digital-forensics-labs/SecGen
1
0
Fork 0
mirror of https://github.com/cliffe/SecGen.git synced 2026-02-20 13:50:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
SecGen/lib/templates/Vagrantfile.erb
Z. Cliffe Schreuders b900f9a520 Improve hostname configuration in Vagrantfile template 
Add hostnamectl support for more robust hostname setting on Linux systems
2025-01-31 16:29:40 +00:00

337 lines
15 KiB
Plaintext
Raw Permalink Blame History

# -*- mode: ruby -*-
# vi: set ft=ruby :
# This file was generated by SecGen
# <%= @time %>
# Based on <%= @scenario %>
<%
require 'json'
require 'base64'
require 'securerandom'
require_relative './lib/helpers/scenario.rb'
scenario_name = @scenario.split('/').last.split('.').first + '-'
prefix = @options[:prefix] ? (@options[:prefix] + '-' + scenario_name) : ('SecGen-' + scenario_name)
# specified virtualisation provider
provider = "virtualbox"
if @options.has_key?(:ovirtuser) && @options.has_key?(:ovirtpass)
provider = "ovirt"
elsif @options.has_key?(:proxmoxuser) && @options.has_key?(:proxmoxpass)
provider = "proxmox"
elsif @options.has_key?(:esxiuser) && @options.has_key?(:esxipass)
provider = "esxi"
end
-%>
VAGRANTFILE_API_VERSION = "2"
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
<%
@systems.each do |system|
# check that all the templates are available on the selected provider
system.module_selections.each do |selected_module|
if selected_module.module_type == 'base'
@base_type = selected_module.attributes['type']
@ovirt_base_template = selected_module.attributes['ovirt_template']&.first
@proxmox_base_template = selected_module.attributes['proxmox_template']&.first
@base_template = nil
@esxi_url = selected_module.attributes['esxi_url']&.first
@cpu_word_size = selected_module.attributes['cpu_word_size'].first.downcase
case provider
when "ovirt"
if @ovirt_base_template == nil
Print.err "Scenario includes #{selected_module.attributes['name']} which is not available on oVirt!"
return nil
else
@base_template = @ovirt_base_template
end
when "proxmox"
if @proxmox_base_template == nil
Print.err "Scenario includes #{selected_module.attributes['name']} which is not available on Proxmox!"
return nil
else
@base_template = @proxmox_base_template
end
when "esxi"
if @esxi_url == nil
Print.err "Scenario includes #{selected_module.attributes['name']} which is not available on ESXi!"
return nil
end
end
end
end
system.memory = resolve_memory(system)
-%>
config.vm.define "<%= system.name %>" do |<%= system.name %>|
<%
case provider
when "ovirt"
%>
#oVirt provider begin
<%= system.name %>.vm.provider :ovirt4 do |ovirt|
<%=
" ovirt.username = '#{@options[:ovirtuser]}'
ovirt.password = '#{@options[:ovirtpass]}'" %>
<%= if @options.has_key? :ovirturl
" ovirt.url = '#{@options[:ovirturl]}'"
end %>
<%= if @options.has_key? :ovirtcluster
" ovirt.cluster = '#{@options[:ovirtcluster]}'"
end %>
<%=
" ovirt.template = '#{@ovirt_base_template}'" %>
<%=
" ovirt.memory_size = '#{system.memory} MB'\n" -%>
<%= if @base_type.include? 'desktop'
" ovirt.memory_guaranteed = '512 MB'\n"
elsif system.memory.to_i >= 4096
