├── .gitignore
├── README.md
├── bro-cluster
    ├── README.md
    ├── Vagrantfile
    ├── config
    ├── dissector_fuzz.sh
    ├── hosts
    ├── insecure-ssh-key
    ├── insecure-ssh-key.pub
    ├── node.cfg
    └── provision-manager.sh
├── bro-dev
    ├── README.md
    ├── Vagrantfile
    └── provision.sh
├── bro-sandbox
    ├── Dockerfile
    ├── LICENSE
    ├── README.md
    ├── Vagrantfile
    ├── etc.default.docker
    ├── provision.sh
    ├── sandbox.cron
    └── scripts
    │   ├── disk_limit
    │   ├── remove_old_containers
    │   ├── remove_old_users
    │   ├── sandbox_login
    │   └── sandbox_shell
├── collectd-graphite
    ├── Vagrantfile
    └── provision.sh
├── cuckoo
    ├── README.md
    ├── Vagrantfile
    ├── cuckoo
    │   ├── auxiliary.conf
    │   ├── cuckoo.conf
    │   ├── kvm.conf
    │   ├── local_settings.py
    │   ├── memory.conf
    │   ├── reporting.conf
    │   └── virtualbox.conf
    ├── provision.sh
    ├── upstart
    │   ├── cuckoo-api.conf
    │   ├── cuckoo-web.conf
    │   ├── cuckoo-web2.conf
    │   └── cuckoo.conf
    └── vbox
    │   └── VirtualBox.xml
├── docker-dynamic
    ├── README.md
    ├── Vagrantfile
    └── provision.sh
├── grsecurity
    ├── README.md
    ├── Vagrantfile
    ├── config
    └── provision.sh
├── islet-distributed
    ├── README.md
    ├── Vagrantfile
    └── provision.sh
├── islet
    ├── README.md
    ├── Vagrantfile
    └── provision.sh
├── lfs
    ├── .gitignore
    ├── LFS-BOOK-7.5-systemd.pdf
    ├── LFS-BOOK-7.5.pdf
    ├── README.md
    ├── Vagrantfile
    └── provision.sh
├── netsniff-ng-playground
    ├── README.md
    ├── Vagrantfile
    ├── config
    ├── nlmon.cfg
    └── provision.sh
├── netsniff-ng
    ├── README.md
    ├── Vagrantfile
    ├── config
    ├── nlmon.cfg
    └── provision.sh
├── netsniff-ng_centos
    ├── Vagrantfile
    └── provision.sh
├── openvas
    ├── README.md
    ├── Vagrantfile
    └── provision.sh
├── openvz
    ├── README.md
    ├── Vagrantfile
    └── provision.sh
├── pxe-kickstart
    ├── README.md
    ├── Vagrantfile
    ├── ks.cfg
    ├── provision.sh
    └── tftpd-hpa
├── pxe-multiboot
    ├── README.md
    ├── Vagrantfile
    ├── ks.cfg
    ├── new_iso.sh
    ├── new_pxe.sh
    ├── provision.sh
    └── tftpd-hpa
├── sagan
    ├── README.md
    ├── Vagrantfile
    ├── barnyard2-sagan.conf
    ├── barnyard2.upstart
    ├── pkgs
    │   ├── barnyard2-2.1.14-1.x86_64.rpm
    │   ├── daq-2.0.4-1.x86_64.rpm
    │   ├── delegate-9.9.13-1.x86_64.rpm
    │   ├── libdnet-1.11-1.x86_64.rpm
    │   ├── libestr-upstream-1.x86_64.rpm
    │   ├── liblognorm-upstream-1.x86_64.rpm
    │   ├── pulledpork-0.7-1.x86_64.rpm
    │   └── sagan-upstream-1.x86_64.rpm
    ├── provision.sh
    ├── rsyslog-sagan.conf
    └── sagan.upstart
├── seconion
    ├── README.txt
    ├── Vagrantfile
    └── provision.sh
└── xen-ganeti
    ├── README.md
    ├── Vagrantfile
    ├── hosts
    ├── interfaces-node1
    ├── interfaces-node2
    ├── lvm.conf
    ├── modules
    ├── provision.sh
    └── xend-config.sxp


/.gitignore:
--------------------------------------------------------------------------------
1 | .vagrant
2 | *.vdi
3 | *.deb
4 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | vagrant
2 | =======
3 | 
4 | Vagrant files and related
5 | 


--------------------------------------------------------------------------------
/bro-cluster/README.md:
--------------------------------------------------------------------------------
 1 | Bro-Cluster
 2 | ===========
 3 | 
 4 | ````
 5 | $ vagrant up
 6 | ```
 7 | 
 8 | will provision 3 machines:
 9 |  * 1 Bro Manager
10 |  * 2 Bro Worker Nodes
11 | 
12 | You can install a particular version of Bro by setting the version number as an argument to
13 | the provision script in the Vagrantfile. By default the latest upstream version is checked from git.
14 | To download the stable release of Bro 2.4.1, modify args in the line with the version number, like so:
15 | ```
16 | manager.vm.provision "shell", path: "provision-manager.sh", privileged: "true", args: "2.4.1"
17 | ```
18 | Once provisioned, connect to the manager node, and then issue the following commands to start up the cluster:
19 | ```
20 | $ vagrant ssh manager
21 | $ sudo -i
22 | $ broctl deploy
23 | ```
24 | 
25 | Traffic seen on the 2 worker nodes will be available in the logging directory on the manager:
26 | /usr/local/bro/logs/
27 | 


--------------------------------------------------------------------------------
/bro-cluster/Vagrantfile:
--------------------------------------------------------------------------------
 1 | # -*- mode: ruby -*-
 2 | # vi: set ft=ruby :
 3 | 
 4 | # Install dependencies
 5 | $install = <<SCRIPT
 6 | add-apt-repository ppa:agent-8131/ppa
 7 | apt-get update -qq
 8 | apt-get -y install cmake make gcc g++ flex bison libpcap-dev libssl-dev python-dev swig zlib1g-dev libmagic-dev
 9 | apt-get -y install tcpreplay
10 | SCRIPT
11 | # libgoogle-perftools-dev
12 | 
13 | $keys = <<SCRIPT
14 | test -d /root/.ssh || mkdir /root/.ssh 
15 | chown root:root /root/.ssh
16 | chmod 0700 /root/.ssh
17 | install -o root -g root -m 600 /home/vagrant/.ssh/insecure-ssh-key.pub /root/.ssh/authorized_keys
18 | SCRIPT
19 | 
20 | Vagrant.configure(2) do |config|
21 | 
22 |   config.vm.box = "trusty"
23 |   config.vm.box_url = "https://cloud-images.ubuntu.com/vagrant/trusty/current/trusty-server-cloudimg-amd64-vagrant-disk1.box"
24 | 
25 |   config.vm.define "manager" do |manager|
26 |     manager.vm.hostname = "manager.bro.org"
27 |     manager.vm.network "private_network", ip: "10.1.1.10", :netmask => "255.255.255.0", :adapter => 2
28 |     manager.vm.provision "file", source: "insecure-ssh-key", destination: "~/.ssh/id_rsa"
29 |     manager.vm.provision "file", source: "hosts", destination: "hosts"
30 |     manager.vm.provision "file", source: "config", destination: "~/.ssh/config"
31 |     manager.vm.provision "file", source: "node.cfg", destination: "node.cfg"
32 |     # Set args to "latest" or version number e.g. "2.4.1"
33 |     manager.vm.provision "shell", path: "provision-manager.sh", privileged: "true", args: "latest"
34 |     manager.vm.provider "virtualbox" do |vb|
35 |       vb.name = "bro-manager"
36 |       vb.gui = false
37 |       vb.memory = 1024
38 |     end
39 |   end
40 | 
41 |   config.vm.define "node1" do |node1|
42 |     node1.vm.hostname = "node1.bro.org"
43 |     node1.vm.network "private_network", ip: "10.1.1.20", :netmask => "255.255.255.0", :adapter => 2
44 |     node1.vm.provision "file", source: "insecure-ssh-key.pub", destination: "~/.ssh/insecure-ssh-key.pub"
45 |     node1.vm.provision "shell", inline: $keys
46 |     node1.vm.provision "shell", inline: $install
47 |     node1.vm.provision "file", source: "dissector_fuzz.sh", destination: "dissector_fuzz.sh"
48 |     node1.vm.provider "virtualbox" do |v|
49 |       v.name = "bro-node1"
50 |       v.gui = false
51 |       v.memory = 1024
52 |     end
53 |   end
54 | 
55 |   config.vm.define "node2" do |node2|
56 |     node2.vm.hostname = "node2.bro.org"
57 |     node2.vm.network "private_network", ip: "10.1.1.30", :netmask => "255.255.255.0", :adapter => 2
58 |     node2.vm.provision "file", source: "insecure-ssh-key.pub", destination: "~/.ssh/insecure-ssh-key.pub"
59 |     node2.vm.provision "shell", inline: $keys
60 |     node2.vm.provision "shell", inline: $install
61 |     node2.vm.provision "file", source: "dissector_fuzz.sh", destination: "dissector_fuzz.sh"
62 |     node2.vm.provider "virtualbox" do |v|
63 |       v.name = "bro-node2"
64 |       v.gui = false
65 |       v.memory = 1024
66 |     end
67 |   end
68 | 
69 | end
70 | 


--------------------------------------------------------------------------------
/bro-cluster/config:
--------------------------------------------------------------------------------
 1 | Host node1
 2 |     Hostname 10.1.1.20
 3 |     IdentityFile ~/.ssh/id_rsa
 4 |     StrictHostKeyChecking no
 5 | Host node2
 6 |     Hostname 10.1.1.30
 7 |     IdentityFile ~/.ssh/id_rsa
 8 |     StrictHostKeyChecking no
 9 | Host 10.1.1.20
10 |     Hostname 10.1.1.20
11 |     IdentityFile ~/.ssh/id_rsa
12 |     StrictHostKeyChecking no
13 | Host 10.1.1.30
14 |     Hostname 10.1.1.30
15 |     IdentityFile ~/.ssh/id_rsa
16 |     StrictHostKeyChecking no
17 | 


--------------------------------------------------------------------------------
/bro-cluster/dissector_fuzz.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | # -*- coding: utf-8 -*-
 3 | #
 4 | # dissector_fuzz.sh -- fuzz test netsniff-ng's dissector and pcap io methods
 5 | #		       with shitty pcap example files from the Wireshark archive
 6 | #
 7 | # Copyright (C) 2012 Daniel Borkmann <borkmann@redhat.com>
 8 | # Copyright (C) 2012 Stefan Seering <sseerin@imn.htwk-leipzig.de>
 9 | #
10 | # Note: build and *install* the toolkit first before running this script!
11 | #
12 | # This program is free software; you can redistribute it and/or modify
13 | # it under the terms of the GNU General Public License version 2 as
14 | # published by the Free Software Foundation.
15 | 
16 | set -u
17 | 
18 | if [ ${BASH_VERSINFO} -lt 3 ] ; then
19 | 	echo 'Error: Your bash need to be version 3 or newer. Exiting.'
20 | 	exit 1 # operators like =~ produce errors silently in old bash versions, so exit here
21 | fi
22 | 
23 | archive='ftp://wireshark.org/automated/captures/'
24 | show_output='' # empty string evaluates to false
25 | run_through='' # empty string evaluates to false
26 | count_cores=0
27 | count_files=0
28 | netsniff_ng_opts=''
29 | 
30 | if [ $# -gt 0 ] ; then
31 | 	if [ "$1" = '-h' -o "$1" = '--help' -o "$1" = '--usage' ] ; then
32 | 		echo 'Usage: dissector_fuzz [-s (show netsniff-ng output, default: no)] [-r (keep running on errors, default: no)] [netsniff-ng long-args]'
33 | 		exit 0
34 | 	fi
35 | 
36 | 	for opt in $@ ; do
37 | 		if [ "${opt}" = '-s' ] ; then
38 | 			show_output='true'
39 | 		elif [ "${opt}" = '-r' ] ; then
40 | 			run_through='true'
41 | 		else
42 | 			netsniff_ng_opts="${netsniff_ng_opts} ${opt}";
43 | 		fi
44 | 	done
45 | fi
46 | 
47 | mkdir -p fuzzing
48 | cd fuzzing
49 | wget -r -Nc -np -nd -A.pcap "$archive"  |& grep -E "%|^--"
50 | ulimit -c unlimited
51 | rm -f core
52 | for file in *.pcap
53 | do
54 | 	echo "Testing file $file ..."
55 | 	if [ $show_output ]; then
56 | 		tcpreplay --intf1=eth1 "$file" "${netsniff_ng_opts}"
57 | 	else
58 | 		tcpreplay --intf1=eth1 "$file" "${netsniff_ng_opts}" > /dev/null
59 | 	fi
60 | 	if [ -e core ]; then
61 | 		echo "Fuck, core dumped on $file!"
62 | 		let count_cores=count_cores+1
63 | 		if [ $run_through ]; then
64 | 			rm core
65 | 		else
66 | 			exit
67 | 		fi
68 | 	fi
69 | done
70 | 
71 | if which cowsay > /dev/null ; then
72 | 	echo_cmd='cowsay'
73 | else
74 | 	echo_cmd='echo'
75 | fi
76 | 
77 | ${echo_cmd} 'Your fuckup Score'
78 | echo " * tested pcaps: $count_files"
79 | echo " * core dumps:   $count_cores"
80 | 


--------------------------------------------------------------------------------
/bro-cluster/hosts:
--------------------------------------------------------------------------------
 1 | 127.0.0.1 localhost
 2 | 10.1.1.20 node1
 3 | 10.1.1.30 node2
 4 | 
 5 | # The following lines are desirable for IPv6 capable hosts
 6 | ::1 ip6-localhost ip6-loopback
 7 | fe00::0 ip6-localnet
 8 | ff00::0 ip6-mcastprefix
 9 | ff02::1 ip6-allnodes
10 | ff02::2 ip6-allrouters
11 | ff02::3 ip6-allhosts
12 | 127.0.1.1 manager.bro.org manager
13 | 


--------------------------------------------------------------------------------
/bro-cluster/insecure-ssh-key:
--------------------------------------------------------------------------------
 1 | -----BEGIN RSA PRIVATE KEY-----
 2 | MIIEowIBAAKCAQEA8AkSZpwG8X9sh8DueWmeJdj/grHTvQiFH0CAf5SYN4oW/sIl
 3 | I+gk5rYIBiTpeem+RYS3+l2aeqe76lK3fvVFg05EKTnq7lZs5OPDPyku9uoujie8
 4 | 48X68OyqChIAdxasgccLb323vxKMJkWMa87AgTtpu5aTThI+TQ++9TEkIQxRAwjc
 5 | OUOMguzJe/v9XohSW6nj7NT/a65P+78xrx17bLQWsfW5iqmrpIhv0uS3LcfVXUiR
 6 | N3QRb+xs7pLu8MHQIOxWR44UPEXwHkYCpyAXDE4dbntGvZ8NDoofkiwHbYR4vElX
 7 | +j/B8JXsy+/4Rnu91TaQYtLUIy4ivLNAPWntwwIDAQABAoIBAGS5mdQfEzbR3swU
 8 | pL2kGW4OYiII1y5S3fHgUku3IizkMIQVGhq4NovtxO43HRZAhMyNRdq03rcrncpV
 9 | jZSj/dh8xlN6b2A2OhnOjcb6VC/e00xp1nTKRmRFG5GAPlu60wbebKkLW0i90rvY
10 | oXU33EYelV7Xb9bqBuS1f89KILwQq/x8tcjoW7zLunHapnTQawW2DDXecUmaWrT+
11 | fMYDptzlqk5kerMZpdeMSQowiWtrLIsgvPf0/i7QwluDcRBi6oo7S4RikLGC3Kzk
12 | SwxfPJIQW59E29Xk8QDh2V1eNy7WNl4IR41lPKEW77JVvlqGzIIyFe3H2fjnHkVy
13 | ExSsVLkCgYEA+ijgzrF7RDU+7s5lE1kF1O7kx748f59ksX5EtItnGlptQ09kp1GD
14 | iBU4sx+T56p/UXQXuumPi0N01rBY1np6ass/wNuyp6JnN6goeXsRPSjdTTUH9+UH
15 | khH40nz+risGmvsDlNgPdNq3HsvUHdDb1y0h4MzvIvbbYCS6sAsC/AUCgYEA9aOv
16 | OQPgQXqLAAAxyk/ETelsPXruQmDgkSNeMT/4Ruif1+r4RsZqVdppzjJM4Gr9v2tA
17 | Am47TIuE8+CVL4V68soB1efxKNBi3alVGa8trqfiSjzaWttNeg6vDLEq9eNojBsK
18 | Q7pJTd+moNwZNAj7EhKYZ1BH1oNI6Ov9EFWOtScCgYEA3/9YhVvgz4uKBZWkZfWx
19 | xh//lWefjntwU4qIBM5KjQtpiPr/Wt8fkuvFsIbXDnrZtFrqoMBge0f0yARyF+Ll
20 | 2NiUBqHy0C4YlHqre1OadRQxTN/ueaeH5uDW18t61QPLz1xysYXiGTV7AUVscyJA
21 | p+VOz5dRjhJTDzz0OYwyqO0CgYASQcs5Op+FXl1Mb7dDqTAW9l10KFnjFx45y14p
22 | 3O5QHuQagT1YzVCD9wrcJ4LtPyaC/q6wP48qvkfwdGXCNXKQ7xC53FZhSTO/8+D+
23 | WrXTgGjiSamVDS2x/7tk/xoJUpCnsS7PH95o6lGRLSq2YmB+1GD9dMsSF4novfl+
24 | KE3GCwKBgEsynKzW4CftS486yXv4D/XttL+TCCVnBQaF91HUZupV6Mtu+2jSF1mK
25 | FyrQmNgJ1FqcAlEMRfa0W62phwqHDEzIy58uo3m97Dc6UHge6JiFkOfMdBzE3lZM
26 | oARc2P/OtwF57YC1qTxYQDrSZRvjkgMYIEetW1ffkR+ipTszwh8z
27 | -----END RSA PRIVATE KEY-----
28 | 


--------------------------------------------------------------------------------
/bro-cluster/insecure-ssh-key.pub:
--------------------------------------------------------------------------------
1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDwCRJmnAbxf2yHwO55aZ4l2P+CsdO9CIUfQIB/lJg3ihb+wiUj6CTmtggGJOl56b5FhLf6XZp6p7vqUrd+9UWDTkQpOeruVmzk48M/KS726i6OJ7zjxfrw7KoKEgB3FqyBxwtvfbe/EowmRYxrzsCBO2m7lpNOEj5ND771MSQhDFEDCNw5Q4yC7Ml7+/1eiFJbqePs1P9rrk/7vzGvHXtstBax9bmKqaukiG/S5Lctx9VdSJE3dBFv7Gzuku7wwdAg7FZHjhQ8RfAeRgKnIBcMTh1ue0a9nw0Oih+SLAdthHi8SVf6P8HwlezL7/hGe73VNpBi0tQjLiK8s0A9ae3D
2 | 


--------------------------------------------------------------------------------
/bro-cluster/node.cfg:
--------------------------------------------------------------------------------
 1 | # This is a complete standalone configuration. Most likely you will
 2 | # only need to change the interface.
 3 | #[bro]
 4 | #type=standalone
 5 | #host=localhost
 6 | #interface=eth0
 7 | 
 8 | ## Below is an example clustered configuration. If you use this,
 9 | ## remove the [bro] node above.
10 | 
11 | [manager]
12 | type=manager
13 | host=10.1.1.10
14 | 
15 | [proxy-1]
16 | type=proxy
17 | host=10.1.1.10
18 | 
19 | [worker-1]
20 | type=worker
21 | host=10.1.1.20
22 | interface=eth1
23 | 
24 | [worker-2]
25 | type=worker
26 | host=10.1.1.30
27 | interface=eth1
28 | 


--------------------------------------------------------------------------------
/bro-cluster/provision-manager.sh:
--------------------------------------------------------------------------------
  1 | HOME=/home/vagrant
  2 | ROOT=/root
  3 | BROPATH=/usr/local/bro
  4 | COWSAY=/usr/games/cowsay
  5 | 
  6 | function die {
  7 |   $COWSAY -d "$* MooOoOOoo"
  8 |   exit 1
  9 | }
 10 | 
 11 | function hi {
 12 |   $COWSAY "$*"
 13 | }
 14 | 
 15 | function configure_ssh {
 16 |   hosts="$HOME/hosts"
 17 |   key="$HOME/.ssh/id_rsa"
 18 |   config="$HOME/.ssh/config"
 19 |   # Bro uses this key to configure the nodes
 20 |   if [ ! -d "$ROOT/.ssh" ]; then
 21 |     mkdir "$ROOT/.ssh"
 22 |     chown root:root "$ROOT/.ssh"
 23 |     chmod 700 "$ROOT/.ssh"
 24 |   fi
 25 |   [ -e "$key" ] && install -m 0600 "$key" "$ROOT/.ssh/id_rsa"
 26 |   [ -e "$config" ] && install -m 0600 "$config" "$ROOT/.ssh/config"
 27 |   [ -e "$hosts" ] && install -m 0644 "$hosts" /etc/hosts
 28 |   hi "SSH configuration complete"
 29 | }
 30 | 
 31 | function configure_bro {
 32 |   if [ ! -e /bro ]; then
 33 |     ln -s /usr/local/bro /bro
 34 |   fi
 35 |   if [ ! -e /bro/site ]; then
 36 |     (cd /bro ; sudo ln -s share/bro/site . )
 37 |   fi
 38 |   # Copy Bro configuration
 39 |   if [ -e $HOME/node.cfg ]; then
 40 |     mv $HOME/node.cfg $BROPATH/etc/node.cfg
 41 |   fi
 42 |   # Make Bro binaries accessible by re-setting the PATH
 43 |   if [ ! -f /etc/profile.d/bro.sh ]; then
 44 |     echo 'export PATH=/usr/local/bro/bin:$PATH' | sudo tee -a /etc/profile.d/bro.sh
 45 |   fi
 46 |   hi "Bro configuration complete"
 47 | }
 48 | 
 49 | function install_dependencies {
 50 |   # Add repo for Google Perftools
 51 |   add-apt-repository ppa:agent-8131/ppa
 52 | 
 53 |   # Install dependencies
 54 |   apt-get update -qq
 55 |   apt-get -y install cmake make gcc g++ flex bison \
 56 |     libpcap-dev libssl-dev python-dev swig zlib1g-dev libmagic-dev && hi "Dependencies installed!"
 57 | }
 58 | 
 59 | function install_extras {
 60 |   # Install extras
 61 |   apt-get -y install git libgeoip-dev gawk sendmail curl tcpreplay cowsay
 62 |   #ipsumdump (no package), libgoogle-perftools-dev
 63 | 
 64 |   if [ ! -f /usr/share/GeoIP/GeoIPCity.dat ]; then
 65 |     wget --progress=dot:mega http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
 66 |     gunzip GeoLiteCity.dat.gz
 67 |     mv GeoLiteCity.dat /usr/share/GeoIP/GeoIPCity.dat && hi "GeoIP database installed"
 68 |   fi
 69 | }
 70 | 
 71 | function install_latest_bro {
 72 |   # Install latest Bro
 73 |   if [ ! -d /usr/local/bro ]; then
 74 |     git clone --recursive git://git.bro.org/bro
 75 |     cd bro
 76 |     ./configure --disable-broker || die "Configure failed!"
 77 |     make || die "Build failed!"
 78 |     make install && make install-aux && hi "Bro install successful!" || die "Install failed!"
 79 |   fi
 80 | }
 81 | 
 82 | function install_bro {
 83 |   if [ -d /usr/local/bro ] && [ "$(bro --version 2>&1 | grep -o '[0-9]\.[0-9]')" == "$VERSION" ];
 84 |   then
 85 |     hi "Bro already installed"
 86 |     return
 87 |   fi
 88 |   if [ ! -e bro-${VERSION}.tar.gz ] ; then
 89 |     echo "Downloading bro"
 90 |     wget -c http://www.bro.org/downloads/release/bro-${VERSION}.tar.gz --progress=dot:mega
 91 |   fi
 92 |   if [ ! -e bro-${VERSION} ] ; then
 93 |     echo "Untarring bro"
 94 |     tar xzf bro-${VERSION}.tar.gz
 95 |   fi
 96 |   cd bro-${VERSION}
 97 |   ./configure || die "Configure failed!"
 98 |   make || die "Build failed!"
 99 |   make install && hi "Bro install successful!" || die "Install failed!"
100 | }
101 | 
102 | cd $HOME
103 | 
104 | install_dependencies
105 | install_extras
106 | 
107 | if [[ $1 == "latest" ]]; then
108 |   install_latest_bro
109 | elif [[ $1 =~ [0-9]\.[0-9] ]]; then
110 |   VERSION=$1
111 |   install_bro
112 | else
113 |   install_latest_bro
114 | fi
115 | 
116 | configure_ssh
117 | configure_bro
118 | 
119 | $COWSAY -f dragon "All done here. It's Bro time, connect: $ vagrant ssh manager"
120 | 
121 | exit 0
122 | 


--------------------------------------------------------------------------------
/bro-dev/README.md:
--------------------------------------------------------------------------------
1 | # Bro Development
2 | 
3 | ````
4 | $ vagrant up
5 | ````
6 | 
7 | will provision a machine with upstream [Bro](http://bro.org) source and [binpac_quickstart](https://github.com/grigorescu/binpac_quickstart).
8 | 


--------------------------------------------------------------------------------
/bro-dev/Vagrantfile:
--------------------------------------------------------------------------------
 1 | # -*- mode: ruby -*-
 2 | # vi: set ft=ruby :
 3 | 
 4 | # Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
 5 | VAGRANTFILE_API_VERSION = "2"
 6 | 
 7 | Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
 8 | 
 9 |   config.vm.box = "trusty"
10 |   config.vm.box_url = "https://cloud-images.ubuntu.com/vagrant/trusty/current/trusty-server-cloudimg-amd64-vagrant-disk1.box"
11 |   config.vm.provision "shell", path:  "provision.sh"
12 | 
13 |   # config.vm.network "forwarded_port", guest: 80, host: 8080
14 | 
15 |   # config.vm.synced_folder "../data", "/vagrant_data"
16 | 
17 |    config.vm.provider "virtualbox" do |vb|
18 |   #   vb.gui = true
19 |       vb.name = "bro-dev"
20 |       vb.customize ["modifyvm", :id, "--memory", "2048"]
21 |       vb.customize ["modifyvm", :id, "--cpus", 2]
22 |    end
23 | 
24 | end
25 | 


--------------------------------------------------------------------------------
/bro-dev/provision.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | # Author: Jon Schipp <jonschipp@gmail.com>
  3 | # Written for Ubuntu Saucy and Trusty, should be adaptable to other distros.
  4 | 
  5 | ## Variables
  6 | VAGRANT=/home/vagrant
  7 | HOME=/root
  8 | DAQ=2.0.4
  9 | [ -e /etc/redhat-release ] && OS=el && export PKG_CONFIG_PATH="/usr/local/lib/pkgconfig:/lib64/pkgconfig/"
 10 | [ -e /etc/debian_version ] && OS=debian
 11 | [ "$OS" = "debian" ] && PACKAGES="cmake make gcc g++ flex bison libpcap-dev libssl-dev python-dev swig zlib1g-dev libmagic-dev"
 12 | [ "$OS" = "el" ] && PACKAGES=""
 13 | 
 14 | # Installation notification
 15 | MAIL=$(which mail)
 16 | COWSAY=/usr/games/cowsay
 17 | IRCSAY=/usr/local/bin/ircsay
 18 | IRC_CHAN="#replace_me"
 19 | HOST=$(hostname -s)
 20 | LOGFILE=/root/islet_install.log
 21 | EMAIL=user@company.com
 22 | 
 23 | cd $HOME
 24 | 
 25 | function die {
 26 |   if [ -f ${COWSAY:-none} ]; then
 27 |     $COWSAY -d "$*"
 28 |   else
 29 |     echo "$*"
 30 |   fi
 31 |   if [ -f $IRCSAY ]; then
 32 |     ( set +e; $IRCSAY "$IRC_CHAN" "$*" 2>/dev/null || true )
 33 |   fi
 34 |   [ $MAIL ] && echo "$*" | mail -s "[vagrant] bro-dev install information on $HOST" $EMAIL
 35 |   exit 1
 36 | }
 37 | 
 38 | function hi {
 39 |   if [ -f ${COWSAY:-none} ]; then
 40 |     $COWSAY "$*"
 41 |   else
 42 |     echo "$*"
 43 |   fi
 44 |   if [ -f $IRCSAY ]; then
 45 |     ( set +e; $IRCSAY "$IRC_CHAN" "$*" 2>/dev/null || true )
 46 |   fi
 47 |   [ $MAIL ] && echo "$*" | mail -s "[vagrant] bro-dev install information on $HOST" $EMAIL
 48 | }
 49 | 
 50 | number_of_packages(){ package_count="$#"; }
 51 | 
 52 | package_check(){
 53 |   local packages=$@
 54 |   local count=0
 55 |   # Count number of items in packages variable
 56 |   number_of_packages $packages
 57 | 
 58 |   # Format items for egrep query
 59 |   pkg_list=$(echo $packages | sed 's/ /|  /g')
 60 | 
 61 |   # Count number of packages installed from list
 62 |   [ "$OS" = "debian" ] && count=$(dpkg -l | egrep "  $pkg_list" | wc -l)
 63 |   [ "$OS" = "el" ]     && count=$(yum list installed | egrep "$pkg_list" | wc -l)
 64 | 
 65 |   if [ $count -ge $package_count ]
 66 |   then
 67 |     return 0
 68 |   else
 69 |     echo "Installing packages for function!"
 70 |     [ "$OS" = "debian" ] && apt-get install -qy $packages
 71 |     [ "$OS" = "el" ]     && yum install -qy $packages
 72 |   fi
 73 | }
 74 | 
 75 | install_dependencies(){
 76 |   hi "$1 $FUNCNAME\n"
 77 |   [ "$OS" = "debian" ] && apt-get update -qq
 78 |   [ "$OS" = "el" ]     && yum makecache -q
 79 |   package_check $PACKAGES
 80 |   apt-get -y install cmake make gcc g++ flex bison \
 81 |     libpcap-dev libssl-dev python-dev swig zlib1g-dev libmagic-dev && hi "Dependencies installed!"
 82 | }
 83 | 
 84 | function install_extras {
 85 |   # Install extras
 86 |   apt-get -y install git libgeoip-dev gawk sendmail curl tcpreplay cowsay
 87 | 
 88 |   if [ ! -f /usr/share/GeoIP/GeoIPCity.dat ]; then
 89 |     wget --progress=dot:mega http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
 90 |     gunzip GeoLiteCity.dat.gz
 91 |     mv GeoLiteCity.dat /usr/share/GeoIP/GeoIPCity.dat && hi "GeoIP database installed"
 92 |   fi
 93 | }
 94 | 
 95 | install_bro(){
 96 |   hi "$1 $FUNCNAME\n"
 97 |   cd $HOME
 98 |   if ! [ -d bro ]
 99 |   then
100 |     git clone --recursive git://git.bro.org/bro || die "Clone of bro repo failed"
101 |   fi
102 |   cd $HOME
103 | }
104 | 
105 | install_binpac_quickstart(){
106 |   hi "$1 $FUNCNAME\n"
107 |   cd $HOME
108 |   if ! [ -d binpac_quickstart ]
109 |   then
110 |     git clone https://github.com/grigorescu/binpac_quickstart || die "Clone of binpac_quickstart repo failed"
111 |   fi
112 |   cd $HOME
113 | }
114 | 
115 | configuration(){
116 |   hi "$1 $FUNCNAME\n"
117 | }
118 | 
119 | install_dependencies "1.)"
120 | install_extras "2.)"
121 | install_bro "3.)"
122 | install_binpac_quickstart "4.)"
123 | configuration "4.)"
124 | 


--------------------------------------------------------------------------------
/bro-sandbox/Dockerfile:
--------------------------------------------------------------------------------
 1 | # Bro Sandbox - Bro 2.3.1
 2 | #
 3 | # VERSION               1.0.8
 4 | FROM      ubuntu
 5 | MAINTAINER Jon Schipp <jonschipp@gmail.com>
 6 | 
 7 | # Specify container username e.g. training, demo
 8 | ENV VIRTUSER demo
 9 | # Specify Bro version to download and install (e.g. bro-2.2, bro-2.3)
10 | ENV BRO_VERSION bro-2.3.1
11 | # Place to install bro
12 | ENV DST /home/$VIRTUSER/bro
13 | 
14 | RUN apt-get update -qq
15 | RUN apt-get install -y build-essential cmake make gcc g++ flex bison libpcap-dev libgeoip-dev libssl-dev python-dev zlib1g-dev libmagic-dev swig2.0 wget
16 | RUN apt-get install -y gawk vim emacs nano
17 | RUN adduser --disabled-password --gecos "" $VIRTUSER
18 | RUN su -l -c "wget http://www.bro.org/downloads/release/$BRO_VERSION.tar.gz && tar -xzf $BRO_VERSION.tar.gz" $VIRTUSER
19 | RUN su -l -c "cd $BRO_VERSION && ./configure --prefix=$DST && make && make install" $VIRTUSER
20 | RUN rm -rf /home/$VIRTUSER/$BRO_VERSION*
21 | RUN echo "PATH=$PATH:/usr/local/bro/bin/" > /etc/profile.d/bro.sh && chmod 555 /etc/profile.d/bro.sh
22 | RUN echo "export TMOUT=1800; readonly TMOUT" > /etc/profile.d/timeout.sh && chmod 555 /etc/profile.d/timeout.sh
23 | RUN su -l -c 'ln -s /exercises exercises' $VIRTUSER
24 | RUN ln -s $DST /usr/local/bro
25 | 
26 | RUN echo "$VIRTUSER ALL=(root) NOPASSWD:/usr/local/bro/bin/bro" > /etc/sudoers.d/bro
27 | RUN echo "$VIRTUSER ALL=(root) NOPASSWD:/usr/local/bro/bin/broctl" >> /etc/sudoers.d/bro
28 | RUN echo "alias bro='sudo $DST/bin/bro'" >> /etc/profile.d/bro.sh
29 | RUN echo "alias broctl='sudo $DST/bin/broctl'" >> /etc/profile.d/bro.sh
30 | RUN chmod 0440 /etc/sudoers.d/bro && chown root:root /etc/sudoers.d/bro
31 | 


--------------------------------------------------------------------------------
/bro-sandbox/LICENSE:
--------------------------------------------------------------------------------
 1 | # http://opensource.org/licenses/NCSA
 2 | # For brolive/bro-sandbox scripts
 3 | Copyright (c) <2014> <National Center for Supercomputing Applications>
 4 | All rights reserved.
 5 | 
 6 | Developed by: 		CyberSecurity Directorate, National Center for Supercomputing Applications
 7 |                       	University of Illinois at Urbana-Champaign
 8 |                         http://www.ncsa.illinois.edu/
 9 | 
10 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files
11 | (the "Software"), to deal with the Software without restriction, including without limitation the rights to use, copy, modify,
12 | merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is
13 | furnished to do so, subject to the following conditions:
14 | 
15 | Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimers.
16 | Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimers
17 | in the documentation and/or other materials provided with the distribution. Neither the names of <Name of Development Group,
18 | Name of Institution>, nor the names of its contributors may be used to endorse or promote products derived from this Software
19 | without specific prior written permission.
20 | 
21 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
22 | OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE CONTRIBUTORS OR COPYRIGHT HOLDERS
23 | BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR
24 | IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS WITH THE SOFTWARE.
25 | 


