Windows 7 support in oVirt -- depends on changes to vagrant winssh, the ovirt-plugin, and the basebox having SSH, puppet, and rsync -- possibly breaks old baseboxes that don't have these installed, but SSH is required rather than WinRM due to proxy limitations

This commit is contained in:
Z. Cliffe Schreuders
2019-09-20 10:47:51 +01:00
parent 0fe526e844
commit df05e51344
3 changed files with 49 additions and 8 deletions

View File

@@ -182,13 +182,16 @@ end
<%= system.name %>.vm.provision 'shell', inline: "echo '' > /etc/environment"
<% # Below string is used within testing, do not delete. -%>
# ip_address_for_<%= system.name %>=<%= resolve_network(selected_module)%>
<% # Static Virtualbox networking -%>
<% # Static Virtualbox networking -%>
<% elsif (@options.has_key? :ovirtuser) && (@options.has_key? :ovirtpass) && @ovirt_base_template && @ovirt_base_template =~ /win/ -%>
<% # Windows on oVirt -- change network on reboot via scheduled task%>
<%= system.name %>.vm.provision 'shell', inline: "schtasks /create /rl HIGHEST /ru system /sc ONSTART /tn \"network settings\" /tr \"netsh interface ip set address 'Local Area Connection' static <%= resolve_network(selected_module) %> 255.0.0.0\" < nul", upload_path: "c:/windows/temp/ipconf.bat"
<% # Windows on oVirt -- change network on reboot via scheduled task, so that it gets the new IP on reboot (not mid-provision)%>
<% # TODO: use some clever scripting to identify the network name : $interface = $(wmic.exe nic where "NetConnectionStatus=2" get NetConnectionID | findstr Local).Trim(); schtasks /create /rl HIGHEST /ru system /sc ONSTART /tn networksettings /f /tr "netsh interface ip set address '$interface' static IPADDRESS 255.0.0.0" %>
<%= system.name %>.vm.provision 'shell', inline: 'schtasks /create /rl HIGHEST /ru system /sc ONSTART /tn networksettings1 /f /tr "netsh interface ip set address \'Local Area Connection\' static <%= resolve_network(selected_module)%> 255.0.0.0\" '
<%= system.name %>.vm.provision 'shell', inline: 'schtasks /create /rl HIGHEST /ru system /sc ONSTART /tn networksettings2 /f /tr "netsh interface ip set address \'Local Area Connection 2\' static <%= resolve_network(selected_module)%> 255.0.0.0\" '
<%= system.name %>.vm.provision 'shell', inline: 'schtasks /create /rl HIGHEST /ru system /sc ONSTART /tn networksettings3 /f /tr "netsh interface ip set address \'Local Area Connection 3\' static <%= resolve_network(selected_module)%> 255.0.0.0\" '
<% else # not windows or not ovirt -%>
<%= system.name %>.vm.network :<%= selected_module.attributes['type'].first %>, ip: "<%= resolve_network(selected_module)%>"
<% # Below string is used within testing, do not delete. -%>
<% # Below string is used within testing, do not delete. -%>
# ip_address_for_<%= system.name %>=<%= resolve_network(selected_module)%>
<% end -%>
<% end -%>
@@ -217,7 +220,7 @@ end
<%=module_name%>.environment = "production"
<%=module_name%>.synced_folder_type = "rsync"
<% end %>
<%=module_name%>.manifests_path = "<%="puppet/#{system.name}/modules/#{selected_module.module_path_end}"%>"
<%=module_name%>.manifests_path = "<%="puppet/#{system.name}/modules/#{selected_module.module_path_end}"%>"
<%=module_name%>.manifest_file = "<%="#{selected_module.module_path_end}.pp"%>"
end
<% end -%>

View File

@@ -6,7 +6,7 @@
<name>Windows 7, SSH, Puppet: OVIRT ONLY</name>
<author>Z. Cliffe Schreuders</author>
<module_license>GPLv3</module_license>
<description>Windows 7 with SSH and Puppet. CURRENTLY ONLY WORKS WITH OVIRT.</description>
<description>Windows 7 with OpenSSH, Chocolate, Rsync, and Puppet. CURRENTLY ONLY WORKS WITH OVIRT.</description>
<cpu_word_size>64-bit</cpu_word_size>
<type>desktop</type>
@@ -14,7 +14,7 @@
<distro>7</distro>
<url>http://TODO</url>
<esxi_url></esxi_url>
<ovirt_template>win7-vagrant-8</ovirt_template>
<ovirt_template>win7-vagrant-11</ovirt_template>
<software_license>various</software_license>

View File

@@ -4,11 +4,49 @@
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
<!-- an example remote storage system, with a remotely exploitable vulnerability that can then be escalated to root -->
<system>
<system_name>windows</system_name>
<base platform="windows" distro="7"/>
<utility module_path=".*parameterised_accounts" platform="windows">
<input into="accounts" into_datastore="accounts">
<generator type="account">
<input into="username">
<value>user1</value>
</input>
<input into="password">
<value>password1</value>
</input>
<input into="super_user">
<value>false</value>
</input>
<input into="strings_to_leak">
<value>This is a test</value>
</input>
<input into="leaked_filenames">
<value>test.txt</value>
</input>
</generator>
<generator type="account">
<input into="username">
<value>user2</value>
</input>
<input into="password">
<value>password2</value>
</input>
<input into="super_user">
<value>false</value>
</input>
<input into="strings_to_leak">
<value>Hello, world!</value>
</input>
<input into="leaked_filenames">
<value>test.txt</value>
</input>
</generator>
</input>
</utility>
<network type="private_network" range="dhcp"/>
</system>