" ovirt.memory_guaranteed = '4096 MB'\n"
end -%>
<%= if @options.has_key? :cpu_cores
" ovirt.cpu_cores = #{@options[:cpu_cores]}\n"
end -%>
ovirt.console = 'spice'
# ovirt.filtered_api = true
ovirt.insecure = true
ovirt.debug = true
end
# oVirt provider end
<%
when "proxmox"
%>
#Proxmox provider begin
<%= system.name %>.vm.provider :proxmox do |proxmox|
proxmox.endpoint = '<%= @options[:proxmoxurl] %>'
proxmox.user_name = '<%= @options[:proxmoxuser] %>'
proxmox.password = '<%= @options[:proxmoxpass] %>'
proxmox.vm_type = :qemu
proxmox.qemu_os = :l26
# proxmox.qemu_disk_size = '30G'
# proxmox.qemu_storage = 'ceph_rdb'
proxmox.qemu_template = '<%= @proxmox_base_template%>'
# proxmox.vm_name_prefix = 'vagranttest'
# proxmox.qemu_cores = 1
# proxmox.qemu_sockets = 1
# proxmox.qemu_nic_model = 'virtio'
# proxmox.qemu_bridge = 'vmbr0'
proxmox.vm_id_range = 1000..999999999
proxmox.vm_memory = 4096
proxmox.selected_node = '<%= @options[:proxmoxnode] %>'
proxmox.disable_adjust_forwarded_port = true
end
# Proxmox provider end
<%
when "esxi"
%>
# vmware_esxi provider begin
<%= system.name %>.vm.provider :vmware_esxi do |esxi|
<%=
" esxi.esxi_hostname = '#{@options[:esxi_host]}'
esxi.esxi_username = '#{@options[:esxiuser]}'
esxi.esxi_password = '#{@options[:esxipass]}'"
%>
<%= if @options.has_key? :esxidatastore
" esxi.esxi_disk_store = '#{@options[:esxidatastore]}'\n"
end -%>
<%= if @options.has_key? :esxidisktype
" esxi.guest_disk_type = '#{@options[:esxidisktype]}'\n"
end -%>
<%= " esxi.guest_memsize = '#{system.memory} MB'\n"
-%>
<%= if @options.has_key? :cpu_cores
" esxi.guest_numvcpus = #{@options[:cpu_cores]}\n"
end -%>
<%= if @options.has_key? :esxinetwork
" esxi.esxi_virtual_network = ['#{@options[:esxinetwork]}']\n"
end -%>
<%= " esxi.guest_name = '#{system.get_hostname}'\n" -%>
end
# End ESXi provider
<%
when "virtualbox"
%>
<%= system.name %>.vm.provider :virtualbox do |vb|
<% system.module_selections.each do |selected_module|
if selected_module.module_type == 'base'
@cpu_word_size = selected_module.attributes['cpu_word_size'].first.downcase
end
end -%>
<%= gui = (@options.has_key? :gui_output) ? 'true' : 'false'
" vb.gui = #{gui}\n" -%>
<%= no_pae = (@options.has_key? :nopae) ? 'off' : 'on'
" vb.customize ['modifyvm', :id, '--pae', '#{no_pae}']\n" -%>
<%= if @cpu_word_size == '32-bit'
if @options.has_key? :hwvirtex
" vb.customize ['modifyvm', :id, '--hwvirtex', 'on']\n"
else
" vb.customize ['modifyvm', :id, '--hwvirtex', 'off']\n"
end
elsif @cpu_word_size == '64-bit'
" vb.customize ['modifyvm', :id, '--hwvirtex', 'on']\n"
end -%>
<%= vtxpid = (@options.has_key? :vtxvpid) ? 'on' : 'off'
" vb.customize ['modifyvm', :id, '--vtxvpid', '#{vtxpid}']\n" -%>
<%= " vb.memory = '#{system.memory}'\n"-%>
<%= if @options.has_key? :cpu_cores
" vb.cpus = #{@options[:cpu_cores]}\n"
end -%>
<%= if @options.has_key? :max_cpu_usage
" vb.customize ['modifyvm', :id, '--cpuexecutioncap', '#{@options[:max_cpu_usage]}']\n"
end -%>
end
<%
end
%>
<% # Adds line that stops cloud-init from attempting to grab meta-data as eth0 is overwritten with provided networks.