--------------------------------------------------------------------------------
/bro-sandbox/README.md:
--------------------------------------------------------------------------------
  1 | # Bro-Sandbox
  2 | 
  3 | **Note**: This is deprecated in favor of [BroLive!](https://github.com/bro/bro-live) but this still works
  4 | 
  5 | ````
  6 | $ vagrant up
  7 | ````
  8 | 
  9 | will provision a machine which uses Linux Containers (LXC) via Docker containing Bro.
 10 | When a user ssh's to the demo account on the machine they're placed in a contained Linux environment.
 11 | The container lives and is re-attachable for the duration of an event (def: 3 days). The number of days
 12 | can be customized by modifying the arguments to scripts executed by /etc/cron.d/sandbox.
 13 | 
 14 | I wrote my own account manager (sandbox.login) to handle the creation of user containers
 15 | which can be re-attached to in the event of a disconnect, lunch break, etc.
 16 | 
 17 | ```
 18 | $ ssh -p 2222 demo@127.0.0.1 -o UserKnownHostsFile=/dev/null
 19 | ```
 20 | 
 21 | The password for the demo user is:
 22 | ```
 23 | demo
 24 | ```
 25 | 
 26 | ## Administration & Usability
 27 | 
 28 | Common Tasks:
 29 | 
 30 | * Change the password of the demo user to help prevent unauthorized access
 31 | 
 32 | ```
 33 |         $ passwd demo
 34 | ```
 35 | 
 36 | * Change the password of a container user (Not a system account). Place an SHA-1 hash of the password of choice in the second field of desired user in /var/tmp/sandbox_db.
 37 | 
 38 | ```
 39 | 	$ PASS=$(echo "newpassword" | sha1sum | sed 's/ .*//)
 40 | 	$ USER=testuser
 41 | 	$ sed -i "/^$USER:/ s/:[^:]*/:$PASS/" /var/tmp/sandbox_db
 42 | 	$ grep testuser /var/tmp/sandbox_db
 43 | 	testuser:dd76770fc59bcb08cfe7951e5839ac2cb007b9e5:1410247448
 44 | 
 45 | ```
 46 | 
 47 | * Configure container and user lifetime (e.g. conference duration)
 48 | 
 49 |   1. Specify the number of days for user account and container lifetime in:
 50 | 
 51 | ```
 52 |         $ grep ^DAYS /etc/sandbox/sandbox.conf
 53 |         DAYS=3 # Length of the event in days
 54 | ```
 55 | 
 56 |   Removal scripts are cron jobs that are scheduled in /etc/cron.d/sandbox
 57 | 
 58 | * Allocate more or less resources for containers, and control other container settings.
 59 |   These changes will take effect for each newly created container.
 60 |   - System and use case dependent
 61 | 
 62 | ```
 63 |         $ grep -A 5 "Container config /etc/sandbox/sandbox.conf
 64 | 	## Container configuration (applies to each container)
 65 | 	VIRTUSER=demo  # Account used when container is entered (Must exist in container!)
 66 | 	CPU=1          # Number of CPU's allocated to each container
 67 | 	RAM=256m       # Amount of memory allocated to each container
 68 | 	HOSTNAME=bro   # Cosmetic: Will end up as $USER@$HOSTNAME:~$ in shell
 69 | 	NETWORK=none   # Disable networking by default: none; Enable networking: bridge
 70 | 	DNS=127.0.0.1  # Use loopback when networking is disabled to prevent error messages
 71 | ```
 72 | 
 73 | * Set container size limit 
 74 | 
 75 |   - Note that for the changes to take effect you will have to wipe all existing containers and images
 76 | 
 77 |   1. Modify the value of dm.basesize=3G in /etc/defaults/docker
 78 | 
 79 | ```
 80 |         $ grep basesize /etc/defaults/docker 
 81 |         DOCKER_OPTS="--dns 8.8.8.8 --dns 8.8.4.4 --storage-driver=devicemapper --storage-opt dm.basesize=3G"
 82 | 
 83 |         # rm -rf /var/lib/docker/
 84 |         # mkdir -p /var/lib/docker/devicemapper/devicemapper
 85 |         # restart docker
 86 |         # docker build -t jonschipp/latest-bro-sandbox - < $HOME/Dockerfile
 87 | ```
 88 | 
 89 | * Adding, removing, or modifying exercises
 90 | 
 91 |   1. Make changes in /exercises on the host's filesystem
 92 | 
 93 |   *  Changes are immediately available for new and existing containers
 94 | 
 95 | ## Branding
 96 | 
 97 | * Custom greeting upon initial system login
 98 | 
 99 |   1. Edit /etc/sandbox/sandbox_shell with the text of your liking
100 | 
101 | ```
102 |         #!/usr/bin/env bash
103 |         clear
104 |         echo "Welcome to Bro Live!"
105 |         echo "===================="
106 |         cat <<"EOF"
107 |           -----------
108 |           /             \
109 |          |  (   (0)   )  |
110 |          |            // |
111 |           \     <====// /
112 |             -----------
113 |         EOF
114 |         echo
115 |         echo "A place to try out Bro."
116 |         echo
117 | 
118 | 	#########################################
119 | 	exec timeout 1m $LAUNCH_CONTAINER $IMAGE
120 | 	#########################################        
121 | ```
122 | 
123 | * Custom login message for each user
124 | 
125 |   1. Edit the MOTD variable in /etc/sandbox/sandbox.conf with the text of your liking.
126 |      'echo -e' escape sequences work here.
127 | 
128 | ```
129 | 	$ grep -A 2 MOTD /etc/sandbox/sandbox.conf 
130 | 	MOTD="
131 | 	Training materials are located in /exercises
132 | 	\te.g. $ bro -r /exercises/BroCon14/beginner/http.pcap\n"
133 | 
134 | ```
135 | 
136 | ## Demo
137 | 
138 | Here's a brief demonstration:
139 | 
140 | ```
141 |         $ ssh demo@live.bro.org
142 | 
143 |         Welcome to Bro Live!
144 |         ====================
145 | 
146 |             -----------
147 |           /             \
148 |          |  (   (0)   )  |
149 |          |            // |
150 |           \     <====// /
151 |             -----------
152 | 
153 |         A place to try out Bro. 
154 | 
155 |         Are you a new or existing user? [new/existing]: new
156 |         
157 |         A temporary account will be created so that you can resume your session. Account is valid for the length of the event.
158 |         
159 |         Choose a username [a-zA-Z0-9]: jon
160 |         Your username is jon
161 |         Choose a password: 
162 |         Verify your password: 
163 |         Your account will expire on Fri 29 Aug 2014 07:40:11 PM UTC
164 |         
165 |         Enjoy yourself!
166 |         Training materials are located in /exercises.
167 |         e.g. $ bro -r /exercises/beginner/http.pcap
168 |         
169 |         demo@bro:~$ pwd
170 |         /home/demo
171 |         demo@bro:~$ which bro
172 |         /usr/local/bro/bin/bro
173 | ```
174 | 
175 | This is a demonstration of using Linux Containers to sandbox applications for the purpose of training.
176 | The production instance of this idea is called Bro Live! It was released at BroCon '14 <br> 
177 | [More Information] (https://registry.hub.docker.com/u/jonschipp/latest-bro-sandbox/)
178 | 


--------------------------------------------------------------------------------
/bro-sandbox/Vagrantfile:
--------------------------------------------------------------------------------
 1 | # -*- mode: ruby -*-
 2 | # vi: set ft=ruby :
 3 | 
 4 | # Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
 5 | VAGRANTFILE_API_VERSION = "2"
 6 | 
 7 | Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
 8 | 
 9 |   config.vm.box = "trusty"
10 |   config.vm.box_url = "https://cloud-images.ubuntu.com/vagrant/trusty/current/trusty-server-cloudimg-amd64-vagrant-disk1.box"
11 |   config.vm.provision "file",  source: "Dockerfile",              destination: "Dockerfile"
12 |   config.vm.provision "file",  source: "sandbox.cron",                  destination: "sandbox.cron"
13 |   config.vm.provision "file",  source: "etc.default.docker",            destination: "etc.default.docker"
14 |   config.vm.provision "file",  source: "scripts/sandbox_login", 	destination: "sandbox_login"
15 |   config.vm.provision "file",  source: "scripts/sandbox_shell",         destination: "sandbox_shell"
16 |   config.vm.provision "file",  source: "scripts/disk_limit",            destination: "disk_limit"
17 |   config.vm.provision "file",  source: "scripts/remove_old_containers", destination: "remove_old_containers"
18 |   config.vm.provision "file",  source: "scripts/remove_old_users",      destination: "remove_old_users"
19 |   config.vm.provision "shell", path:   "provision.sh"
20 | 
21 |   # config.vm.network "forwarded_port", guest: 80, host: 8080
22 | 
23 |   # config.vm.synced_folder "../data", "/vagrant_data"
24 | 
25 |    config.vm.provider "virtualbox" do |vb|
26 |   #   vb.gui = true
27 |       vb.name = "bro-sandbox-test"
28 |       vb.customize ["modifyvm", :id, "--memory", "1024"]
29 |       vb.customize ["modifyvm", :id, "--cpus", 1]
30 |    end
31 | 
32 | end
33 | 


--------------------------------------------------------------------------------
/bro-sandbox/etc.default.docker:
--------------------------------------------------------------------------------
 1 | # Docker Upstart and SysVinit configuration file
 2 | 
 3 | # Customize location of Docker binary (especially for development testing).
 4 | #DOCKER="/usr/local/bin/docker"
 5 | 
 6 | # Use DOCKER_OPTS to modify the daemon startup options.
 7 | DOCKER_OPTS="--dns 8.8.8.8 --dns 8.8.4.4 --storage-driver=devicemapper --storage-opt dm.basesize=3G"
 8 | 
 9 | # If you need Docker to use an HTTP proxy, it can also be specified here.
10 | #export http_proxy="http://127.0.0.1:3128/"
11 | 
12 | # This is also a handy place to tweak where Docker's temporary files go.
13 | #export TMPDIR="/mnt/bigdrive/docker-tmp"
14 | 


--------------------------------------------------------------------------------
/bro-sandbox/sandbox.cron:
--------------------------------------------------------------------------------
 1 | SHELL=/bin/sh
 2 | PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
 3 | 
 4 | # m h dom mon dow user  command
 5 | # No longer necessary when using devicemapper to limit container size
 6 | #* * * * *   root    /usr/local/bin/sandbox_disk_limit
 7 | 
 8 | # Don't run at the same time, causes problems
 9 | @daily   	 root    /usr/local/bin/sandbox_remove_old_containers
10 | 0 22 * * *       root    /usr/local/bin/sandbox_remove_old_users
11 | 


--------------------------------------------------------------------------------
/bro-sandbox/scripts/disk_limit:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | # Kill containers which grow to 1GB our more
 3 | CONTAINERS=$(docker ps -s | awk 'BEGIN { FS="[ ]{3,}" } $7 ~ / [GT]B/ { print $1 }')
 4 | 
 5 | if [ ! -z "$CONTAINERS" ]
 6 | then
 7 |         for ID in $CONTAINERS
 8 |         do
 9 |                 echo 'echo "Warning: Max. disk space reached. Destroying container..."' | docker attach $ID
10 |                 docker stop $ID
11 |                 logger -t "docker" "disk_limit.sh: Container $ID was greater than 1GB. Stopped"
12 |         done
13 | fi
14 | 


--------------------------------------------------------------------------------
/bro-sandbox/scripts/remove_old_containers:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | # Destroy containers which are older than x days (weeks, months, or years also if they were missed)
 3 | ARGC=$#
 4 | DAYS=3             # Overwritten by value in $CONFIG
 5 | CONFIG=/etc/sandbox/sandbox.conf
 6 | if [ -f $CONFIG ]; then
 7 |         source $CONFIG
 8 | else
 9 |         echo "$CONFIG not found! Exiting..."
10 |         exit 1
11 | fi
12 | 
13 | CONTAINERS=$(docker ps -a | \
14 |  awk -v remove=$DAYS 'BEGIN { FS="[ ]{3,}" } \
15 |         $4 ~ /[0-9]+ day|week|month|year/ && count=substr($4,1,2) \
16 |                 { 
17 |                         if ( strtonum(count) > remove ) { 
18 |                                 printf("%s ", $1) 
19 |                         }
20 |                 }')
21 | 
22 | if [ ! -z "$CONTAINERS" ]
23 | then
24 |         for ID in $CONTAINERS
25 |         do
26 |                 #echo 'echo "Warning: Container lifetime limit reached. Destroying container..."' | docker attach $ID
27 |                 docker rm $ID
28 |                 logger -t "docker" "remove_old_containers.sh: Container $ID was older than $DAYS day. Stopped"
29 |         done
30 | fi
31 | 


--------------------------------------------------------------------------------
/bro-sandbox/scripts/remove_old_users:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | # Destroy users which are older than x days
 3 | CURRENT=$(date +"%s")
 4 | ARGC=$#
 5 | DAYS=3 		   # Overwritten by value in $CONFIG
 6 | DB=/var/tmp/sandbox_db # Overwritten by value in $CONFIG
 7 | CONFIG=/etc/sandbox/sandbox.conf
 8 | if [ -f $CONFIG ]; then
 9 |         source $CONFIG
10 | else
11 |         echo "$CONFIG not found! Exiting..."
12 |         exit 1
13 | fi
14 | 
15 | KEEP=$(($DAYS*86400))
16 | 
17 | while read line
18 | do
19 |         USER=$(echo "$line" | awk -F : '{ print $1 }')
20 |         TIME=$(echo "$line" | awk -F : '{ print $3 }')
21 |         ANSWER=$(echo $((CURRENT-TIME)))
22 |         if [ $ANSWER -ge $KEEP ]
23 |         then
24 |                 echo "Warning: User account $USER lifetime reached. Removing user..."
25 |                 logger -t "docker" "remove_old_users.sh: User account $USER was older than $DAYS day. Removed"
26 |                 sed -i "/^$USER:/d" $DB
27 |         fi
28 | done < $DB
29 | 


--------------------------------------------------------------------------------
/bro-sandbox/scripts/sandbox_login:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env bash
  2 | 
  3 | # Global Variables
  4 | CONFIG=/etc/sandbox/sandbox.conf
  5 | 
  6 | # Varables:
  7 | FAILURE_COUNT=0
  8 | TIME=$(date +"%s")
  9 | DAYS=3 # Length of the event in days
 10 | EXPIRATION=$(date --date=@$((TIME+86400*DAYS)) +"%c")
 11 | DB=/var/tmp/sandbox_db
 12 | AVAILABLE_USER=1
 13 | PW_LENGTH=4 # Not implemented
 14 | 
 15 | # Retrieve globals
 16 | if [ -f $CONFIG ]; then
 17 | 	source $CONFIG
 18 | fi
 19 | 
 20 | ## Other
 21 | IMAGE="$1"           # Custom image name passed from sandbox_shell as argument
 22 | BASENAME="$IMAGE"    # Container prefix as $BASENAME.$USERNAME, used for re-attachment
 23 | 
 24 | # Override with per image configuration
 25 | if [ -f $CONFIG_DIR/${IMAGE}.conf ]; then
 26 | 	source $CONFIG_DIR/${IMAGE}.conf
 27 | fi
 28 | 
 29 | if [ ! -r $DB ]; then
 30 |         touch $DB
 31 | 	chown ${USER}:${USER} $DB
 32 | 	chmod 660 $DB
 33 | fi
 34 | 
 35 | function quit {
 36 |         MESSAGE=$1
 37 |         echo "Exiting session!"
 38 |         log "$MESSAGE"
 39 |         exit 1
 40 | }
 41 | 
 42 | function log {
 43 |         MESSAGE=$1
 44 |         logger -p local0.notice -t "sandbox" "sandbox_login.sh: $MESSAGE"
 45 | }
 46 | 
 47 | function message {
 48 | MESSAGE=$1
 49 | echo
 50 | echo "$1"
 51 | echo "$MOTD"
 52 | echo
 53 | }
 54 | 
 55 | function identify {
 56 |         read -r -p "Are you a new or existing user? [new/existing]: " CHOICE
 57 |         echo
 58 | 
 59 |         if [[ "$CHOICE" = "new" ]] || [[ "$CHOICE" = "existing" ]]; then
 60 |                 [[ "$CHOICE" = "new" ]] && new_user
 61 |                 [[ "$CHOICE" = "existing" ]] && existing_user
 62 |         else
 63 |                 try_again
 64 |         fi
 65 | }
 66 | 
 67 | function sanitize {
 68 | ITEM="$1"
 69 |         echo ${ITEM//[^a-zA-Z0-9]/}
 70 | }
 71 | 
 72 | function new_user {
 73 |         echo "A temporary account will be created so that you can resume your session. Account is valid for the length of the event."
 74 |         echo
 75 | 
 76 |         until test $AVAILABLE_USER -ne 1
 77 |         do
 78 |                 read -r -p "Choose a username [a-zA-Z0-9]: " USERNAME
 79 |                 USERNAME=$(sanitize $USERNAME)
 80 |                 echo "Your username is $USERNAME"
 81 |                 verify_new_user
 82 |         done
 83 | 
 84 |         read -r -s -p "Choose a password: " PASSWORD
 85 |         echo
 86 |         read -r -s -p "Verify your password: " PASSWORD_VERIFY
 87 |         echo
 88 |         verify_new_password
 89 | }
 90 | 
 91 | function existing_user {
 92 |         echo "Your previous account is only valid for the length of the event, after that you must create a new account"
 93 |         echo
 94 |         while test $FAILURE_COUNT -lt 3
 95 |         do
 96 |                 read -r -p "Username: " USERNAME
 97 |                 USERNAME=$(sanitize $USERNAME)
 98 |                 read -r -s -p "Password: " PASSWORD
 99 |                 echo
100 |                 USER_SUPPLIED_PASSWORD=$(echo "$PASSWORD" | sha1sum | sed 's/ .*//')
101 |                 HASH=$(awk -F : -v user=$USERNAME '$1 == user { print $2 }' $DB)
102 |                 if [ "$USER_SUPPLIED_PASSWORD" = "$HASH" ]
103 |                 then
104 |                         echo Success
105 |                         log "${USERNAME}: Returning user"
106 |                         message "Welcome back!"
107 |                         sudo docker start "${BASENAME}.${USERNAME}" > /dev/null 2>&1 && exec sudo docker attach "${BASENAME}.${USERNAME}"
108 |                         if [ $? -ne 0 ]; then
109 |                                 echo "Launching container failed! Please report to admins"
110 |                                 quit "Launching container failed!"
111 |                         fi
112 |                 else
113 |                         echo "Login Failed, try again."
114 |                 fi
115 |                 let FAILURE_COUNT++
116 |         done
117 |         echo "Too many failed attempts!"
118 |         quit "$FAILURE_COUNT failed password verification attempts"
119 | }
120 | 
121 | function verify_new_user {
122 |         grep -w -q "$USERNAME" $DB 2>/dev/null
123 |         if [ $? -eq 0 ]; then
124 |                 echo "User already exists! Try a different one."
125 |                 AVAILABLE_USER=1
126 |         else
127 |                 AVAILABLE_USER=0
128 |         fi
129 | }
130 | 
131 | function verify_new_password {
132 |         while [ "$PASSWORD" != "$PASSWORD_VERIFY" ]
133 |         do
134 |                 if [ $FAILURE_COUNT -lt 3 ]
135 |                 then
136 |                         echo "Passwords do not match! Try again."
137 |                         read -r -s -p "Choose a password: " PASSWORD
138 |                         echo
139 |                         read -r -s -p "Verify your password: " PASSWORD_VERIFY
140 |                         echo
141 |                 else
142 |                         echo "Too many failed attempts!"
143 |                         quit "$FAILURE_COUNT failed password verification attempts"
144 |                 fi
145 |         let FAILURE_COUNT++
146 |         done
147 | 
148 |         HASH=$(echo "$PASSWORD" | sha1sum | sed 's/ .*//')
149 | 
150 |         (
151 |         flock --timeout 10 100 || quit "Couldn't obtain lock on file, try again later"
152 |         echo "${USERNAME}:${HASH}:${TIME}" >> $DB
153 |         ) 100>~/sandbox.lock
154 | 
155 |         log "${USERNAME}: Account created"
156 |         echo "Your account will expire on $EXPIRATION"
157 |         start_container
158 | }
159 | 
160 | function try_again {
161 |         read -r -p "I didn't understand your response. Would you like to try again? [Y/N]: " TRY
162 |         if [[ "$TRY" = [YyNn] ]] || [[ "$TRY" = "[yY][eE]sS]" ]] || [[ "$TRY" = "[nN][oO]" ]]; then
163 |                 [[ "$TRY" = [Yy] ]] || [[ "$TRY" = "[yY][eE][sS]" ]] && clear && identify
164 |                 [[ "$TRY" = [Nn] ]] || [[ "$TRY" = "[nN][oO]" ]] && quit "User chose to exit from try_again"
165 |         else
166 |                 quit "User forced to exit from try_again because of invalid response to question"
167 |         fi
168 | }
169 | 
170 | function start_container {
171 |         message "Enjoy yourself!"
172 | 	exec sudo docker run --name="${BASENAME}.${USERNAME}" -t -h $HOSTNAME -c $CPU -m $RAM --net $NETWORK --dns $DNS \
173 | 		$MOUNT -i $IMAGE sudo -i -u $VIRTUSER 2>/dev/null
174 | }
175 | 
176 | trap 'echo; quit "Trap received, exiting..."' 1 2 3 20
177 | identify
178 | exit
179 | 


--------------------------------------------------------------------------------
/bro-sandbox/scripts/sandbox_shell:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | # Global Variables
 3 | CONFIG=/etc/sandbox/sandbox.conf
 4 | if [ -f $CONFIG ]; then
 5 | 	source $CONFIG
 6 | else
 7 | 	echo "$CONFIG not found! Exiting..."
 8 | 	exit 1
 9 | fi
10 | 
11 | clear
12 | 
13 | echo "Welcome to Bro Live!"
14 | echo "===================="
15 | cat <<"EOF"
16 |     -----------
17 |   /             \
18 |  |  (   (0)   )  |
19 |  |            // |
20 |   \     <====// /
21 |     -----------
22 | EOF
23 | echo
24 | echo "A place to try out Bro."
25 | echo
26 | 
27 | #########################################
28 | exec timeout 1m $LAUNCH_CONTAINER $IMAGE
29 | #########################################
30 | 


--------------------------------------------------------------------------------
/collectd-graphite/Vagrantfile:
--------------------------------------------------------------------------------
 1 | # -*- mode: ruby -*-
 2 | # vi: set ft=ruby :
 3 | 
 4 | # Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
 5 | VAGRANTFILE_API_VERSION = "2"
 6 | 
 7 | Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
 8 | 
 9 |   config.vm.box = "trusty"
10 |   config.vm.box_url = "https://cloud-images.ubuntu.com/vagrant/trusty/current/trusty-server-cloudimg-amd64-vagrant-disk1.box"
11 |   config.vm.provision "shell", path:   "provision.sh"
12 |   config.vm.network "forwarded_port", protocol: "udp", guest: 25826, host: 25826
13 |   config.vm.network "forwarded_port", protocol: "tcp", guest: 80, host: 8888
14 |   config.vm.network "private_network", ip: "10.1.1.15", :netmask => "255.255.255.0", :adapter => 2
15 |   # config.vm.synced_folder "../data", "/vagrant_data"
16 | 
17 |    config.vm.provider "virtualbox" do |vb|
18 |   #   vb.gui = true
19 |       vb.name = "collectd"
20 |       vb.customize ["modifyvm", :id, "--memory", "1024"]
21 |       vb.customize ["modifyvm", :id, "--cpus", 1]
22 |    end
23 | 
24 | end
25 | 


--------------------------------------------------------------------------------
/collectd-graphite/provision.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | # Author: Jon Schipp <jonschipp@gmail.com>
  3 | # Written for Ubuntu Saucy and Trusty, should be adaptable to other distros.
  4 | 
  5 | ## Variables
  6 | export DEBIAN_FRONTEND=noninteractive
  7 | HOME=/root
  8 | cd $HOME
  9 | 
 10 | # Installation notification
 11 | COWSAY=/usr/games/cowsay
 12 | IRCSAY=/usr/local/bin/ircsay
 13 | IRC_CHAN="#replace_me"
 14 | HOST=$(hostname -s)
 15 | LOGFILE=/root/collectd_install.log
 16 | EMAIL=user@company.com
 17 | 
 18 | function die {
 19 |   if [ -f ${COWSAY:-none} ]; then
 20 |     $COWSAY -d "$*"
 21 |   else
 22 |     echo "$*"
 23 |   fi
 24 |   if [ -f $IRCSAY ]; then
 25 |     ( set +e; $IRCSAY "$IRC_CHAN" "$*" 2>/dev/null || true )
 26 |   fi
 27 |   echo "$*" | mail -s "[vagrant] ISLET install information on $HOST" $EMAIL
 28 |   exit 1
 29 | }
 30 | 
 31 | function hi {
 32 |   if [ -f ${COWSAY:-none} ]; then
 33 |     $COWSAY "$*"
 34 |   else
 35 |     echo "$*"
 36 |   fi
 37 |   if [ -f $IRCSAY ]; then
 38 |     ( set +e; $IRCSAY "$IRC_CHAN" "$*" 2>/dev/null || true )
 39 |   fi
 40 |   echo "$*" | mail -s "[vagrant] ISLET install information on $HOST" $EMAIL
 41 | }
 42 | 
 43 | install_dependencies(){
 44 |   apt-get update -qq
 45 |   apt-get install -yq cowsay git ca-certificates apparmor expect
 46 | }
 47 | 
 48 | install_collectd(){
 49 |   COLLECTD=/etc/collectd/collectd.conf
 50 |   COLLECTD_LUG=/etc/collectd/collectd.conf.d/lug.conf
 51 |   apt-get update -qq
 52 |   apt-get install -yq collectd
 53 |   grep -q "^LoadPlugin network" $COLLECTD || sed -i '/LoadPlugin network/s/^#//' $COLLECTD
 54 |   grep -q "^LoadPlugin write_graphite" $COLLECTD || sed -i '/LoadPlugin write_graphite/s/^#//' $COLLECTD
 55 |   if ! [ -f $COLLECTD_LUG ]; then
 56 | cat <<EOF > $COLLECTD_LUG
 57 | <Plugin "network">
 58 | 	Listen "0.0.0.0" "25826"
 59 | </Plugin>
 60 | 
 61 | <Plugin write_graphite>
 62 | 	<Node "collectd">
 63 | 		Host "localhost"
 64 | 		Port "2003"
 65 | 		Protocol "tcp"
 66 | 		LogSendErrors true
 67 | 		StoreRates true
 68 | 		AlwaysAppendDS false
 69 | 		EscapeCharacter "_"
 70 | 	</Node>
 71 | </Plugin>
 72 | 
 73 | LoadPlugin syslog
 74 | LoadPlugin battery
 75 | LoadPlugin cgroups
 76 | LoadPlugin conntrack
 77 | LoadPlugin contextswitch
 78 | LoadPlugin cpu
 79 | LoadPlugin cpufreq
 80 | LoadPlugin df
 81 | LoadPlugin disk
 82 | LoadPlugin entropy
 83 | LoadPlugin ethstat
 84 | LoadPlugin exec
 85 | LoadPlugin filecount
 86 | LoadPlugin interface
 87 | LoadPlugin iptables
 88 | LoadPlugin irq
 89 | LoadPlugin load
 90 | LoadPlugin lvm
 91 | LoadPlugin memory
 92 | LoadPlugin netlink
 93 | LoadPlugin processes
 94 | LoadPlugin protocols
 95 | LoadPlugin swap
 96 | LoadPlugin tcpconns
 97 | LoadPlugin unixsock
 98 | LoadPlugin uptime
 99 | LoadPlugin users
100 | LoadPlugin vmem
101 | EOF
102 |   fi
103 | }
104 | 
105 | install_graphite(){
106 |   apt-get install -yq postgresql libpq-dev python-psycopg2 apache2 libapache2-mod-wsgi
107 |   apt-get install -yq graphite-web graphite-carbon
108 | }
109 | 
110 | configuration(){
111 | GRAPHITE=/etc/graphite/local_settings.py
112 | if ! [ -f /etc/apache2/sites-available/apache2-graphite.conf ]; then
113 |   a2dissite 000-default
114 | 	cp /usr/share/graphite-web/apache2-graphite.conf /etc/apache2/sites-available
115 |   a2ensite apache2-graphite
116 | fi
117 | sudo -u postgres psql <<EOF
118 | CREATE USER graphite WITH PASSWORD 'uiuclug';
119 | CREATE DATABASE graphite WITH OWNER graphite;
120 | EOF
121 | sed -i '/DATABASES = {/,/^}/d' $GRAPHITE
122 | grep -q "^TIME_ZONE = 'America/Chicago'" $GRAPHITE ||
123 | 	echo "TIME_ZONE = 'America/Chicago'" >> $GRAPHITE
124 | grep -q "^USE_REMOTE_USER_AUTHENTICATION = True" $GRAPHITE ||
125 | 	 echo "USE_REMOTE_USER_AUTHENTICATION = True" >> $GRAPHITE
126 | grep -q "^SECRET_KEY = 'uiuclug'" $GRAPHITE || echo "SECRET_KEY = 'uiuclug'" >> $GRAPHITE
127 | 
128 | grep -q "^DATABASES = {" $GRAPHITE || cat <<EOF >> $GRAPHITE
129 | DATABASES = {
130 |     'default': {
131 |         'NAME': 'graphite',
132 |         'ENGINE': 'django.db.backends.postgresql_psycopg2',
133 |         'USER': 'graphite',
134 |         'PASSWORD': 'uiuclug',
135 |         'HOST': '127.0.0.1',
136 |         'PORT': ''
137 |     }
138 | }
139 | EOF
140 | 
141 |   grep -q "^ENABLE_LOGROTATION = True" /etc/carbon/carbon.conf || sed -i '/^ENABLE_LOGROTATION/s/False/True/' /etc/carbon/carbon.conf
142 |   grep -q "^CARBON_CACHE_ENABLED=true" /etc/default/graphite-carbon || sed -i '/^CARBON_CACHE_ENABLED/s/false/true/' /etc/default/graphite-carbon
143 | 
144 | cat <<EOF > /etc/carbon/storage-schemas.conf
145 | # Schema definitions for Whisper files. Entries are scanned in order,
146 | # and first match wins. This file is scanned for changes every 60 seconds.
147 | #
148 | #  [name]
149 | #  pattern = regex
150 | #  retentions = timePerPoint:timeToStore, timePerPoint:timeToStore, ...
151 | 
152 | # Carbon's internal metrics. This entry should match what is specified in
153 | # CARBON_METRIC_PREFIX and CARBON_METRIC_INTERVAL settings
154 | [carbon]
155 | pattern = ^carbon\.
156 | retentions = 60:90d
157 | 
158 | 
159 | [default]
160 | pattern = .*
161 | retentions = 5s:30d,1m:60d,5m:1y,10m:5y
162 | EOF
163 | 
164 | /usr/bin/expect <<EOF
165 | spawn /usr/bin/graphite-manage syncdb
166 | expect "Would you like to create one now?"
167 | send "yes\n"
168 | expect "Username"
169 | send "admin\n"
170 | expect "Email address:"
171 | send "addr@company.com\n"
172 | expect "Password:"
173 | send "uiuclug\n"
174 | expect "Password (again):"
175 | send "uiuclug\n"
176 | expect eof
177 | EOF
178 | }
179 | 
180 | services(){
181 |   service collectd restart
182 |   service carbon-cache start
183 |   service apache2 reload
184 | }
185 | 
186 | install_dependencies "1.)"
187 | install_collectd "2.)"
188 | install_graphite "3.)"
189 | configuration "4.)"
190 | services "5.)"
191 | 
192 | echo
193 | 


--------------------------------------------------------------------------------
/cuckoo/README.md:
--------------------------------------------------------------------------------
 1 | # Cuckoo Sandbox
 2 | 
 3 | ````
 4 | $ vagrant up
 5 | ````
 6 | 
 7 | will provision a machine with Cuckoo sandbox using Virtualbox provider.
 8 | WUI: http://127.0.0.1/8080 (Django)
 9 | API: http://127.0.0.1/8081 (Bottle)
10 | WUI2: http://127.0.0.1/8082 (Bottle)
11 | 
12 | Create a Windows 7 64 bit virtual machine (or other Windows OS but then set profile in /opt/cuckoo/conf/memory.conf)
13 | ````
14 | $ scp -P 2222 -o UserKnownHostsFile=/dev/null win7.vdi root@127.0.0.1:"VirtualBox\ VMs/Cuckoo/"
15 | $ VirtualBox # Create VM named Cuckoo, assign static IP of 192.168.56.2
16 | $ VBoxManage snapshot "Cuckoo" take "cuckoo-snap1" --pause
17 | $ VBoxManage controlvm "Cuckoo" poweroff
18 | $ VBoxManage snapshot "Cuckoo" restorecurrent
19 | $ restart cuckoo
20 | $ /opt/cuckoo/utils/submit.py --url mobogenie.free.download.for.pc.windows.8.1.getridofadwareoncomputer.com
21 | ````
22 | 
23 | Debugging
24 | ````
25 | $ tail -f /opt/cuckoo/log/cuckoo.log
26 | ````
27 | 


--------------------------------------------------------------------------------
/cuckoo/Vagrantfile:
--------------------------------------------------------------------------------
 1 | # -*- mode: ruby -*-
 2 | # vi: set ft=ruby :
 3 | 
 4 | # Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
 5 | VAGRANTFILE_API_VERSION = "2"
 6 | 
 7 | Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
 8 | 
 9 |   config.vm.box = "trusty"
10 |   config.vm.box_url = "https://cloud-images.ubuntu.com/vagrant/trusty/current/trusty-server-cloudimg-amd64-vagrant-disk1.box"
11 |   config.vm.provision "file", source: "cuckoo/cuckoo.conf", destination: "cuckoo.conf"
12 |   config.vm.provision "file", source: "cuckoo/memory.conf", destination: "memory.conf"
13 |   config.vm.provision "file", source: "cuckoo/auxiliary.conf", destination: "auxiliary.conf"
14 |   config.vm.provision "file", source: "cuckoo/reporting.conf", destination: "reporting.conf"
15 |   config.vm.provision "file", source: "cuckoo/virtualbox.conf", destination: "virtualbox.conf"
16 |   config.vm.provision "file", source: "cuckoo/kvm.conf", destination: "kvm.conf"
17 |   config.vm.provision "file", source: "cuckoo/local_settings.py", destination: "local_settings.py"
18 |   config.vm.provision "file", source: "upstart/cuckoo.conf", destination: "upstart.conf"
19 |   config.vm.provision "file", source: "upstart/cuckoo-api.conf", destination: "cuckoo-api.conf"
20 |   config.vm.provision "file", source: "upstart/cuckoo-web.conf", destination: "cuckoo-web.conf"
21 |   config.vm.provision "file", source: "vbox/VirtualBox.xml", destination: "VirtualBox.xml"
22 |   config.vm.provision "shell", path: "provision.sh", args: "virtualbox"
23 | 
24 |   config.vm.network "forwarded_port", guest: 80,   host: 8080
25 |   config.vm.network "forwarded_port", guest: 8080, host: 8081
26 |   config.vm.network "forwarded_port", guest: 8888, host: 8082
27 | 
28 |   # config.vm.synced_folder "../data", "/vagrant_data"
29 | 
30 |    config.vm.provider "virtualbox" do |vb|
31 |       vb.gui = true
32 |       vb.name = "cuckoo"
33 |       vb.customize ["modifyvm", :id, "--memory", "4096"]
34 |       vb.customize ["modifyvm", :id, "--cpus", 3]
35 |    end
36 | 
37 | end
38 | 


--------------------------------------------------------------------------------
/cuckoo/cuckoo/auxiliary.conf:
--------------------------------------------------------------------------------
 1 | [sniffer]
 2 | # Enable or disable the use of an external sniffer (tcpdump) [yes/no].
 3 | enabled = yes
 4 | 
 5 | # Specify the path to your local installation of tcpdump. Make sure this
 6 | # path is correct.
 7 | tcpdump = /usr/sbin/tcpdump
 8 | 
 9 | # Specify the network interface name on which tcpdump should monitor the
10 | # traffic. Make sure the interface is active.
11 | interface = vboxnet0
12 | 
13 | # Specify a Berkeley packet filter to pass to tcpdump.
14 | bpf = not arp
15 | 


