-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathVagrantfile
323 lines (302 loc) · 13.7 KB
/
Vagrantfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
Vagrant.configure("2") do |config|
config.vm.define "opnsense", autostart: true do |opnsense|
opnsense.vm.box = "bento/freebsd-13.2"
opnsense.vm.hostname = 'tartarus-opnsense'
opnsense.vm.box_url = "bento/freebsd-13.2"
opnsense.ssh.shell = '/bin/sh'
opnsense.ssh.connect_timeout = 120
opnsense.vm.synced_folder '.', '/vagrant', id: 'vagrant-root', disabled: true
opnsense.vm.network "forwarded_port", guest: 443, host: 8443, auto_correct: true
opnsense.vm.provision "file", source: "OPBootstrap.sh", destination: "/tmp/OPBootstrap.sh"
opnsense.vm.provision "file", run: "always", source: "config/firewall.php", destination: "/tmp/firewall.php"
opnsense.vm.provision "shell", run: "always", inline: <<-SHELL
if ! /usr/local/sbin/pkg info | grep -q opnsense; then
echo "OPNsense not installed. Running OPBootstrap.sh..."
sh /tmp/OPBootstrap.sh
elif [ -e /conf/config.xml ] && [ ! -e /conf/configured ]; then
echo "OPNsense is already installed. Running config/firewall.php..."
php /tmp/firewall.php
touch /conf/configured
else
echo "OPNsense is already installed and configured."
fi
SHELL
opnsense.vm.network :private_network, ip: "192.168.56.2", virtualbox__intnet: "vboxnet0"
opnsense.vm.network :private_network, ip: "192.168.56.65", virtualbox__intnet: "vboxnet1"
opnsense.vm.network :private_network, ip: "192.168.56.129", virtualbox__intnet: "vboxnet2"
opnsense.vm.network :private_network, ip: "192.168.56.193", virtualbox__intnet: "vboxnet3"
opnsense.vm.provider :virtualbox do |v|
v.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
v.customize ["modifyvm", :id, "--cpus", 2]
v.customize ["modifyvm", :id, "--memory", 1024]
v.customize ["modifyvm", :id, "--name", "tartarus-opnsense"]
end
end
config.vm.define "elastic", autostart: true do |elastic|
elastic.vm.box = "bento/rockylinux-8.7"
elastic.vm.hostname = 'tartarus-elastic'
elastic.vm.box_url = "bento/rockylinux-8.7"
elastic.vm.network :private_network, ip: "192.168.56.10", virtualbox__intnet: "vboxnet0", auto_config: false
elastic.vm.network :forwarded_port, guest: 5443, host: 5443, host_ip: "0.0.0.0", id: "kibana", auto_correct: true
elastic.vm.provider :virtualbox do |v|
v.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
v.customize ["modifyvm", :id, "--cpus", 4]
v.customize ["modifyvm", :id, "--memory", 8192]
v.customize ["modifyvm", :id, "--name", "tartarus-elastic"]
end
elastic.vm.provision "shell", inline: <<-SHELL
systemctl start NetworkManager
systemctl enable NetworkManager
# Check if the connection already exists
if ! nmcli connection show eth1 >/dev/null 2>&1; then
echo "Connection eth1 not found. Adding new connection."
nmcli connection add type ethernet con-name eth1 ifname eth1 ip4 192.168.56.10/26 gw4 192.168.56.2
nmcli connection modify eth1 ipv4.dns "192.168.56.2"
nmcli connection modify eth1 ipv4.route-metric 10
else
echo "Connection eth1 already exists. Skipping addition."
fi
# Bring the connection up
nmcli connection up eth1
SHELL
if (ENV['HOSTS'] == nil or ENV['HOSTS'] == 'elastic')
elastic.vm.provision "shell", inline: <<-SHELL
if ! systemctl is-active --quiet elasticsearch; then
echo "Elasticsearch service not running. Running ESBootstrap.sh."
bash /vagrant/ESBootstrap.sh
bash /vagrant/PostBootstrap.sh
else
echo "Elasticsearch service is already running. Skipping bootstrap scripts."