# TODO: Remove when mutli-network vagrant-plugin issue is resolved
if provider == "ovirt" && @base_template && @base_template !~ /win/i -%>
<%= system.name %>.vm.provision 'shell', inline: "echo 'datasource_list: [ None ] '> /etc/cloud/cloud.cfg.d/90_dpkg.cfg"
<% end -%>
<%= system.name %>.vm.boot_timeout = 600
<%= system.name %>.ssh.connect_timeout = 600
# SecGen datastore
# <%= JSON.generate($datastore) %>
# SecGen modules
<% system.module_selections.each do |selected_module| -%>
<%= selected_module.to_s_comment -%>
<% if selected_module.module_type == 'network' and selected_module.received_inputs.include? 'IP_address' %>
<%= ' # This module has a datastore entry for IP_address, using that instead of the default.' %>
<% elsif selected_module.module_type == 'network' and @options.has_key? :ip_ranges -%>
<%= ' # This module has a command line ip_range, using that instead of the default.' %>
<% end -%>
<%
case selected_module.module_type
when 'base'
-%>
<%= system.name %>.vm.hostname = '<%= system.get_hostname %>'
<%
case provider
when "ovirt"
%>
<%# if selected_module.attributes['platform'].first.downcase != 'windows' %>
<%# gets stuck setting host name on Windows XP %>
<%# end %>
<%= system.name %>.vm.box = 'ovirt4'
<%= system.name %>.vm.box_url = 'https://github.com/myoung34/vagrant-ovirt4/blob/master/example_box/dummy.box?raw=true'
<%
when "proxmox"
%>
<%= system.name %>.vm.box = 'dummy'
<%= system.name %>.vm.box_url = 'https://github.com/myoung34/vagrant-ovirt4/blob/master/example_box/dummy.box?raw=true'
<% if selected_module.attributes['platform'].first.downcase != 'windows' %>
# Set hostname for Linux systems (as an extra step on Proxmox)
<%= system.name %>.vm.provision 'shell', inline: "hostname <%= system.get_hostname %> && echo <%= system.get_hostname %> > /etc/hostname && hostnamectl set-hostname <%= system.get_hostname %> || true && sed -i \"s/127.0.1.1.*/127.0.1.1\t<%= system.get_hostname %>/g\" /etc/hosts"
<% end %>
<%
when "esxi"
%>
<%= system.name %>.vm.box = "<%= selected_module.module_path_name %>"
<%= system.name %>.vm.box_url = "<%= selected_module.attributes['esxi_url'].first %>"
<%
when "virtualbox"
%>
<%= system.name %>.vm.box = "<%= selected_module.module_path_name %>"
<%= system.name %>.vm.box_url = "<%= selected_module.attributes['url'].first %>"
<%
end
%>
<% if selected_module.attributes['platform'].first.downcase == 'windows' %>
<%= system.name %>.vm.communicator = 'winssh'
<%= system.name %>.vm.guest = :windows
#<%= system.name %>.vm.synced_folder '.', '/vagrant', disabled: true
<% end %>
<% when 'network' -%>
<% # DHCP networking -%>
<% if (selected_module.attributes['range'].first.nil? || selected_module.attributes['range'].first == "dhcp") and (!selected_module.received_inputs.include? 'IP_address' and !@options[:ip_ranges])-%>
<% if (@options.has_key? :ovirtnetwork) && provider == "ovirt" %>
<%= system.name %>.vm.network :<%= selected_module.attributes['type'].first %>, type: "dhcp", :ovirt__network_name => '<%= get_ovirt_network_name(system.name, @options[:ovirtnetwork]) %>'
<% else %>
<%= system.name %>.vm.network :<%= selected_module.attributes['type'].first %>, type: "dhcp", auto_config: false
<% end %>
<% # Below string is used within testing, do not delete. -%>
# ip_address_for_<%= system.name %>=DHCP
<% # Static networking -%>
<% else -%>
<% # Static oVirt/Proxmox networking -%>
<% if (provider == "ovirt" || provider == "proxmox") && @base_template && @base_template !~ /win/i -%>
<% interface = 'ens3' if provider =="ovirt" -%>
<% interface = 'ens18' if provider =="proxmox" -%>
<% if @base_template =~ /kali|debian_desktop_kde|debian_wheezy_server/ -%>
<% interface = 'eth0' -%>
<% end -%>