--------------------------------------------------------------------------------
/cuckoo/cuckoo/cuckoo.conf:
--------------------------------------------------------------------------------
  1 | [cuckoo]
  2 | # Enable or disable startup version check. When enabled, Cuckoo will connect
  3 | # to a remote location to verify whether the running version is the latest
  4 | # one available.
  5 | version_check = on
  6 | 
  7 | # If turned on, Cuckoo will delete the original file after its analysis
  8 | # has been completed.
  9 | delete_original = on
 10 | 
 11 | # If turned on, Cuckoo will delete the copy of the original file in the
 12 | # local binaries repository after the analysis has finished. (On *nix this
 13 | # will also invalidate the file called "binary" in each analysis directory,
 14 | # as this is a symlink.)
 15 | delete_bin_copy = on
 16 | 
 17 | # Specify the name of the machinery module to use, this module will
 18 | # define the interaction between Cuckoo and your virtualization software
 19 | # of choice.
 20 | machinery = virtualbox
 21 | 
 22 | # Enable creation of memory dump of the analysis machine before shutting
 23 | # down. Even if turned off, this functionality can also be enabled at
 24 | # submission. Currently available for: VirtualBox and libvirt modules (KVM).
 25 | memory_dump = on
 26 | 
 27 | # When the timeout of an analysis is hit, the VM is just killed by default.
 28 | # For some long-running setups it might be interesting to terminate the
 29 | # moinitored processes before killing the VM so that connections are closed.
 30 | terminate_processes = on
 31 | 
 32 | # Enable automatically re-schedule of "broken" tasks each startup.
 33 | # Each task found in status "processing" is re-queued for analysis.
 34 | reschedule = off
 35 | 
 36 | # Enable processing of results within the main cuckoo process.
 37 | # This is the default behavior but can be switched off for setups that
 38 | #  require high stability and process the results in a separate task.
 39 | process_results = on
 40 | 
 41 | # Limit the amount of analysis jobs a Cuckoo process goes through.
 42 | # This can be used together with a watchdog to mitigate risk of memory leaks.
 43 | max_analysis_count = 0
 44 | 
 45 | # Limit the number of concurrently executing analysis machines.
 46 | # This may be useful on systems with limited resources.
 47 | # Set to 0 to disable any limits.
 48 | max_machines_count = 20
 49 | 
 50 | # Minimum amount of free space (in MB) available before starting a new task.
 51 | # This tries to avoid failing an analysis because the reports can't be written
 52 | # due out-of-diskspace errors. Setting this value to 0 disables the check.
 53 | # (Note: this feature is currently not supported under Windows.)
 54 | freespace = 10000
 55 | 
 56 | # Temporary directory containing the files uploaded through Cuckoo interfaces
 57 | # (web.py, api.py, Django web interface).
 58 | tmppath = /tmp
 59 | 
 60 | [resultserver]
 61 | # The Result Server is used to receive in real time the behavioral logs
 62 | # produced by the analyzer.
 63 | # Specify the IP address of the host. The analysis machines should be able
 64 | # to contact the host through such address, so make sure it's valid.
 65 | # NOTE: if you set resultserver IP to 0.0.0.0 you have to set the option
 66 | # `resultserver_ip` for all your virtual machines in machinery configuration.
 67 | ip = 0.0.0.0
 68 | port = 2042
 69 | 
 70 | # Should the server write the legacy CSV format?
 71 | # (if you have any custom processing on those, switch this on)
 72 | store_csvs = off
 73 | 
 74 | # Maximum size of uploaded files from VM (screenshots, dropped files, log)
 75 | # The value is expressed in bytes, by default 10Mb.
 76 | upload_max_size = 10485760
 77 | 
 78 | [processing]
 79 | # Set the maximum size of analyses generated files to process. This is used
 80 | # to avoid the processing of big files which may take a lot of processing
 81 | # time. The value is expressed in bytes, by default 100Mb.
 82 | analysis_size_limit = 104857600
 83 | 
 84 | # Enable or disable DNS lookups.
 85 | resolve_dns = off
 86 | 
 87 | [database]
 88 | # Specify the database connection string.
 89 | # Examples, see documentation for more:
 90 | # sqlite:///foo.db
 91 | # postgresql://foo:bar@localhost:5432/mydatabase
 92 | # mysql://foo:bar@localhost/mydatabase
 93 | # If empty, default is a SQLite in db/cuckoo.db.
 94 | connection = mysql://cuckoo:password@127.0.0.1/cuckoo
 95 | 
 96 | # Database connection timeout in seconds.
 97 | # If empty, default is set to 60 seconds.
 98 | timeout =
 99 | 
100 | [timeouts]
101 | # Set the default analysis timeout expressed in seconds. This value will be
102 | # used to define after how many seconds the analysis will terminate unless
103 | # otherwise specified at submission.
104 | default = 120
105 | 
106 | # Set the critical timeout expressed in seconds. After this timeout is hit
107 | # Cuckoo will consider the analysis failed and it will shutdown the machine
108 | # no matter what. When this happens the analysis results will most likely
109 | # be lost. Make sure to have a critical timeout greater than the
110 | # default timeout.
111 | critical = 180
112 | 
113 | # Maximum time to wait for virtual machine status change. For example when
114 | # shutting down a vm. Default is 300 seconds.
115 | vm_state = 180
116 | 


--------------------------------------------------------------------------------
/cuckoo/cuckoo/kvm.conf:
--------------------------------------------------------------------------------
 1 | [kvm]
 2 | machines = cuckoo
 3 | 
 4 | [cuckoo]
 5 | label = cuckoo
 6 | platform = windows
 7 | ip = 192.168.56.2
 8 | #snapshot = cuckoo-snap1
 9 | interface = virbr0
10 | resultserver_ip = 192.168.56.100
11 | resultserver_port = 2042
12 | tags = windows_7,64_bit,acrobat_reader,open_office,fox_it_reader,google_chrome,firefox,vlc_player
13 | 


--------------------------------------------------------------------------------
/cuckoo/cuckoo/local_settings.py:
--------------------------------------------------------------------------------
 1 | # Copyright (C) 2010-2014 Cuckoo Foundation.
 2 | # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org
 3 | # See the file 'docs/LICENSE' for copying permission.
 4 | 
 5 | LOCAL_SETTINGS = True
 6 | from settings import *
 7 | 
 8 | # If you want to customize your cuckoo path set it here.
 9 | CUCKOO_PATH = "/opt/cuckoo"
10 | 
11 | # If you want to customize your cuckoo temporary upload path set it here.
12 | # CUCKOO_FILE_UPLOAD_TEMP_DIR = "/where/web/tmp/is/placed/"
13 | 
14 | # Maximum upload size.
15 | MAX_UPLOAD_SIZE = 26214400
16 | 
17 | # Override default secret key stored in secret_key.py
18 | # Make this unique, and don't share it with anybody.
19 | # SECRET_KEY = "YOUR_RANDOM_KEY"
20 | 
21 | # Language code for this installation. All choices can be found here:
22 | # http://www.i18nguy.com/unicode/language-identifiers.html
23 | LANGUAGE_CODE = "en-us"
24 | 
25 | ADMINS = (
26 |      ("User Name", "user@domain.com"),
27 | )
28 | 
29 | MANAGERS = ADMINS
30 | 
31 | # Allow verbose debug error message in case of application fault.
32 | # It's strongly suggested to set it to False if you are serving the
33 | # web application from a web server front-end (i.e. Apache).
34 | DEBUG = True
35 | 
36 | # A list of strings representing the host/domain names that this Django site
37 | # can serve.
38 | # Values in this list can be fully qualified names (e.g. 'www.example.com').
39 | # When DEBUG is True or when running tests, host validation is disabled; any
40 | # host will be accepted. Thus it's usually only necessary to set it in production.
41 | ALLOWED_HOSTS = [ '*' ]
42 | 


--------------------------------------------------------------------------------
/cuckoo/cuckoo/memory.conf:
--------------------------------------------------------------------------------
  1 | # Volatility configuration
  2 | 
  3 | [basic]
  4 | 
  5 | # Profile to avoid wasting time identifying it
  6 | guest_profile = Win7SP1x64
  7 | 
  8 | # Delete memory dump after volatility processing.
  9 | delete_memdump = no
 10 | 
 11 | # List of available modules
 12 | # enabled: enable this module
 13 | # filter: use filters to remove benign system data from the logs
 14 | # Filters are defined in the mask section at below
 15 | 
 16 | # Scans for hidden/injected code and dlls
 17 | # http://code.google.com/p/volatility/wiki/CommandReferenceMal23#malfind
 18 | [malfind]
 19 | enabled = yes
 20 | filter = on
 21 | 
 22 | # Lists hooked api in user mode and kernel space
 23 | # Expect it to be very slow when enabled
 24 | # http://code.google.com/p/volatility/wiki/CommandReferenceMal23#apihooks
 25 | [apihooks]
 26 | enabled = no
 27 | filter = on
 28 | 
 29 | # Lists official processes. Does not detect hidden processes
 30 | # http://code.google.com/p/volatility/wiki/CommandReference23#pslist
 31 | [pslist]
 32 | enabled = yes
 33 | filter = off
 34 | 
 35 | # Lists hidden processes. Uses several tricks to identify them
 36 | # http://code.google.com/p/volatility/wiki/CommandReferenceMal23#psxview
 37 | [psxview]
 38 | enabled = yes
 39 | filter = off
 40 | 
 41 | # Show callbacks
 42 | # http://code.google.com/p/volatility/wiki/CommandReferenceMal23#callbacks
 43 | [callbacks]
 44 | enabled = no
 45 | filter = off
 46 | 
 47 | # Show idt
 48 | # http://code.google.com/p/volatility/wiki/CommandReferenceMal23#idt
 49 | [idt]
 50 | enabled = yes
 51 | filter = off
 52 | 
 53 | # Show timers
 54 | # http://code.google.com/p/volatility/wiki/CommandReferenceMal23#timers
 55 | [timers]
 56 | enabled = yes
 57 | filter = off
 58 | 
 59 | # Show messagehooks
 60 | # Expect it to be very slow when enabled
 61 | # http://code.google.com/p/volatility/wiki/CommandReferenceGui23#messagehooks
 62 | [messagehooks]
 63 | enabled = no
 64 | filter = off
 65 | 
 66 | # Show sids
 67 | # http://code.google.com/p/volatility/wiki/CommandReference23#getsids
 68 | [getsids]
 69 | enabled = yes
 70 | filter = off
 71 | 
 72 | # Show privileges
 73 | # http://code.google.com/p/volatility/wiki/CommandReference23#privs
 74 | [privs]
 75 | enabled = yes
 76 | filter = off
 77 | 
 78 | # Display processes' loaded DLLs- Does not display hidden DLLs
 79 | # http://code.google.com/p/volatility/wiki/CommandReference23#dlllist
 80 | [dlllist]
 81 | enabled = yes
 82 | filter = on
 83 | 
 84 | # List open handles of processes
 85 | # http://code.google.com/p/volatility/wiki/CommandReference23#handles
 86 | [handles]
 87 | enabled = yes
 88 | filter = on
 89 | 
 90 | # Displays processes' loaded DLLs - Even hidden one (unlinked from PEB linked list)
 91 | # http://code.google.com/p/volatility/wiki/CommandReferenceMal23#ldrmodules
 92 | [ldrmodules]
 93 | enabled = yes
 94 | filter = on
 95 | 
 96 | # Scan for Mutexes (whole system)
 97 | # http://code.google.com/p/volatility/wiki/CommandReference23#mutantscan
 98 | [mutantscan]
 99 | enabled = yes
100 | filter = on
101 | 
102 | # List devices and drivers
103 | # http://code.google.com/p/volatility/wiki/CommandReferenceMal23#devicetree
104 | [devicetree]
105 | enabled = yes
106 | filter = on
107 | 
108 | # Scan for services
109 | # http://code.google.com/p/volatility/wiki/CommandReferenceMal23#svcscan
110 | [svcscan]
111 | enabled = yes
112 | filter = on
113 | 
114 | # Scan for kernel drivers (includes hidden, unloaded)
115 | # http://code.google.com/p/volatility/wiki/CommandReference23#modscan
116 | [modscan]
117 | enabled = yes
118 | filter = on
119 | 
120 | [yarascan]
121 | enabled = yes
122 | filter = on
123 | 
124 | [ssdt]
125 | enabled = yes
126 | filter = on
127 | 
128 | [gdt]
129 | enabled = yes
130 | filter = on
131 | 
132 | # Masks. Data that should not be logged
133 | # Just get this information from your plain VM Snapshot (without running malware)
134 | # This will filter out unwanted information in the logs
135 | [mask]
136 | enabled = no
137 | pid_generic =
138 | 


--------------------------------------------------------------------------------
/cuckoo/cuckoo/reporting.conf:
--------------------------------------------------------------------------------
 1 | # Enable or disable the available reporting modules [on/off].
 2 | # If you add a custom reporting module to your Cuckoo setup, you have to add
 3 | # a dedicated entry in this file, or it won't be executed.
 4 | # You can also add additional options under the section of your module and
 5 | # they will be available in your Python class.
 6 | 
 7 | [jsondump]
 8 | enabled = yes
 9 | indent = 4
10 | encoding = latin-1
11 | 
12 | [reporthtml]
13 | enabled = yes
14 | 
15 | [mmdef]
16 | enabled = no
17 | 
18 | [maec40]
19 | enabled = no
20 | mode = overview
21 | processtree = true
22 | output_handles = false
23 | static = true
24 | strings = true
25 | virustotal = true
26 | 
27 | [mongodb]
28 | enabled = yes
29 | host = 127.0.0.1
30 | port = 27017
31 | store_memdump = yes
32 | 


--------------------------------------------------------------------------------
/cuckoo/cuckoo/virtualbox.conf:
--------------------------------------------------------------------------------
 1 | [virtualbox]
 2 | # Specify which VirtualBox mode you want to run your machines on.
 3 | # Can be "gui", "sdl" or "headless". Refer to VirtualBox's official
 4 | # documentation to understand the differences.
 5 | mode = headless
 6 | path = /usr/bin/VBoxManage
 7 | machines = cuckoo
 8 | 
 9 | [cuckoo]
10 | label = Cuckoo
11 | platform = windows
12 | ip = 192.168.56.2
13 | snapshot = cuckoo-snap1
14 | interface = vboxnet0
15 | resultserver_ip = 192.168.56.100
16 | resultserver_port = 2042
17 | tags = windows_7,64_bit,acrobat_reader,open_office,fox_it_reader,google_chrome,firefox,vlc_player
18 | 


--------------------------------------------------------------------------------
/cuckoo/provision.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | # Author: Jon Schipp <jonschipp@gmail.com>
  3 | # Written for Ubuntu Saucy and Trusty, should be adaptable to other distros.
  4 | 
  5 | ## Variables
  6 | PROVIDER="$1"
  7 | HOME=/root
  8 | VAGRANT=/home/vagrant
  9 | PREFIX=/opt/cuckoo
 10 | CONFIG=$PREFIX/conf
 11 | PACKAGES="cowsay unzip python python-sqlalchemy python-bson git bison flex python-dpkt python-jinja2 python-yara python-magic python-pymongo python-gridfs python-libvirt python-bottle python-pefile python-chardet volatility tcpdump libcap2-bin mongodb python-django python-dev libfuzzy-dev python-pip ssdeep"
 12 | [ -e /etc/redhat-release ] && OS=el
 13 | [ -e /etc/debian_version ] && OS=debian
 14 | 
 15 | # Installation notification
 16 | MAIL=$(which mail)
 17 | COWSAY=/usr/games/cowsay
 18 | IRCSAY=/usr/local/bin/ircsay
 19 | IRC_CHAN="#replace_me"
 20 | HOST=$(hostname -s)
 21 | LOGFILE=/root/islet_install.log
 22 | EMAIL=user@company.com
 23 | 
 24 | cd $HOME
 25 | 
 26 | function die {
 27 |   if [ -f ${COWSAY:-none} ]; then
 28 |     $COWSAY -d "$*"
 29 |   else
 30 |     echo "$*"
 31 |   fi
 32 |   if [ -f $IRCSAY ]; then
 33 |     ( set +e; $IRCSAY "$IRC_CHAN" "$*" 2>/dev/null || true )
 34 |   fi
 35 |   [ $MAIL ] && echo "$*" | mail -s "[vagrant] Bro Sandbox install information on $HOST" $EMAIL
 36 |   exit 1
 37 | }
 38 | 
 39 | function hi {
 40 |   if [ -f ${COWSAY:-none} ]; then
 41 |     $COWSAY "$*"
 42 |   else
 43 |     echo "$*"
 44 |   fi
 45 |   if [ -f $IRCSAY ]; then
 46 |     ( set +e; $IRCSAY "$IRC_CHAN" "$*" 2>/dev/null || true )
 47 |   fi
 48 |   [ $MAIL ] && echo "$*" | mail -s "[vagrant] Bro Sandbox install information on $HOST" $EMAIL
 49 | }
 50 | 
 51 | number_of_packages(){ package_count="$#"; }
 52 | 
 53 | package_check(){
 54 |   local packages=$@
 55 |   local count=0
 56 |   # Count number of items in packages variable
 57 |   number_of_packages $packages
 58 | 
 59 |   # Format items for egrep query
 60 |   pkg_list=$(echo $packages | sed 's/ /|  /g')
 61 | 
 62 |   # Count number of packages installed from list
 63 |   [ "$OS" = "debian" ] && count=$(dpkg -l | egrep "  $pkg_list" | wc -l)
 64 |   [ "$OS" = "el" ]     && count=$(yum list installed | egrep "$pkg_list" | wc -l)
 65 | 
 66 |   if [ $count -ge $package_count ]
 67 |   then
 68 |     return 0
 69 |   else
 70 |     echo "Installing packages for function!"
 71 |     [ "$OS" = "debian" ] && apt-get install -qy $packages
 72 |     [ "$OS" = "el" ]     && yum install -qy $packages
 73 |   fi
 74 | }
 75 | 
 76 | install_dependencies(){
 77 |   echo "$1 $FUNCNAME"
 78 |   [ "$OS" = "debian" ] && apt-get update -qq
 79 |   [ "$OS" = "el" ]     && yum makecache -q
 80 |   # Required
 81 |   package_check $PACKAGES
 82 |     # maec
 83 |   pip install pydeep distorm3
 84 |   install_yara
 85 |   install_distorm
 86 |   [ $PROVIDER ] || die "Argument not specified, pass either virtualbox or kvm as argument"
 87 |   [ "$PROVIDER" == "virtualbox" ] && install_virtualbox
 88 |   [ "$PROVIDER" == "kvm" ] && install_kvm
 89 | }
 90 | 
 91 | install_virtualbox(){
 92 |   [ -e /etc/apt/sources.list.d/virtualbox.list ] || echo "deb http://download.virtualbox.org/virtualbox/debian $(lsb_release -cs) contrib non-free" > /etc/apt/sources.list.d/virtualbox.list &&
 93 |     wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc -O - | apt-key add - && apt-get update
 94 |   package_check virtualbox-4.3 dkms
 95 |   [ -d $HOME/.config ] || mkdir -p -m 700 $HOME/.config/VirtualBox
 96 |   [ -e $VAGRANT/VirtualBox.xml ] && install -o root -g root -m 600 $VAGRANT/VirtualBox.xml $HOME/.config/VirtualBox
 97 |   mkdir -p /root/VirtualBox\ VMs/Cuckoo/
 98 | }
 99 | 
100 | install_kvm(){
101 |   [ $VT -eq 1 ] || die "KVM is not supported by the hardware, use virtualbox instead"
102 |   package_check qemu-kvm libvirt-bin ubuntu-vm-builder bridge-utils
103 | }
104 | 
105 | install_mysql(){
106 |   echo "$1 $FUNCNAME"
107 |   debconf-set-selections <<< 'mysql-server mysql-server/root_password password password'
108 |   debconf-set-selections <<< 'mysql-server mysql-server/root_password_again password password'
109 |   package_check mysql-server python-mysqldb
110 |   mysql --user=root --password=password -e "CREATE DATABASE cuckoo;" || die "Failed to create MySQL cuckoo database"
111 |   mysql --user=root --password=password -e "CREATE USER 'cuckoo'@'localhost' IDENTIFIED BY 'password';"
112 |   mysql --user=root --password=password -e "GRANT ALL PRIVILEGES ON cuckoo.* TO 'cuckoo'@'localhost' WITH GRANT OPTION;"
113 |   mysql --user=root --password=password -e "CREATE USER 'cuckoo'@'%' IDENTIFIED BY 'password';"
114 |   mysql --user=root --password=password -e "GRANT ALL PRIVILEGES ON cuckoo.* TO 'cuckoo'@'%' WITH GRANT OPTION;"
115 | }
116 | 
117 | install_yara() {
118 |   echo "$1 $FUNCNAME"
119 |   package_check libpcre3 libpcre3-dev libtool automake autoconf autotools-dev libjansson-dev libmagic-dev
120 |   if ! [ -d yara ]
121 |   then
122 |     git clone https://github.com/plusvic/yara
123 |     cd yara
124 |     ./bootstrap.sh && ./configure --enable-cuckoo --enable-magic && make && make install || die "yara failed to install"
125 |     pip install yara-python || die "yara-python failed to install"
126 |   fi
127 | }
128 | 
129 | install_distorm() {
130 |   echo "$1 $FUNCNAME"
131 |   if ! [ -d distorm3 ]
132 |   then
133 |     wget http://distorm.googlecode.com/files/distorm-package3.1.zip || die "Failed to download distorm3"
134 |     unzip distorm-package3.1.zip
135 |     cd distorm3
136 |     python setup.py build
137 |     python setup.py install
138 |   fi
139 | }
140 | 
141 | configure_dependencies(){
142 |   echo "$1 $FUNCNAME"
143 |   if ! getcap /usr/sbin/tcpdump | grep -q cap_net_admin,cap_net_raw
144 |   then
145 |     setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump
146 |   fi
147 | }
148 | 
149 | configure_users(){
150 |   echo "$1 $FUNCNAME"
151 |   getent passwd cuckoo 1>/dev/null 	  || adduser --disabled-password  --gecos "" --shell /bin/bash cuckoo
152 |   getent group vboxusers | grep -q cuckoo || usermod -a -G vboxusers cuckoo 2>/dev/null
153 |   getent group libvirtd  | grep -q cuckoo || usermod -a -G libvirtd cuckoo 2>/dev/null
154 |   getent group kvm       | grep -q cuckoo || usermod -a -G kvm cuckoo 2>/dev/null
155 | }
156 | 
157 | install_cuckoo(){
158 |   echo "$1 $FUNCNAME"
159 |   if ! [ -d $PREFIX ]
160 |   then
161 |     git clone git://github.com/cuckoobox/cuckoo.git $PREFIX || die "Clone of cuckoo repo failed"
162 |   fi
163 | }
164 | 
165 | configure_cuckoo(){
166 |   echo "$1 $FUNCNAME"
167 |   [ -e $VAGRANT/cuckoo.conf ]       && install -o root -g root -m 644 $VAGRANT/cuckoo.conf $CONFIG/cuckoo.conf
168 |   [ -e $VAGRANT/memory.conf ]       && install -o root -g root -m 644 $VAGRANT/memory.conf $CONFIG/memory.conf
169 |   [ -e $VAGRANT/auxiliary.conf ]    && install -o root -g root -m 644 $VAGRANT/auxiliary.conf $CONFIG/auxiliary.conf
170 |   [ -e $VAGRANT/reporting.conf ]    && install -o root -g root -m 644 $VAGRANT/reporting.conf $CONFIG/reporting.conf
171 |   [ -e $VAGRANT/virtualbox.conf ]   && install -o root -g root -m 644 $VAGRANT/virtualbox.conf $CONFIG/virtualbox.conf
172 |   [ -e $VAGRANT/kvm.conf ]          && install -o root -g root -m 644 $VAGRANT/kvm.conf $CONFIG/kvm.conf
173 |   [ -e $VAGRANT/local_settings.py ] && install -o root -g root -m 644 $VAGRANT/local_settings.py $PREFIX/web/web/local_settings.py
174 |   [ -e $VAGRANT/upstart.conf ]      && install -o root -g root -m 644 $VAGRANT/upstart.conf /etc/init/cuckoo.conf
175 |   [ -e $VAGRANT/cuckoo-api.conf ]   && install -o root -g root -m 644 $VAGRANT/cuckoo-api.conf /etc/init/cuckoo-api.conf
176 |   [ -e $VAGRANT/cuckoo-web.conf ]   && install -o root -g root -m 644 $VAGRANT/cuckoo-web.conf /etc/init/cuckoo-web.conf
177 |   [ $VT ] && sed -i '/^machinery/s/virtualbox/kvm/' $PREFIX/conf/cuckoo.conf
178 |   install_mysql
179 |   start cuckoo && start cuckoo-api && start cuckoo-web
180 | }
181 | 
182 | network_configuration(){
183 |   echo "$1 $FUNCNAME"
184 |   sed -i 's/without-password/yes/' /etc/ssh/sshd_config && restart ssh
185 | cat <<EOF > /etc/network/if-pre-up.d/iptables-rules
186 | # Flushing all rules
187 | iptables -F
188 | iptables -X
189 | # Adding guest access to network
190 | iptables -A FORWARD -o eth0 -i vboxnet0 -s 192.168.122.0/24 -m conntrack --ctstate NEW -j ACCEPT
191 | iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
192 | iptables -A POSTROUTING -t nat -j MASQUERADE
193 | EOF
194 |   chmod 750 /etc/network/if-pre-up.d/iptables-rules
195 |   /etc/network/if-pre-up.d/iptables-rules
196 |   echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/cuckoo.conf
197 |   sysctl -p
198 | }
199 | 
200 | # Test for hardware virtualization
201 | egrep -q '(vmx|svm)' /proc/cpuinfo && VT=1
202 | 
203 | hi "Chosen provider is $PROVIDER"
204 | install_dependencies "1.)"
205 | configure_dependencies "2.)"
206 | configure_users "3.)"
207 | install_cuckoo "4.)"
208 | configure_cuckoo "5.)"
209 | network_configuration "6.)"
210 | 
211 | pgrep -f "/usr/bin/python /opt/cuckoo/cuckoo.py" 1>/dev/null && hi "Installation successful! $(status cuckoo)..."
212 | 


--------------------------------------------------------------------------------
/cuckoo/upstart/cuckoo-api.conf:
--------------------------------------------------------------------------------
 1 | description "cuckoo-api"
 2 | author "Jon Schipp <jonschipp@gmail.com>"
 3 | 
 4 | start on filesystem or runlevel [2345]
 5 | stop on runlevel [!2345]
 6 | 
 7 | respawn limit 10 5
 8 | 
 9 | # Run Cuckoo Sandbox
10 | exec /usr/bin/python /opt/cuckoo/utils/api.py --host 0.0.0.0 --port 8080
11 | 


--------------------------------------------------------------------------------
/cuckoo/upstart/cuckoo-web.conf:
--------------------------------------------------------------------------------
 1 | description "cuckoo-web"
 2 | author "Jon Schipp <jonschipp@gmail.com>"
 3 | 
 4 | start on filesystem or runlevel [2345]
 5 | stop on runlevel [!2345]
 6 | 
 7 | respawn limit 10 5
 8 | 
 9 | # Run Cuckoo Sandbox WUI
10 | chdir /opt/cuckoo/web
11 | exec /usr/bin/python ./manage.py runserver 0.0.0.0:80
12 | 


--------------------------------------------------------------------------------
/cuckoo/upstart/cuckoo-web2.conf:
--------------------------------------------------------------------------------
 1 | description "cuckoo-web2"
 2 | author "Jon Schipp <jschipp@illinois.edu>"
 3 | 
 4 | start on filesystem or runlevel [2345]
 5 | stop on runlevel [!2345]
 6 | 
 7 | respawn limit 10 5
 8 | 
 9 | # Run Cuckoo WUI2
10 | chdir /opt/cuckoo/web
11 | exec /usr/bin/python /opt/cuckoo/utils/web.py -H 0.0.0.0 -p 8888
12 | 


--------------------------------------------------------------------------------
/cuckoo/upstart/cuckoo.conf:
--------------------------------------------------------------------------------
 1 | description "cuckoo"
 2 | author "Jon Schipp <jonschipp@gmail.com>"
 3 | 
 4 | start on filesystem or runlevel [2345]
 5 | stop on runlevel [!2345]
 6 | 
 7 | respawn limit 10 5
 8 | 
 9 | # Run Cuckoo Sandbox
10 | exec /usr/bin/python /opt/cuckoo/cuckoo.py
11 | 


--------------------------------------------------------------------------------
/cuckoo/vbox/VirtualBox.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0"?>
 2 | <!--
 3 | ** DO NOT EDIT THIS FILE.
 4 | ** If you make changes to this file while any VirtualBox related application
 5 | ** is running, your changes will be overwritten later, without taking effect.
 6 | ** Use VBoxManage or the VirtualBox Manager GUI to make changes.
 7 | -->
 8 | <VirtualBox xmlns="http://www.innotek.de/VirtualBox-settings" version="1.14-linux">
 9 |   <Global>
10 |     <ExtraData>
11 |       <ExtraDataItem name="GUI/DetailsPageBoxes" value="general,preview,system,display,storage,audio,network,usb,sharedFolders,description"/>
12 |       <ExtraDataItem name="GUI/GroupDefinitions/" value="m=c05ff0e2-e2c1-4105-a43e-f1a8da99c7b5,m=b1fd5189-6c84-4400-bc12-136cd09f9321,m=8b4e510e-015b-479d-aa3b-4f8da23d1bfe"/>
13 |       <ExtraDataItem name="GUI/HostScreenSaverDisabled" value="false"/>
14 |       <ExtraDataItem name="GUI/Input/AutoCapture" value="true"/>
15 |       <ExtraDataItem name="GUI/Input/HostKeyCombination" value="65508"/>
16 |       <ExtraDataItem name="GUI/LastWindowPosition" value="319,39,770,550"/>
17 |       <ExtraDataItem name="GUI/SplitterSizes" value="167,599"/>
18 |       <ExtraDataItem name="GUI/UpdateCheckCount" value="3"/>
19 |       <ExtraDataItem name="GUI/UpdateDate" value="1 d, 2015-01-09, stable, 4.3.20"/>
20 |       <ExtraDataItem name="HostOnly/vboxnet0/IPAddress" value="192.168.121.1"/>
21 |       <ExtraDataItem name="HostOnly/vboxnet0/IPNetMask" value="255.255.255.0"/>
22 |       <ExtraDataItem name="HostOnly/vboxnet0/IPV6NetMask" value="64"/>
23 |     </ExtraData>
24 |     <MachineRegistry>
25 |     </MachineRegistry>
26 |     <MediaRegistry>
27 |       <HardDisks/>
28 |       <DVDImages/>
29 |       <FloppyImages/>
30 |     </MediaRegistry>
31 |     <NetserviceRegistry>
32 |       <DHCPServers>
33 |         <DHCPServer networkName="HostInterfaceNetworking-vboxnet0" IPAddress="0.0.0.0" networkMask="0.0.0.0" lowerIP="0.0.0.0" upperIP="0.0.0.0" enabled="0"/>
34 |       </DHCPServers>
35 |     </NetserviceRegistry>
36 |     <SystemProperties defaultMachineFolder="/VMs" defaultHardDiskFormat="VDI" VRDEAuthLibrary="VBoxAuth" webServiceAuthLibrary="VBoxAuth" LogHistoryCount="3" exclusiveHwVirt="true"/>
37 |     <USBDeviceFilters/>
38 |   </Global>
39 | </VirtualBox>
40 | 


--------------------------------------------------------------------------------
/docker-dynamic/README.md:
--------------------------------------------------------------------------------
1 | # Docker dynamic
2 | 
3 | ````
4 | $ vagrant up
5 | ````
6 | 
7 | will provision a machine with [Docker](http://docker.io) but dynamically linked instead of the usual static build.
8 | This avoids issue with devicemapper.
9 | 


--------------------------------------------------------------------------------
/docker-dynamic/Vagrantfile:
--------------------------------------------------------------------------------
 1 | # -*- mode: ruby -*-
 2 | # vi: set ft=ruby :
 3 | 
 4 | # Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
 5 | VAGRANTFILE_API_VERSION = "2"
 6 | 
 7 | Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
 8 | 
 9 |   config.vm.box = "trusty"
10 |   config.vm.box_url = "https://cloud-images.ubuntu.com/vagrant/trusty/current/trusty-server-cloudimg-amd64-vagrant-disk1.box"
11 |   config.vm.provision "shell", path:  "provision.sh"
12 | 
13 |   # config.vm.network "forwarded_port", guest: 80, host: 8080
14 | 
15 |   # config.vm.synced_folder "../data", "/vagrant_data"
16 | 
17 |    config.vm.provider "virtualbox" do |vb|
18 |   #   vb.gui = true
19 |       vb.name = "docker-dynamic"
20 |       vb.customize ["modifyvm", :id, "--memory", "1024"]
21 |       vb.customize ["modifyvm", :id, "--cpus", 1]
22 |    end
23 | 
24 | end
25 | 


