['type']
|
||||
sites << site_obj
|
||||
end
|
||||
system.css('vulnerabilities vulnerability').each do |v|
|
||||
vulnerability = Vulnerability.new
|
||||
# assign the value if the value is not nil (i.e. it's been specified in scenario.xml)
|
||||
@@ -43,6 +51,8 @@ class SystemReader
|
||||
vulns << vulnerability
|
||||
end
|
||||
|
||||
|
||||
|
||||
system.css('services service').each do |v|
|
||||
service = Service.new
|
||||
service.name = v['name']
|
||||
@@ -67,7 +77,7 @@ class SystemReader
|
||||
# pass in the already selected set of vulnerabilities, and additional secure services to find
|
||||
new_services = ServiceManager.process(services, Configuration.services, new_vulns)
|
||||
|
||||
s = System.new(id, os, basebox, url, new_vulns, new_networks, new_services)
|
||||
s = System.new(id, os, basebox, url, new_vulns, new_networks, new_services, sites)
|
||||
if s.is_valid_base == false
|
||||
BaseManager.generate_base(s,Configuration.bases)
|
||||
end
|
||||
|
||||
@@ -17,12 +17,6 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
|
||||
<% end %>
|
||||
<%= systems.id %>.vm.synced_folder "<%= MOUNT_DIR %>", "/mount"
|
||||
end
|
||||
config.vm.provision :shell, :inline => "apt-get --yes --force-yes install ruby "
|
||||
config.vm.provision :shell, :inline => "gem uninstall puppet"
|
||||
config.vm.provision :shell, :inline => "gem install puppet -v '3.5.1'"
|
||||
config.vm.provision :shell, :inline => "apt-get update --fix-missing"
|
||||
|
||||
|
||||
|
||||
# Add secure services
|
||||
<% systems.services.each do |service| %>
|
||||
@@ -30,14 +24,30 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
|
||||
<% service_name = service.name%>
|
||||
|
||||
config.vm.provision "puppet" do | <%=service_name%> |
|
||||
|
||||
<%=service_name%>.module_path = "<%="#{ROOT_DIR}/mount/puppet/module"%>"
|
||||
<%=service_name%>.environment_path = "<%="#{ENVIRONMENTS_PATH}"%>"
|
||||
<%=service_name%>.environment = "production"
|
||||
<%=service_name%>.manifests_path = "<%="#{ROOT_DIR}/mount/puppet/manifest"%>"
|
||||
|
||||
<%=service_name%>.manifest_file = "<%=service_name%>.pp"
|
||||
end
|
||||
|
||||
<% end %>
|
||||
|
||||
#Add sites
|
||||
<% systems.sites.each do |site| %>
|
||||
config.vm.provision "puppet" do | wordpress |
|
||||
wordpress.module_path = "<%="#{ROOT_DIR}/mount/puppet/module"%>"
|
||||
wordpress.environment_path = "<%="#{ENVIRONMENTS_PATH}"%>"
|
||||
wordpress.environment = "production"
|
||||
wordpress.manifests_path = "<%="#{ROOT_DIR}/mount/puppet/manifest"%>"
|
||||
wordpress.manifest_file = "wordpress.pp"
|
||||
end
|
||||
|
||||
<% end %>
|
||||
|
||||
|
||||
|
||||
# Add vulnerabilities
|
||||
|
||||
#a vulnerability has 1 or many puppets
|
||||
@@ -45,8 +55,9 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
|
||||
|
||||
<% vulnerability_name = vulnerability.name %>
|
||||
config.vm.provision "puppet" do | <%=vulnerability_name%> |
|
||||
|
||||
<%=vulnerability_name%>.module_path = "<%="#{ROOT_DIR}/mount/puppet/module"%>"
|
||||
<%=vulnerability_name%>.environment_path = "<%="#{ENVIRONMENTS_PATH}"%>"
|
||||
<%=vulnerability_name%>.environment = "production"
|
||||
<%=vulnerability_name%>.manifests_path = "<%="#{ROOT_DIR}/mount/puppet/manifest"%>"
|
||||
<%=vulnerability_name%>.manifest_file = "<%=vulnerability_name%>.pp"
|
||||
end
|
||||
@@ -56,6 +67,8 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
|
||||
# clean up script which clears history from the VMs and clobs files together
|
||||
config.vm.provision "puppet" do |cleanup|
|
||||
cleanup.module_path = "<%="#{ROOT_DIR}/mount/puppet/module"%>"
|
||||
cleanup.environment_path = "<%="#{ENVIRONMENTS_PATH}"%>"
|
||||
cleanup.environment = "production"
|
||||
cleanup.manifests_path = "<%="#{ROOT_DIR}/mount/puppet/manifest"%>"
|
||||
cleanup.manifest_file = "cleanup.pp"
|
||||
end
|
||||
|
||||
1
modules/environments/production/environment.conf
Normal file
1
modules/environments/production/environment.conf
Normal file
@@ -0,0 +1 @@
|
||||
default_manifest = "../../mount/puppet/manifest"
|
||||
@@ -3,6 +3,7 @@
|
||||
<base name="CentOS6.3" os="linux" distro="centos" url="https://dl.dropbox.com/sh/9rldlpj3cmdtntc/chqwU6EYaZ/centos-63-32bit-puppet.box" vagrantbase="CentOS6.3withpuppet" ></base>
|
||||
<base name="precise" os="linux" distro="unknown" url="http://files.vagrantup.com/precise32.box" vagrantbase="precise32" ></base>
|
||||
<base name="debian-puppet-64" os="linux" distro="debian" url="http://atlas.hashicorp.com/puppetlabs/boxes/debian-7.8-64-puppet/versions/1.0.4/providers/virtualbox.box" vagrantbase="debian-puppet-64" ></base>
|
||||
<base name="puppettest" os="linux" distro="unknown" url="http://puppet-vagrant-boxes.puppetlabs.com/debian-607-x64-vbox4210.box" vagrantbase="puppettest" />
|
||||
<base name="debian-puppet-32" os="linux" distro="debian" url="http://atlas.hashicorp.com/puppetlabs/boxes/debian-7.8-32-puppet/versions/1.0.4/providers/virtualbox.box" vagrantbase="debian-puppet-64" ></base>
|
||||
|
||||
</bases>
|
||||
|
||||
|
||||
Reference in New Issue
Block a user