fi
SHELL
end
if ENV['HOSTS'] == 'windows'
elastic.vm.provision "shell", inline: <<-SHELL
if ! systemctl is-active --quiet elasticsearch; then
echo "Elasticsearch service not running. Running ESBootstrap.sh and WBootstrap.sh"
bash /vagrant/ESBootstrap.sh
bash /vagrant/PostBootstrap.sh
bash /vagrant/WBootstrap.sh
elif [ ! -e /vagrant/keys/WEDIid.txt ]; then
echo "Elasticsearch service is running. Installing Windows addons"
bash /vagrant/WBootstrap.sh
else
echo "Elasticsearch service is running and Windows addons already installed"
fi
SHELL
end
if ENV['HOSTS'] == 'linux'
elastic.vm.provision "shell", inline: <<-SHELL
if ! systemctl is-active --quiet elasticsearch; then
echo "Elasticsearch service not running. Running ESBootstrap.sh and LBootstrap.sh"
bash /vagrant/ESBootstrap.sh
bash /vagrant/PostBootstrap.sh
bash /vagrant/LBootstrap.sh
elif [ ! -e /vagrant/keys/LEDIid.txt ]; then
echo "Elasticsearch service is running. Installing Linux addons"
bash /vagrant/LBootstrap.sh
else
echo "Elasticsearch service is running and Linux addons already installed"
fi
SHELL
end
if ENV['HOSTS'] == 'linwin'
elastic.vm.provision "shell", inline: <<-SHELL
if ! systemctl is-active --quiet elasticsearch; then
echo "Elasticsearch service not running. Running ESBootstrap.sh, LBootstrap.sh and WBootstrap.sh"
bash /vagrant/ESBootstrap.sh
bash /vagrant/PostBootstrap.sh
bash /vagrant/LBootstrap.sh
bash /vagrant/WBootstrap.sh
elif [[ ! -e /vagrant/keys/LEDIid.txt && ! -e /vagrant/keys/WEDIid.txt ]]; then
echo "Elasticsearch service is running. Installing Linux and Windows addons"
bash /vagrant/LBootstrap.sh
bash /vagrant/WBootstrap.sh
elif [ ! -e /vagrant/keys/LEDIid.txt ]; then
echo "Elasticsearch service is running. Installing Linux addons"
bash /vagrant/LBootstrap.sh
elif [ ! -e /vagrant/keys/WEDIid.txt ]; then
echo "Elasticsearch service is running. Installing Windows addons"
bash /vagrant/WBootstrap.sh
else
echo "Elasticsearch service is running and Linux and Windows addons already installed"
fi
SHELL
end
if ENV['HOSTS'] == 'dvwa'
elastic.vm.provision "shell", inline: <<-SHELL
if ! systemctl is-active --quiet elasticsearch; then
echo "Elasticsearch service not running. Running ESBootstrap.sh and APACHELBootstrap.sh"
bash /vagrant/ESBootstrap.sh
bash /vagrant/PostBootstrap.sh
bash /vagrant/APACHELBootstrap.sh
elif [ ! -e /vagrant/keys/APACHELEDIid.txt ]; then
echo "Elasticsearch service is running. Installing Linux - Apache addons"
bash /vagrant/APACHELBootstrap.sh
else
echo "Elasticsearch service is running and Linux addons already installed"
fi
SHELL
end
elastic.trigger.before :destroy do |trigger|
trigger.warn = "Removing all .txt files from the local keys/ directory"
if Vagrant::Util::Platform.windows?
trigger.run = {
inline: "powershell -Command \"if ((Get-Location).Path -match '\\\\Tartarus$' -and (Test-Path keys)) { Remove-Item -Path keys\\*.txt -Force -ErrorAction SilentlyContinue }\""
}
else
trigger.run = {
inline: <<-SHELL
bash -c 'if [ "$(basename $(pwd))" = "Tartarus" ] && [ -d keys ]; then
rm -rf keys/*.txt
fi'
SHELL
}
end
end
end
config.vm.define "linux", autostart: false do |linux|
linux.vm.box = "bento/rockylinux-8.7"
linux.vm.hostname = 'tartarus-linux'
linux.vm.box_url = "bento/rockylinux-8.7"
linux.vm.network :private_network, ip: "192.168.56.70", virtualbox__intnet: "vboxnet1", auto_config: false
linux.vm.provider :virtualbox do |v|
v.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
v.customize ["modifyvm", :id, "--cpus", 1]
v.customize ["modifyvm", :id, "--memory", 2048]
v.customize ["modifyvm", :id, "--name", "tartarus-linux"]
end
linux.vm.provision "shell", inline: <<-SHELL
systemctl start NetworkManager
systemctl enable NetworkManager
if ! nmcli connection show eth1 >/dev/null 2>&1; then
echo "Connection eth1 not found. Adding new connection."
nmcli connection add type ethernet con-name eth1 ifname eth1 ip4 192.168.56.70/26 gw4 192.168.56.65
nmcli connection modify eth1 ipv4.dns "192.168.56.65"
nmcli connection modify eth1 ipv4.route-metric 10
nmcli connection up eth1
else
echo "Connection eth1 already exists."