--------------------------------------------------------------------------------
/docker-dynamic/provision.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | # Author: Jon Schipp <jonschipp@gmail.com>
  3 | # Written for Ubuntu Saucy and Trusty, should be adaptable to other distros.
  4 | 
  5 | ## Variables
  6 | VAGRANT=/home/vagrant
  7 | HOME=/root
  8 | VERS=1.5.0
  9 | BUILD=/root/docker/bundles/$VERS-dev/dynbinary
 10 | [ -e /etc/redhat-release ] && OS=el
 11 | [ -e /etc/debian_version ] && OS=debian
 12 | [ "$OS" = "debian" ] && PACKAGES="docker git golang build-essential libdevmapper-dev golang-gosqlite-dev btrfs-tools uuid-dev libattr1-dev zlib1g-dev libacl1-dev e2fslibs-dev libblkid-dev liblzo2-dev"
 13 | [ "$OS" = "el" ] && PACKAGES=""
 14 | 
 15 | # Installation notification
 16 | MAIL=$(which mail)
 17 | COWSAY=/usr/games/cowsay
 18 | IRCSAY=/usr/local/bin/ircsay
 19 | IRC_CHAN="#replace_me"
 20 | HOST=$(hostname -s)
 21 | LOGFILE=/root/islet_install.log
 22 | EMAIL=user@company.com
 23 | 
 24 | cd $HOME
 25 | 
 26 | function die {
 27 |   if [ -f ${COWSAY:-none} ]; then
 28 |     $COWSAY -d "$*"
 29 |   else
 30 |     echo "$*"
 31 |   fi
 32 |   if [ -f $IRCSAY ]; then
 33 |     ( set +e; $IRCSAY "$IRC_CHAN" "$*" 2>/dev/null || true )
 34 |   fi
 35 |   [ $MAIL ] && echo "$*" | mail -s "[vagrant] Sagan install information on $HOST" $EMAIL
 36 |   exit 1
 37 | }
 38 | 
 39 | function hi {
 40 |   if [ -f ${COWSAY:-none} ]; then
 41 |     $COWSAY "$*"
 42 |   else
 43 |     echo "$*"
 44 |   fi
 45 |   if [ -f $IRCSAY ]; then
 46 |     ( set +e; $IRCSAY "$IRC_CHAN" "$*" 2>/dev/null || true )
 47 |   fi
 48 |   [ $MAIL ] && echo "$*" | mail -s "[vagrant] Sagan install information on $HOST" $EMAIL
 49 | }
 50 | 
 51 | number_of_packages(){ package_count="$#"; }
 52 | 
 53 | package_check(){
 54 |   local packages=$@
 55 |   local count=0
 56 |   # Count number of items in packages variable
 57 |   number_of_packages $packages
 58 | 
 59 |   # Format items for egrep query
 60 |   pkg_list=$(echo $packages | sed 's/ /|  /g')
 61 | 
 62 |   # Count number of packages installed from list
 63 |   [ "$OS" = "debian" ] && count=$(dpkg -l | egrep "  $pkg_list" | wc -l)
 64 |   [ "$OS" = "el" ]     && count=$(yum list installed | egrep "$pkg_list" | wc -l)
 65 | 
 66 |   if [ $count -ge $package_count ]
 67 |   then
 68 |     return 0
 69 |   else
 70 |     echo "Installing packages for function!"
 71 |     [ "$OS" = "debian" ] && apt-get install -qy $packages
 72 |     [ "$OS" = "el" ]     && yum install -qy $packages
 73 |   fi
 74 | }
 75 | 
 76 | install_dependencies(){
 77 |   hi "$1 $FUNCNAME\n"
 78 |   [ "$OS" = "debian" ] && apt-get update -qq
 79 |   [ "$OS" = "el" ]     && yum makecache -q
 80 |   #package_check $PACKAGES
 81 |   apt-get install -yq docker git golang build-essential libdevmapper-dev golang-gosqlite-dev \
 82 |     btrfs-tools uuid-dev libattr1-dev zlib1g-dev libacl1-dev e2fslibs-dev libblkid-dev liblzo2-dev
 83 |   apt-get install -yq asciidoc xmlto --no-install-recommends
 84 | }
 85 | 
 86 | install_btrfs-progs(){
 87 |   hi "$1 $FUNCNAME\n"
 88 |   if ! [ -f btrfs-progs ]
 89 |   then
 90 |     rm -rf btrfs-progs
 91 |     git clone https://kernel.googlesource.com/pub/scm/linux/kernel/git/mason/btrfs-progs || die "Clone of btrfs-progs repo failed"
 92 |     cd btrfs-progs
 93 |     make && make install
 94 |   fi
 95 | 
 96 |   cd $HOME
 97 | }
 98 | 
 99 | install_btrfs-progs(){
100 |   hi "$1 $FUNCNAME\n"
101 |   if ! [ -d btrfs-progs ] && ! [ -f /usr/local/bin/btrfsck ]
102 |   then
103 |     rm -rf btrfs-progs
104 |     git clone https://kernel.googlesource.com/pub/scm/linux/kernel/git/mason/btrfs-progs || die "Clone of btrfs-progs repo failed"
105 |     cd btrfs-progs
106 |     make && make install || die "btrfs-progs build failed"
107 |   fi
108 |   cd $HOME
109 | }
110 | 
111 | install_docker(){
112 |   hi "  Installing Docker!\n"
113 |   # Check that HTTPS transport is available to APT
114 |   if [ ! -e /usr/lib/apt/methods/https ]; then
115 |     apt-get update -qq
116 |     apt-get install -qy apt-transport-https
117 |     echo
118 |   fi
119 | 
120 |   # Add the repository to your APT sources
121 |   # Then import the repository key
122 |   if [ ! -e /etc/apt/sources.list.d/docker.list ]
123 |   then
124 |     echo deb https://get.docker.io/ubuntu docker main > /etc/apt/sources.list.d/docker.list
125 |     apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
126 |     echo
127 |   fi
128 | 
129 |   # Install docker
130 |   if ! command -v docker >/dev/null 2>&1
131 |   then
132 |     apt-get update -qq
133 |     apt-get install -qy --no-install-recommends lxc-docker cgroup-lite
134 |     #apt-get install -qy lxc-docker linux-image-extra-$(uname -r) aufs-tools
135 |   fi
136 | }
137 | 
138 | install_docker_dynamic(){
139 |   hi "$1 $FUNCNAME\n"
140 |   if ! [ -d docker ] && [ -f /usr/bin/docker ]
141 |   then
142 |     rm -rf docker
143 |     git clone https://git@github.com/docker/docker || die "Clone of btrfs-progs repo failed"
144 |     cd docker
145 |     AUTO_GOPATH=1 ./project/make.sh dynbinary || die "Docker build falied!"
146 |   fi
147 | }
148 | 
149 | configuration(){
150 |   hi "$1 $FUNCNAME\n"
151 |   pgrep -lf docker 2>&1 >/dev/null && stop docker 2>/dev/null || true
152 |   [ -f $BUILD/docker-$VERS-dev ] && install -m 755 -o root -g root $BUILD/docker-$VERS-dev /usr/bin/docker || die "File doesn't exist"
153 |   [ -f $BUILD/dockerinit-$VERS-dev ] && install -m 755 -o root -g root $BUILD/dockerinit-$VERS-dev /var/lib/docker/init/dockerinit-$VERS-dev || die "File doesn't exist"
154 |   [ -f $BUILD/dockerinit ] && install -m 755 -o root -g root $BUILD/dockerinit /usr/bin/dockerinit || "File doesn't exist"
155 |   start docker || hi "A dynamically linked Docker has been installed"
156 | }
157 | 
158 | install_dependencies "1.)"
159 | install_btrfs-progs "2.)"
160 | install_docker "3.)"
161 | install_docker_dynamic "4.)"
162 | ldd /usr/bin/docker 2>/dev/null | fgrep -q .so || configuration "5.)"
163 | 


--------------------------------------------------------------------------------
/grsecurity/README.md:
--------------------------------------------------------------------------------
 1 | # grsecurity
 2 | 
 3 | ````
 4 | $ vagrant up
 5 | $ vagrant provision
 6 | ````
 7 | 
 8 | will provision a machine with the latest grsecurity kernel.
 9 | 
10 | 


--------------------------------------------------------------------------------
/grsecurity/Vagrantfile:
--------------------------------------------------------------------------------
 1 | # -*- mode: ruby -*-
 2 | # vi: set ft=ruby :
 3 | 
 4 | # Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
 5 | VAGRANTFILE_API_VERSION = "2"
 6 | 
 7 | Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
 8 | 
 9 |   config.vm.box = "trusty"
10 |   config.vm.box_url = "https://cloud-images.ubuntu.com/vagrant/trusty/current/trusty-server-cloudimg-amd64-vagrant-disk1.box"
11 |   config.vm.provision "file", source: "config", destination: "config"
12 |   config.vm.provision "shell", path: "provision.sh"
13 | 
14 |   # config.vm.network "forwarded_port", guest: 80,   host: 8080
15 |   # config.vm.synced_folder "../data", "/vagrant_data"
16 | 
17 |    config.vm.provider "virtualbox" do |vb|
18 |       vb.gui = false
19 |       vb.name = "grsecurity"
20 |       vb.customize ["modifyvm", :id, "--memory", "4096"]
21 |       vb.customize ["modifyvm", :id, "--cpus", 4]
22 |    end
23 | 
24 | end
25 | 


--------------------------------------------------------------------------------
/grsecurity/provision.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | # Author: Jon Schipp <jonschipp@gmail.com>
  3 | # Written for Ubuntu Saucy and Trusty, should be adaptable to other distros.
  4 | 
  5 | ## Variables
  6 | HOME=/root
  7 | VAGRANT=/home/vagrant
  8 | PACKAGES="cowsay build-essential flex bison ncurses-dev gcc-4.8-plugin-dev"
  9 | PATCH="$(wget http://grsecurity.net/latest_stable2_patch -O - 2>/dev/null)"
 10 | VERS=$(echo "$PATCH" | grep -o '[0-9]\.[1-9][0-9]\.[1-9][0-9]')
 11 | URL=http://www.kernel.org/$(wget -O - https://www.kernel.org 2>/dev/null | grep -A 1 "linux-${VERS}.*"  | awk -F '[""]' 'NR == 1 { print $2 }')
 12 | KERNEL=$(basename $URL)
 13 | DIR=${KERNEL%.*.*}
 14 | GRADM="gradm-3.0-201408301734.tar.gz"
 15 | PAXCTLD="paxctld_1.0-2_amd64.deb"
 16 | CPUS=$(nproc)
 17 | UNAME=$(uname -r)
 18 | [ -e /etc/redhat-release ] && OS=el
 19 | [ -e /etc/debian_version ] && OS=debian
 20 | 
 21 | # Installation notification
 22 | MAIL=$(which mail)
 23 | COWSAY=/usr/games/cowsay
 24 | IRCSAY=/usr/local/bin/ircsay
 25 | IRC_CHAN="#replace_me"
 26 | HOST=$(hostname -s)
 27 | LOGFILE=/root/islet_install.log
 28 | EMAIL=user@company.com
 29 | 
 30 | cd $HOME
 31 | 
 32 | function die {
 33 |   if [ -f ${COWSAY:-none} ]; then
 34 |     $COWSAY -d "$*"
 35 |   else
 36 |     echo "$*"
 37 |   fi
 38 |   if [ -f $IRCSAY ]; then
 39 |     ( set +e; $IRCSAY "$IRC_CHAN" "$*" 2>/dev/null || true )
 40 |   fi
 41 |   [ $MAIL ] && echo "$*" | mail -s "[vagrant] Bro Sandbox install information on $HOST" $EMAIL
 42 |   exit 1
 43 | }
 44 | 
 45 | function hi {
 46 |   if [ -f ${COWSAY:-none} ]; then
 47 |     $COWSAY "$*"
 48 |   else
 49 |     echo "$*"
 50 |   fi
 51 |   if [ -f $IRCSAY ]; then
 52 |     ( set +e; $IRCSAY "$IRC_CHAN" "$*" 2>/dev/null || true )
 53 |   fi
 54 |   [ $MAIL ] && echo "$*" | mail -s "[vagrant] Bro Sandbox install information on $HOST" $EMAIL
 55 |   return 0
 56 | }
 57 | 
 58 | number_of_packages(){ package_count="$#"; }
 59 | 
 60 | package_check(){
 61 |   local packages=$@
 62 |   local count=0
 63 |   # Count number of items in packages variable
 64 |   number_of_packages $packages
 65 | 
 66 |   # Format items for egrep query
 67 |   pkg_list=$(echo $packages | sed 's/ /|  /g')
 68 | 
 69 |   # Count number of packages installed from list
 70 |   [ "$OS" = "debian" ] && count=$(dpkg -l | egrep "  $pkg_list" | wc -l)
 71 |   [ "$OS" = "el" ]     && count=$(yum list installed | egrep "$pkg_list" | wc -l)
 72 | 
 73 |   if [ $count -ge $package_count ]
 74 |   then
 75 |     return 0
 76 |   else
 77 |     echo "Installing packages for function!"
 78 |     [ "$OS" = "debian" ] && apt-get install -qy $packages
 79 |     [ "$OS" = "el" ]     && yum install -qy $packages
 80 |   fi
 81 | }
 82 | 
 83 | install_dependencies(){
 84 |   echo "$1 $FUNCNAME"
 85 |   [ "$OS" = "debian" ] && apt-get update -qq
 86 |   [ "$OS" = "el" ]     && yum makecache -q
 87 |   package_check $PACKAGES
 88 |   [ -f $KERNEL ] || { wget --progress=dot:mega $URL || die "Download of kernel failed"; }
 89 |   [ -f $PATCH  ] || { wget --progress=dot:mega https://grsecurity.net/stable/$PATCH || die "Download of patch failed"; }
 90 |   [ -d $DIR ]    || tar xf $KERNEL
 91 |   cd $HOME/$DIR
 92 |   patch -p1 < $HOME/$PATCH || die "Patch failed to apply!"
 93 |   [ -e $VAGRANT/config ] && install -o root -g root $VAGRANT/config $HOME/$DIR/.config
 94 | }
 95 | 
 96 | compile_kernel(){
 97 |   echo "$1 $FUNCNAME"
 98 |   make -j $CPUS         || die "Failed to build kernel!"
 99 |   make -j $CPUS modules || die "Failed to build kernel modules!"
100 |   make modules_install  || die "Failed to install kernel modules!"
101 |   { make install && hi "Linux kernel $KERNEL installed!"; } || die "Failed to install new kernel!"
102 | }
103 | 
104 | install_gradm(){
105 |   echo "$1 $FUNCNAME"
106 |   [ -f $GRADM ] || { wget https://grsecurity.net/stable/$GRADM || die "Download of gradm admin tool failed"; }
107 |   [ -d gradm ]  || tar zxf $GRADM
108 |   [ -f /sbin/gradm ] || { cd $HOME/gradm && sed -i 's|/sbin/.*-P|echo "Run /sbin/gradm -P"|' Makefile && make && make install || die "Failed to compile gradm!"; }
109 | }
110 | 
111 | install_paxctld(){
112 |   echo "$1 $FUNCNAME"
113 |   [ -f /sbin/paxctld ] || wget --quiet https://grsecurity.net/paxctld/$PAXCTLD
114 |   [ -f $PAXCTLD ] && dpkg --install $PAXCTLD
115 | }
116 | packages(){
117 |   DEBS="gradm2 paxctl prelude-lml linux-grsec-base"
118 |   apt-key adv --fetch-keys http://www.corsac.net/71ef0ba8.asc
119 |   apt-get update -qq
120 |   ! [ -f /etc/apt/sources.list.d/grsec.list ] || echo "deb http://molly.corsac.net/~corsac/debian/kernel-grsec/packages/ sid/" > /etc/apt/sources.list.d/grsec.list
121 |   package_check $DEBS
122 | }
123 | 
124 | [ "$UNAME" = "${VERS}-grsec" ] || install_dependencies "1.)"
125 | [ -f /boot/vmlinuz-${VERS}-grsec ] || compile_kernel "2.)"
126 | [ -c /dev/grsec ] && install_gradm "3.)"
127 | install_paxctld "4.)"
128 | 
129 | [ "$UNAME" = "${VERS}-grsec" ] || { hi "All is well! Rebooting into new kernel" && reboot; }
130 | 


--------------------------------------------------------------------------------
/islet-distributed/README.md:
--------------------------------------------------------------------------------
 1 | # ISLET
 2 | 
 3 | ````
 4 | $ vagrant up
 5 | ````
 6 | 
 7 | will provision a machine with [ISLET](https://github.com/jonschipp/ISLET) (Isolate, Scalable, & Lightweight Environment for Training).
 8 | 
 9 | When a user ssh's to the demo account on the machine they're placed in a contained Linux environment designed for training.
10 | 
11 | Use:
12 | ```shell
13 | $ ssh -p 2222 demo@127.0.0.1 -o UserKnownHostsFile=/dev/null
14 | ```
15 | 
16 | The password for the demo user is:
17 | ```
18 | demo
19 | ```
20 | 


--------------------------------------------------------------------------------
/islet-distributed/Vagrantfile:
--------------------------------------------------------------------------------
 1 | # -*- mode: ruby -*-
 2 | # vi: set ft=ruby :
 3 | 
 4 | # Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
 5 | VAGRANTFILE_API_VERSION = "2"
 6 | 
 7 | Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
 8 | 
 9 |   config.vm.box = "trusty"
10 |   config.vm.box_url = "https://cloud-images.ubuntu.com/vagrant/trusty/current/trusty-server-cloudimg-amd64-vagrant-disk1.box"
11 | 
12 |   # 1.) Will not work after provision script is ran because of new kernel lacking guest additions
13 |   # config.vm.network "forwarded_port", guest: 80, host: 8080
14 |   # config.vm.synced_folder ".", "/vagrant"
15 |   # 2.) Will work becuase guest additions isn't a requirement
16 |   # config.vm.synced_folder ".", "/vagrant", type: "rsync",
17 |   # rsync__exclude: ".git/"
18 |   # rsync_auto: "true" # Detect and copy any changes automatically
19 | 
20 |   config.vm.define "islet-proxy" do |islet-proxy|
21 |     islet-proxy.vm.hostname = "islet-proxy"
22 |     islet-proxy.vm.network "private_network", ip: "10.0.0.10", :netmask => "255.255.255.0", :adapter => 2
23 |     islet-proxy.vm.provision "shell", path: "provision.sh", privileged: "true", args: "1"
24 |     islet-proxy.vm.provider "virtualbox" do |vm1|
25 |       vm1.name = "islet-proxy"
26 |       vm1.customize ["modifyvm", :id, "--memory", "1024"]
27 |       vm1.customize ["modifyvm", :id, "--cpus", 1]
28 |       vm1.gui = false
29 |     end
30 |   end
31 | 
32 |   config.vm.define "islet1" do |islet1|
33 |     islet1.vm.hostname = "islet1"
34 |     islet1.vm.network "private_network", ip: "10.0.0.20", :netmask => "255.255.255.0", :adapter => 2
35 |     islet1.vm.provision "shell", path: "provision.sh", privileged: "true", args: "1"
36 |     islet1.vm.provider "virtualbox" do |vm1|
37 |       vm1.name = "islet1"
38 |       vm1.customize ["modifyvm", :id, "--memory", "1024"]
39 |       vm1.customize ["modifyvm", :id, "--cpus", 1]
40 |       vm1.gui = false
41 |     end
42 |   end
43 | 
44 |   config.vm.define "islet2" do |islet2|
45 |     islet2.vm.hostname = "islet2"
46 |     islet2.vm.network "private_network", ip: "10.0.0.30", :netmask => "255.255.255.0", :adapter => 2
47 |     islet2.vm.provision "shell", path: "provision.sh", privileged: "true", args: "1"
48 |     islet2.vm.provider "virtualbox" do |vm2|
49 |       vm2.name = "islet2"
50 |       vm2.customize ["modifyvm", :id, "--memory", "1024"]
51 |       vm2.customize ["modifyvm", :id, "--cpus", 1]
52 |       vm2.gui = false
53 |     end
54 |   end
55 | 
56 | end
57 | 


--------------------------------------------------------------------------------
/islet-distributed/provision.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | # Author: Jon Schipp <jonschipp@gmail.com>
  3 | # Written for Ubuntu Saucy and Trusty, should be adaptable to other distros.
  4 | 
  5 | ## Variables
  6 | HOME=/root
  7 | cd $HOME
  8 | 
  9 | # Installation notification
 10 | COWSAY=/usr/games/cowsay
 11 | IRCSAY=/usr/local/bin/ircsay
 12 | IRC_CHAN="#replace_me"
 13 | HOST=$(hostname -s)
 14 | LOGFILE=/root/islet_install.log
 15 | EMAIL=user@company.com
 16 | 
 17 | function die {
 18 |     if [ -f ${COWSAY:-none} ]; then
 19 |         $COWSAY -d "$*"
 20 |     else
 21 |         echo "$*"
 22 |     fi
 23 |     if [ -f $IRCSAY ]; then
 24 |         ( set +e; $IRCSAY "$IRC_CHAN" "$*" 2>/dev/null || true )
 25 |     fi
 26 |     echo "$*" | mail -s "[vagrant] Bro Sandbox install information on $HOST" $EMAIL
 27 |     exit 1
 28 | }
 29 | 
 30 | function hi {
 31 |     if [ -f ${COWSAY:-none} ]; then
 32 |         $COWSAY "$*"
 33 |     else
 34 |         echo "$*"
 35 |     fi
 36 |     if [ -f $IRCSAY ]; then
 37 |         ( set +e; $IRCSAY "$IRC_CHAN" "$*" 2>/dev/null || true )
 38 |     fi
 39 |     echo "$*" | mail -s "[vagrant] Bro Sandbox install information on $HOST" $EMAIL
 40 | }
 41 | 
 42 | install_dependencies(){
 43 | apt-get update -qq
 44 | apt-get install -yq cowsay git make sqlite pv
 45 | }
 46 | 
 47 | monitoring(){
 48 | # Yes, I want to get your stats to see how ISLET performs
 49 | # and you can view them too: http://graphite.jonschipp.com:8080/
 50 | apt-get update -qq
 51 | apt-get install -yq collectd
 52 | sed -i '/LoadPlugin network/s/^#//' /etc/collectd/collectd.conf
 53 | sed -i "/^#Hostname/s/localhost/vagrant-$RANDOM/" /etc/collectd/collectd.conf
 54 | sed -i "/^#Hostname/s/#//" /etc/collectd/collectd.conf
 55 | sed -i "/^FQDNLookup/s/true/false/" /etc/collectd/collectd.conf
 56 | cat <<EOF > /etc/collectd/collectd.conf.d/islet.conf
 57 | <Plugin "network">
 58 |         Server "graphite.jonschipp.com" "25826"
 59 | </Plugin>
 60 | 
 61 | LoadPlugin syslog
 62 | LoadPlugin battery
 63 | LoadPlugin cgroups
 64 | LoadPlugin conntrack
 65 | LoadPlugin contextswitch
 66 | LoadPlugin cpu
 67 | LoadPlugin cpufreq
 68 | LoadPlugin df
 69 | LoadPlugin disk
 70 | LoadPlugin entropy
 71 | LoadPlugin ethstat
 72 | LoadPlugin exec
 73 | LoadPlugin filecount
 74 | LoadPlugin interface
 75 | LoadPlugin iptables
 76 | LoadPlugin irq
 77 | LoadPlugin load
 78 | LoadPlugin lvm
 79 | LoadPlugin memory
 80 | LoadPlugin netlink
 81 | LoadPlugin processes
 82 | LoadPlugin protocols
 83 | LoadPlugin swap
 84 | LoadPlugin tcpconns
 85 | LoadPlugin unixsock
 86 | LoadPlugin uptime
 87 | LoadPlugin users
 88 | LoadPlugin vmem
 89 | EOF
 90 | service collectd restart
 91 | }
 92 | 
 93 | install_islet(){
 94 | if ! [ -d islet ]
 95 | then
 96 | 	git clone http://github.com/jonschipp/islet || die "Clone of islet repo failed"
 97 | 	cd islet
 98 | 	make install-docker && make docker-config && ./configure && make logo &&
 99 | 	make install && make user-config && make security-config && make iptables-config
100 | 	make install-brolive-config
101 | 	#make install-sample-distros
102 | 	make install-sample-nsm
103 | fi
104 | }
105 | 
106 | install_dependencies "1.)"
107 | install_islet "2.)"
108 | # Comment out if you don't want to send me your system's data.
109 | monitoring "3.)"
110 | 
111 | echo -e "\nTry it out: ssh -p 2222 $USER@127.0.0.1 -o UserKnownHostsFile=/dev/null"
112 | 


--------------------------------------------------------------------------------
/islet/README.md:
--------------------------------------------------------------------------------
 1 | # ISLET
 2 | 
 3 | ````
 4 | $ vagrant up
 5 | ````
 6 | 
 7 | will provision a machine with [ISLET](https://github.com/jonschipp/ISLET) (Isolate, Scalable, & Lightweight Environment for Training).
 8 | 
 9 | When a user ssh's to the demo account on the machine they're placed in a contained Linux environment designed for training.
10 | 
11 | Use:
12 | ```shell
13 | $ ssh -p 2222 demo@127.0.0.1 -o UserKnownHostsFile=/dev/null
14 | ```
15 | 
16 | The password for the demo user is:
17 | ```
18 | demo
19 | ```
20 | 


--------------------------------------------------------------------------------
/islet/Vagrantfile:
--------------------------------------------------------------------------------
 1 | # -*- mode: ruby -*-
 2 | # vi: set ft=ruby :
 3 | 
 4 | # Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
 5 | VAGRANTFILE_API_VERSION = "2"
 6 | 
 7 | Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
 8 | 
 9 |   config.vm.box = "trusty"
10 |   config.vm.box_url = "https://cloud-images.ubuntu.com/vagrant/trusty/current/trusty-server-cloudimg-amd64-vagrant-disk1.box"
11 |   config.vm.provision "shell", path:   "provision.sh"
12 | 
13 |   # config.vm.network "forwarded_port", guest: 80, host: 8080
14 | 
15 |   # config.vm.synced_folder "../data", "/vagrant_data"
16 | 
17 |    config.vm.provider "virtualbox" do |vb|
18 |       vb.gui = false
19 |       vb.name = "islet"
20 |       vb.customize ["modifyvm", :id, "--memory", "1024"]
21 |       vb.customize ["modifyvm", :id, "--cpus", 1]
22 |    end
23 | 
24 | end
25 | 


--------------------------------------------------------------------------------
/islet/provision.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | # Author: Jon Schipp <jonschipp@gmail.com>
 3 | # Written for Ubuntu Saucy and Trusty, should be adaptable to other distros.
 4 | 
 5 | ## Variables
 6 | HOME=/root
 7 | cd $HOME
 8 | 
 9 | # Installation notification
10 | COWSAY=/usr/games/cowsay
11 | IRCSAY=/usr/local/bin/ircsay
12 | IRC_CHAN="#replace_me"
13 | HOST=$(hostname -s)
14 | LOGFILE=/root/islet_install.log
15 | EMAIL=user@company.com
16 | 
17 | function die {
18 |   if [ -f ${COWSAY:-none} ]; then
19 |     $COWSAY -d "$*"
20 |   else
21 |     echo "$*"
22 |   fi
23 |   if [ -f $IRCSAY ]; then
24 |     ( set +e; $IRCSAY "$IRC_CHAN" "$*" 2>/dev/null || true )
25 |   fi
26 |   echo "$*" | mail -s "[vagrant] Bro Sandbox install information on $HOST" $EMAIL
27 |   exit 1
28 | }
29 | 
30 | function hi {
31 |   if [ -f ${COWSAY:-none} ]; then
32 |     $COWSAY "$*"
33 |   else
34 |     echo "$*"
35 |   fi
36 |   if [ -f $IRCSAY ]; then
37 |     ( set +e; $IRCSAY "$IRC_CHAN" "$*" 2>/dev/null || true )
38 |   fi
39 |   echo "$*" | mail -s "[vagrant] Bro Sandbox install information on $HOST" $EMAIL
40 | }
41 | 
42 | install_dependencies(){
43 |   apt-get update -qq
44 |   apt-get install -yq cowsay git make sqlite pv
45 | }
46 | 
47 | install_islet(){
48 |   if ! [ -d islet ]
49 |   then
50 |     git clone http://github.com/jonschipp/islet || die "Clone of islet repo failed"
51 |     cd islet
52 |     make install-docker && make docker-config && ./configure && make logo &&
53 |     make user-config && make install && make security-config && make iptables-config || die "ISLET install failed\!"
54 |     #make install-brolive-config
55 |     #make install-sample-distros
56 |     make install-sample-nsm-configs
57 |   fi
58 | }
59 | 
60 | install_dependencies "1.)"
61 | install_islet "2.)"
62 | 
63 | echo -e "\nTry it out: ssh -p 2222 demo@127.0.0.1 -o UserKnownHostsFile=/dev/null"
64 | 


--------------------------------------------------------------------------------
/lfs/.gitignore:
--------------------------------------------------------------------------------
1 | .vagrant/
2 | test.sh
3 | lfs.vdi
4 | 


--------------------------------------------------------------------------------
/lfs/LFS-BOOK-7.5-systemd.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jonschipp/vagrant/576970b7dede454f78d49812ca39f81adbc943c0/lfs/LFS-BOOK-7.5-systemd.pdf


--------------------------------------------------------------------------------
/lfs/LFS-BOOK-7.5.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jonschipp/vagrant/576970b7dede454f78d49812ca39f81adbc943c0/lfs/LFS-BOOK-7.5.pdf


--------------------------------------------------------------------------------
/lfs/README.md:
--------------------------------------------------------------------------------
 1 | Linux From Scratch
 2 | ===========
 3 | 
 4 | ```
 5 | $ vagrant up
 6 | ```
 7 | 
 8 | will provision a machine to configure Linux From Scratch.
 9 | This is a work in progress and more will be added as I continue to
10 | go through the books.
11 | 
12 | Check `https://github.com/ACMLug/lfs` for a more updated version.
13 | 


--------------------------------------------------------------------------------
/lfs/Vagrantfile:
--------------------------------------------------------------------------------
 1 | # -*- mode: ruby -*-
 2 | # vi: set ft=ruby :
 3 | 
 4 | # Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
 5 | VAGRANTFILE_API_VERSION = "2"
 6 | 
 7 | lfs_disk = './lfs.vdi'
 8 | #lfs_disk = Dir.pwd() + "/" + "lfs" + ".vdi"
 9 | Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
10 | 
11 |   config.vm.box = "debian"
12 |   config.vm.box_url = "https://www.dropbox.com/s/gxouugzbnjlny1k/debian-7.0-amd64-minimal.box"
13 |   config.vm.provision "shell", path: "provision.sh"
14 |   config.vm.synced_folder "~/", "/vagrant"
15 | 
16 |   config.vm.provider "virtualbox" do |vb|
17 |   	unless File.exist?(lfs_disk)
18 |   		vb.customize ['createhd', '--filename', lfs_disk, '--size', 10000]
19 |   	end
20 |     vb.customize ['storageattach', :id, '--storagectl', 'SATA Controller', '--port', 1, '--device', 0, '--type', 'hdd', '--medium', lfs_disk]
21 |   end
22 | 
23 | end
24 | 


