client scenario

Makefile

@@ -45,9 +45,9 @@
 # - Ensure that Packer and Terragrunt are installed and configured properly before using this Makefile.
 
 .PHONY: packer-firewall packer-repository packer-attacker packer-corpsdns packer-ghostserver packer-kafka \
-        packer-linuxshare packer-opensearch packer-userpc packer-videoserver packer-webcam \
+        packer-linuxshare packer-opensearch packer-userpc packer-videoserver packer-webcam packer-client\
         terragrunt-bootstrap terragrunt-attacker terragrunt-lanturtle terragrunt-logging \
-        terragrunt-repository terragrunt-videoserver
+        terragrunt-repository terragrunt-videoserver terragrunt-client
 
 PACKER_CMD := packer build --var-file=default.json .
 PACKER_ROOT := ~/atb-aecid-testbed/packer
@@ -106,6 +106,9 @@ packer-webcam:
 	@echo "Running Packer for webcam..."
 	cd $(PACKER_ROOT)/webcam && $(PACKER_CMD)
 
+packer-client:
+	@echo "Running Packer for client..."
+	cd $(PACKER_ROOT)/client && $(PACKER_CMD)
 
 #----------------- Terragrunt Targets -----------------
 terragrunt-bootstrap:
@@ -132,6 +135,10 @@ terragrunt-videoserver:
 	@echo "Running Terragrunt for videoserver..."
 	cd $(TERRAGRUNT_ROOT)/videoserver && $(TERRAGRUNT_CMD) 
 
+terragrunt-client:
+	@echo "Running Terragrunt for client..."
+	cd $(TERRAGRUNT_ROOT)/client && $(TERRAGRUNT_CMD) 
+
 
 
 

ansible/run/scenario6/files/playbook.yml

@@ -0,0 +1,45 @@
+- name: Install Attacker Host
+  hosts: attacker
+  become: true
+  vars:
+    attacker_user: aecid
+    attacker_ip: 192.42.1.174
+  handlers:
+    - name: restart dnsmasq
+      ansible.builtin.service:
+        name: dnsmasq
+        state: restarted
+      delegate_to: inetdns
+
+    - name: restart msfrpcd
+      ansible.builtin.service:
+        name: msfrpcd
+        state: restarted
+
+  tasks:
+    - name: get user home directory
+      ansible.builtin.shell: >
+             getent passwd {{ attacker_user }}  | awk -F: '{ print $6 }'
+      changed_when: false
+      register: user_home
+      tags:
+        - playbooks
+
+    - name: Install dependencies
+      ansible.builtin.apt:
+        pkg:
+          - xz-utils
+          - coreutils
+      tags:
+        - playbooks
+
+
+    - name: Configure public DNS
+      ansible.builtin.copy:
+        content: "address=/facebock.com/{{ attacker_ip }}\n"
+        owner: root
+        dest: /etc/dnsmasq.d/attacker.conf
+      delegate_to: inetdns
+      notify: restart dnsmasq
+      tags:
+        - playbooks

ansible/run/scenario6/templates/wrapper.sh.j2

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+project_path="{{ attackmate_dir | default('/home/aecid/attackmate') }}"
+session="{{ attackmate_session | default('aecid') }}"
+window="{{ attackmate_window | default('attackmate') }}"
+
+tmux has-session -t ${session} 2> /dev/null
+if [ $? == "1" ]
+then
+        echo "Starting session..."
+	tmuxinator start ${session} --no-attach
+fi
+
+tmux select-window -t ${window} 2> /dev/null
+if [ $? == "1" ]
+then
+	echo "Create window"
+	tmux new-window -n ${window}
+	tmux send-keys -t "$session" "source ${project_path}/venv/bin/activate" Enter
+fi
+
+tmux send-keys -t "$pane" "attackmate --debug $@" Enter

packer/adminpc/playbook/main.yaml

@@ -26,7 +26,7 @@
                   rootkeys_private_key_user: aecid
                   rootkeys_private_dir: "/home/aecid/.ssh"
           - role: mate-desktop
-          - role: atb-ansible-novnc
+          - role: novnc
           - role: atb-ansible-ghostagent-linux
             vars:
                   ghostsserver_url: "http://192.168.100.122:5000/api"

packer/adminpc/playbook/requirements.yml

@@ -16,7 +16,7 @@ roles:
     name: mate-desktop
   - src: https://github.com/ait-testbed/atb-ansible-novnc.git
     version: v1.0.0
-    name: atb-ansible-novnc
+    name: novnc
   - src: https://github.com/ait-testbed/atb-ansible-ghostagent-linux.git
     version: v1.0.0
     name: atb-ansible-ghostagent-linux