fi
SHELL
linux.vm.provision :shell, inline: <<-SHELL
if ! systemctl is-active --quiet elastic-agent; then
echo "Elastic Agent service not running. Running ALBootstrap.sh"
bash /vagrant/ALBootstrap.sh
else
echo "Elastic Agent service is running"
fi
SHELL
end
config.vm.define "dvwa", autostart: false do |dvwa|
dvwa.vm.box = "bento/ubuntu-20.04"
dvwa.vm.hostname = 'tartarus-dvwa'
dvwa.vm.box_url = "bento/ubuntu-20.04"
# Configuring both NAT and private network interfaces
dvwa.vm.network :private_network, ip: "192.168.56.71", virtualbox__intnet: "vboxnet1", auto_config: false
dvwa.vm.network "forwarded_port", guest: 80, host: 8180, auto_correct: true
dvwa.vm.provider :virtualbox do |v|
v.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
v.customize ["modifyvm", :id, "--cpus", 1]
v.customize ["modifyvm", :id, "--memory", 2048]
v.customize ["modifyvm", :id, "--name", "tartarus-dvwa"]
end
# Provisioning script using Netplan
dvwa.vm.provision "shell", inline: <<-SHELL
# Create Netplan configuration
cat > /etc/netplan/01-netcfg.yaml << EOF
network:
version: 2
ethernets:
eth0:
dhcp4: true
eth1:
dhcp4: no
addresses:
- 192.168.56.71/26
gateway4: 192.168.56.65
nameservers:
addresses:
- 192.168.56.65
routes:
- to: default
via: 192.168.56.65
metric: 10
EOF
# Apply Netplan configuration
sudo netplan apply
SHELL
# Additional provisioning script
dvwa.vm.provision :shell, inline: <<-SHELL
if ! systemctl is-active --quiet elastic-agent; then
echo "Elastic Agent service not running. Running APACHEALBootstrap.sh"
bash /vagrant/APACHEALBootstrap.sh
else
echo "Elastic Agent service is running"
fi
SHELL
end
config.vm.define "windows", autostart: false do |windows|
windows.vm.box = "gusztavvargadr/windows-10-21h2-enterprise"
windows.vm.hostname = 'tartarus-windows'
windows.vm.box_url = "gusztavvargadr/windows-10-21h2-enterprise"
windows.vm.network :private_network, ip: "192.168.56.80", virtualbox__intnet: "vboxnet1", auto_config: false
windows.vm.provider :virtualbox do |v|
v.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
v.customize ["modifyvm", :id, "--cpus", 2]
v.customize ["modifyvm", :id, "--memory", 4096]
v.customize ["modifyvm", :id, "--name", "tartarus-windows"]
end
windows.vm.provision "shell", privileged: true, inline: <<-SHELL
$interfaceIndexEth2 = (Get-NetAdapter -Name 'Ethernet 2').InterfaceIndex
$existingIP = Get-NetIPAddress -InterfaceIndex $interfaceIndexEth2 -ErrorAction SilentlyContinue
if ($existingIP -eq $null -or $existingIP.IPAddress -ne "192.168.56.80") {
Write-Host "Setting IP address for Ethernet 2..."
New-NetIPAddress -InterfaceIndex $interfaceIndexEth2 -IPAddress 192.168.56.80 -PrefixLength 26 -DefaultGateway 192.168.56.65
} else {
Write-Host "IP address already set. Skipping..."
}
Set-DnsClientServerAddress -InterfaceIndex $interfaceIndexEth2 -ServerAddresses "192.168.56.65"
$interfaceIndexEth1 = (Get-NetAdapter -Name 'Ethernet').InterfaceIndex
$routeExists = Get-NetRoute -DestinationPrefix "0.0.0.0/0" -InterfaceIndex $interfaceIndexEth1 -ErrorAction SilentlyContinue
if ($routeExists -ne $null) {
Write-Host "Route already exists. Updating metric..."
route change 0.0.0.0 mask 0.0.0.0 10.0.2.2 metric 1000 IF $interfaceIndexEth1
} else {
Write-Host "Adding new route..."
route add 0.0.0.0 mask 0.0.0.0 10.0.2.2 metric 1000 IF $interfaceIndexEth1
}
SHELL
windows.vm.provision "shell", privileged: true, inline: <<-SHELL
$service = Get-Service -Name "elastic-agent" -ErrorAction SilentlyContinue
if ($service -eq $null -or $service.Status -ne "Running") {
Write-Host "Elastic Agent is not running. Running AWBootstrap.ps1..."
& "C:\\vagrant\\AWBootstrap.ps1"
} else {
Write-Host "Elastic Agent is already running. Skipping AWBootstrap.ps1."
}
SHELL
end
config.vm.define "kali", autostart: false do |kali|
kali.vm.box = "kalilinux/rolling"
kali.vm.hostname = 'tartarus-kali'
kali.vm.box_url = "kalilinux/rolling"
kali.vm.network :private_network, ip: "192.168.56.200", virtualbox__intnet: "vboxnet3", auto_config: false
kali.vm.provider :virtualbox do |v|
v.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
v.customize ["modifyvm", :id, "--cpus", 4]
v.customize ["modifyvm", :id, "--memory", 8192]
v.customize ["modifyvm", :id, "--name", "tartarus-kali"]
end
kali.vm.provision "shell", inline: <<-SHELL
systemctl start NetworkManager
systemctl enable NetworkManager
nmcli connection add type ethernet con-name eth1 ifname eth1 ip4 192.168.56.200/26 gw4 192.168.56.193
nmcli connection modify eth1 ipv4.dns "192.168.56.193"
nmcli connection modify eth1 ipv4.route-metric 10
nmcli connection up eth1
echo " metric 100" >> /etc/network/interfaces
systemctl restart networking.service
SHELL
end
end