--------------------------------------------------------------------------------
/lfs/provision.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | # Run once on first boot
  3 | COUNT=0
  4 | SUCCESS=0
  5 | HOME=/home/vagrant
  6 | export LFS=/mnt/lfs
  7 | 
  8 | touch /tmp/ran.provision.$(date +"%d-%m-%Y").shell
  9 | 
 10 | # For variable re-use
 11 | echo "export LFS=/mnt/lfs" > /etc/profile.d/lfs.sh
 12 | chmod 660 /etc/profile.d/lfs.sh
 13 | 
 14 | apt-get update -qq
 15 | sudo apt-get install -y build-essential bison gawk vim util-linux expect
 16 | 
 17 | # Download packages
 18 | 
 19 | mkdir sources
 20 | cd sources
 21 | 
 22 | for package in http://ftp.gnu.org/gnu/autoconf/autoconf-2.69.tar.xz http://ftp.gnu.org/gnu/automake/automake-1.14.1.tar.xz http://ftp.gnu.org/gnu/bash/bash-4.2.tar.gz http://alpha.gnu.org/gnu/bc/bc-1.06.95.tar.bz2 http://ftp.gnu.org/gnu/binutils/binutils-2.24.tar.bz2 http://ftp.gnu.org/gnu/bison/bison-3.0.2.tar.xz http://www.bzip.org/1.0.6/bzip2-1.0.6.tar.gz http://sourceforge.net/projects/check/files/check/0.9.12/check-0.9.12.tar.gz http://ftp.gnu.org/gnu/coreutils/coreutils-8.22.tar.xz http://ftp.gnu.org/gnu/dejagnu/dejagnu-1.5.1.tar.gz http://ftp.gnu.org/gnu/diffutils/diffutils-3.3.tar.xz http://prdownloads.sourceforge.net/e2fsprogs/e2fsprogs-1.42.9.tar.gz http://prdownloads.sourceforge.net/expect/expect5.45.tar.gz ftp://ftp.astron.com/pub/file/file-5.17.tar.gz http://ftp.gnu.org/gnu/findutils/findutils-4.4.2.tar.gz http://prdownloads.sourceforge.net/flex/flex-2.5.38.tar.bz2 http://ftp.gnu.org/gnu/gawk/gawk-4.1.0.tar.xz http://ftp.gnu.org/gnu/gcc/gcc-4.8.2/gcc-4.8.2.tar.bz2 http://ftp.gnu.org/gnu/gdbm/gdbm-1.11.tar.gz http://ftp.gnu.org/gnu/gettext/gettext-0.18.3.2.tar.gz http://ftp.gnu.org/gnu/glibc/glibc-2.19.tar.xz http://ftp.gnu.org/gnu/gmp/gmp-5.1.3.tar.xz http://ftp.gnu.org/gnu/grep/grep-2.16.tar.xz http://ftp.gnu.org/gnu/groff/groff-1.22.2.tar.gz http://ftp.gnu.org/gnu/grub/grub-2.00.tar.xz http://ftp.gnu.org/gnu/gzip/gzip-1.6.tar.xz http://anduin.linuxfromscratch.org/sources/LFS/lfs-packages/conglomeration//iana-etc/iana-etc-2.30.tar.bz2 http://ftp.gnu.org/gnu/inetutils/inetutils-1.9.2.tar.gz http://www.kernel.org/pub/linux/utils/net/iproute2/iproute2-3.12.0.tar.xz http://ftp.altlinux.org/pub/people/legion/kbd/kbd-2.0.1.tar.gz http://www.kernel.org/pub/linux/utils/kernel/kmod/kmod-16.tar.xz http://www.kernel.org/pub/linux/utils/kernel/kmod/kmod-16.tar.xz http://www.greenwoodsoftware.com/less/less-458.tar.gz http://www.linuxfromscratch.org/lfs/downloads/7.5/lfs-bootscripts-20130821.tar.bz2 http://download.savannah.gnu.org/releases/libpipeline/libpipeline-1.2.6.tar.gz http://ftp.gnu.org/gnu/libtool/libtool-2.4.2.tar.gz http://www.kernel.org/pub/linux/kernel/v3.x/linux-3.13.3.tar.xz http://ftp.gnu.org/gnu/m4/m4-1.4.17.tar.xz http://ftp.gnu.org/gnu/make/make-4.0.tar.bz2 http://download.savannah.gnu.org/releases/man-db/man-db-2.6.6.tar.xz http://www.kernel.org/pub/linux/docs/man-pages/man-pages-3.59.tar.xz http://www.multiprecision.org/mpc/download/mpc-1.0.2.tar.gz http://www.mpfr.org/mpfr-3.1.2/mpfr-3.1.2.tar.xz http://ftp.gnu.org/gnu/ncurses/ncurses-5.9.tar.gz http://ftp.gnu.org/gnu/patch/patch-2.7.1.tar.xz http://www.cpan.org/src/5.0/perl-5.18.2.tar.bz2 http://pkgconfig.freedesktop.org/releases/pkg-config-0.28.tar.gz http://sourceforge.net/projects/procps-ng/files/Production/procps-ng-3.3.9.tar.xz http://prdownloads.sourceforge.net/psmisc/psmisc-22.20.tar.gz http://ftp.gnu.org/gnu/readline/readline-6.2.tar.gz http://ftp.gnu.org/gnu/sed/sed-4.2.2.tar.bz2 http://cdn.debian.net/debian/pool/main/s/shadow/shadow_4.1.5.1.orig.tar.gz http://www.infodrom.org/projects/sysklogd/download/sysklogd-1.5.tar.gz http://download.savannah.gnu.org/releases/sysvinit/sysvinit-2.88dsf.tar.bz2 http://ftp.gnu.org/gnu/tar/tar-1.27.1.tar.xz http://prdownloads.sourceforge.net/tcl/tcl8.6.1-src.tar.gz http://www.iana.org/time-zones/repository/releases/tzdata2013i.tar.gz http://ftp.gnu.org/gnu/texinfo/texinfo-5.2.tar.xz http://www.freedesktop.org/software/systemd/systemd-208.tar.xz http://anduin.linuxfromscratch.org/sources/other/udev-lfs-208-3.tar.bz2 http://www.kernel.org/pub/linux/utils/util-linux/v2.24/util-linux-2.24.1.tar.xz ftp://ftp.vim.org/pub/vim/unix/vim-7.4.tar.bz2 http://tukaani.org/xz/xz-5.0.5.tar.xz http://www.zlib.net/zlib-1.2.8.tar.xz http://www.linuxfromscratch.org/patches/lfs/7.5/bash-4.2-fixes-12.patch http://www.linuxfromscratch.org/patches/lfs/7.5/bzip2-1.0.6-install_docs-1.patch http://www.linuxfromscratch.org/patches/lfs/7.5/coreutils-8.22-i18n-4.patch http://www.linuxfromscratch.org/patches/lfs/7.5/glibc-2.19-fhs-1.patch http://www.linuxfromscratch.org/patches/lfs/7.5/kbd-2.0.1-backspace-1.patch http://www.linuxfromscratch.org/patches/lfs/7.5/perl-5.18.2-libc-1.patch http://www.linuxfromscratch.org/patches/lfs/7.5/readline-6.2-fixes-2.patch http://www.linuxfromscratch.org/patches/lfs/7.5/sysvinit-2.88dsf-consolidated-1.patch http://www.linuxfromscratch.org/patches/lfs/7.5/tar-1.27.1-manpage-1.patch
 23 | do
 24 | 	COUNT=$((COUNT+1))
 25 | 	wget $package 2>/dev/null
 26 | 	if [ $? -ne 0 ]; then
 27 | 		echo "$COUNT - Download for $package failed!"
 28 | 	else
 29 | 		echo "$COUNT - Success! for $package"
 30 | 		SUCCESS=$((SUCCESS+1))
 31 | 	fi
 32 | done
 33 | 
 34 | echo "**** Downloaded $SUCCESS packages of $COUNT ****"
 35 | sudo xz -d *.xz
 36 | sudo gzip -d *.gz
 37 | sudo bzip2 -d *.bz*
 38 | 
 39 | for tarball in *.tar
 40 | do
 41 | 	sudo tar xf $tarball
 42 | done
 43 | 
 44 | cd ~/
 45 | 
 46 | /usr/bin/expect <<EOF
 47 | spawn sudo fdisk /dev/sdb
 48 | expect "Command \(m for help\):"
 49 | send "n\n"
 50 | expect "Select \(default p\):"
 51 | send "p\n"
 52 | expect "Partition number"
 53 | send "1\n"
 54 | expect "First sector"
 55 | send "\n"
 56 | expect "Last sector"
 57 | send "+9G\n"
 58 | 
 59 | expect "Command \(m for help\):"
 60 | send "n\n"
 61 | expect "Select \(default p\):"
 62 | send "p\n"
 63 | expect "Partition number"
 64 | send "2\n"
 65 | expect "First sector"
 66 | send "\n"
 67 | expect "Last sector"
 68 | send "\n"
 69 | 
 70 | expect "Command \(m for help\):"
 71 | send "t\n"
 72 | expect "Partition number"
 73 | send "2\n"
 74 | expect "Hex code"
 75 | send "82\n"
 76 | 
 77 | expect "Command \(m for help\):"
 78 | send "t\n"
 79 | expect "Partition number"
 80 | send "1\n"
 81 | expect "Hex code"
 82 | send "83\n"
 83 | 
 84 | expect "Command \(m for help\):"
 85 | send "w\n"
 86 | expect "Syncing disks"
 87 | EOF
 88 | 
 89 | sudo mkfs -t ext4 /dev/sdb1
 90 | sudo mkswap /dev/sdb2
 91 | sudo chmod 0660 /dev/sdb2
 92 | sudo swapon -v /dev/sdb2
 93 | sudo mkdir -pv $LFS
 94 | sudo mount -v -t ext4 /dev/sdb1 $LFS
 95 | 
 96 | for dir in home usr var
 97 | do
 98 | 	sudo mkdir $LFS/$dir
 99 | done
100 | 
101 | if [ -d $LFS ]
102 | then
103 | 	sudo mv $HOME/sources $LFS
104 | fi
105 | 
106 | #http://ftp.gnu.org/gnu/bison/bison-3.0.2.tar.xz
107 | #http://www.bzip.org/1.0.6/bzip2-1.0.6.tar.gz
108 | #http://sourceforge.net/projects/check/files/check/0.9.12/check-0.9.12.tar.gz
109 | #http://ftp.gnu.org/gnu/coreutils/coreutils-8.22.tar.xz
110 | #http://ftp.gnu.org/gnu/dejagnu/dejagnu-1.5.1.tar.gz
111 | #http://ftp.gnu.org/gnu/diffutils/diffutils-3.3.tar.xz
112 | #
113 | ## Pg 17
114 | #http://prdownloads.sourceforge.net/e2fsprogs/e2fsprogs-1.42.9.tar.gz
115 | #http://prdownloads.sourceforge.net/expect/expect5.45.tar.gz
116 | #ftp://ftp.astron.com/pub/file/file-5.17.tar.gz
117 | #http://ftp.gnu.org/gnu/findutils/findutils-4.4.2.tar.gz
118 | #http://prdownloads.sourceforge.net/flex/flex-2.5.38.tar.bz2
119 | #http://ftp.gnu.org/gnu/gawk/gawk-4.1.0.tar.xz
120 | #http://ftp.gnu.org/gnu/gcc/gcc-4.8.2/gcc-4.8.2.tar.bz2
121 | #http://ftp.gnu.org/gnu/gdbm/gdbm-1.11.tar.gz
122 | #http://ftp.gnu.org/gnu/gettext/gettext-0.18.3.2.tar.gz
123 | #
124 | ## Pg 18
125 | #http://ftp.gnu.org/gnu/glibc/glibc-2.19.tar.xz
126 | #http://ftp.gnu.org/gnu/gmp/gmp-5.1.3.tar.xz
127 | #http://ftp.gnu.org/gnu/grep/grep-2.16.tar.xz
128 | #http://ftp.gnu.org/gnu/groff/groff-1.22.2.tar.gz
129 | #http://ftp.gnu.org/gnu/grub/grub-2.00.tar.xz
130 | #http://ftp.gnu.org/gnu/gzip/gzip-1.6.tar.xz
131 | #http://anduin.linuxfromscratch.org/sources/LFS/lfs-packages/conglomeration//iana-etc/iana-etc-2.30.tar.bz2
132 | #http://ftp.gnu.org/gnu/inetutils/inetutils-1.9.2.tar.gz
133 | #http://www.kernel.org/pub/linux/utils/net/iproute2/iproute2-3.12.0.tar.xz
134 | #http://ftp.altlinux.org/pub/people/legion/kbd/kbd-2.0.1.tar.gz
135 | #http://www.kernel.org/pub/linux/utils/kernel/kmod/kmod-16.tar.xz
136 | #
137 | ## Pg 19
138 | #http://www.kernel.org/pub/linux/utils/kernel/kmod/kmod-16.tar.xz
139 | #http://www.greenwoodsoftware.com/less/less-458.tar.gz
140 | #http://www.linuxfromscratch.org/lfs/downloads/7.5/lfs-bootscripts-20130821.tar.bz2
141 | #http://download.savannah.gnu.org/releases/libpipeline/libpipeline-1.2.6.tar.gz
142 | #http://ftp.gnu.org/gnu/libtool/libtool-2.4.2.tar.gz
143 | #http://www.kernel.org/pub/linux/kernel/v3.x/linux-3.13.3.tar.xz
144 | #http://ftp.gnu.org/gnu/m4/m4-1.4.17.tar.xz
145 | #http://ftp.gnu.org/gnu/make/make-4.0.tar.bz2
146 | #http://download.savannah.gnu.org/releases/man-db/man-db-2.6.6.tar.xz
147 | #
148 | ## Pg 20
149 | #http://www.kernel.org/pub/linux/docs/man-pages/man-pages-3.59.tar.xz
150 | #http://www.multiprecision.org/mpc/download/mpc-1.0.2.tar.gz
151 | #http://www.mpfr.org/mpfr-3.1.2/mpfr-3.1.2.tar.xz
152 | #http://ftp.gnu.org/gnu/ncurses/ncurses-5.9.tar.gz
153 | #http://ftp.gnu.org/gnu/patch/patch-2.7.1.tar.xz
154 | #http://www.cpan.org/src/5.0/perl-5.18.2.tar.bz2
155 | #http://pkgconfig.freedesktop.org/releases/pkg-config-0.28.tar.gz
156 | #http://sourceforge.net/projects/procps-ng/files/Production/procps-ng-3.3.9.tar.xz
157 | #http://prdownloads.sourceforge.net/psmisc/psmisc-22.20.tar.gz
158 | #http://ftp.gnu.org/gnu/readline/readline-6.2.tar.gz
159 | #
160 | ## Pg 21
161 | #http://ftp.gnu.org/gnu/sed/sed-4.2.2.tar.bz2
162 | #http://cdn.debian.net/debian/pool/main/s/shadow/shadow_4.1.5.1.orig.tar.gz
163 | #http://www.infodrom.org/projects/sysklogd/download/sysklogd-1.5.tar.gz
164 | #http://download.savannah.gnu.org/releases/sysvinit/sysvinit-2.88dsf.tar.bz2
165 | #http://ftp.gnu.org/gnu/tar/tar-1.27.1.tar.xz
166 | #http://prdownloads.sourceforge.net/tcl/tcl8.6.1-src.tar.gz
167 | #http://www.iana.org/time-zones/repository/releases/tzdata2013i.tar.gz
168 | #http://ftp.gnu.org/gnu/texinfo/texinfo-5.2.tar.xz
169 | #http://www.freedesktop.org/software/systemd/systemd-208.tar.xz
170 | #http://anduin.linuxfromscratch.org/sources/other/udev-lfs-208-3.tar.bz2
171 | #http://www.kernel.org/pub/linux/utils/util-linux/v2.24/util-linux-2.24.1.tar.xz
172 | #
173 | ## 22
174 | #ftp://ftp.vim.org/pub/vim/unix/vim-7.4.tar.bz2
175 | #http://tukaani.org/xz/xz-5.0.5.tar.xz
176 | #http://www.zlib.net/zlib-1.2.8.tar.xz
177 | #
178 | ## Patches 22+23
179 | #http://www.linuxfromscratch.org/patches/lfs/7.5/bash-4.2-fixes-12.patch
180 | #http://www.linuxfromscratch.org/patches/lfs/7.5/bzip2-1.0.6-install_docs-1.patch
181 | #http://www.linuxfromscratch.org/patches/lfs/7.5/coreutils-8.22-i18n-4.patch
182 | #http://www.linuxfromscratch.org/patches/lfs/7.5/glibc-2.19-fhs-1.patch
183 | #http://www.linuxfromscratch.org/patches/lfs/7.5/kbd-2.0.1-backspace-1.patch
184 | #http://www.linuxfromscratch.org/patches/lfs/7.5/perl-5.18.2-libc-1.patch
185 | #http://www.linuxfromscratch.org/patches/lfs/7.5/readline-6.2-fixes-2.patch
186 | #http://www.linuxfromscratch.org/patches/lfs/7.5/sysvinit-2.88dsf-consolidated-1.patch
187 | #http://www.linuxfromscratch.org/patches/lfs/7.5/tar-1.27.1-manpage-1.patch
188 | 


--------------------------------------------------------------------------------
/netsniff-ng-playground/README.md:
--------------------------------------------------------------------------------
 1 | Netsniff-NG
 2 | ===========
 3 | 
 4 | ```
 5 | $ vagrant up
 6 | ```
 7 | 
 8 | will provision two Ubuntu Trusty VM's for testing, playing, and developing with
 9 |  * Latest Netsniff-NG
10 |  * Latest stable Linux Kernel
11 |  * Gencfg script for trafgen, and network-testing scripts
12 |  * BPF helper tools (bpf_asm, bpf_dbg, etc.) and Perf tools
13 |  * Creates an nlmon interface so one can sniff netlink messages
14 | 
15 | One VM is for sending data, the other for recieving it. (e.g. for testing trafgen)
16 | 
17 | If you don't want to download and install the latest Linux
18 | kernel set script args to 0 by editing the Vagrantfile and then up'ing:
19 | ```
20 | config.vm.provision "shell", path: "provision.sh", privileged: "true", args: "0"
21 | ```
22 | Once provisioned, connect to the machine via
23 | ```
24 | $ vagrant ssh
25 | ```
26 | 


--------------------------------------------------------------------------------
/netsniff-ng-playground/Vagrantfile:
--------------------------------------------------------------------------------
 1 | # -*- mode: ruby -*-
 2 | # vi: set ft=ruby :
 3 | 
 4 | # Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
 5 | VAGRANTFILE_API_VERSION = "2"
 6 | 
 7 | Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
 8 | 
 9 |   config.vm.box = "trusty"
10 |   config.vm.box_url = "https://cloud-images.ubuntu.com/vagrant/trusty/current/trusty-server-cloudimg-amd64-vagrant-disk1.box"
11 | 
12 |   # 1.) Will not work after provision script is ran because of new kernel lacking guest additions
13 |   # config.vm.network "forwarded_port", guest: 80, host: 8080
14 |   # config.vm.synced_folder ".", "/vagrant"
15 |   # 2.) Will work becuase guest additions isn't a requirement
16 |   # config.vm.synced_folder ".", "/vagrant", type: "rsync",
17 |   # rsync__exclude: ".git/"
18 |   # rsync_auto: "true" # Detect and copy any changes automatically
19 | 
20 |   config.vm.define "send" do |send|
21 |     send.vm.hostname = "netsniff-ng-send"
22 |     send.vm.network "private_network", ip: "10.0.0.10", :netmask => "255.255.255.0", :adapter => 2
23 |     send.vm.provision "file", source: "config", destination: "config"
24 |     send.vm.provision "file", source: "nlmon.cfg", destination: "nlmon.cfg"
25 |     # Argument: 1 to install latest Linux kernel (slow), 0 to use supplied kernel
26 |     send.vm.provision "shell", path: "provision.sh", privileged: "true", args: "1"
27 |     send.vm.provider "virtualbox" do |vm1|
28 |       vm1.name = "netsniff-ng-send"
29 |       vm1.customize ["modifyvm", :id, "--memory", "4096"]
30 |       vm1.customize ["modifyvm", :id, "--cpus", 4]
31 |       vm1.gui = false
32 |     end
33 |   end
34 | 
35 |   config.vm.define "recv" do |recv|
36 |     recv.vm.hostname = "recv"
37 |     recv.vm.network "private_network", ip: "10.0.0.20", :netmask => "255.255.255.0", :adapter => 2
38 |     recv.vm.provision "file", source: "config", destination: "config"
39 |     recv.vm.provision "file", source: "nlmon.cfg", destination: "nlmon.cfg"
40 |     # Argument: 1 to install latest Linux kernel (slow), 0 to use supplied kernel
41 |     recv.vm.provision "shell", path: "provision.sh", privileged: "true", args: "1"
42 |     recv.vm.provider "virtualbox" do |vm2|
43 |       vm2.name = "netsniff-ng-recv"
44 |       vm2.customize ["modifyvm", :id, "--memory", "4096"]
45 |       vm2.customize ["modifyvm", :id, "--cpus", 4]
46 |       vm2.gui = false
47 |     end
48 |   end
49 | 
50 | end
51 | 


--------------------------------------------------------------------------------
/netsniff-ng-playground/nlmon.cfg:
--------------------------------------------------------------------------------
 1 | auto nlmon0
 2 | iface nlmon0 inet manual
 3 |   pre-up modprobe nlmon
 4 |   pre-up ip link add type nlmon
 5 |   up ip link set nlmon0 up
 6 | 
 7 |   down ip link set nlmon0 down
 8 |   down ip link del dev nlmon0
 9 |   post-down rmmod nlmon
10 | 


--------------------------------------------------------------------------------
/netsniff-ng-playground/provision.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | 
  3 | # We start here
  4 | HOME=/home/vagrant
  5 | ARG=${1:-0}
  6 | # Get latest stable linux kernel
  7 | LATEST_STABLE_KERNEL_URL=http://www.kernel.org/$(wget -O - https://www.kernel.org 2>/dev/null | grep -A 5 "Latest Stable Kernel" | awk -F '[""]' '/\.xz/ { print $2 }')
  8 | KERNEL=$(echo $LATEST_STABLE_KERNEL_URL | sed 's/.*\///;s/\.tar.*$//')
  9 | CURRENT=$(echo $(uname -r) | sed 's/-.*//;s/^/linux-/')
 10 | UPDATE=$ARG
 11 | BPF=0
 12 | COWSAY=/usr/games/cowsay
 13 | 
 14 | cd $HOME
 15 | 
 16 | function die {
 17 |     $COWSAY -d "$* MooOoOOoo"
 18 |     exit 1
 19 | }
 20 | 
 21 | function hi {
 22 |     $COWSAY "$*"
 23 | }
 24 | 
 25 | function logo {
 26 | cat <<"EOF"
 27 | =================================================================
 28 | 
 29 | netsniff-ng is a free, performant       /(      )\
 30 | Linux network analyzer and            .' {______} '.
 31 | networking toolkit. If you will,       \ ^,    ,^ /
 32 | the Swiss army knife for network        |'O\  /O'|   _.<0101011>--
 33 | packets.                                > `'  '` <  /
 34 |                                         ) ,.==., (  |
 35 | Web: http://netsniff-ng.org          .-(|/--~~--\|)-'
 36 |                                     (      ___
 37 |                                      \__.=|___E
 38 | 
 39 | =================================================================
 40 | EOF
 41 | }
 42 | 
 43 | function install_dependencies {
 44 |     # Install dependencies
 45 |     apt-get update -qq
 46 |     apt-get -y install cowsay git language-pack-en libreadline-dev
 47 | 
 48 |     # Netsniff-NG
 49 |     apt-get -y install language-pack-en git ccache flex bison libnl-3-dev \
 50 |       libnl-genl-3-dev libgeoip-dev libnetfilter-conntrack-dev \
 51 |       libncurses5-dev liburcu-dev libnacl-dev libpcap-dev \
 52 |       zlib1g-dev libcli-dev libnet1-dev
 53 | 
 54 |     # Perf tools
 55 |     apt-get -y install libaudit-dev libelf-dev libgtk2.0-dev libunwind8-dev \
 56 |     	libnuma-dev libslang2-dev libdw-dev binutils-dev asciidoc xmlto
 57 | 
 58 |     hi "Dependencies installed!"
 59 | }
 60 | 
 61 | 
 62 | function install_netsniff-ng {
 63 |    cd $HOME
 64 |    # Compile latest Netsniff-NG
 65 |    if [ ! -d $HOME/netsniff-ng ]
 66 |    then
 67 |    	git clone http://github.com/netsniff-ng/netsniff-ng
 68 |    	cd netsniff-ng
 69 |    	./configure
 70 |    	mkdir -p /usr/local/share/man/man8/
 71 |    	make && make install && hi "Netsniff-NG Installed!" || die "Failed to install netsniff-ng!"
 72 |    fi
 73 | }
 74 | 
 75 | function install_helper_tools {
 76 |    cd $HOME
 77 |    # Download other useful testing tools
 78 |    if [ ! -d $HOME/gencfg ]
 79 |    then
 80 |    	git clone http://github.com/jonschipp/gencfg
 81 |    fi
 82 |    if [ ! -d $HOME/network-testing ]
 83 |    then
 84 |    	git clone https://github.com/netoptimizer/network-testing
 85 |    fi
 86 |    hi "Helper tools installed!"
 87 | }
 88 | 
 89 | function install_linux_kernel {
 90 |     cd $HOME
 91 | 
 92 |     if [ ! -d $KERNEL ]
 93 |     then
 94 |         # Download, compile, and install latest stable kernel
 95 |         wget --progress=dot:mega -O - $LATEST_STABLE_KERNEL_URL | tar -xJ
 96 |         if [ $? -ne 0 ]; then die "Failed to download and decompress the linux kernel"; fi
 97 |         cd $KERNEL
 98 |         #mv config $KERNEL/.config
 99 |         make config
100 |         make -j 4 || die "Failed to build kernel!"
101 |         make -j 4 modules || die "Failed to build kernel modules!"
102 |         make modules_install || die "Failed to install kernel modules!"
103 |         make install || die "Failed to install kernel!"
104 |         $COWSAY -f tux "Linux kernel $KERNEL installed!"
105 |     fi
106 | }
107 | 
108 | function install_bpf_tools {
109 |     # Compile and install bpf debugging programs
110 |     cd $HOME/$KERNEL/tools/net
111 |     if ! which bpf_asm 2>&1 > /dev/null; then
112 |         make bpf_asm && BPF=1
113 |     fi
114 |     if ! which bpf_dbg 2>&1 > /dev/null; then
115 |         make bpf_dbg && BPF=1
116 |     fi
117 |     if ! which bpf_jit_disasm 2>&1 > /dev/null; then
118 |         make bpf_jit_disasm && BPF=1
119 |     fi
120 |     test $BPF -eq 1 && make install && hi "BPF Helper Tools Installed!"
121 | }
122 | 
123 | function install_perf_tools {
124 |     # Compile and install perf tools
125 |     if [ ! -e /usr/sbin/perf ]; then
126 |         cd $HOME/$KERNEL/tools/perf
127 |         make && make install && hi "Perf tools installed!" || die "Perf tools failed to install!"
128 |         ln -s $HOME/bin/perf /usr/sbin/perf
129 |     fi
130 | }
131 | 
132 | function system_configuration {
133 |     cd $HOME
134 |     # System and network configuration
135 |     if [ -e $HOME/nlmon.cfg ]; then
136 |     	mv $HOME/nlmon.cfg /etc/network/interfaces.d/nlmon.cfg
137 |     fi
138 | if [ ! -e /etc/sysctl.d/10-bpf.conf ]; then
139 | cat > /etc/sysctl.d/10-bpf.conf <<EOF
140 | # Enable BPF JIT Compiler (approx. 50ns speed up)
141 | net.core.bpf_jit_enable = 2
142 | EOF
143 | fi
144 |     hi "Everything ran! Time for a reboot"
145 | }
146 | 
147 | logo
148 | 
149 | if ! which netsniff-ng 2>&1 > /dev/null; then
150 | 	install_dependencies
151 | 	install_netsniff-ng
152 | fi
153 | 
154 | install_helper_tools
155 | 
156 | if [ "$CURRENT" != "$KERNEL" ] && [ $UPDATE -eq 1 ]; then
157 | 	install_linux_kernel
158 | fi
159 | 
160 | install_bpf_tools
161 | install_perf_tools
162 | system_configuration
163 | reboot
164 | 


--------------------------------------------------------------------------------
/netsniff-ng/README.md:
--------------------------------------------------------------------------------
 1 | Netsniff-NG
 2 | ===========
 3 | 
 4 | ```
 5 | $ vagrant up
 6 | ```
 7 | 
 8 | will provision a new Ubuntu Saucy VM for testing, playing, and developing with
 9 |  * Latest Netsniff-NG
10 |  * Latest stable Linux Kernel
11 |  * Gencfg script for trafgen, and network-testing scripts
12 |  * BPF helper tools (bpf_asm, bpf_dbg, etc.) and Perf tools
13 |  * Creates an nlmon interface so one can sniff netlink messages
14 | 
15 | If you don't want to download and install the latest Linux
16 | kernel set script args to 0 by editing the Vagrantfile and then up'ing:
17 | ```
18 | config.vm.provision "shell", path: "provision.sh", privileged: "true", args: "0"
19 | ```
20 | Once provisioned, connect to the machine via
21 | ```
22 | $ vagrant ssh
23 | ```
24 | 


--------------------------------------------------------------------------------
/netsniff-ng/Vagrantfile:
--------------------------------------------------------------------------------
 1 | # -*- mode: ruby -*-
 2 | # vi: set ft=ruby :
 3 | 
 4 | # Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
 5 | VAGRANTFILE_API_VERSION = "2"
 6 | 
 7 | Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
 8 | 
 9 |   config.vm.box = "trusty"
10 |   config.vm.box_url = "https://cloud-images.ubuntu.com/vagrant/trusty/current/trusty-server-cloudimg-amd64-vagrant-disk1.box"
11 |   config.vm.provision "file", source: "config", destination: "config"
12 |   config.vm.provision "file", source: "nlmon.cfg", destination: "nlmon.cfg"
13 |   # Arg: 1 to install latest Linux kernel (slow), 0 to use supplied kernel
14 |   config.vm.provision "shell", path: "provision.sh", privileged: "true", args: "1"
15 | 
16 |   # 1.) Will not work after provision script is ran because of new kernel lacking guest additions
17 |   # config.vm.network "forwarded_port", guest: 80, host: 8080
18 |   # config.vm.synced_folder ".", "/vagrant"
19 |   # 2.) Will work becuase guest additions isn't a requirement
20 |   # config.vm.synced_folder ".", "/vagrant", type: "rsync",
21 |   # rsync__exclude: ".git/"
22 |   # rsync_auto: "true" # Detect and copy any changes automatically
23 | 
24 |    config.vm.provider "virtualbox" do |vb|
25 |       #vb.gui = true
26 |       vb.name = "netsniff-ng"
27 |       vb.customize ["modifyvm", :id, "--memory", "4096"]
28 |       vb.customize ["modifyvm", :id, "--cpus", 4]
29 |    end
30 | 
31 | end
32 | 


--------------------------------------------------------------------------------
/netsniff-ng/nlmon.cfg:
--------------------------------------------------------------------------------
 1 | auto nlmon0
 2 | iface nlmon0 inet manual
 3 |   pre-up modprobe nlmon
 4 |   pre-up ip link add type nlmon
 5 |   up ip link set nlmon0 up
 6 | 
 7 |   down ip link set nlmon0 down
 8 |   down ip link del dev nlmon0
 9 |   post-down rmmod nlmon
10 | 


--------------------------------------------------------------------------------
/netsniff-ng/provision.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | 
  3 | # We start here
  4 | HOME=/home/vagrant
  5 | ARG=${1:-0}
  6 | # Get latest stable linux kernel
  7 | LATEST_STABLE_KERNEL_URL=http://www.kernel.org/$(wget -O - https://www.kernel.org 2>/dev/null | grep -A 5 "Latest Stable Kernel" | awk -F '[""]' '/\.xz/ { print $2 }')
  8 | KERNEL=$(echo $LATEST_STABLE_KERNEL_URL | sed 's/.*\///;s/\.tar.*$//')
  9 | CURRENT=$(echo $(uname -r) | sed 's/-.*//;s/^/linux-/')
 10 | UPDATE=$ARG
 11 | BPF=0
 12 | COWSAY=/usr/games/cowsay
 13 | 
 14 | cd $HOME
 15 | 
 16 | function die {
 17 |     $COWSAY -d "$* MooOoOOoo"
 18 |     exit 1
 19 | }
 20 | 
 21 | function hi {
 22 |     $COWSAY "$*"
 23 | }
 24 | 
 25 | function logo {
 26 | cat <<"EOF"
 27 | =================================================================
 28 | 
 29 | netsniff-ng is a free, performant       /(      )\
 30 | Linux network analyzer and            .' {______} '.
 31 | networking toolkit. If you will,       \ ^,    ,^ /
 32 | the Swiss army knife for network        |'O\  /O'|   _.<0101011>--
 33 | packets.                                > `'  '` <  /
 34 |                                         ) ,.==., (  |
 35 | Web: http://netsniff-ng.org          .-(|/--~~--\|)-'
 36 |                                     (      ___
 37 |                                      \__.=|___E
 38 | 
 39 | =================================================================
 40 | EOF
 41 | }
 42 | 
 43 | function install_dependencies {
 44 |     # Install dependencies
 45 |     apt-get update -qq
 46 |     apt-get -y install cowsay git language-pack-en libreadline-dev
 47 | 
 48 |     # Netsniff-NG
 49 |     apt-get -y install language-pack-en git ccache flex bison libnl-3-dev \
 50 |       libnl-genl-3-dev libgeoip-dev libnetfilter-conntrack-dev \
 51 |       libncurses5-dev liburcu-dev libnacl-dev libpcap-dev \
 52 |       zlib1g-dev libcli-dev libnet1-dev
 53 | 
 54 |     # Perf tools
 55 |     apt-get -y install libaudit-dev libelf-dev libgtk2.0-dev libunwind8-dev \
 56 |     	libnuma-dev libslang2-dev libdw-dev binutils-dev asciidoc xmlto
 57 | 
 58 |     hi "Dependencies installed!"
 59 | }
 60 | 
 61 | 
 62 | function install_netsniff-ng {
 63 |    cd $HOME
 64 |    # Compile latest Netsniff-NG
 65 |    if [ ! -d $HOME/netsniff-ng ]
 66 |    then
 67 |    	git clone http://github.com/netsniff-ng/netsniff-ng
 68 |    	cd netsniff-ng
 69 |    	./configure
 70 |    	mkdir -p /usr/local/share/man/man8/
 71 |    	make && make install && hi "Netsniff-NG Installed!" || die "Failed to install netsniff-ng!"
 72 |    fi
 73 | }
 74 | 
 75 | function install_helper_tools {
 76 |    cd $HOME
 77 |    # Download other useful testing tools
 78 |    if [ ! -d $HOME/gencfg ]
 79 |    then
 80 |    	git clone http://github.com/jonschipp/gencfg
 81 |    fi
 82 |    if [ ! -d $HOME/network-testing ]
 83 |    then
 84 |    	git clone https://github.com/netoptimizer/network-testing
 85 |    fi
 86 |    hi "Helper tools installed!"
 87 | }
 88 | 
 89 | function install_linux_kernel {
 90 |     cd $HOME
 91 | 
 92 |     if [ ! -d $KERNEL ]
 93 |     then
 94 |         # Download, compile, and install latest stable kernel
 95 |         wget --progress=dot:mega -O - $LATEST_STABLE_KERNEL_URL | tar -xJ
 96 |         if [ $? -ne 0 ]; then die "Failed to download and decompress the linux kernel"; fi
 97 |         cd $KERNEL
 98 |         #mv config $KERNEL/.config
 99 |         make config
100 |         make -j 4 || die "Failed to build kernel!"
101 |         make -j 4 modules || die "Failed to build kernel modules!"
102 |         make modules_install || die "Failed to install kernel modules!"
103 |         make install || die "Failed to install kernel!"
104 |         $COWSAY -f tux "Linux kernel $KERNEL installed!"
105 |     fi
106 | }
107 | 
108 | function install_bpf_tools {
109 |     # Compile and install bpf debugging programs
110 |     cd $HOME/$KERNEL/tools/net
111 |     if ! which bpf_asm 2>&1 > /dev/null; then
112 |         make bpf_asm && BPF=1
113 |     fi
114 |     if ! which bpf_dbg 2>&1 > /dev/null; then
115 |         make bpf_dbg && BPF=1
116 |     fi
117 |     if ! which bpf_jit_disasm 2>&1 > /dev/null; then
118 |         make bpf_jit_disasm && BPF=1
119 |     fi
120 |     test $BPF -eq 1 && make install && hi "BPF Helper Tools Installed!"
121 | }
122 | 
123 | function install_perf_tools {
124 |     # Compile and install perf tools
125 |     if [ ! -e /usr/sbin/perf ]; then
126 |         cd $HOME/$KERNEL/tools/perf
127 |         make && make install && hi "Perf tools installed!" || die "Perf tools failed to install!"
128 |         ln -s $HOME/bin/perf /usr/sbin/perf
129 |     fi
130 | }
131 | 
132 | function system_configuration {
133 |     cd $HOME
134 |     # System and network configuration
135 |     if [ -e $HOME/nlmon.cfg ]; then
136 |     	mv $HOME/nlmon.cfg /etc/network/interfaces.d/nlmon.cfg
137 |     fi
138 | if [ ! -e /etc/sysctl.d/10-bpf.conf ]; then
139 | cat > /etc/sysctl.d/10-bpf.conf <<EOF
140 | # Enable BPF JIT Compiler (approx. 50ns speed up)
141 | net.core.bpf_jit_enable = 2
142 | EOF
143 | fi
144 |     hi "Everything ran! Time for a reboot"
145 | }
146 | 
147 | logo
148 | 
149 | if ! which netsniff-ng 2>&1 > /dev/null; then
150 | 	install_dependencies
151 | 	install_netsniff-ng
152 | fi
153 | 
154 | install_helper_tools
155 | 
156 | if [ "$CURRENT" != "$KERNEL" ] && [ $UPDATE -eq 1 ]; then
157 | 	install_linux_kernel
158 | fi
159 | 
160 | install_bpf_tools
161 | install_perf_tools
162 | system_configuration
163 | reboot
164 | 


--------------------------------------------------------------------------------
/netsniff-ng_centos/Vagrantfile:
--------------------------------------------------------------------------------
 1 | # -*- mode: ruby -*-
 2 | # vi: set ft=ruby :
 3 | 
 4 | # Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
 5 | VAGRANTFILE_API_VERSION = "2"
 6 | 
 7 | Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
 8 | 
 9 |   config.vm.box = "centos"
10 |   config.vm.box_url = "https://github.com/2creatives/vagrant-centos/releases/download/v6.5.3/centos65-x86_64-20140116.box"
11 |   config.vm.provision "shell", path: "provision.sh"
12 | 
13 |   # 1.) Will not work after provision script is ran because of new kernel lacking guest additions
14 |   # config.vm.network "forwarded_port", guest: 80, host: 8080
15 |   # config.vm.synced_folder ".", "/vagrant"
16 |   # 2.) Will work becuase guest additions isn't a requirement
17 |   # config.vm.synced_folder ".", "/vagrant", type: "rsync",
18 |   # rsync__exclude: ".git/"
19 |   # rsync_auto: "true" # Detect and copy any changes automatically
20 | 
21 |    config.vm.provider "virtualbox" do |vb|
22 |       #vb.gui = true
23 |       vb.name = "netsniff-ng"
24 |       vb.customize ["modifyvm", :id, "--memory", "4096"]
25 |       vb.customize ["modifyvm", :id, "--cpus", 4]
26 |    end
27 | 
28 | end
29 | 


--------------------------------------------------------------------------------
/netsniff-ng_centos/provision.sh:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env bash
  2 | # Tested on CentOS
  3 | # Cannot install Netsniff-NG because lack of TPACKET_V3 support in kernel, a problem with EL systems)
  4 | # Installs: ifpps trafgen bpfc flowtop mausezahn astraceroute
  5 | # Optional: To build curvetun uncomment NaCL lines in install_nestniff-ng function and add to make line
  6 | 
  7 | DESIRED_TOOLKIT_VERSION="$1" # e.g. ./install_netsniff-ng.sh "0.5.9-rc2+"
  8 | DIR=/root
  9 | HOST=$(hostname -s)
 10 | IRCSAY=/usr/local/bin/ircsay
 11 | COWSAY=$(which cowsay 2>/dev/null)
 12 | LOGFILE=netsniff-ng-install.log
 13 | 
 14 | exec > >(tee -a "$LOGFILE") 2>&1
 15 | echo -e "\n --> Logging stdout & stderr to $LOGFILE"
 16 | 
 17 | function die {
 18 |     if [ -f ${COWSAY:-none} ]; then
 19 | 	$COWSAY -d "$*"
 20 |     else
 21 |     	echo "$*"
 22 |     fi
 23 |     if [ -f $IRCSAY ]; then
 24 |     	( set +e; $IRCSAY "#company-channel" "$*" 2>/dev/null || true )
 25 |     fi
 26 |     # echo "$*" | mail -s "Netsniff-NG install information on $HOST" user@company.com
 27 |     exit 1
 28 | }
 29 | 
 30 | function hi {
 31 |     if [ -f ${COWSAY:-none} ]; then
 32 | 	$COWSAY "$*"
 33 |     else
 34 |     	echo "$*"
 35 |     fi
 36 |     if [ -f $IRCSAY ]; then
 37 |     	( set +e; $IRCSAY "#company-channel" "$*" 2>/dev/null || true )
 38 |     fi
 39 |     # echo "$*" | mail -s "Netsniff-NG install information on $HOST" user@company.com
 40 | }
 41 | 
 42 | function cleanup() {
 43 | local ORDER=$1
 44 | echo "$ORDER Cleaning up any messes!"
 45 | cd $DIR
 46 | if [ -f libcli-1.8.6-2.el6.rf.x86_64.rpm ]; then
 47 |         rm -fr libcli-1.8.6-2.el6.rf.x86_64.rpm
 48 | fi
 49 | 
 50 | if [ -f libcli-devel-1.8.6-2.el6.rf.x86_64.rpm ]; then
 51 |         rm -fr libcli-devel-1.8.6-2.el6.rf.x86_64.rpm
 52 | fi
 53 | if [ -f epel-release-6-8.noarch.rpm ]; then
 54 |         rm -fr epel-release-6-8.noarch.rpm
 55 | fi
 56 | rm -rf nacl*
 57 | rm -rf libnl-3.2.25*
 58 | if [ -d netsniff-ng ]; then
 59 |         rm -fr netsniff-ng
 60 | fi
 61 | }
 62 | 
 63 | function check_version() {
 64 | local ORDER=$1
 65 | echo "$ORDER Checking version!"
 66 | if [ -f /usr/local/sbin/mausezahn ]; then
 67 |         INSTALLED_VERSION=$(/usr/local/sbin/mausezahn -h | awk '/mausezahn/ && NR == 2 { gsub(",",""); print $2 }')
 68 | 
 69 |         if [[ "$INSTALLED_VERSION" == "$DESIRED_TOOLKIT_VERSION" ]]; then
 70 |                 echo "Current version $DESIRED_TOOLKIT_VERSION is already installed."
 71 | 		rm -f $0
 72 |                 exit 0
 73 |         fi
 74 | fi
 75 | }
 76 | 
 77 | function install_dependencies()
 78 | {
 79 | local ORDER=$1
 80 | echo -e "$ORDER Checking for dependencies!\n"
 81 | if [ ! -f /etc/yum.repos.d/epel.repo ]; then
 82 | 	rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm && hi "Installed EPEL repo!" || die "Failed to install EPEL"
 83 | fi
 84 | 
 85 | yum install -y wget git ccache flex bison GeoIP-devel \
 86 | 	 libnetfilter_conntrack-devel ncurses-devel \
 87 | 	 userspace-rcu-devel libpcap-devel zlib-devel \
 88 | 	 libnet-devel gnuplot cpp
 89 | echo
 90 | if [ ! -f /usr/lib64/libcli.so.1.8.6 ]; then
 91 | 	rpm -ivh http://pkgs.repoforge.org/libcli/libcli-1.8.6-2.el6.rf.x86_64.rpm && hi "Installed libcli!" || die "Failed to install libcli"
 92 | fi
 93 | if [ ! -f /usr/include/libcli.h ]; then
 94 | 	rpm -ivh http://pkgs.repoforge.org/libcli/libcli-devel-1.8.6-2.el6.rf.x86_64.rpm && hi "Installed libcli-devel!" || die "Failed to install libcli-devel"
 95 | fi
 96 | if [ ! -d /usr/local/lib/libnl ]; then
 97 | 	wget http://www.infradead.org/~tgr/libnl/files/libnl-3.2.25.tar.gz
 98 | 	tar zxf libnl-3.2.25.tar.gz
 99 | 	cd libnl-3.2.25
100 | 	./configure && make && make install && hi "Installed libnl-3.2.25" || die "Failed to install libnl-3.2.25"
101 | fi
102 | }
103 | 
104 | function install_netsniff-ng() {
105 | local ORDER=$1
106 | echo -e "$ORDER Installing from source!\n"
107 | cd $DIR
108 | if git clone https://github.com/netsniff-ng/netsniff-ng.git
109 | then
110 |         cd netsniff-ng
111 | 	./configure 2>&1 > /dev/null
112 | 	# Uncomment next 4 lines to build library for curvetun, then add "curvetun" and curvetun_install to make line.
113 | 	# make nacl
114 | 	# source <(grep '=' curvetun/nacl_build.sh | sed 's/abiname/curvetun\/abiname/')
115 | 	# export NACL_LIB_DIR=/root/nacl/$nacl_version/build/$shorthostname/lib/$arch
116 | 	# export NACL_INC_DIR=/root/nacl/$nacl_version/build/$shorthostname/include/$arch
117 | 	export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig
118 |   ./configure && make ifpps trafgen bpfc flowtop mausezahn astraceroute && make ifpps_install trafgen_install bpfc_install flowtop_install mausezahn_install astraceroute_install
119 | 
120 | 	if [ $? -eq 0 ]; then
121 | 		hi "Netsniff-NG successfully installed!"
122 | 	else
123 | 		die "Netsniff-NG tools failed to install"
124 | 	fi
125 | else
126 | 	die "Netsniff-NG download failed"
127 | fi
128 | }
129 | 
130 | function configuration() {
131 | local ORDER=$1
132 | echo -e "$ORDER Configuring the system for best use!\n"
133 | 
134 | if [ ! -f /etc/ld.so.conf.d/libnl.conf ]; then
135 | 	echo "/usr/local/lib" > /etc/ld.so.conf.d/libnl.conf
136 | 	ldconfig
137 | fi
138 | 
139 | if [ -d /etc/sysctl.d ] && [ ! -f /etc/sysctl.d/10-bpf.conf ]; then
140 | cat > /etc/sysctl.d/10-bpf.conf <<EOF
141 | # Enable BPF JIT Compiler (approx. 50ns speed up)
142 | net.core.bpf_jit_enable = 2
143 | EOF
144 | fi
145 | }
146 | 
147 | # Remove if someone manually left files
148 | cleanup "1.)"
149 | # Check version to update when new is available (specified as argument)
150 | check_version "2.)"
151 | install_dependencies "3.)"
152 | install_netsniff-ng "4.)"
153 | configuration "5.)"
154 | cleanup "6.)"
155 | exit 0
156 | 