packer/client/README.md

@@ -0,0 +1,29 @@
+# Configuration
+
+This packer-config generates client image
+
+# Prebuild
+
+Create a default.json:
+
+```
+{
+    "base_image" : "ubuntu2204",
+    "image_name" : "client-image",
+    "security_group": "default",
+    "network": "9c480f42-62f2-4f08-a961-38c28fa19346",
+    "floating_ip_pool": "provider-aecid-208"
+}
+```
+
+# Install requirements
+
+```
+ansible-galaxy install -r playbook/requirements.yml
+```
+
+# Build
+
+```
+packer build -var-file=default.json .
+```

packer/client/build.pkr.hcl

@@ -0,0 +1,26 @@
+build {
+  sources = ["source.openstack.builder"]
+
+  provisioner "shell" {
+    inline = [
+        "echo 'Waiting for cloud-init to finish...'", 
+        "/usr/bin/cloud-init status --wait"
+    ]
+  }
+
+  provisioner "shell" {
+    script = "scripts/prep-ansible.sh"
+  }
+
+  provisioner "ansible" {
+    groups        = "${var.ansible_groups}"
+    playbook_file = "playbook/main.yaml"
+    user          = "${var.build_user}"
+    use_proxy     = false
+  }
+
+  provisioner "shell" {
+    execute_command = "chmod +x {{ .Path }}; sudo {{ .Vars }} {{ .Path }}"
+    script          = "scripts/cleanup.sh"
+  }
+}

packer/client/default.json.example

@@ -0,0 +1,7 @@
+{
+    "base_image" : "Ubuntu 22.04",
+    "image_name" : "atb-client-image",
+    "security_group": "default",
+    "network": "653b15f3-c7e1-41bf-99d5-f8ad0f96f959",
+    "floating_ip_pool": "provider-aecid-208"
+}

packer/client/packer.pkr.hcl

@@ -0,0 +1,12 @@
+packer {
+  required_plugins {
+    ansible = {
+      source  = "github.com/hashicorp/ansible"
+      version = "~> 1"
+    }
+    openstack = {
+      version = ">= 1.1.1"
+      source  = "github.com/hashicorp/openstack"
+    }
+  }
+}

packer/client/playbook/main.yaml

@@ -0,0 +1,56 @@
+- name: Install ClientPC
+  hosts: all
+  become: true
+  vars:
+    linux_user: "judy"
+  tasks:
+          - name: Allow password login
+            ansible.builtin.copy:
+              dest: /etc/ssh/sshd_config.d/password.conf
+              content: 'PasswordAuthentication yes'
+          - name: Copy ODT document to the host
+            ansible.builtin.copy:
+              src: Nutzungshinweise.odt  
+              dest: "/home/{{ linux_user }}/Nutzungshinweise.odt"
+              mode: '0644'
+
+  roles:
+          - role: aeciduser
+            vars:
+                  # pass: aecid
+                  aeciduser_pass: "$6$9AqxTPJqYsFXwgPN$xAC4y1Vndk00EaBCuFcJC37BYDYYVAgt9SHymg15KSdKddZnwG.SsQaJvHarH4DYQj3tuboeLa4G5EfL7itcC0"
+          - role: aecidtools
+            vars:
+                  aecidtools_user: "aecid"
+          - role: weaklinuxuser
+            vars: 
+                  weaklinuxuser_user: "{{ linux_user}}"
+                  weaklinuxuser_pass: "garland"
+                  weaklinuxuser_sudo: True
+          - role: firefox-home
+            vars:
+            vars:
+                  install_user: "{{ linux_user }}"
+          - role: thunderbird
+            vars:
+                  thunderbird_user: "{{ linux_user}}"
+                  populate_emails: true
+          - role: libreoffice
+            vars:
+                  disable_macros_execution: false
+                  macro_security_level: 'low'
+          - role: mate-desktop
+          - role: novnc
+          - role: tightvnc
+            vars:
+                  vnc_user: "judy"
+                  vnc_password: "garland"
+                  vnc_display: ":1"
+                  vnc_port: 5901
+
+
+
+
+
+
+

