diff --git a/modules/vagrant_controller.py b/modules/vagrant_controller.py index 37db45e6..9a33901c 100644 --- a/modules/vagrant_controller.py +++ b/modules/vagrant_controller.py @@ -113,12 +113,12 @@ def show(self) -> None: instances.append([status.name, status.state]) if status.name.startswith("ar-splunk"): if self.config["splunk_server"]["install_es"] == "1": - messages.append("\nAccess Splunk via:\n\tWeb > https://localhost:8000\n\tSSH > cd vagrant & vagrant ssh " + status.name + " \n\tusername: admin \n\tpassword: " + self.config['general']['attack_range_password']) + messages.append("\nAccess Splunk via:\n\tWeb > https://192.168.56.12:8000\n\tSSH > cd vagrant & vagrant ssh " + status.name + " \n\tusername: admin \n\tpassword: " + self.config['general']['attack_range_password']) else: - messages.append("\nAccess Splunk via:\n\tWeb > http://localhost:8000\n\tSSH > cd vagrant & vagrant ssh " + status.name + " \n\tusername: admin \n\tpassword: " + self.config['general']['attack_range_password']) - messages.append("\nAccess Guacamole via:\n\tWeb > http://localhost:8080/guacamole" + "\n\tusername: Admin \n\tpassword: " + self.config['general']['attack_range_password']) + messages.append("\nAccess Splunk via:\n\tWeb > http://192.168.56.12:8000\n\tSSH > cd vagrant & vagrant ssh " + status.name + " \n\tusername: admin \n\tpassword: " + self.config['general']['attack_range_password']) + messages.append("\nAccess Guacamole via:\n\tWeb > http://192.168.56.12:8080/guacamole" + "\n\tusername: Admin \n\tpassword: " + self.config['general']['attack_range_password']) elif status.name.startswith("ar-phantom"): - messages.append("\nAccess Phantom via:\n\tWeb > https://localhost:443 \n\tSSH > cd vagrant & vagrant ssh " + status.name + " \n\tusername: admin \n\tpassword: " + self.config['general']['attack_range_password']) + messages.append("\nAccess Phantom via:\n\tWeb > https://192.168.56.13:8443 \n\tSSH > cd vagrant & vagrant ssh " + status.name + " \n\tusername: admin \n\tpassword: " + self.config['general']['attack_range_password']) elif status.name.startswith("ar-win"): messages.append("\nAccess Windows via:\n\tRDP > rdp://localhost:" + str(5389 + int(status.name[-1])) + " \n\tusername: Administrator \n\tpassword: " + self.config['general']['attack_range_password']) elif status.name.startswith("ar-linux"): diff --git a/packer/ansible/roles/phantom/tasks/install_phantom.yml b/packer/ansible/roles/phantom/tasks/install_phantom.yml index 3eb7c0e9..2ff983b5 100644 --- a/packer/ansible/roles/phantom/tasks/install_phantom.yml +++ b/packer/ansible/roles/phantom/tasks/install_phantom.yml @@ -2,6 +2,7 @@ # Install Phantom from RPM on a fresh CentOS 7 instance - name: Copy Splunk SOAR to server + become: true become_user: centos unarchive: src: "../../apps/{{ phantom_app }}" diff --git a/packer/ansible/roles/phantom/tasks/install_phantom_local.yml b/packer/ansible/roles/phantom/tasks/install_phantom_local.yml new file mode 100644 index 00000000..636038c6 --- /dev/null +++ b/packer/ansible/roles/phantom/tasks/install_phantom_local.yml @@ -0,0 +1,88 @@ +--- +# Install Phantom from RPM on a fresh CentOS 7 instance + +- name: Creates directory + file: + path: /opt/soar + state: directory + +- name: Copy Splunk SOAR to server + unarchive: + src: "../../apps/{{ phantom_app }}" + dest: /home/vagrant + +- name: prepare phantom install script without apps + shell: sudo /home/vagrant/splunk-soar/soar-prepare-system --splunk-soar-home /opt/soar --no-prompt + +- name: copy splunk soar folder + shell: cp -r /home/vagrant/splunk-soar /home/phantom/splunk-soar + +- name: chown splunk soar folder + shell: chown -R phantom. /home/phantom/splunk-soar + +# - name: Copy Splunk SOAR to server +# become_user: phantom +# unarchive: +# src: "../../apps/{{ phantom_app }}" +# dest: /home/phantom + +- name: run the phantom install script + become_user: phantom + shell: ./soar-install --splunk-soar-home /opt/soar --no-prompt --ignore-warnings + args: + chdir: /home/phantom/splunk-soar + +# - name: upgrade all packages +# yum: +# name: '*' +# state: latest + +# - name: check if phantom is installed +# stat: path=/opt/phantom +# register: phantom_path + +# - name: debug print if phantom is installed +# debug: msg='phantom is already installed under /opt/phantom' +# when: phantom_path.stat.exists + + +# - name: install the phantom setup rpm from the community repository +# yum: +# name: '{{ phantom_repo_url }}' +# state: present + +# # installing apps takes 15+ minutes longer, so later we will install just the apps we need +# - name: run the phantom install script without apps +# shell: printf "{{phantom_community_username}}\n{{phantom_community_password}}\n" | /opt/phantom/bin/phantom_setup.sh install --no-prompt --without-apps --version={{phantom_version}} +# async: 1800 +# poll: 60 + +# - name: install whois app +# yum: +# name: https://repo.phantom.us/phantom/4.10/apps/x86_64/phantom_whois-2.1.0.x86_64.rpm +# state: present + +# - name: install maxmind app +# yum: +# name: https://repo.phantom.us/phantom/4.10/apps/x86_64/phantom_maxmind-2.0.23.x86_64.rpm +# state: present + +# - name: install dns app +# yum: +# name: https://repo.phantom.us/phantom/4.10/apps/x86_64/phantom_dns-2.0.22.x86_64.rpm +# state: present + +# - name: install phishtank app +# yum: +# name: https://repo.phantom.us/phantom/4.10/apps/x86_64/phantom_phishtank-2.0.1.x86_64.rpm +# state: present + +# - name: install splunk app +# yum: +# name: https://repo.phantom.us/phantom/4.10/apps/x86_64/phantom_splunk-2.2.3.x86_64.rpm +# state: present + +# - name: install winrm app +# yum: +# name: https://repo.phantom.us/phantom/4.10/apps/x86_64/phantom_winrm-2.0.1.x86_64.rpm +# state: present \ No newline at end of file diff --git a/packer/ansible/roles/phantom/tasks/main.yml b/packer/ansible/roles/phantom/tasks/main.yml index ef7d25f8..27c2d692 100644 --- a/packer/ansible/roles/phantom/tasks/main.yml +++ b/packer/ansible/roles/phantom/tasks/main.yml @@ -2,3 +2,7 @@ # This playbook contains common tasks in this role - include: install_phantom.yml + when: cloud_provider != "local" + +- include: install_phantom_local.yml + when: cloud_provider == "local" \ No newline at end of file diff --git a/vagrant/phantom_server/Vagrantfile b/vagrant/phantom_server/Vagrantfile index 38574b85..84db0e99 100644 --- a/vagrant/phantom_server/Vagrantfile +++ b/vagrant/phantom_server/Vagrantfile @@ -4,8 +4,24 @@ config.vm.define "ar-phantom-{{config.general.key_name}}-{{config.general.attack config.vm.hostname = "#{VM_NAME_P}" config.vm.boot_timeout = 600 config.vm.network "forwarded_port", guest: 443, host: 8443, protocol: "tcp" - config.vm.network :private_network, ip: "10.0.1.13" + config.vm.network :private_network, ip: "192.168.56.13" + config.vm.provision "ansible" do |ansible| + ansible.playbook = "../packer/ansible/phantom_server.yml" + ansible.compatibility_mode = "2.0" + ansible.extra_vars = { +{% for key, value in config.general.items() %} + {{ key }}: "{{ value }}", +{% endfor %} +{% for key, value in config.splunk_server.items() %} + {{ key }}: "{{ value }}", +{% endfor %} +{% for key, value in config.phantom_server.items() %} + {{ key }}: "{{ value }}", +{% endfor %} + } + end + config.vm.provision "ansible" do |ansible| ansible.playbook = "../terraform/ansible/phantom_server.yml" ansible.compatibility_mode = "2.0"