--------------------------------------------------------------------------------
/openvas/README.md:
--------------------------------------------------------------------------------
 1 | # ISLET
 2 | 
 3 | ````
 4 | $ vagrant up
 5 | ````
 6 | 
 7 | will provision a machine with [ISLET](https://github.com/jonschipp/ISLET) (Isolate, Scalable, & Lightweight Environment for Training).
 8 | 
 9 | When a user ssh's to the demo account on the machine they're placed in a contained Linux environment designed for training.
10 | 
11 | Use:
12 | ```shell
13 | $ ssh -p 2222 demo@127.0.0.1 -o UserKnownHostsFile=/dev/null
14 | ```
15 | 
16 | The password for the demo user is:
17 | ```
18 | demo
19 | ```
20 | 


--------------------------------------------------------------------------------
/openvas/Vagrantfile:
--------------------------------------------------------------------------------
 1 | # -*- mode: ruby -*-
 2 | # vi: set ft=ruby :
 3 | 
 4 | # Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
 5 | VAGRANTFILE_API_VERSION = "2"
 6 | 
 7 | Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
 8 | 
 9 |   config.vm.box = "trusty"
10 |   config.vm.box_url = "https://cloud-images.ubuntu.com/vagrant/trusty/current/trusty-server-cloudimg-amd64-vagrant-disk1.box"
11 |   config.vm.provision "shell", path:   "provision.sh"
12 |   config.ssh.insert_key = false
13 | 
14 |   config.vm.network "forwarded_port", guest: 4000, host: 4000
15 |   config.vm.network "forwarded_port", guest: 9390, host: 9390
16 |   config.vm.network "forwarded_port", guest: 9391, host: 9391
17 |   # config.vm.synced_folder "../data", "/vagrant_data"
18 | 
19 |    config.vm.provider "virtualbox" do |vb|
20 |       vb.gui = false
21 |       vb.name = "openvas"
22 |       vb.customize ["modifyvm", :id, "--memory", "2048"]
23 |       vb.customize ["modifyvm", :id, "--cpus", 2]
24 |    end
25 | 
26 | end
27 | 


--------------------------------------------------------------------------------
/openvas/provision.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | # Author: Jon Schipp <jonschipp@gmail.com>
 3 | # Written for Ubuntu Saucy and Trusty, should be adaptable to other distros.
 4 | 
 5 | ## Variables
 6 | HOME=/root
 7 | cd $HOME
 8 | 
 9 | # Installation notification
10 | COWSAY=/usr/games/cowsay
11 | IRCSAY=/usr/local/bin/ircsay
12 | IRC_CHAN="#replace_me"
13 | HOST=$(hostname -s)
14 | LOGFILE=/root/islet_install.log
15 | EMAIL=user@company.com
16 | 
17 | function die {
18 |   if [ -f ${COWSAY:-none} ]; then
19 |     $COWSAY -d "$*"
20 |   else
21 |     echo "$*"
22 |   fi
23 |   exit 1
24 | }
25 | 
26 | function hi {
27 |   if [ -f ${COWSAY:-none} ]; then
28 |     $COWSAY "$*"
29 |   else
30 |     echo "$*"
31 |   fi
32 | }
33 | 
34 | install_dependencies(){
35 |   hi "$1 $FUNCNAME"
36 |   export DEBIAN_FRONTEND=noninteractive
37 |   apt-get update -qq
38 |   add-apt-repository ppa:mrazavi/openvas
39 |   apt-get update
40 |   apt-get install -yq openvas9 sqlite3
41 |   greenbone-nvt-sync
42 |   greenbone-scapdata-sync
43 |   greenbone-certdata-sync
44 | }
45 | 
46 | start_services(){
47 |   hi "$1 $FUNCNAME"
48 |   service openvas-scanner restart
49 |   service openvas-manager restart
50 | }
51 | 
52 | install_dependencies "1.)"
53 | start_services "2.)"
54 | 
55 | echo -e "\nTry it out: https://admin:admin@localhost:4000"
56 | 


--------------------------------------------------------------------------------
/openvz/README.md:
--------------------------------------------------------------------------------
1 | # OpenVZ
2 | 
3 | ````
4 | $ vagrant up
5 | ````
6 | 
7 | will provision a machine with [OpenVZ](http://openvz.org/).
8 | 


--------------------------------------------------------------------------------
/openvz/Vagrantfile:
--------------------------------------------------------------------------------
 1 | # -*- mode: ruby -*-
 2 | # vi: set ft=ruby :
 3 | 
 4 | # Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
 5 | VAGRANTFILE_API_VERSION = "2"
 6 | 
 7 | Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
 8 | 
 9 |   config.vm.box = "freedev/centos-6.2-x86_64"
10 | 
11 |   config.vm.provision "shell", path:  "provision.sh"
12 | 
13 |   # config.vm.network "forwarded_port", guest: 80, host: 8080
14 |   # config.vm.synced_folder "../data", "/vagrant_data"
15 | 
16 |    config.vm.provider "virtualbox" do |vb|
17 |   #   vb.gui = true
18 |       vb.name = "openvz"
19 |       vb.customize ["modifyvm", :id, "--memory", "2024"]
20 |       vb.customize ["modifyvm", :id, "--cpus", 2]
21 |    end
22 | 
23 | end
24 | 


--------------------------------------------------------------------------------
/openvz/provision.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | # Author: Jon Schipp <jonschipp@gmail.com>
  3 | # Written for Ubuntu Saucy and Trusty, should be adaptable to other distros.
  4 | 
  5 | ## Variables
  6 | VAGRANT=/home/vagrant
  7 | HOME=/root
  8 | [ -e /etc/redhat-release ] && OS=el && export PKG_CONFIG_PATH="/usr/local/lib/pkgconfig:/lib64/pkgconfig/"
  9 | [ -e /etc/debian_version ] && OS=debian
 10 | [ "$OS" = "debian" ] && PACKAGES="vzkernel"
 11 | [ "$OS" = "el" ] && PACKAGES="wget vzkernel vzctl vzquota ploop"
 12 | 
 13 | # Installation notification
 14 | MAIL=$(which mail)
 15 | COWSAY=/usr/games/cowsay
 16 | IRCSAY=/usr/local/bin/ircsay
 17 | IRC_CHAN="#replace_me"
 18 | HOST=$(hostname -s)
 19 | LOGFILE=/root/islet_install.log
 20 | EMAIL=user@company.com
 21 | 
 22 | cd $HOME
 23 | 
 24 | function die {
 25 |   if [ -f ${COWSAY:-none} ]; then
 26 |     $COWSAY -d "$*"
 27 |   else
 28 |     echo "$*"
 29 |   fi
 30 |   if [ -f $IRCSAY ]; then
 31 |     ( set +e; $IRCSAY "$IRC_CHAN" "$*" 2>/dev/null || true )
 32 |   fi
 33 |   [ $MAIL ] && echo "$*" | mail -s "[vagrant] Sagan install information on $HOST" $EMAIL
 34 |   exit 1
 35 | }
 36 | 
 37 | function hi {
 38 |   if [ -f ${COWSAY:-none} ]; then
 39 |     $COWSAY "$*"
 40 |   else
 41 |     echo "$*"
 42 |   fi
 43 |   if [ -f $IRCSAY ]; then
 44 |     ( set +e; $IRCSAY "$IRC_CHAN" "$*" 2>/dev/null || true )
 45 |   fi
 46 |   [ $MAIL ] && echo "$*" | mail -s "[vagrant] Sagan install information on $HOST" $EMAIL
 47 | }
 48 | 
 49 | number_of_packages(){ package_count="$#"; }
 50 | 
 51 | package_check(){
 52 |   local packages=$@
 53 |   local count=0
 54 |   # Count number of items in packages variable
 55 |   number_of_packages $packages
 56 | 
 57 |   # Format items for egrep query
 58 |   pkg_list=$(echo $packages | sed 's/ /|  /g')
 59 | 
 60 |   # Count number of packages installed from list
 61 |   [ "$OS" = "debian" ] && count=$(dpkg -l | egrep "  $pkg_list" | wc -l)
 62 |   [ "$OS" = "el" ]     && count=$(yum list installed | egrep "$pkg_list" | wc -l)
 63 | 
 64 |   if [ $count -ge $package_count ]
 65 |   then
 66 |     return 0
 67 |   else
 68 |     echo "Installing packages for function!"
 69 |     [ "$OS" = "debian" ] && apt-get install -qy $packages
 70 |     [ "$OS" = "el" ]     && yum install -qy $packages
 71 |   fi
 72 | }
 73 | 
 74 | install_dependencies(){
 75 |   hi "$1 $FUNCNAME\n"
 76 |   [ "$OS" = "debian" ] && apt-get update -qq
 77 |   [ "$OS" = "el" ]     && yum makecache -q
 78 |   [ -f /etc/yum.repos.d/openvz.repo ] || wget -P /etc/yum.repos.d/ http://ftp.openvz.org/openvz.repo
 79 |   rpm --import http://ftp.openvz.org/RPM-GPG-Key-OpenVZ
 80 |   package_check $PACKAGES
 81 | }
 82 | 
 83 | configuration(){
 84 |   hi "$1 $FUNCNAME\n"
 85 | cat <<EOF >> /etc/sysctl.conf
 86 | # On Hardware Node we generally nee  d
 87 | # packet forwarding enabled and pro  xy arp disabled
 88 | net.ipv4.ip_forward = 1
 89 | net.ipv6.conf.default.forwarding =   1
 90 | net.ipv6.conf.all.forwarding = 1
 91 | net.ipv4.conf.default.proxy_arp = 0
 92 | 
 93 | # Enables source route verification
 94 | net.ipv4.conf.all.rp_filter = 1
 95 | 
 96 | # Enables the magic-sysrq key
 97 | kernel.sysrq = 1
 98 | 
 99 | # We do not want all our interfaces to send redirects
100 | net.ipv4.conf.default.send_redirects = 1
101 | net.ipv4.conf.all.send_redirects = 0
102 | EOF
103 | echo "options nf_conntrack ip_conntrack_disable_ve0=0" > /etc/modprobe.d/openvz.conf
104 | echo -e "modprobe vzcpt\nmodprobe vzrst" > /etc/rc.modules
105 | 
106 | }
107 | 
108 | install_dependencies "1.)"
109 | configuration "2.)"
110 | 


--------------------------------------------------------------------------------
/pxe-kickstart/README.md:
--------------------------------------------------------------------------------
 1 | PXE Kickstart
 2 | =============
 3 | 
 4 | ```
 5 | $ vagrant up
 6 | ```
 7 | 
 8 | will provision a new PXE server with Kickstart for deploying Ubuntu images on your LAN via bridged network mode.
 9 | It automatically detects your IP address and configures dhcpd, tftpd, etc. for you and will begin serving out the image to DCHP clients.
10 | Fire up the VM and then PXE boot a computer on your LAN.
11 | 
12 | Change bridge to your interface if it differs.
13 | ```
14 | config.vm.network "public_network", bridge: 'en0: Ethernet Alias'
15 | ```
16 | 
17 | You can set args a valid iso url to deploy the image of your choice.
18 | ```
19 | config.vm.provision "shell", path: "provision.sh", args: "http://releases.ubuntu.com/14.04/ubuntu-14.04.1-server-amd64.iso"
20 | ```
21 | 


--------------------------------------------------------------------------------
/pxe-kickstart/Vagrantfile:
--------------------------------------------------------------------------------
 1 | # -*- mode: ruby -*-
 2 | # vi: set ft=ruby :
 3 | 
 4 | # Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
 5 | VAGRANTFILE_API_VERSION = "2"
 6 | 
 7 | Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
 8 | 
 9 |   config.vm.box = "trusty"
10 |   config.vm.box_url = "https://cloud-images.ubuntu.com/vagrant/trusty/current/trusty-server-cloudimg-amd64-vagrant-disk1.box"
11 |   config.vm.network "public_network", bridge: 'en0: Ethernet Alias'
12 |   config.vm.provision "file", source: "ks.cfg", destination: "ks.cfg"
13 |   config.vm.provision "file", source: "tftpd-hpa", destination: "tftpd-hpa"
14 |   config.vm.provision "shell", path: "provision.sh", args: "http://releases.ubuntu.com/14.04/ubuntu-14.04.1-server-amd64.iso"
15 | 
16 |   config.vm.provider "virtualbox" do |vb|
17 |       vb.gui = false
18 |       vb.name = "pxe"
19 |       vb.customize ["modifyvm", :id, "--memory", "256"]
20 |       vb.customize ["modifyvm", :id, "--cpus", 1]
21 |    end
22 | 
23 | end
24 | 


--------------------------------------------------------------------------------
/pxe-kickstart/ks.cfg:
--------------------------------------------------------------------------------
  1 | # set local mirror for installation
  2 | url --url http://replaceme/ubuntu/
  3 | 
  4 | #language
  5 | lang en_US
  6 | langsupport en_US
  7 | 
  8 | #keyboard/mouse
  9 | keyboard us
 10 | mouse
 11 | 
 12 | #Time settings
 13 | timezone America/Indiana/Indianapolis
 14 | 
 15 | #User creation
 16 | user administrator --fullname "administrator" --password changeme
 17 | 
 18 | #Install and reboot
 19 | reboot
 20 | install
 21 | 
 22 | #Bootloader configuration
 23 | bootloader --location=mbr
 24 | zerombr yes
 25 | 
 26 | #Partition clearing
 27 | clearpart --all --initlabel
 28 | 
 29 | #packages to install
 30 | %packages
 31 | @ ubuntu-server
 32 | openssh-server
 33 | build-essential
 34 | 
 35 | 
 36 | # post installation scripts
 37 | %post
 38 | 
 39 | #copy contents to /etc/apt/sources.list
 40 | echo " #
 41 | 
 42 | # deb cdrom:[Ubuntu-Server 14.04 LTS _Trusty Tahr_ - Release amd64
 43 | # (20140416.2)]/ trusty main restricted
 44 | 
 45 | #deb cdrom:[Ubuntu-Server 14.04 LTS _Trusty Tahr_ - Release amd64 (20140416.2)]/
 46 | #trusty main restricted
 47 | 
 48 | # See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
 49 | # newer versions of the distribution.
 50 | deb http://us.archive.ubuntu.com/ubuntu/ trusty main restricted
 51 | deb-src http://us.archive.ubuntu.com/ubuntu/ trusty main restricted
 52 | 
 53 | ## Major bug fix updates produced after the final release of the
 54 | ## distribution.
 55 | deb http://us.archive.ubuntu.com/ubuntu/ trusty-updates main restricted
 56 | deb-src http://us.archive.ubuntu.com/ubuntu/ trusty-updates main restricted
 57 | 
 58 | ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
 59 | ## team. Also, please note that software in universe WILL NOT receive any
 60 | ## review or updates from the Ubuntu security team.
 61 | deb http://us.archive.ubuntu.com/ubuntu/ trusty universe
 62 | deb-src http://us.archive.ubuntu.com/ubuntu/ trusty universe
 63 | deb http://us.archive.ubuntu.com/ubuntu/ trusty-updates universe
 64 | deb-src http://us.archive.ubuntu.com/ubuntu/ trusty-updates universe
 65 | 
 66 | ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
 67 | ## team, and may not be under a free licence. Please satisfy yourself as to
 68 | ## your rights to use the software. Also, please note that software in
 69 | ## multiverse WILL NOT receive any review or updates from the Ubuntu
 70 | ## security team.
 71 | deb http://us.archive.ubuntu.com/ubuntu/ trusty multiverse
 72 | deb-src http://us.archive.ubuntu.com/ubuntu/ trusty multiverse
 73 | deb http://us.archive.ubuntu.com/ubuntu/ trusty-updates multiverse
 74 | deb-src http://us.archive.ubuntu.com/ubuntu/ trusty-updates multiverse
 75 | 
 76 | ## N.B. software from this repository may not have been tested as
 77 | ## extensively as that contained in the main release, although it includes
 78 | ## newer versions of some applications which may provide useful features.
 79 | ## Also, please note that software in backports WILL NOT receive any review
 80 | ## or updates from the Ubuntu security team.
 81 | deb http://us.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse
 82 | deb-src http://us.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse
 83 | 
 84 | deb http://security.ubuntu.com/ubuntu trusty-security main restricted
 85 | deb-src http://security.ubuntu.com/ubuntu trusty-security main restricted
 86 | deb http://security.ubuntu.com/ubuntu trusty-security universe
 87 | deb-src http://security.ubuntu.com/ubuntu trusty-security universe
 88 | deb http://security.ubuntu.com/ubuntu trusty-security multiverse
 89 | deb-src http://security.ubuntu.com/ubuntu trusty-security multiverse
 90 | 
 91 | ## Uncomment the following two lines to add software from Canonical's
 92 | ## 'partner' repository.
 93 | ## This software is not part of Ubuntu, but is offered by Canonical and the
 94 | ## respective vendors as a service to Ubuntu users.
 95 | # deb http://archive.canonical.com/ubuntu trusty partner
 96 | # deb-src http://archive.canonical.com/ubuntu trusty partner
 97 | 
 98 | ## Uncomment the following two lines to add software from Ubuntu's
 99 | ## 'extras' repository.
100 | ## This software is not part of Ubuntu, but is offered by third-party
101 | ## developers who want to ship their latest software.
102 | # deb http://extras.ubuntu.com/ubuntu trusty main
103 | # deb-src http://extras.ubuntu.com/ubuntu trusty main" > /etc/apt/sources.list
104 | 


--------------------------------------------------------------------------------
/pxe-kickstart/provision.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | 
  3 | ## Variables
  4 | HOME=/root
  5 | VAGRANT=/home/vagrant
  6 | PACKAGES="cowsay apache2 tftpd-hpa inetutils-inetd isc-dhcp-server"
  7 | URL="${1:-http://releases.ubuntu.com/14.04/ubuntu-14.04.1-server-amd64.iso}"
  8 | ISO="$(basename $URL)"
  9 | KS=/var/www/html/ubuntu/install/ks.cfg
 10 | NIC=eth1
 11 | IP=$(ifconfig $NIC | grep 'inet addr:' | cut -d: -f2 | awk '{print $1}')
 12 | MASK=$(ifconfig $NIC | grep 'inet addr:' | cut -d: -f4 | awk '{ print $1 }')
 13 | BROADCAST=$(ifconfig $NIC | grep 'inet addr:' | cut -d: -f3 | awk '{ print $1 }')
 14 | # I'm too lazy to do the math to get net and range, presuming /24
 15 | NET=$(ifconfig $NIC | grep 'inet addr:' | cut -d: -f3 | awk '{ print $1 }' | cut -d . -f1-3)
 16 | BEGIN_RANGE=2
 17 | END_RANGE=254
 18 | 
 19 | echo $URL | grep -q amd64 && ARCH=amd64
 20 | echo $URL | grep -q i386 && ARCH=i386
 21 | 
 22 | # Installation notification
 23 | MAIL=$(which mail)
 24 | COWSAY=/usr/games/cowsay
 25 | IRCSAY=/usr/local/bin/ircsay
 26 | IRC_CHAN="#replace_me"
 27 | HOST=$(hostname -s)
 28 | LOGFILE=/root/islet_install.log
 29 | EMAIL=user@company.com
 30 | 
 31 | cd $HOME
 32 | 
 33 | function die {
 34 |   if [ -f ${COWSAY:-none} ]; then
 35 |     $COWSAY -d "$*"
 36 |   else
 37 |     echo "$*"
 38 |   fi
 39 |   if [ -f $IRCSAY ]; then
 40 |     ( set +e; $IRCSAY "$IRC_CHAN" "$*" 2>/dev/null || true )
 41 |   fi
 42 |   [ $MAIL ] && echo "$*" | mail -s "[vagrant] PXE install information on $HOST" $EMAIL
 43 |   exit 1
 44 | }
 45 | 
 46 | function hi {
 47 |   if [ -f ${COWSAY:-none} ]; then
 48 |     $COWSAY "$*"
 49 |   else
 50 |     echo "$*"
 51 |   fi
 52 |   if [ -f $IRCSAY ]; then
 53 |     ( set +e; $IRCSAY "$IRC_CHAN" "$*" 2>/dev/null || true )
 54 |   fi
 55 |   [ $MAIL ] && echo "$*" | mail -s "[vagrant] PXE install information on $HOST" $EMAIL
 56 |   return 0
 57 | }
 58 | 
 59 | number_of_packages(){ package_count="$#"; }
 60 | 
 61 | package_check(){
 62 |   local packages=$@
 63 |   local count=0
 64 |   # Count number of items in packages variable
 65 |   number_of_packages $packages
 66 | 
 67 |   # Format items for egrep query
 68 |   pkg_list=$(echo $packages | sed 's/ /|  /g')
 69 | 
 70 |   # Count number of packages installed from list
 71 |   count=$(dpkg -l | egrep "  $pkg_list" | wc -l)
 72 | 
 73 |   if [ $count -ge $package_count ]
 74 |   then
 75 |     return 0
 76 |   else
 77 |     echo "Installing packages for function!"
 78 |     apt-get install -qy $packages
 79 |   fi
 80 | }
 81 | 
 82 | install_dependencies(){
 83 |   hi "$1 $FUNCNAME"
 84 |   apt-get update -qq
 85 |   package_check $PACKAGES
 86 | }
 87 | 
 88 | configuration(){
 89 |   hi "$1 $FUNCNAME"
 90 |   grep -q "tftpboot" /etc/inetd.conf           || echo "tftp    dgram   udp    wait    root   \
 91 |     /usr/sbin/in.tftpd /usr/sbin/in.tftpd -s /var/lib/tftpboot" >> /etc/inetd.conf
 92 |   [ -e $HOME/ubuntu-14.04.1-server-$ARCH.iso ] || wget --progress=dot:mega -O $HOME/$ISO $URL
 93 |   [ -d /mnt/install ]                          || mount -o loop $HOME/$ISO /mnt
 94 |   [ -d /var/www/html/ubuntu/install ]          || mkdir -p /var/www/html/ubuntu/install
 95 |   cp -rf /mnt/* /var/www/html/ubuntu/
 96 |   [ -d /var/lib/tftpboot/ubuntu-installer ]    || cp -rf /mnt/install/netboot/* /var/lib/tftpboot/
 97 |   install -o root -g root -m 644 $VAGRANT/ks.cfg $KS
 98 |   install -o root -g root -m 644 $VAGRANT/tftpd-hpa  /etc/default/tftpd-hpa
 99 |   sed -i "s/replaceme/$IP/" $KS
100 | 
101 | cat <<EOF > /etc/dhcp/dhcpd.conf
102 | ddns-update-style none;
103 | 
104 | # option definitions common to all supported networks...
105 | option domain-name "example.org";
106 | option domain-name-servers 8.8.8.8;
107 | 
108 | default-lease-time 600;
109 | max-lease-time 7200;
110 | allow bootp;
111 | allow booting;
112 | log-facility local7;
113 | 
114 | subnet ${NET}.0 netmask $MASK {
115 |         range ${NET}.${BEGIN_RANGE} ${NET}.${END_RANGE};
116 |         filename "pxelinux.0";
117 |         option broadcast-address $BROADCAST;
118 |         option routers $IP;
119 | }
120 | EOF
121 | 
122 | cat <<EOF > /var/www/html/ubuntu/install/preseed.cfg
123 | d-i partman/confirm_write_new_label boolean true
124 | d-i partman/choose_partition select finish
125 | d-i partman/confirm boolean true
126 | d-i partman/confirm_nooverwrite boolean true
127 | d-i live-installer/net-image string
128 | d-i live-installer/net-image string http://$IP/ubuntu/install/filesystem.squashfs
129 | EOF
130 | 
131 | cat <<EOF > /var/lib/tftpboot/ubuntu-installer/$ARCH/boot-screens/syslinux.cfg
132 | # D-I config version 2.0
133 | default ubuntu-installer/$ARCH/boot-screens/vesamenu.c32
134 | prompt 0
135 | timeout 0
136 | label Ubuntu-14.04.1-Server
137 |         kernel ubuntu-installer/$ARCH/linux
138 | 	append vga=normal initrd=ubuntu-installer/$ARCH/initrd.gz ks=http://$IP/ubuntu/install/ks.cfg url=http://$IP/ubuntu/install/preseed.cfg ramdisk_size=16432 root=/dev/rd/0 rw  --
139 | EOF
140 | }
141 | 
142 | start_services(){
143 |   hi "$1 $FUNCNAME"
144 |   service isc-dhcp-server restart || die "Failed to start isc-dhcp-server"
145 |   service tftpd-hpa restart       || die "Failed to start ftpd-hpa"
146 |   service apache2 restart         || die "Failed to start apache2"
147 | }
148 | 
149 | #ping -c 1 -t 2 8.8.8.8 1>/dev/null 2>/dev/null || die "Your vagrant bridge interface should be connected not to the internet!"
150 | 
151 | install_dependencies "1.)"
152 | configuration "2.)"
153 | start_services "3.)"
154 | 


--------------------------------------------------------------------------------
/pxe-kickstart/tftpd-hpa:
--------------------------------------------------------------------------------
1 | # /etc/default/tftpd-hpa
2 | 
3 | TFTP_USERNAME="tftp"
4 | TFTP_DIRECTORY="/var/lib/tftpboot"
5 | TFTP_ADDRESS="0.0.0.0:69"
6 | TFTP_OPTIONS="--secure"
7 | RUN_DAEMON="yes"
8 | OPTIONS="-l -s /var/lib/tftpboot"
9 | 


--------------------------------------------------------------------------------
/pxe-multiboot/README.md:
--------------------------------------------------------------------------------
 1 | PXE Multiboot Server
 2 | ====================
 3 | 
 4 | ![PXE Boot Screenshot](http://jonschipp.com/pics/pxe-multiboot.jpg)
 5 | 
 6 | ```
 7 | $ vagrant up
 8 | ```
 9 | 
10 | will provision a new PXE server with Linux images on your LAN via bridged network mode.
11 | It automatically detects your IP address and configures dhcpd, tftpd, etc. for you and will begin serving out the image to DHCP clients.
12 | Fire up the VM and then PXE boot a computer on your LAN.
13 | 
14 | Change bridge to your interface if it differs.
15 | ```
16 | config.vm.network "public_network", bridge: 'en0: Ethernet Alias'
17 | ```
18 | 
19 | You can set args a valid iso url to deploy the image of your choice.
20 | ```
21 | config.vm.provision "shell", path: "new_iso.sh", args: "--os Ubuntu --version 14.0.1 --ramdisk initrd.gz --kernel linux --url http://releases.ubuntu.com/14.04/ubuntu-14.04.1-server-amd64.iso"
22 | ```
23 | 
24 | Use the new_iso and new_pxe scripts to install new images.
25 | 
26 | The following command will add CentOS and DBAN as options to boot from, it will configure the entire thing beginning with downloading the iso, for PXE booting.
27 | ```
28 |   ./new_iso --os CentOS --version 7.0 --url http://mirror.cs.uwp.edu/pub/centos/7.0.1406/isos/x86_64/CentOS-7.0-1406-x86_64-Minimal.iso"
29 |   ./new_iso --os dban --version 2.2.8 --url http://sourceforge.net/projects/dban/files/dban/dban-2.2.8/dban-2.2.8_i586.iso --kernel dban.bzi"
30 | ```
31 | 
32 | The following command will backup and replace the menu system to install Kali Linux via PXE boot.
33 | ```
34 |   ./new_pxe --url http://repo.kali.org/kali/dists/kali/main/installer-i386/current/images/netboot/netboot.tar.gz
35 | ```
36 | 


--------------------------------------------------------------------------------
/pxe-multiboot/Vagrantfile:
--------------------------------------------------------------------------------
 1 | # -*- mode: ruby -*-
 2 | # vi: set ft=ruby :
 3 | 
 4 | # Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
 5 | VAGRANTFILE_API_VERSION = "2"
 6 | 
 7 | Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
 8 | 
 9 |   config.vm.box = "trusty"
10 |   config.vm.box_url = "https://cloud-images.ubuntu.com/vagrant/trusty/current/trusty-server-cloudimg-amd64-vagrant-disk1.box"
11 |   config.vm.network "public_network", bridge: 'en0: Ethernet Alias'
12 |   config.vm.provision "file", source: "ks.cfg", destination: "ks.cfg"
13 |   config.vm.provision "file", source: "tftpd-hpa", destination: "tftpd-hpa"
14 |   config.vm.provision "file", source: "new_iso.sh", destination: "new_iso"
15 |   config.vm.provision "file", source: "new_pxe.sh", destination: "new_pxe"
16 |   config.vm.provision "shell", path: "provision.sh"
17 | 
18 | 
19 |   # config.vm.provision "shell", path: "new_iso.sh", args: "--os Ubuntu --version 14.0.1 --ramdisk initrd.gz --kernel linux --url http://releases.ubuntu.com/14.04/ubuntu-14.04.1-server-amd64.iso"
20 |    config.vm.provision "shell", path: "new_iso.sh", args: "--os Ubuntu --version 14.0.1 --ramdisk initrd.gz --kernel linux --url http://releases.ubuntu.com/14.04/ubuntu-14.04.1-server-i386.iso"
21 | 
22 |   # config.vm.provision "shell", path: "new_iso.sh", args: "--os Ubuntu --version 14.04-NetBoot --url http://archive.ubuntu.com/ubuntu/dists/trusty-updates/main/installer-i386/current/images/netboot/mini.iso"
23 |   # config.vm.provision "shell", path: "new_iso.sh", args: "--os Ubuntu --version 14.04-NetBoot --url http://archive.ubuntu.com/ubuntu/dists/trusty-updates/main/installer-amd64/current/images/netboot/mini.iso"
24 |   # config.vm.provision "shell", path: "new_iso.sh", args: "--os CentOS --version 7.0 --url http://mirror.cs.uwp.edu/pub/centos/7.0.1406/isos/x86_64/CentOS-7.0-1406-x86_64-Minimal.iso"
25 |   # config.vm.provision "shell", path: "new_iso.sh", args: "--os Fedora --version 21 --url http://download.fedoraproject.org/pub/fedora/linux/releases/21/Server/i386/iso/Fedora-Server-netinst-i386-21.iso"
26 |   # config.vm.provision "shell", path: "new_iso.sh", args: "--os Fedora --version 21 --url http://download.fedoraproject.org/pub/fedora/linux/releases/21/Server/x86_64/iso/Fedora-Server-netinst-x86_64-21.iso"
27 |   # config.vm.provision "shell", path: "new_iso.sh", args: "--os Kali --version 1.0.9a --url http://cdimage.kali.org/kali-1.0.9a/kali-linux-1.0.9a-i386.iso"
28 |   # config.vm.provision "shell", path: "new_iso.sh", args: "--os Kali --version 1.0.9a --url http://cdimage.kali.org/kali-1.0.9a/kali-linux-1.0.9a-amd64.iso"
29 |   # config.vm.provision "shell", path: "new_iso.sh", args: "--os dban --version 2.2.8 --url http://sourceforge.net/projects/dban/files/dban/dban-2.2.8/dban-2.2.8_i586.iso --kernel dban.bzi"
30 | 
31 |   # config.vm.provision "shell", path: "new_pxe.sh", args: "--url http://ftp.nl.debian.org/debian/dists/wheezy/main/installer-i386/current/images/netboot/netboot.tar.gz"
32 |   #
33 |   config.vm.provider "virtualbox" do |vb|
34 |       vb.gui = false
35 |       vb.name = "multi-pxe"
36 |       vb.customize ["modifyvm", :id, "--memory", "4096"]
37 |       vb.customize ["modifyvm", :id, "--cpus", 3]
38 |    end
39 | 
40 | end
41 | 