packer/client/playbook/requirements.yml

@@ -0,0 +1,30 @@
+roles:
+  - src: https://github.com/ait-testbed/atb-ansible-aeciduser.git
+    version: v1.0.0
+    name: aeciduser
+  - src: https://github.com/ait-testbed/atb-ansible-aecidtools.git
+    version: v1.0.0
+    name: aecidtools
+  - src: https://github.com/ait-cs-IaaS/ansible-mate-desktop.git
+    version: v1.2.1
+    name: mate-desktop
+  - src: https://github.com/ait-testbed/atb-ansible-novnc.git
+    version: v1.0.0
+    name: novnc
+  - src: https://github.com/ait-testbed/atb-ansible-weaklinuxuser.git
+    version: v1.0.2
+    name: weaklinuxuser
+  - src: https://github.com/ait-testbed/atb-ansible-thunderbird.git
+    version: main
+    name: thunderbird
+  - src: https://github.com/ait-testbed/acr-ansible-libreoffice-and-macro-security.git
+    version: master
+    name: libreoffice
+  - src: https://github.com/ait-testbed/atb-ansible-firefox-home.git
+    version: main
+    name: firefox-home
+  - src: https://github.com/ait-testbed/atb-ansible-tightvnc.git
+    version: v1.0.0
+    name: tightvnc
+
+

packer/client/scripts/cleanup.sh

@@ -0,0 +1,66 @@
+#!/bin/bash
+
+
+# Apt cleanup.
+apt-get -y autoremove --purge
+apt-get -y clean
+apt-get -y autoclean
+
+DISK_USAGE_BEFORE_CLEANUP=$(df -h)
+
+# Remove Bash history
+unset HISTFILE
+rm -f /root/.bash_history
+rm -f /home/${SSH_USER}/.bash_history
+
+# Clean up log files
+find /var/log -type f | while read f; do echo -ne "" > "${f}"; done;
+
+echo "==> Clearing last login information"
+>/var/log/lastlog
+>/var/log/wtmp
+>/var/log/btmp
+
+
+# Whiteout root
+count=$(df --sync -kP / | tail -n1  | awk -F ' ' '{print $4}')
+let count--
+dd if=/dev/zero of=/tmp/whitespace bs=1024 count=$count || echo "dd exit code $? is suppressed"
+rm /tmp/whitespace
+
+# Whiteout /boot
+count=$(df --sync -kP /boot | tail -n1 | awk -F ' ' '{print $4}')
+let count--
+dd if=/dev/zero of=/boot/whitespace bs=1024 count=$count || echo "dd exit code $? is suppressed"
+rm /boot/whitespace
+
+
+echo '==> Clear out swap and disable until reboot'
+set +e
+swapuuid=$(/sbin/blkid -o value -l -s UUID -t TYPE=swap)
+case "$?" in
+    2|0) ;;
+    *) exit 1 ;;
+esac
+set -e
+if [ "x${swapuuid}" != "x" ]; then
+    # Whiteout the swap partition to reduce box size
+    # Swap is disabled till reboot
+    swappart=$(readlink -f /dev/disk/by-uuid/$swapuuid)
+    /sbin/swapoff "${swappart}"
+    dd if=/dev/zero of="${swappart}" bs=1M || echo "dd exit code $? is suppressed"
+    /sbin/mkswap -U "${swapuuid}" "${swappart}"
+fi
+
+# Zero out the free space to save space in the final image
+dd if=/dev/zero of=/EMPTY bs=1M  || echo "dd exit code $? is suppressed"
+rm -f /EMPTY
+
+# Add `sync` so Packer doesn't quit too early, before the large file is deleted.
+sync
+
+echo "==> Disk usage before cleanup"
+echo ${DISK_USAGE_BEFORE_CLEANUP}
+
+echo "==> Disk usage after cleanup"
+df -h

packer/client/scripts/prep-ansible.sh

@@ -0,0 +1,6 @@
+
+#!/bin/bash
+
+#sudo echo "sleeping well.. " && sleep 320s
+sudo apt-get update
+sudo apt-get install python3 -yq

packer/client/source.pkr.hcl

@@ -0,0 +1,18 @@
+# Sources
+
+## Build Hosts
+source "openstack" "builder" {
+  flavor                = "${var.flavor}"
+  floating_ip_network   = "${var.floating_ip_pool}"
+  image_name            = "${var.timestamp_image ? replace(format("%s-%s", var.image_name, timestamp()), ":","-") : var.image_name}"
+  networks              = ["${var.network}"]
+#  security_groups       = ["${var.security_group}", "default"]
+  ssh_ip_version        = "4"
+  ssh_username          = "${var.build_user}"
+  source_image_filter {
+      filters {
+          name = "${var.base_image}"
+      }
+      most_recent = true
+  }
+}