# use some shell scripting to identify the name of the network interface (eth0/ens3/...), and set the IP address statically
<%= system.name %>.vm.provision 'shell', inline: "echo -e \"auto lo\niface lo inet loopback\n\nauto <%= interface %>\niface <%= interface %> inet static\n\taddress <%= resolve_network(selected_module)%>\" > /etc/network/interfaces"
<%= system.name %>.vm.provision 'shell', inline: "echo '' > /etc/environment"
<% # Below string is used within testing, do not delete. -%>
# ip_address_for_<%= system.name %>=<%= resolve_network(selected_module)%>
<% elsif (provider == "ovirt" || provider == "proxmox") && @base_template && @base_template =~ /win/i -%>
<% # Windows on oVirt/Proxmox
# re-activate windows now, and then rearm on reboot (after it's started after provisioning) -%>
<%= system.name %>.vm.provision 'shell', inline: 'cscript //b c:\windows\system32\slmgr.vbs /ato'
<%= system.name %>.vm.provision 'shell', inline: "reg add HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce /v RearmWindows /t REG_SZ /d \"cscript //b c:\\windows\\system32\\slmgr.vbs /rearm\" /f"
<% # change network on reboot via registry, so that it gets the new IP on reboot (not mid-provision)
# TODO: use some clever scripting to identify the network name -%>
<%= system.name %>.vm.provision 'shell', inline: "
$interfaceNames = @('Local Area Connection', 'Local Area Connection 2', 'Local Area Connection 3', 'Ethernet')
$ipAddress = '<%= resolve_network(selected_module)%>'
$subnetMask = '255.0.0.0'
foreach ($interfaceName in $interfaceNames) {
$command = \"netsh interface ip set address name=`\"$interfaceName`\" static $ipAddress $subnetMask\"
$registryPath = 'HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run'
New-ItemProperty -Path $registryPath -Name ('SetStaticIP_' + $interfaceName) -Value $command -PropertyType String -Force
}
"
# disable sleep mode (freezes SPICE)
<%= system.name %>.vm.provision 'shell', inline: "powercfg -x -standby-timeout-ac 0"
<% else # not windows or not ovirt -%>
<%= system.name %>.vm.network :<%= selected_module.attributes['type'].first %>, ip: "<%= resolve_network(selected_module)%>"
<% # Below string is used within testing, do not delete. -%>
# ip_address_for_<%= system.name %>=<%= resolve_network(selected_module)%>
<% end -%>
<% end -%>
<% when 'vulnerability', 'service', 'utility', 'build' -%>
<% module_name = selected_module.module_path_name -%>
<%= system.name %>.vm.provision "puppet" do | <%=module_name%> |
<% # if there are facter variables to define
if selected_module.received_inputs != {} -%>
<% json_inputs = JSON.generate(selected_module.received_inputs)
b64_json_inputs = Base64.strict_encode64(json_inputs)
# save the inputs in a randomly named file in the
# project out directory of the secgen_functions module
json_inputs_filename = "#{selected_module.module_path_end}_#{SecureRandom.hex(15).to_s}"
dir = "#{@out_dir}/puppet/#{system.name}/modules/secgen_functions/files/json_inputs"
FileUtils.mkdir_p(dir) unless File.exists?(dir)
Print.verbose "Writing #{selected_module.module_path_name} input to: #{dir}/#{json_inputs_filename}"
File.write("#{dir}/#{json_inputs_filename}", b64_json_inputs)
-%>
<%= module_name%>.facter = {
"base64_inputs_file" => '<%= json_inputs_filename %>',
}
<% end -%>
<%=module_name%>.module_path = "<%="puppet/#{system.name}/modules"%>"
<% if selected_module.attributes['platform'].first.downcase == 'windows' || @base_template =~ /win/i %>
<%=module_name%>.temp_dir = "/cygdrive/c/vagrant/"
<% else -%>
<%=module_name%>.environment_path = "environments/"
<%=module_name%>.environment_variables = {'RUBYOPT' => '-W0'}
<%=module_name%>.environment = "production"
<% end -%>
<%=module_name%>.synced_folder_type = "rsync"
<%=module_name%>.manifests_path = "<%="puppet/#{system.name}/modules/#{selected_module.module_path_end}"%>"
<%=module_name%>.manifest_file = "<%="#{selected_module.module_path_end}.pp"%>"
end
<% end -%>
<% end -%>
end
<% end %>
end
Reference in New Issue View Git Blame Copy Permalink