--------------------------------------------------------------------------------
/pxe-multiboot/ks.cfg:
--------------------------------------------------------------------------------
  1 | # set local mirror for installation
  2 | url --url http://replaceme/ubuntu/
  3 | 
  4 | #language
  5 | lang en_US
  6 | langsupport en_US
  7 | 
  8 | #keyboard/mouse
  9 | keyboard us
 10 | mouse
 11 | 
 12 | #Time settings
 13 | timezone America/Indiana/Indianapolis
 14 | 
 15 | #User creation
 16 | user administrator --fullname "administrator" --password changeme
 17 | 
 18 | #Install and reboot
 19 | reboot
 20 | install
 21 | 
 22 | #Bootloader configuration
 23 | bootloader --location=mbr
 24 | zerombr yes
 25 | 
 26 | #Partition clearing
 27 | clearpart --all --initlabel
 28 | 
 29 | #packages to install
 30 | %packages
 31 | @ ubuntu-server
 32 | openssh-server
 33 | build-essential
 34 | 
 35 | 
 36 | # post installation scripts
 37 | %post
 38 | 
 39 | #copy contents to /etc/apt/sources.list
 40 | echo " #
 41 | 
 42 | # deb cdrom:[Ubuntu-Server 14.04 LTS _Trusty Tahr_ - Release amd64
 43 | # (20140416.2)]/ trusty main restricted
 44 | 
 45 | #deb cdrom:[Ubuntu-Server 14.04 LTS _Trusty Tahr_ - Release amd64 (20140416.2)]/
 46 | #trusty main restricted
 47 | 
 48 | # See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
 49 | # newer versions of the distribution.
 50 | deb http://us.archive.ubuntu.com/ubuntu/ trusty main restricted
 51 | deb-src http://us.archive.ubuntu.com/ubuntu/ trusty main restricted
 52 | 
 53 | ## Major bug fix updates produced after the final release of the
 54 | ## distribution.
 55 | deb http://us.archive.ubuntu.com/ubuntu/ trusty-updates main restricted
 56 | deb-src http://us.archive.ubuntu.com/ubuntu/ trusty-updates main restricted
 57 | 
 58 | ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
 59 | ## team. Also, please note that software in universe WILL NOT receive any
 60 | ## review or updates from the Ubuntu security team.
 61 | deb http://us.archive.ubuntu.com/ubuntu/ trusty universe
 62 | deb-src http://us.archive.ubuntu.com/ubuntu/ trusty universe
 63 | deb http://us.archive.ubuntu.com/ubuntu/ trusty-updates universe
 64 | deb-src http://us.archive.ubuntu.com/ubuntu/ trusty-updates universe
 65 | 
 66 | ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
 67 | ## team, and may not be under a free licence. Please satisfy yourself as to
 68 | ## your rights to use the software. Also, please note that software in
 69 | ## multiverse WILL NOT receive any review or updates from the Ubuntu
 70 | ## security team.
 71 | deb http://us.archive.ubuntu.com/ubuntu/ trusty multiverse
 72 | deb-src http://us.archive.ubuntu.com/ubuntu/ trusty multiverse
 73 | deb http://us.archive.ubuntu.com/ubuntu/ trusty-updates multiverse
 74 | deb-src http://us.archive.ubuntu.com/ubuntu/ trusty-updates multiverse
 75 | 
 76 | ## N.B. software from this repository may not have been tested as
 77 | ## extensively as that contained in the main release, although it includes
 78 | ## newer versions of some applications which may provide useful features.
 79 | ## Also, please note that software in backports WILL NOT receive any review
 80 | ## or updates from the Ubuntu security team.
 81 | deb http://us.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse
 82 | deb-src http://us.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse
 83 | 
 84 | deb http://security.ubuntu.com/ubuntu trusty-security main restricted
 85 | deb-src http://security.ubuntu.com/ubuntu trusty-security main restricted
 86 | deb http://security.ubuntu.com/ubuntu trusty-security universe
 87 | deb-src http://security.ubuntu.com/ubuntu trusty-security universe
 88 | deb http://security.ubuntu.com/ubuntu trusty-security multiverse
 89 | deb-src http://security.ubuntu.com/ubuntu trusty-security multiverse
 90 | 
 91 | ## Uncomment the following two lines to add software from Canonical's
 92 | ## 'partner' repository.
 93 | ## This software is not part of Ubuntu, but is offered by Canonical and the
 94 | ## respective vendors as a service to Ubuntu users.
 95 | # deb http://archive.canonical.com/ubuntu trusty partner
 96 | # deb-src http://archive.canonical.com/ubuntu trusty partner
 97 | 
 98 | ## Uncomment the following two lines to add software from Ubuntu's
 99 | ## 'extras' repository.
100 | ## This software is not part of Ubuntu, but is offered by third-party
101 | ## developers who want to ship their latest software.
102 | # deb http://extras.ubuntu.com/ubuntu trusty main
103 | # deb-src http://extras.ubuntu.com/ubuntu trusty main" > /etc/apt/sources.list
104 | 


--------------------------------------------------------------------------------
/pxe-multiboot/new_iso.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | 
  3 | ## Variables
  4 | ARGC=$#
  5 | HOME=/root
  6 | ISO_DIR=/srv/iso
  7 | SYSLINUX=/usr/lib/syslinux/pxelinux.0
  8 | NIC=eth1
  9 | IP=$(ifconfig $NIC | grep 'inet addr:' | cut -d: -f2 | awk '{print $1}')
 10 | KERNEL="vmlinuz"
 11 | RAMDISK="initrd"
 12 | 
 13 | # Installation notification
 14 | MAIL=$(which mail)
 15 | COWSAY=/usr/games/cowsay
 16 | IRCSAY=/usr/local/bin/ircsay
 17 | IRC_CHAN="#replace_me"
 18 | HOST=$(hostname -s)
 19 | LOGFILE=/root/islet_install.log
 20 | EMAIL=user@company.com
 21 | 
 22 | cd $HOME
 23 | 
 24 | usage() {
 25 | cat <<EOF
 26 | 
 27 | Download ISO and configure PXE server for new distribution installation.
 28 | Each option is required.
 29 | 
 30 |      Options:
 31 |      --os       Set OS os distribution name
 32 |      --url      URL of ISO image to configure
 33 |      --version  Set version
 34 |      --kernel   Set name of kernel (def: vmlinuz)
 35 |      --ramdisk  Set name of ramdisk (def: initrd*)
 36 |      --arch     Set arch if not listed in url as i386/amd64/x86_64
 37 |      --dir      Set directory of kernel in iso e.g. images/pxeboot (def: best guess)
 38 | 
 39 | Usage: $0 --os Ubuntu --version 14.0.1 --ramdisk initrd.gz --url http://releases.ubuntu.com/14.04/ubuntu-14.04.1-server-amd64.iso
 40 | EOF
 41 | }
 42 | 
 43 | argcheck() {
 44 | # if less than n argument
 45 | if [ $ARGC -lt $1 ]; then
 46 |  usage
 47 |  exit 1
 48 | fi
 49 | }
 50 | 
 51 | function die {
 52 |   if [ -f ${COWSAY:-none} ]; then
 53 |     $COWSAY -d "$*"
 54 |   else
 55 |     echo "$*"
 56 |   fi
 57 |   if [ -f $IRCSAY ]; then
 58 |     ( set +e; $IRCSAY "$IRC_CHAN" "$*" 2>/dev/null || true )
 59 |   fi
 60 |   [ $MAIL ] && echo "$*" | mail -s "[vagrant] PXE install information on $HOST" $EMAIL
 61 |   exit 1
 62 | }
 63 | 
 64 | function hi {
 65 |   if [ -f ${COWSAY:-none} ]; then
 66 |     $COWSAY "$*"
 67 |   else
 68 |     echo "$*"
 69 |   fi
 70 |   if [ -f $IRCSAY ]; then
 71 |     ( set +e; $IRCSAY "$IRC_CHAN" "$*" 2>/dev/null || true )
 72 |   fi
 73 |   [ $MAIL ] && echo "$*" | mail -s "[vagrant] PXE install information on $HOST" $EMAIL
 74 |   return 0
 75 | }
 76 | 
 77 | number_of_packages(){ package_count="$#"; }
 78 | 
 79 | package_check(){
 80 |   local packages=$@
 81 |   local count=0
 82 |   # Count number of items in packages variable
 83 |   number_of_packages $packages
 84 | 
 85 |   # Format items for egrep query
 86 |   pkg_list=$(echo $packages | sed 's/ /|  /g')
 87 | 
 88 |   # Count number of packages installed from list
 89 |   count=$(dpkg -l | egrep "  $pkg_list" | wc -l)
 90 | 
 91 |   if [ $count -ge $package_count ]
 92 |   then
 93 |     return 0
 94 |   else
 95 |     echo "Installing packages for function!"
 96 |     apt-get install -qy $packages
 97 |   fi
 98 | }
 99 | 
100 | check_dir(){
101 |   hi "$1 $FUNCNAME"
102 |   [ -d $ISO_DIR ]                              || mkdir $ISO_DIR
103 |   [ -d /srv/install ]                          || mkdir -p /srv/install
104 |   [ -d /mnt/loop ]                             || mkdir /mnt/loop
105 |   mount | grep -q /mnt/loop                    && { umount /mnt/loop || die "Unable to unmount /mnt/loop!"; }
106 | }
107 | 
108 | download(){
109 |   [ -e $ISO_DIR/$ISO ] || { wget -q -O $ISO_DIR/$ISO $URL || die "Failed to download iso!"; }
110 | }
111 | 
112 | configuration(){
113 |   [ -e /var/lib/tftpboot/$RELEASE/$DISTRO.menu ] && N=$(grep ^LABEL /var/lib/tftpboot/$RELEASE/$DISTRO.menu | wc -l)
114 |   let N++
115 |   mkdir -p /var/lib/tftpboot/$RELEASE || die "Failed to create dir!"
116 |   mkdir -p /srv/install/$RELEASE      || die "Failed to create dir!"
117 | 
118 |   mount -o loop -t iso9660 $ISO_DIR/$ISO /mnt/loop 2>/dev/null || die "Unable to mount $ISO_DIR/$ISO!"
119 | 
120 |   for i in $DIR
121 |   do
122 |     [ -e /mnt/loop/$i/$KERNEL ] 2>/dev/null && cp /mnt/loop/$i/$KERNEL /var/lib/tftpboot/$RELEASE
123 |     [ -e /mnt/loop/$i/$RAMDISK ] 2>/dev/null && cp /mnt/loop/$i/$RAMDISK /var/lib/tftpboot/$RELEASE
124 |     #file /var/lib/tftpboot/$RELEASE/$RAMDISK | grep -q gzip && gzip -d /var/lib/tftpboot/$RELEASE/$RAMDISK
125 |   done
126 | 
127 |   cp -R /mnt/loop/* /srv/install/$RELEASE
128 |   umount /mnt/loop && sleep 3
129 | 
130 | cat <<EOF >> /var/lib/tftpboot/$RELEASE/$DISTRO.menu
131 | LABEL $N
132 |         MENU LABEL $DISTRO $VERSION ($ARCH)
133 |         KERNEL $RELEASE/$KERNEL
134 |         APPEND $BOOT
135 |         TEXT HELP
136 |         Install $DISTRO $VERSION ($ARCH)
137 |         ENDTEXT
138 | EOF
139 | 
140 | cat <<EOF >> /var/lib/tftpboot/pxelinux.cfg/default
141 | MENU BEGIN $DISTRO $VERSION $ARCH
142 | MENU TITLE $DISTRO $VERSION $ARCH
143 |         LABEL Previous
144 |         MENU LABEL Previous Menu
145 |         TEXT HELP
146 |         Return to previous menu
147 |         ENDTEXT
148 |         MENU EXIT
149 |         MENU SEPARATOR
150 |         MENU INCLUDE $RELEASE/$DISTRO.menu
151 | MENU END
152 | EOF
153 | }
154 | 
155 | argcheck 3
156 | 
157 | set -- $(getopt -n $0 -u -a --longoptions="url: os: version: kernel: ramdisk: arch: dir:" "h" "$@")
158 | while [ $# -gt 0 ]
159 | do
160 |   case "$1" in
161 |    --url) URL="$2"; shift;;
162 |    --os)  DISTRO="$2"; shift;;
163 |    --version) VERSION="$2"; shift;;
164 |    --kernel) KERNEL="$2"; shift;;
165 |    --initrd) RAMDISK="$2"; shift;;
166 |    --arch) ARCH="$2"; shift;;
167 |    --dir) DIR="$2"; shift;;
168 |    --help|-h) usage; exit;;
169 |   esac
170 |   shift
171 | done
172 | 
173 |   [ $ARCH ] ||
174 |   { echo $URL | egrep -q 'x86_64|amd64' && ARCH=amd64 ; echo $URL | grep -q i[3-6]86 && ARCH=i386; ARCH=${ARCH:-unknown}; }
175 | 
176 |   RELEASE="$DISTRO/$VERSION/$ARCH"
177 |   [ $DIR ] || DIR=$(echo {.,install,install.*,boot/$ARCH/loader,isolinux,casper,images/pxeboot,boot/$ARCH,loader,install/netboot/ubuntu-installer/$ARCH})
178 |   ISO="$(basename $URL)"
179 | 
180 |   echo $RELEASE | egrep -i -q 'centos|fedora|redhat' &&
181 |   BOOT="method=nfs:${IP}:/srv/install/$RELEASE initrd=${RELEASE}/initrd.img ramdisk_size=10000"
182 |   echo $RELEASE | egrep -i -q 'debian|ubuntu|kali' &&
183 |   BOOT="initrd=${RELEASE}/initrd.gz root=/dev/nfs nfsroot=${IP}:/srv/install/$RELEASE"
184 |   echo $RELEASE | egrep -i -q 'opensuse' &&
185 |   BOOT="initrd=${RELEASE}/initrd install=nfs://${IP}:/srv/install/$RELEASE showopts"
186 |   echo $RELEASE | egrep -i -q 'dban' &&
187 |   BOOT="nuke=dwipe silent floppy=0,16,cmos"
188 | 
189 | check_dir "1.)"
190 | download "2.)"
191 | configuration "3.)"
192 | hi "PXE boot configured for $RELEASE"
193 | 


--------------------------------------------------------------------------------
/pxe-multiboot/new_pxe.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | 
  3 | ## Variables
  4 | ARGC=$#
  5 | HOME=/root
  6 | PXE_DIR=/srv/pxe
  7 | TFTPROOT=/var/lib/tftpboot
  8 | 
  9 | # Installation notification
 10 | MAIL=$(which mail)
 11 | COWSAY=/usr/games/cowsay
 12 | IRCSAY=/usr/local/bin/ircsay
 13 | IRC_CHAN="#replace_me"
 14 | HOST=$(hostname -s)
 15 | LOGFILE=/root/islet_install.log
 16 | EMAIL=user@company.com
 17 | 
 18 | cd $HOME
 19 | 
 20 | usage() {
 21 | cat <<EOF
 22 | 
 23 | Download PXE archive and extract in tftproot
 24 | Each option is required.
 25 | 
 26 |      Options:
 27 |      --url      Location of PXE tar.gz archive
 28 |      --path     tftp root path (def: /var/lib/tftpboot)
 29 | 
 30 | Usage: $0 -url http://repo.kali.org/kali/dists/kali/main/installer-i386/current/images/netboot/netboot.tar.gz
 31 | EOF
 32 | }
 33 | 
 34 | argcheck() {
 35 | # if less than n argument
 36 | if [ $ARGC -lt $1 ]; then
 37 |  usage
 38 |  exit 1
 39 | fi
 40 | }
 41 | 
 42 | function die {
 43 |   if [ -f ${COWSAY:-none} ]; then
 44 |     $COWSAY -d "$*"
 45 |   else
 46 |     echo "$*"
 47 |   fi
 48 |   if [ -f $IRCSAY ]; then
 49 |     ( set +e; $IRCSAY "$IRC_CHAN" "$*" 2>/dev/null || true )
 50 |   fi
 51 |   [ $MAIL ] && echo "$*" | mail -s "[vagrant] PXE install information on $HOST" $EMAIL
 52 |   exit 1
 53 | }
 54 | 
 55 | function hi {
 56 |   if [ -f ${COWSAY:-none} ]; then
 57 |     $COWSAY "$*"
 58 |   else
 59 |     echo "$*"
 60 |   fi
 61 |   if [ -f $IRCSAY ]; then
 62 |     ( set +e; $IRCSAY "$IRC_CHAN" "$*" 2>/dev/null || true )
 63 |   fi
 64 |   [ $MAIL ] && echo "$*" | mail -s "[vagrant] PXE install information on $HOST" $EMAIL
 65 |   return 0
 66 | }
 67 | 
 68 | number_of_packages(){ package_count="$#"; }
 69 | 
 70 | package_check(){
 71 |   local packages=$@
 72 |   local count=0
 73 |   # Count number of items in packages variable
 74 |   number_of_packages $packages
 75 | 
 76 |   # Format items for egrep query
 77 |   pkg_list=$(echo $packages | sed 's/ /|  /g')
 78 | 
 79 |   # Count number of packages installed from list
 80 |   count=$(dpkg -l | egrep "  $pkg_list" | wc -l)
 81 | 
 82 |   if [ $count -ge $package_count ]
 83 |   then
 84 |     return 0
 85 |   else
 86 |     echo "Installing packages for function!"
 87 |     apt-get install -qy $packages
 88 |   fi
 89 | }
 90 | 
 91 | check_dir(){
 92 |   hi "$1 $FUNCNAME"
 93 |   [ -d $PXE_DIR ]                              || mkdir $PXE_DIR
 94 |   [ -e $PXE_DIR/pxelinux.0 ]                   && mv $TFTPROOT ${TFTPROOT}-${RANDOM}
 95 |   [ -d $TFTPROOT ]                             || mkdir $TFTPROOT
 96 | }
 97 | 
 98 | download(){
 99 |   [ -e $PXE_DIR/$ARCHIVE ] || { wget -q -O $PXE_DIR/$ARCHIVE $URL || die "Failed to download archive!"; }
100 | }
101 | 
102 | configuration(){
103 |   file $PXE_DIR/$ARCHIVE | grep -q gzip && tar zxf $PXE_DIR/$ARCHIVE -C $TFTPROOT || die "$ARCHIVE is not a tar gzip file"
104 |   pkill tftpd
105 |   service tftpd-hpa start         || die "Failed to start ftpd-hpa"
106 | }
107 | 
108 | argcheck 1
109 | 
110 | set -- $(getopt -n $0 -u -a --longoptions="url: path:" "h" "$@")
111 | while [ $# -gt 0 ]
112 | do
113 |   case "$1" in
114 |    --url) URL="$2"; shift;;
115 |    --path) TFTPROOT="$2"; shift;;
116 |    --help|-h) usage; exit;;
117 |   esac
118 |   shift
119 | done
120 | 
121 | ARCHIVE="$(basename $URL)"
122 | 
123 | check_dir "1.)"
124 | download "2.)"
125 | configuration "3.)"
126 | hi "PXE boot configured for $ARCHIVE"
127 | 


--------------------------------------------------------------------------------
/pxe-multiboot/provision.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | 
  3 | ## Variables
  4 | HOME=/root
  5 | VAGRANT=/home/vagrant
  6 | PACKAGES="cowsay apache2 tftpd-hpa inetutils-inetd isc-dhcp-server syslinux nfs-kernel-server"
  7 | KS=/var/www/html/ubuntu/install/ks.cfg
  8 | NIC=eth1 # Vagrantfile: :adapter => 2
  9 | IP=$(ifconfig $NIC | grep 'inet addr:' | cut -d: -f2 | awk '{print $1}')
 10 | MASK=$(ifconfig $NIC | grep 'inet addr:' | cut -d: -f4 | awk '{ print $1 }')
 11 | BROADCAST=$(ifconfig $NIC | grep 'inet addr:' | cut -d: -f3 | awk '{ print $1 }')
 12 | # I'm too lazy to do the math to get net and range, presuming /24
 13 | NET=$(ifconfig $NIC | grep 'inet addr:' | cut -d: -f3 | awk '{ print $1 }' | cut -d . -f1-3)
 14 | BEGIN_RANGE=2
 15 | END_RANGE=254
 16 | SYSLINUX=/usr/lib/syslinux/pxelinux.0
 17 | 
 18 | # Installation notification
 19 | MAIL=$(which mail)
 20 | COWSAY=/usr/games/cowsay
 21 | IRCSAY=/usr/local/bin/ircsay
 22 | IRC_CHAN="#replace_me"
 23 | HOST=$(hostname -s)
 24 | LOGFILE=/root/islet_install.log
 25 | EMAIL=user@company.com
 26 | 
 27 | cd $HOME
 28 | 
 29 | function die {
 30 |   if [ -f ${COWSAY:-none} ]; then
 31 |     $COWSAY -d "$*"
 32 |   else
 33 |     echo "$*"
 34 |   fi
 35 |   if [ -f $IRCSAY ]; then
 36 |     ( set +e; $IRCSAY "$IRC_CHAN" "$*" 2>/dev/null || true )
 37 |   fi
 38 |   [ $MAIL ] && echo "$*" | mail -s "[vagrant] PXE install information on $HOST" $EMAIL
 39 |   exit 1
 40 | }
 41 | 
 42 | function hi {
 43 |   if [ -f ${COWSAY:-none} ]; then
 44 |     $COWSAY "$*"
 45 |   else
 46 |     echo "$*"
 47 |   fi
 48 |   if [ -f $IRCSAY ]; then
 49 |     ( set +e; $IRCSAY "$IRC_CHAN" "$*" 2>/dev/null || true )
 50 |   fi
 51 |   [ $MAIL ] && echo "$*" | mail -s "[vagrant] PXE install information on $HOST" $EMAIL
 52 |   return 0
 53 | }
 54 | 
 55 | number_of_packages(){ package_count="$#"; }
 56 | 
 57 | package_check(){
 58 |   local packages=$@
 59 |   local count=0
 60 |   # Count number of items in packages variable
 61 |   number_of_packages $packages
 62 | 
 63 |   # Format items for egrep query
 64 |   pkg_list=$(echo $packages | sed 's/ /|  /g')
 65 | 
 66 |   # Count number of packages installed from list
 67 |   count=$(dpkg -l | egrep "  $pkg_list" | wc -l)
 68 | 
 69 |   if [ $count -ge $package_count ]
 70 |   then
 71 |     return 0
 72 |   else
 73 |     echo "Installing packages for function!"
 74 |     apt-get install -qy $packages
 75 |   fi
 76 | }
 77 | 
 78 | install_dependencies(){
 79 |   hi "$1 $FUNCNAME"
 80 |   apt-get update -qq
 81 |   package_check $PACKAGES
 82 | }
 83 | 
 84 | configuration(){
 85 |   hi "$1 $FUNCNAME"
 86 |   grep -q "tftpboot" /etc/inetd.conf           || echo "tftp    dgram   udp    wait    root   \
 87 |     /usr/sbin/in.tftpd /usr/sbin/in.tftpd -s /var/lib/tftpboot" >> /etc/inetd.conf
 88 |   [ -d /var/www/html/ubuntu/install ]          || mkdir -p /var/www/html/ubuntu/install
 89 |   [ -d /srv/install ]                          || mkdir -p /srv/install
 90 |   [ -d /var/lib/tftpboot/pxelinux.cfg ]        || mkdir -p /var/lib/tftpboot/pxelinux.cfg
 91 |   [ -e /var/lib/tftpboot/vesamenu.c32 ]        || cp /usr/lib/syslinux/vesamenu.c32 /var/lib/tftpboot/
 92 |   [ -e $VAGRANT/new_iso ]                      && install -o root -g root -m 755 $VAGRANT/new_iso /usr/local/bin/new_iso
 93 |   install -o root -g root -m 644 $VAGRANT/ks.cfg $KS
 94 |   install -o root -g root -m 644 $VAGRANT/tftpd-hpa  /etc/default/tftpd-hpa
 95 |   sed -i "s/replaceme/$IP/" $KS
 96 | 
 97 | cat <<EOF > /etc/exports
 98 | /srv/install                  *(ro,async,no_root_squash,no_subtree_check)
 99 | EOF
100 | 
101 | cat <<EOF > /etc/dhcp/dhcpd.conf
102 | ddns-update-style none;
103 | 
104 | # option definitions common to all supported networks...
105 | option domain-name "example.org";
106 | option domain-name-servers 8.8.8.8;
107 | 
108 | default-lease-time 600;
109 | max-lease-time 7200;
110 | allow bootp;
111 | allow booting;
112 | log-facility local7;
113 | 
114 | subnet ${NET}.0 netmask $MASK {
115 |         range ${NET}.${BEGIN_RANGE} ${NET}.${END_RANGE};
116 |         filename "pxelinux.0";
117 |         option broadcast-address $BROADCAST;
118 |         option routers $IP;
119 | }
120 | EOF
121 | 
122 | [ -e $SYSLINUX ] && cp $SYSLINUX /var/lib/tftpboot
123 | touch /var/lib/tftpboot/pxelinux.cfg/default
124 | 
125 | cat <<EOF > /var/www/html/ubuntu/install/preseed.cfg
126 | d-i partman/confirm_write_new_label boolean true
127 | d-i partman/choose_partition select finish
128 | d-i partman/confirm boolean true
129 | d-i partman/confirm_nooverwrite boolean true
130 | d-i live-installer/net-image string
131 | d-i live-installer/net-image string http://$IP/ubuntu/install/filesystem.squashfs
132 | EOF
133 | 
134 | # cat <<EOF > /var/lib/tftpboot/ubuntu-installer/$ARCH/boot-screens/syslinux.cfg
135 | # # D-I config version 2.0
136 | # default ubuntu-installer/$ARCH/boot-screens/vesamenu.c32
137 | # prompt 0
138 | # timeout 0
139 | # label Ubuntu-14.04.1-Server
140 | #         kernel ubuntu-installer/$ARCH/linux
141 | # 	append vga=normal initrd=ubuntu-installer/$ARCH/initrd.gz ks=http://$IP/ubuntu/install/ks.cfg url=http://$IP/ubuntu/install/preseed.cfg ramdisk_size=16432 root=/dev/rd/0 rw  --
142 | # EOF
143 | 
144 | cat <<EOF > /var/lib/tftpboot/pxelinux.cfg/default
145 | DEFAULT vesamenu.c32
146 | TIMEOUT 600
147 | ONTIMEOUT BootLocal
148 | PROMPT 0
149 | MENU INCLUDE pxelinux.cfg/pxe.conf
150 | NOESCAPE 1
151 | LABEL BootLocal
152 |         localboot 0
153 |         TEXT HELP
154 |         Boot to local hard disk
155 |         ENDTEXT
156 | EOF
157 | 
158 | cat <<EOF > /var/lib/tftpboot/pxelinux.cfg/pxe.conf
159 | MENU TITLE  PXE Server
160 | NOESCAPE 1
161 | ALLOWOPTIONS 1
162 | PROMPT 0
163 | menu width 80
164 | menu rows 14
165 | MENU TABMSGROW 24
166 | MENU MARGIN 10
167 | menu color border               30;44      #ffffffff #00000000 std
168 | EOF
169 | }
170 | 
171 | start_services(){
172 |   hi "$1 $FUNCNAME"
173 |   service isc-dhcp-server restart   || die "Failed to start isc-dhcp-server"
174 |   service tftpd-hpa restart         || die "Failed to start ftpd-hpa"
175 |   service apache2 restart           || die "Failed to start apache2"
176 |   service nfs-kernel-server restart || die "Failed to start nfs-kernel-server"
177 | }
178 | 
179 | ping -c 1 -W 2 8.8.8.8 1>/dev/null 2>/dev/null || die "Your vagrant bridge interface should be connected not to the internet!"
180 | 
181 | install_dependencies "1.)"
182 | configuration "2.)"
183 | start_services "3.)"
184 | 


--------------------------------------------------------------------------------
/pxe-multiboot/tftpd-hpa:
--------------------------------------------------------------------------------
1 | # /etc/default/tftpd-hpa
2 | 
3 | TFTP_USERNAME="tftp"
4 | TFTP_DIRECTORY="/var/lib/tftpboot"
5 | TFTP_ADDRESS="0.0.0.0:69"
6 | TFTP_OPTIONS="--secure"
7 | RUN_DAEMON="yes"
8 | OPTIONS="-l -s /var/lib/tftpboot"
9 | 


--------------------------------------------------------------------------------
/sagan/README.md:
--------------------------------------------------------------------------------
 1 | # Sagan
 2 | 
 3 | ````
 4 | $ vagrant up
 5 | ````
 6 | 
 7 | will provision a machine with [Sagan](http://sagan.io).
 8 | 
 9 | Barnyard2 is installed as well but needs to be configured to connect to a MySQL database
10 | ```
11 | $ vim /usr/local/etc/barnyard2-sagan.conf
12 | $ start barnyard2
13 | ```
14 | 


--------------------------------------------------------------------------------
/sagan/Vagrantfile:
--------------------------------------------------------------------------------
 1 | # -*- mode: ruby -*-
 2 | # vi: set ft=ruby :
 3 | 
 4 | # Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
 5 | VAGRANTFILE_API_VERSION = "2"
 6 | 
 7 | Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
 8 | 
 9 |   config.vm.box = "trusty"
10 |   config.vm.box_url = "https://cloud-images.ubuntu.com/vagrant/trusty/current/trusty-server-cloudimg-amd64-vagrant-disk1.box"
11 |   config.vm.provision "file", source: "sagan.upstart", destination: "sagan.upstart"
12 |   config.vm.provision "file", source: "barnyard2.upstart", destination: "barnyard2.upstart"
13 |   config.vm.provision "file", source: "barnyard2-sagan.conf", destination: "barnyard2-sagan.conf"
14 |   config.vm.provision "file", source: "rsyslog-sagan.conf", destination: "rsyslog-sagan.conf"
15 |   config.vm.provision "shell", path:  "provision.sh"
16 | 
17 |   # config.vm.network "forwarded_port", guest: 80, host: 8080
18 | 
19 |   # config.vm.synced_folder "../data", "/vagrant_data"
20 | 
21 |    config.vm.provider "virtualbox" do |vb|
22 |   #   vb.gui = true
23 |       vb.name = "sagan"
24 |       vb.customize ["modifyvm", :id, "--memory", "1024"]
25 |       vb.customize ["modifyvm", :id, "--cpus", 1]
26 |    end
27 | 
28 | end
29 | 


--------------------------------------------------------------------------------
/sagan/barnyard2-sagan.conf:
--------------------------------------------------------------------------------
 1 | config reference_file: /usr/local/etc/sagan-rules/reference.config
 2 | config classification_file: /usr/local/etc/sagan-rules/classification.config
 3 | config gen_file: /usr/local/etc/sagan-rules/gen-msg.map
 4 | config sid_file: /usr/local/etc/sagan-rules/sagan-sid-msg.map
 5 | config hostname: sagan-unified2
 6 | config interface: syslog
 7 | config set_gid: sagan
 8 | config set_uid: sagan
 9 | config waldo_file: /var/log/barnyard2/barnyard2-sagan.waldo
10 | input unified2
11 | # Edit line below to connect your database (remotely, or install mysql-server locally)
12 | output database: log, mysql, user=sagan password=mypassword dbname=snort host=127.0.0.1, detail full
13 | 


--------------------------------------------------------------------------------
/sagan/barnyard2.upstart:
--------------------------------------------------------------------------------
 1 | description "Barnyard2"
 2 | author "Jon Schipp"
 3 | start on filesystem or runlevel [2345]
 4 | stop on runlevel [!2345]
 5 | 
 6 | respawn limit 10 5
 7 | 
 8 | # Essentially lets upstart know the process will detach itself to the background
 9 | expect fork
10 | 
11 | # Run barnyard2
12 | exec /usr/local/bin/barnyard2 -D -c /usr/local/etc/barnyard2-sagan.conf
13 | 


--------------------------------------------------------------------------------
/sagan/pkgs/barnyard2-2.1.14-1.x86_64.rpm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jonschipp/vagrant/576970b7dede454f78d49812ca39f81adbc943c0/sagan/pkgs/barnyard2-2.1.14-1.x86_64.rpm


--------------------------------------------------------------------------------
/sagan/pkgs/daq-2.0.4-1.x86_64.rpm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jonschipp/vagrant/576970b7dede454f78d49812ca39f81adbc943c0/sagan/pkgs/daq-2.0.4-1.x86_64.rpm


--------------------------------------------------------------------------------
/sagan/pkgs/delegate-9.9.13-1.x86_64.rpm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jonschipp/vagrant/576970b7dede454f78d49812ca39f81adbc943c0/sagan/pkgs/delegate-9.9.13-1.x86_64.rpm


--------------------------------------------------------------------------------
/sagan/pkgs/libdnet-1.11-1.x86_64.rpm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jonschipp/vagrant/576970b7dede454f78d49812ca39f81adbc943c0/sagan/pkgs/libdnet-1.11-1.x86_64.rpm


--------------------------------------------------------------------------------
/sagan/pkgs/libestr-upstream-1.x86_64.rpm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jonschipp/vagrant/576970b7dede454f78d49812ca39f81adbc943c0/sagan/pkgs/libestr-upstream-1.x86_64.rpm


--------------------------------------------------------------------------------
/sagan/pkgs/liblognorm-upstream-1.x86_64.rpm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jonschipp/vagrant/576970b7dede454f78d49812ca39f81adbc943c0/sagan/pkgs/liblognorm-upstream-1.x86_64.rpm


--------------------------------------------------------------------------------
/sagan/pkgs/pulledpork-0.7-1.x86_64.rpm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jonschipp/vagrant/576970b7dede454f78d49812ca39f81adbc943c0/sagan/pkgs/pulledpork-0.7-1.x86_64.rpm


--------------------------------------------------------------------------------
/sagan/pkgs/sagan-upstream-1.x86_64.rpm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jonschipp/vagrant/576970b7dede454f78d49812ca39f81adbc943c0/sagan/pkgs/sagan-upstream-1.x86_64.rpm


--------------------------------------------------------------------------------
/sagan/provision.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | # Author: Jon Schipp <jonschipp@gmail.com>
  3 | # Written for Ubuntu Saucy and Trusty, should be adaptable to other distros.
  4 | 
  5 | ## Variables
  6 | VAGRANT=/home/vagrant
  7 | HOME=/root
  8 | DAQ=2.0.4
  9 | [ -e /etc/redhat-release ] && OS=el && export PKG_CONFIG_PATH="/usr/local/lib/pkgconfig:/lib64/pkgconfig/"
 10 | [ -e /etc/debian_version ] && OS=debian
 11 | [ "$OS" = "debian" ] && PACKAGES="cowsay git build-essential checkinstall automake autoconf pkg-config libtool libpcre3-dev libpcre3 libdumbnet1 libdumbnet-dev libesmtp-dev libpcap-dev libgeoip-dev libjson0 libjson0-dev libcurl4-openssl-dev"
 12 | [ "$OS" = "el" ] && PACKAGES="git gcc gnutls-devel gcc-c++ autoconf automake libtool mysql mysql-devel mysql-client pcre pcre-devel libesmtp libesmtp-devel libdnet libnet-devel libpcap-devel json-c-devel geoip-devel geoip libcurl-devel"
 13 | 
 14 | # Installation notification
 15 | MAIL=$(which mail)
 16 | COWSAY=/usr/games/cowsay
 17 | IRCSAY=/usr/local/bin/ircsay
 18 | IRC_CHAN="#replace_me"
 19 | HOST=$(hostname -s)
 20 | LOGFILE=/root/islet_install.log
 21 | EMAIL=user@company.com
 22 | 
 23 | cd $HOME
 24 | 
 25 | function die {
 26 |   if [ -f ${COWSAY:-none} ]; then
 27 |     $COWSAY -d "$*"
 28 |   else
 29 |     echo "$*"
 30 |   fi
 31 |   if [ -f $IRCSAY ]; then
 32 |     ( set +e; $IRCSAY "$IRC_CHAN" "$*" 2>/dev/null || true )
 33 |   fi
 34 |   [ $MAIL ] && echo "$*" | mail -s "[vagrant] Sagan install information on $HOST" $EMAIL
 35 |   exit 1
 36 | }
 37 | 
 38 | function hi {
 39 |   if [ -f ${COWSAY:-none} ]; then
 40 |     $COWSAY "$*"
 41 |   else
 42 |     echo "$*"
 43 |   fi
 44 |   if [ -f $IRCSAY ]; then
 45 |     ( set +e; $IRCSAY "$IRC_CHAN" "$*" 2>/dev/null || true )
 46 |   fi
 47 |   [ $MAIL ] && echo "$*" | mail -s "[vagrant] Sagan install information on $HOST" $EMAIL
 48 | }
 49 | 
 50 | number_of_packages(){ package_count="$#"; }
 51 | 
 52 | package_check(){
 53 |   local packages=$@
 54 |   local count=0
 55 |   # Count number of items in packages variable
 56 |   number_of_packages $packages
 57 | 
 58 |   # Format items for egrep query
 59 |   pkg_list=$(echo $packages | sed 's/ /|  /g')
 60 | 
 61 |   # Count number of packages installed from list
 62 |   [ "$OS" = "debian" ] && count=$(dpkg -l | egrep "  $pkg_list" | wc -l)
 63 |   [ "$OS" = "el" ]     && count=$(yum list installed | egrep "$pkg_list" | wc -l)
 64 | 
 65 |   if [ $count -ge $package_count ]
 66 |   then
 67 |     return 0
 68 |   else
 69 |     echo "Installing packages for function!"
 70 |     [ "$OS" = "debian" ] && apt-get install -qy $packages
 71 |     [ "$OS" = "el" ]     && yum install -qy $packages
 72 |   fi
 73 | }
 74 | 
 75 | install_dependencies(){
 76 |   hi "$1 $FUNCNAME\n"
 77 |   [ "$OS" = "debian" ] && apt-get update -qq
 78 |   [ "$OS" = "el" ]     && yum makecache -q
 79 |   package_check $PACKAGES
 80 |   [ -f /usr/local/lib/libestr.so.0.0.0 ] || (git clone https://github.com/rsyslog/libestr && cd libestr && \
 81 |     autoreconf -vfi && ./configure && make && make install && ldconfig)
 82 |   [ -f /usr/local/lib/liblognorm.so.1.0.0 ] || (git clone https://github.com/rsyslog/liblognorm && cd liblognorm && \
 83 |     autoreconf -vfi && ./configure --disable-docs && make install && ldconfig)
 84 | }
 85 | 
 86 | install_sagan(){
 87 |   hi "$1 $FUNCNAME\n"
 88 |   if ! [ -f /usr/local/sbin/sagan ]
 89 |   then
 90 |     rm -rf sagan
 91 |     git clone https://github.com/beave/sagan || die "Clone of sagan repo failed"
 92 |     cd sagan
 93 |     ./configure --enable-geoip --enable-esmtp && make && make install
 94 |   fi
 95 | 
 96 |   cd $HOME
 97 | 
 98 |   if ! [ -d /usr/local/etc/sagan-rules ]
 99 |   then
100 |     git clone https://github.com/beave/sagan-rules /usr/local/etc/sagan-rules || die "Clone of sagan-rules repo failed"
101 |   fi
102 | 
103 |   cd $HOME
104 | }
105 | 
106 | configuration(){
107 |   hi "$1 $FUNCNAME\n"
108 |   getent passwd sagan 1>/dev/null || useradd sagan --shell /sbin/nologin --home /
109 |   getent group sagan | grep -q syslog || gpasswd -a syslog sagan
110 |   chown -R sagan:sagan /var/log/sagan /var/run/sagan
111 |   chown -R sagan:sagan /usr/local/etc/
112 |   [ -p /var/run/sagan.fifo ] || mkfifo /var/run/sagan.fifo
113 |   chown sagan:sagan /var/run/sagan.fifo
114 |   chmod 660 /var/run/sagan.fifo
115 |   [ -e /etc/rsyslog.d/sagan.conf ] || (install -o root -g root -m 644 $VAGRANT/rsyslog-sagan.conf \
116 |     /etc/rsyslog.d/sagan.conf && restart rsyslog)
117 |   [ -e /etc/init/sagan.conf ] || (install -o root -g root -m 644 $VAGRANT/sagan.upstart \
118 |     /etc/init/sagan.conf && start sagan)
119 |   echo "/usr/local/lib/" > /etc/ld.so.conf.d/sagan.conf && ldconfig
120 | }
121 | 
122 | install_daq(){
123 |   hi "$1 $FUNCNAME\n"
124 |   if ! [ -f /usr/local/lib/libdaq.so.2.0.4 ]
125 |   then
126 |     package_check bison flex
127 |     rm -fr daq-${DAQ}*
128 |     wget --no-check-certificate https://www.snort.org/downloads/snort/daq-${DAQ}.tar.gz -O daq-${DAQ}.tar.gz || die "Failed to download daq-${DAQ}"
129 |     tar zxf daq-${DAQ}.tar.gz
130 |     cd daq-${DAQ}
131 |     ./configure && make && make install || die "DAQ ${DAQ} failed to install"
132 |   fi
133 |   cd $HOME
134 | }
135 | 
136 | install_libdnet(){
137 |   [ "$OS" = "debian" ] && return 0
138 |   if ! [ -f /usr/local/include/dnet.h ]
139 |   then
140 |     rm -rf libdnet-1.11*
141 |     wget http://downloads.sourceforge.net/project/libdnet/libdnet/libdnet-1.11/libdnet-1.11.tar.gz || die "Failed to download libdnet"
142 |     tar zxf libdnet-1.11.tar.gz
143 |     cd libdnet-1.11
144 |     ls
145 |     ./configure
146 |     make
147 |     make install
148 |   fi
149 | }
150 | 
151 | install_barnyard(){
152 |   # Get dependency
153 |   install_daq
154 |   install_libdnet
155 | 
156 |   hi "$1 $FUNCNAME\n"
157 |   if ! [ -f /usr/local/bin/barnyard2 ]
158 |   then
159 |     rm -rf barnyard2
160 |     package_check libmysqlclient-dev
161 |     ln -f -s /usr/include/dumbnet.h /usr/include/dnet.h
162 |     git clone https://github.com/firnsy/barnyard2 || die "Clone of barnyard2 repo failed"
163 |     cd barnyard2
164 |     ./autogen.sh
165 |     [ "$OS" = "debian" ] && ./configure --with-mysql --with-mysql-libraries=/usr/lib/x86_64-linux-gnu && make && make install || die "Barnyard2 failed to install"
166 |     [ "$OS" = "el" ] && ./configure --with-mysql --with-mysql-libraries=/usr/lib64 && make && make install || die "Barnyard2 failed to install"
167 |   fi
168 |   [ -d /var/log/barnyard2 ] || mkdir /var/log/barnyard2
169 |   [ -e /usr/local/etc/barnyard2-sagan.conf ] || install -o root -g root -m 600 $VAGRANT/barnyard2-sagan.conf /usr/local/etc/barnyard2-sagan.conf
170 |   [ -e /etc/init/barnyard2 ] || install -o root -g root -m 644 $VAGRANT/barnyard2.upstart /etc/init/barnyard2.conf
171 |   cd $HOME
172 | }
173 | 
174 | install_dependencies "1.)"
175 | install_sagan "2.)"
176 | install_barnyard "3.)"
177 | configuration "4.)"
178 | 
179 | pgrep sagan 1>/dev/null && hi "Installation successful! Sagan is running $(pidof sagan)..."
180 | 


--------------------------------------------------------------------------------
/sagan/rsyslog-sagan.conf:
--------------------------------------------------------------------------------
1 | # The standard "input" template Sagan uses.  Basically the message 'format' Sagan understands.  The template is _one_ line.
2 | $template sagan,"%fromhost-ip%|%syslogfacility-text%|%syslogpriority-text%|%syslogseverity-text%|%syslogtag%|%timegenerated:1:10:date-rfc3339%|%timegenerated:12:19:date-rfc3339%|%programname%|%msg%\n"
3 | # The FIFO/named pipe location.  This is what Sagan will read.
4 | *.*     |/var/run/sagan.fifo;sagan
5 | 


--------------------------------------------------------------------------------
/sagan/sagan.upstart:
--------------------------------------------------------------------------------
 1 | description "Sagan"
 2 | author "Jon Schipp"
 3 | start on filesystem or runlevel [2345]
 4 | stop on runlevel [!2345]
 5 | 
 6 | respawn limit 10 5
 7 | 
 8 | # Essentially lets upstart know the process will detach itself to the background
 9 | expect fork
10 | 
11 | # Run sagan
12 | exec /usr/local/sbin/sagan --daemon -u sagan --config /usr/local/etc/sagan.conf
13 | 


--------------------------------------------------------------------------------
/seconion/README.txt:
--------------------------------------------------------------------------------
 1 | seconion1204.box:
 2 | md5sum:  11f60efb9cdb67d77192d9f313e86518
 3 | sha1sum: 64a52128b8b45edb9f85ce448c6ac128159ba840
 4 | 
 5 | ###########################
 6 | # Getting up and running: #
 7 | ###########################
 8 | 
 9 | ##############
10 | # Clone repo #
11 | ##############
12 | 
13 | ``git clone http://github.com/jonschipp/vagrant''
14 | 
15 | # Simple way:
16 | 
17 | # Create directory for vagrant project
18 | 1.) ``mkdir -p ~/vagrant/projects/seconion-server && ~/vagrant/projects/seconion-server''
19 | # Copy Vagrantfile and provision.sh from repo to project directory
20 | 2.) ``cp Vagrantfile provision.sh ~/vagrant/projects/seconion-server/''
21 | # Bring up machine
22 | 3.) ``vagrant up --no-provision''
23 | # Provision the machine after it has booted
24 | 4.) ``vagrant provision --provision-with shell''
25 | # Reload the ready machine
26 | 6.) ``vagrant reload --no-provision''
27 | # Use
28 | 7.) ``vagrant ssh''
29 | 
30 | # Other way:
31 | 
32 | # Download vagrant box and import it
33 | 1.) ``vagrant box add seconion1204 http://jonschipp.com/vm/seconion1204.box --provider virtualbox''
34 | # Create directory for project
35 | 2.) ``mkdir -p ~/vagrant/projects/seconion-server && cd ~/vagrant/projects/seconion-server''
36 | # Copy Vagrantfile and provision.sh to the directory above
37 | 3.) ``cp Vagrantfile provision.sh ~/vagrant/projects/seconion-server/''
38 | # Bring up the machine
39 | 4.) ``vagrant up --no-provision''
40 | # Provision the machine after it has booted
41 | 5.) ``vagrant provision --provision-with shell''
42 | # Reload the ready machine
43 | 6.) ``vagrant reload --no-provision''
44 | # Use
45 | 7.) ``vagrant ssh''
46 | 


--------------------------------------------------------------------------------
/seconion/Vagrantfile:
--------------------------------------------------------------------------------
 1 | # -*- mode: ruby -*-
 2 | # vi: set ft=ruby :
 3 | 
 4 | # Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
 5 | VAGRANTFILE_API_VERSION = "2"
 6 | 
 7 | Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
 8 | 
 9 |   config.vm.box = "seconion1204"
10 |   config.vm.boot_timeout = 300
11 |   #config.vm.box_url = "http://jonschipp.com/vm/seconion1204.box"
12 |   config.vm.box_url = "https://uofi.box.com/shared/static/g9c863bd70f84j2yu9x1.box"
13 | 
14 |   # Checksums for the box seconion1204.box:
15 |   # md5sum:  11f60efb9cdb67d77192d9f313e86518
16 |   # sha1sum: 64a52128b8b45edb9f85ce448c6ac128159ba840
17 |   config.vm.box_download_checksum = "11f60efb9cdb67d77192d9f313e86518"
18 |   config.vm.box_download_checksum_type = "md5"
19 | 
20 |   # SecurityOnion start page: Point host browser to https://localhost:8443
21 |   config.vm.network :forwarded_port, guest: 443, host: 8443
22 |   # Snorby: Point host browser to https://localhost:8444
23 |   config.vm.network :forwarded_port, guest: 444, host: 8444
24 |   # ELSA: Point host browser to https://localhost:8154
25 |   config.vm.network :forwarded_port, guest: 3154, host: 8154
26 | 
27 |   # Create a private network, which allows host-only access to the machine
28 |   # using a specific IP. Default NAT is up (eth0, 10.0.2.15). REQUIRED for eth0.
29 |   # Host-Only Adapter (eth2)
30 |     config.vm.network "private_network", ip: "10.1.1.10", :netmask => "255.255.255.0", :adapter => 2
31 | 
32 |   #config.vm.synced_folder "~/repos/so-scripts", "/so-scripts"
33 | 
34 |   # VM specific settings
35 |     nsm_disk = './nsm.vdi'
36 | 
37 |     config.vm.provider "virtualbox" do |v|
38 |      v.gui = true
39 |      v.name = "seconion-standalone"
40 |      v.customize ["modifyvm", :id, "--memory", "2048"]
41 |      v.customize ["modifyvm", :id, "--cpus", 3]
42 |      v.customize ["modifyvm", :id, "--audio", "none", "--usb", "on", "--usbehci", "off"]
43 |      unless File.exist?(nsm_disk)
44 |      	v.customize ['createhd', '--filename', nsm_disk, '--size', 100000]
45 |      end
46 |      v.customize ['storageattach', :id, '--storagectl', 'SATAController', '--port', 1, '--device', 0, '--type', 'hdd', '--medium', nsm_disk]
47 |    end
48 | 
49 |   # Shell script to provision machine
50 |   config.vm.provision "shell", path: "provision.sh"
51 | 
52 | end
53 | 


--------------------------------------------------------------------------------
/seconion/provision.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | # Run once on first boot
 3 | 
 4 | touch /tmp/ran.provision.$(date +"%d-%m-%Y").shell
 5 | 
 6 | # Disable firewall and network ACL's and allow ssh connections
 7 | sudo iptables -F
 8 | sudo ufw disable
 9 | sudo ufw allow 22
10 | 
11 | /usr/bin/expect <<EOF
12 | spawn /usr/bin/sudo /usr/sbin/ufw enable
13 | expect "Proceed with operation"
14 | send "y\n"
15 | expect eof
16 | EOF
17 | 
18 | sudo rm /etc/udev/rules.d/70-persistent-net.rules
19 | 
20 | yes | mkfs -t ext4 /dev/sdb
21 | mount /dev/sdb /nsm
22 | 
23 | cat <<EOF >> /etc/fstab
24 | # Store NSM data on other drive
25 | /dev/sdb	/nsm		ext4			  auto,rw,nosuid,noexec   0	  0
26 | EOF
27 | 
28 | read -n 1 -p "Would you like me to configure multi-user GNU screen to share terminal sessions? [Y/n]" CHOICE
29 | 
30 | if [ -z $CHOICE ]; then
31 | 	CHOICE="Y"
32 | fi
33 | 
34 | case $CHOICE in
35 |   y|Y) sudo apt-get -y install screen &&
36 | 	sudo wget -O /etc/screenrc http://raw.github.com/jonschipp/misc/master/screen/screenrc &&
37 | 	sudo chmod +s /usr/bin/screen
38 |   	;;
39 |   n|N) exit ;;
40 |   *) exit   ;;
41 | esac
42 | 


--------------------------------------------------------------------------------
/xen-ganeti/README.md:
--------------------------------------------------------------------------------
 1 | Ganeti
 2 | ===========
 3 | 
 4 | ```
 5 | $ vagrant up
 6 | ```
 7 | 
 8 | will provision two Ubuntu Trusty VM's for testing, playing, and developing with
 9 |  * Xen w/ Ganeti (PV virtualization only)
10 | 
11 | *Note:*  Adjust memory `--memory` in Vagrantfile if necessary, set to 4GB per node.
12 | 
13 | ```
14 | $ vagrant up
15 | $ vagrant ssh node1
16 | # Initialize cluster
17 | $ gnt-cluster init --enabled-hypervisors=xen-pvm --hypervisor-parameters xen-pvm:xen_cmd=xl --vg-name ganeti --nic-parameters link=xenbr0 \
18 | --master-netdev xenbr0 --secondary-ip 192.168.1.10 --no-ssh-init xen-cluster.test
19 | # Add node2 to cluster
20 | $ gnt-node add -v -d --no-ssh-key-check --master-capable=yes --vm-capable=yes --secondary-ip 192.168.1.20 xen-node2.test
21 | # Test cluster
22 | $ /usr/lib/ganeti/tools/burnin -v -d -o debootstrap+default --disk-size=1024m --mem-size=128m -p instance{1..3}
23 | ```
24 | 


--------------------------------------------------------------------------------
/xen-ganeti/Vagrantfile:
--------------------------------------------------------------------------------
 1 | # -*- mode: ruby -*-
 2 | # vi: set ft=ruby :
 3 | 
 4 | # Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
 5 | VAGRANTFILE_API_VERSION = "2"
 6 | 
 7 | Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
 8 | 
 9 |   config.vm.box = "trusty"
10 |   config.vm.box_url = "https://cloud-images.ubuntu.com/vagrant/trusty/current/trusty-server-cloudimg-amd64-vagrant-disk1.box"
11 |   node1_disk   = './node1.vdi'
12 |   node2_disk   = './node2.vdi'
13 | 
14 |   # 1.) Will not work after provision script is ran because of new kernel lacking guest additions
15 |   # config.vm.network "forwarded_port", guest: 80, host: 8080
16 |   # config.vm.synced_folder ".", "/vagrant"
17 |   # 2.) Will work becuase guest additions isn't a requirement
18 |   # config.vm.synced_folder ".", "/vagrant", type: "rsync",
19 |   # rsync__exclude: ".git/"
20 |   # rsync_auto: "true" # Detect and copy any changes automatically
21 | 
22 |   config.vm.define "node1" do |node1|
23 |     node1.vm.hostname = "xen-node1"
24 |     node1.vm.network "private_network", ip: "10.2.2.10", :netmask => "255.255.255.0", :adapter => 2
25 |     node1.vm.network "private_network", ip: "192.168.1.10", :netmask => "255.255.255.0", :adapter => 3
26 |     node1.vm.provision "file", source: "interfaces-node1", destination: "interfaces-node1"
27 |     node1.vm.provision "file", source: "hosts", destination: "hosts"
28 |     node1.vm.provision "file", source: "modules", destination: "modules"
29 |     node1.vm.provision "file", source: "xend-config.sxp", destination: "xend-config.sxp"
30 |     node1.vm.provision "file", source: "lvm.conf", destination: "lvm.conf"
31 |     node1.vm.provision "shell", path: "provision.sh", privileged: "true"
32 |     node1.vm.provider "virtualbox" do |vm1|
33 |       vm1.name = "node1"
34 |       vm1.customize ["modifyvm", :id, "--memory", "4096"]
35 |       vm1.customize ["modifyvm", :id, "--cpus", 3]
36 |       vm1.customize ["modifyvm", :id, "--audio", "none", "--usb", "on", "--usbehci", "off"]
37 |       #vm1.customize ["modifyvm", :id, "--hwvirtex", "off"]
38 |       unless File.exist?(node1_disk)
39 |         vm1.customize ['createhd', '--filename', node1_disk, '--size', 100000]
40 |         vm1.customize ['storageattach', :id, '--storagectl', 'SATAController', '--port', 1, '--device', 0, '--type', 'hdd', '--medium', node1_disk]
41 |       end
42 |       vm1.gui = true
43 |     end
44 |   end
45 | 
46 |   config.vm.define "node2" do |node2|
47 |     node2.vm.hostname = "xen-node2"
48 |     node2.vm.network "private_network", ip: "10.2.2.20", :netmask => "255.255.255.0", :adapter => 2
49 |     node2.vm.network "private_network", ip: "192.168.1.20", :netmask => "255.255.255.0", :adapter => 3
50 |     node2.vm.provision "file", source: "interfaces-node2", destination: "interfaces-node2"
51 |     node2.vm.provision "file", source: "hosts", destination: "hosts"
52 |     node2.vm.provision "file", source: "modules", destination: "modules"
53 |     node2.vm.provision "file", source: "xend-config.sxp", destination: "xend-config.sxp"
54 |     node2.vm.provision "file", source: "lvm.conf", destination: "lvm.conf"
55 |     node2.vm.provision "shell", path: "provision.sh", privileged: "true"
56 |     node2.vm.provider "virtualbox" do |vm2|
57 |       vm2.name = "node2"
58 |       vm2.customize ["modifyvm", :id, "--memory", "4096"]
59 |       vm2.customize ["modifyvm", :id, "--cpus", 3]
60 |       vm2.customize ["modifyvm", :id, "--audio", "none", "--usb", "on", "--usbehci", "off"]
61 |       #vm2.customize ["modifyvm", :id, "--hwvirtex", "off"]
62 |       unless File.exist?(node2_disk)
63 |         vm2.customize ['createhd', '--filename', node2_disk, '--size', 100000]
64 |         vm2.customize ['storageattach', :id, '--storagectl', 'SATAController', '--port', 1, '--device', 0, '--type', 'hdd', '--medium', node2_disk]
65 |       end
66 |       vm2.gui = true
67 |     end
68 |   end
69 | 
70 | end
71 | 


--------------------------------------------------------------------------------
/xen-ganeti/hosts:
--------------------------------------------------------------------------------
 1 | 127.0.0.1 localhost localhost.localdomain
 2 | 
 3 | # The following lines are desirable for IPv6 capable hosts
 4 | ::1     localhost ip6-localhost ip6-loopback
 5 | ff02::1 ip6-allnodes
 6 | ff02::2 ip6-allrouters
 7 | 
 8 | # Ganeti cluster name
 9 | 10.2.2.5 xen-cluster.test
10 | 
11 | # Ganeti hosts
12 | 10.2.2.10 xen-node1.test
13 | 10.2.2.20 xen-node2.test
14 | 
15 | # Test VM's
16 | 10.2.2.30 instance1
17 | 10.2.2.31 instance2
18 | 10.2.2.32 instance3
19 | 


--------------------------------------------------------------------------------
/xen-ganeti/interfaces-node1:
--------------------------------------------------------------------------------
 1 | # This file describes the network interfaces available on your system
 2 | # and how to activate them. For more information, see interfaces(5).
 3 | auto xenbr0
 4 | iface xenbr0 inet static
 5 | 	bridge_ports eth1
 6 |  	address 10.2.2.10
 7 |  	netmask 255.255.255.0
 8 |  	network 10.2.2.0
 9 |  	gateway 10.2.2.1
10 |  	dns-nameservers 10.0.2.3
11 | 
12 | auto eth1
13 | iface eth1 inet manual
14 | 
15 | # The third network interface
16 | # This is for DRBD
17 | auto eth2
18 | iface eth2 inet static
19 | address 192.168.1.10
20 | netmask 255.255.255.0
21 | 


--------------------------------------------------------------------------------
/xen-ganeti/interfaces-node2:
--------------------------------------------------------------------------------
 1 | # This file describes the network interfaces available on your system
 2 | # and how to activate them. For more information, see interfaces(5).
 3 | auto xenbr0
 4 | iface xenbr0 inet static
 5 | 	bridge_ports eth1
 6 |  	address 10.2.2.20
 7 |  	netmask 255.255.255.0
 8 |  	network 10.2.2.0
 9 |  	gateway 10.2.2.1
10 |  	dns-nameservers 10.0.2.3
11 | 
12 | auto eth1
13 | iface eth1 inet manual
14 | 
15 | # The third network interface
16 | # This is for DRBD
17 | auto eth2
18 | iface eth2 inet static
19 | address 192.168.1.20
20 | netmask 255.255.255.0
21 | 


--------------------------------------------------------------------------------
/xen-ganeti/modules:
--------------------------------------------------------------------------------
 1 | # /etc/modules: kernel modules to load at boot time.
 2 | #
 3 | # This file contains the names of kernel modules that should be loaded
 4 | # at boot time, one per line. Lines beginning with "#" are ignored.
 5 | # Parameters can be specified after the module name.
 6 | 
 7 | lp
 8 | rtc
 9 | drbd minor_count=255 usermode_helper=/bin/true
10 | hmac
11 | tun
12 | ext3
13 | ext4
14 | 


--------------------------------------------------------------------------------
/xen-ganeti/provision.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | # We start here
  3 | HOME=/root
  4 | VAGRANT=/home/vagrant
  5 | ARG=${1:-0}
  6 | BPF=0
  7 | COWSAY=/usr/games/cowsay
  8 | cd $HOME
  9 | 
 10 | function die {
 11 |   $COWSAY -d "$* MooOoOOoo"
 12 |   exit 1
 13 | }
 14 | 
 15 | function hi {
 16 |   $COWSAY "$*"
 17 | }
 18 | 
 19 | function install_dependencies {
 20 |   # Install dependencies
 21 |   apt-get update -qq
 22 |   apt-get -qy install cowsay git vim ethtool iotop sysstat cowsay nmap dstat tshark htop
 23 | 
 24 |   # Xen Project
 25 |   apt-get -qy install bridge-utils xen-hypervisor-amd64 xen-tools
 26 | 
 27 |   # Ganeti
 28 |   apt-get -qy install ganeti kpartx dump drbd8-utils ganeti-htools fai-client \
 29 |   libghc-json-dev libghc-network-dev libghc-parallel-dev libghc-curl-dev ghc \
 30 |   linux-image-extra-virtual lvm2 iproute iputils-arping make m4 ndisc6 \
 31 |   python python-openssl openssl python-pyparsing python-simplejson python-bitarray \
 32 |   python-pyinotify python-pycurl python-ipaddr socat fping python-paramiko python-psutil \
 33 |   qemu-utils python-setuptools python-dev python-ipaddr
 34 | 
 35 |   hi "Dependencies installed!"
 36 | 
 37 |   # Unsure, used for compiling ganeti
 38 |   #apt-get install build-essential cabal-install dpkg-dev fabric g++ g++-4.8 \
 39 |   #  libalgorithm-diff-perl libalgorithm-diff-xs-perl libalgorithm-merge-perl \
 40 |   #  libdpkg-perl libexpat1-dev libfile-fcntllock-perl libpython-dev socat \
 41 |   #  libpython2.7-dev python-colorama python-dev python-distlib python-html5lib \
 42 |   #  python-nose python-pip python-setuptools python2.7-dev ghc libghc-json-dev \
 43 |   #  libghc-network-dev libghc-parallel-dev libghc-utf8-string-dev libghc-curl-dev libghc-hslogger-dev \
 44 |   #  libghc-crypto-dev libghc-text-dev libghc-hinotify-dev libghc-regex-pcre-dev libpcre3-dev \
 45 |   #  libghc-attoparsec-dev libghc-vector-dev libghc-zlib-dev libghc-base64-bytestring-dev \
 46 |   #  libghc-lens-dev libghc-lifted-base-dev m4 python-pyparsing python-pyinotify python-bitarray \
 47 |   #  python-ipaddr
 48 |   #depmod -a
 49 |   #cabal update
 50 |   #cabal install json network parallel utf8-string curl hslogger \
 51 |   #  Crypto text hinotify==0.3.2 regex-pcre attoparsec vector base64-bytestring \
 52 |   #  lifted-base==0.2.0.3 lens==3.10
 53 | }
 54 | 
 55 | 
 56 | function install_ganeti {
 57 |   # Compiling and installing
 58 |   wget http://downloads.ganeti.org/releases/2.12/ganeti-2.12.0.tar.gz
 59 |   tar zxf ganeti-2.12.0.tar.gz
 60 |   cd ganeti-2.12.0/
 61 |   ./configure --localstatedir=/var --sysconfdir=/etc && make && make install
 62 |   hi "Ganeti installed!"
 63 |   cd $HOME
 64 | }
 65 | 
 66 | function install_ganeti_debootstrap {
 67 |   url="https://launchpad.net/ubuntu/+archive/primary/+files/ganeti-instance-debootstrap_0.14-2_all.deb"
 68 |   deb=$(basename $url)
 69 |   cd $HOME
 70 |   [ -e $deb ] || { wget $url || die "Failed to download ganeti-instance-debootstrap"; }
 71 |   dpkg -l | grep -q "ganeti-instance-debootstrap.*0.14-2" || dpkg --install $deb
 72 |   hi "Ganeti Debootstrap installed!"
 73 | }
 74 | 
 75 | function install_snf_image {
 76 |   apt-get install -y software-properties-common
 77 |   apt-add-repository ppa:grnet/synnefo
 78 |   echo -e "deb http://apt.dev.grnet.gr trusty/\ndeb-src http://apt.dev.grnet.gr trusty/" >> /etc/apt/sources.list
 79 |   apt-get update
 80 |   apt-get install -y snf-image
 81 | }
 82 | 
 83 | function system_configuration {
 84 |   cd $HOME
 85 |   # System and network configuration
 86 |   #! grep -s -q dom0_mem=512 /etc/default/grub.d/xen.cfg && \
 87 |   #sed -i '1s/^/GRUB_CMDLINE_XEN_DEFAULT="dom0_mem=512M,max:512M dom0_max_vcpus=1 dom0_vcpus_pin=1"/' /etc/default/grub.d/xen.cfg && \
 88 |   sed -i '1s/^/GRUB_CMDLINE_XEN_DEFAULT="dom0_max_vcpus=1, dom0_vcpus_pin=1"/' /etc/default/grub.d/xen.cfg && update-grub2
 89 |   echo "service ssh restart" > /etc/init.d/ssh # Bug: https://bugs.launchpad.net/ubuntu/+source/ganeti/+bug/1308571
 90 |   echo "${HOSTNAME}.test" > /etc/hostname
 91 |   sed -i -e '/#autoballoon/s/^#//' -e '/^autoballoon/s/auto/off/2' /etc/xen/xl.conf
 92 |   sed -i '/dowait 120/d'  /etc/init/cloud-init-nonet.conf
 93 |   sed -i 's/dowait/10/2' /etc/init/cloud-init-nonet.conf
 94 |   sed -i '/sleep 40/d' /etc/init/failsafe.conf
 95 |   sed -i '/sleep 59/d' /etc/init/failsafe.conf
 96 |   ln -f -s /boot/vmlinuz-$(uname -r) /boot/vmlinuz-3-xenU
 97 |   ln -f -s /boot/initrd.img-$(uname -r) /boot/initrd-3-xenU
 98 |   grep -q xen_blkfront /etc/initramfs-tools/modules || { echo "xen_blkfront" >> /etc/initramfs-tools/modules && update-initramfs -u; }
 99 | 
100 |   [ -e $VAGRANT/interfaces* ] && install -o root -g root -m 644 $VAGRANT/interfaces* /etc/network/interfaces.d/xen.cfg
101 |   [ -e $VAGRANT/hosts ] && install -o root -g root -m 644 $VAGRANT/hosts /etc/hosts
102 |   [ -e $VAGRANT/modules ] && install -o root -g root -m 644 $VAGRANT/modules /etc/modules
103 |   [ -e $VAGRANT/xend-config.sxp ] && install -o root -g root -m 644 $VAGRANT/xend-config.sxp /etc/xen/xend-config.sxp
104 |   [ -e $VAGRANT/lvm.conf ] && install -o root -g root -m 644 $VAGRANT/lvm.conf /etc/xen/lvm.conf
105 | 
106 |   ssh_configuration
107 |   ufw disable
108 |   lvm_configuration
109 |   hi "Everything ran! Time for a reboot"
110 | }
111 | 
112 | function ssh_configuration {
113 | SSH=$HOME/.ssh
114 | mkdir -m 700 -p $SSH
115 | cat <<EOF > $SSH/known_hosts
116 | |1|3f5uzy9DiJxk04xeaDsbljUHPQ4=|LZ2CUsaUBiUtpMjKSv64XOpw8Yk= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHxD2nBigtIMmwyMYKJKp5Oz+XMAxWZw4mEnXIKlqR7bRjQZxD6U4nakPlB9Y9kR4rgNTYBDLd5Sx+Aw6y1te1M=
117 | |1|sdJBNEBCk0YZ8kVdTuqH1AHb0ro=|SbLxDLwSdGyqwSWFMCIC+0NbSwc= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHxD2nBigtIMmwyMYKJKp5Oz+XMAxWZw4mEnXIKlqR7bRjQZxD6U4nakPlB9Y9kR4rgNTYBDLd5Sx+Aw6y1te1M=
118 | EOF
119 | cat <<EOF > $SSH/id_dsa.pub
120 | ssh-dss AAAAB3NzaC1kc3MAAACBAIHNYzf38A+PHIpSYd7B78XAUnnqTWtxGON4LRCcGOk4aDfY5FF7B5v5ywLBb6HBQZ0oVur/cW87r0Cj9yP56haZtq09JIBAywWpIKnWkE5+gzs62IDq7mXxvmx3sNArpvbGfzCV9yY3hdeEHqYtwI6fOygb1hRR52XfoIso7EADAAAAFQCSxXJGVzoHeuGTR49pYRKyaNjVjwAAAIBJSo/c9iBCIKvrKUHbnA2EohG4B1K6PFUX6OLCeqVlzDZHwaYXHDQnrSSOmqK8RyttsGhWEC16kp8bc/ldm/xQuGmaXqqtk9mS9MGDAeJgXx3lD5XkIYbrypSGSuVG5UtC6nFKxbWklEF0rSvm+yDnyaoKlYkA6+52ngx85bT10wAAAIBh7YhYuy6YHilCcbkAa0UvVu6Lds+nqnh+jdc4A+Phijt3i8q6/yDJj0WhM9TVgo7TKzbe7/SpzU98gdY2bOxZd1xNjFyquVEP92+LAm+s/OCbU7n3g43EWKfq5M6fpIPtXzEOFMRuOncg7EEGywDz3cyaCD+mtuI6hF3beG0ntA== root@xen-node1.test
121 | EOF
122 | cat <<EOF >> $SSH/authorized_keys
123 | ssh-dss AAAAB3NzaC1kc3MAAACBAIHNYzf38A+PHIpSYd7B78XAUnnqTWtxGON4LRCcGOk4aDfY5FF7B5v5ywLBb6HBQZ0oVur/cW87r0Cj9yP56haZtq09JIBAywWpIKnWkE5+gzs62IDq7mXxvmx3sNArpvbGfzCV9yY3hdeEHqYtwI6fOygb1hRR52XfoIso7EADAAAAFQCSxXJGVzoHeuGTR49pYRKyaNjVjwAAAIBJSo/c9iBCIKvrKUHbnA2EohG4B1K6PFUX6OLCeqVlzDZHwaYXHDQnrSSOmqK8RyttsGhWEC16kp8bc/ldm/xQuGmaXqqtk9mS9MGDAeJgXx3lD5XkIYbrypSGSuVG5UtC6nFKxbWklEF0rSvm+yDnyaoKlYkA6+52ngx85bT10wAAAIBh7YhYuy6YHilCcbkAa0UvVu6Lds+nqnh+jdc4A+Phijt3i8q6/yDJj0WhM9TVgo7TKzbe7/SpzU98gdY2bOxZd1xNjFyquVEP92+LAm+s/OCbU7n3g43EWKfq5M6fpIPtXzEOFMRuOncg7EEGywDz3cyaCD+mtuI6hF3beG0ntA== root@xen-node1.test
124 | EOF
125 | cat <<EOF > $SSH/id_dsa
126 | -----BEGIN DSA PRIVATE KEY-----
127 | MIIBugIBAAKBgQCBzWM39/APjxyKUmHewe/FwFJ56k1rcRjjeC0QnBjpOGg32ORR
128 | eweb+csCwW+hwUGdKFbq/3FvO69Ao/cj+eoWmbatPSSAQMsFqSCp1pBOfoM7OtiA
129 | 6u5l8b5sd7DQK6b2xn8wlfcmN4XXhB6mLcCOnzsoG9YUUedl36CLKOxAAwIVAJLF
130 | ckZXOgd64ZNHj2lhErJo2NWPAoGASUqP3PYgQiCr6ylB25wNhKIRuAdSujxVF+ji
131 | wnqlZcw2R8GmFxw0J60kjpqivEcrbbBoVhAtepKfG3P5XZv8ULhpml6qrZPZkvTB
132 | gwHiYF8d5Q+V5CGG68qUhkrlRuVLQupxSsW1pJRBdK0r5vsg58mqCpWJAOvudp4M
133 | fOW09dMCgYBh7YhYuy6YHilCcbkAa0UvVu6Lds+nqnh+jdc4A+Phijt3i8q6/yDJ
134 | j0WhM9TVgo7TKzbe7/SpzU98gdY2bOxZd1xNjFyquVEP92+LAm+s/OCbU7n3g43E
135 | WKfq5M6fpIPtXzEOFMRuOncg7EEGywDz3cyaCD+mtuI6hF3beG0ntAIUcLGhWozZ
136 | wsMfG8jpCFr1RPEGzZs=
137 | -----END DSA PRIVATE KEY-----
138 | EOF
139 | chmod 0600 $SSH/*
140 | }
141 | 
142 | function lvm_configuration {
143 |   if [ -b /dev/sdb ]; then
144 |     pvcreate /dev/sdb
145 |     vgcreate ganeti /dev/sdb
146 |   fi
147 | }
148 | 
149 | if ! which xen 2>&1 > /dev/null; then
150 |  	install_dependencies
151 |         install_ganeti_debootstrap
152 |         #install_snf_image # 3rd party tool
153 |         #install_instance_image # 3rd party tool
154 |         system_configuration
155 | fi
156 | 
157 | cat <<EOF
158 | Run these commands on node1 to create the cluster:
159 | $ vagrant ssh node1
160 | $ gnt-cluster init --enabled-hypervisors=xen-pvm --hypervisor-parameters xen-pvm:xen_cmd=xl --vg-name ganeti --nic-parameters link=xenbr0 \
161 | --master-netdev xenbr0 --secondary-ip 192.168.1.10 --no-ssh-init xen-cluster.test
162 | $ gnt-node add -v -d --no-ssh-key-check --master-capable=yes --vm-capable=yes --secondary-ip 192.168.1.20 xen-node2.test
163 | Run VM cluster tests on node1:
164 | $ /usr/lib/ganeti/tools/burnin -v -d -o debootstrap+default --disk-size=1024m --mem-size=128m -p instance1
165 | EOF
166 | #--backend-parameters vcpus=1,minmem=64,maxmem=256M,always_failover=true
167 | 
168 | reboot
169 | 


--------------------------------------------------------------------------------