Scalable Active Directory domain Azure sandbox equipped with security logging for blue and red teamers
- Install Terraform
- Install Ansible
You can use the Ubuntu WSL subsystem on windows to install ansible as well
- Have a Azure subscription
- Configure the
terraform.tfvars
file
- Copy the file
terraform/terraform.tfvars.template
toterraform/terraform.tfvars
- In the newly copied terraform.tfvars file, provide the values for each variable
- Authenticate to Azure using
az
- Run
az login
. This should bring up a browser that asks you to sign into your Azure account - TO confirm you've been authenticated successfully, run
az account show
- Bring up the VM's using Terraform
cd
toterraform
and runterraform init
to initialize the working directory- Run
terraform apply
to check the Terraform plan orterraform apply --auto-approve
to bypass the check
- Wait for Terraform to finish running. Once finished you should see the Terraform output with the VM's public IP's that you will need for the next step.
Output example:
Outputs:
azure-region = "East US"
linux-vm-publicip = {
"logger" = "52.149.130.72"
}
windows-vm-publicip = {
"dooku-win10" = "13.72.82.109"
"jedi-archives" = "52.149.130.37"
"republic-dc" = "52.149.128.99"
"security-dc" = "52.149.128.126"
}
- Configure the
hosts
file
- Copy the file
ansible/hosts.template
toansible/hosts
- In the newly copied hosts file, provide the values for each variable (this will be the public IP's from the previous step)
- You can either run
ansible-playbook main.yml
to run all playbooks, or for troubleshooting you can run them one for one by running:
ansible-playbook install-utilities.yml # Installing necessary utilities
ansible-playbook configure-domain.yml # Configuring AD domain
ansible-playbook configure-logger.yml # Configuring logger host
ansible-playbook configure-servers.yml # Configuring servers
ansible-playbook import-domain-objects.yml # Import domain objects
ansible-playbook vulnerabilities.yml # Configure vulnerabilities
ansible-playbook security-tools.yml # Configuring logging and splunk forwarders
terraform destroy
You can use the manage_azure_vms.ps1
to shutdown and boot the VM's in Azure for cost saving
./manage_azure_vms.ps1 # list VM's
./manage_azure_vms.ps1 -shutdown
./manage_azure_vms.ps1 -boot
The Terraform modules where designed to be scalable in linux and windows VMs. This can be done by simply adding to the windows_env or linux_env locals within windows-env.tf and linux-env.tf
Template for adding new host:
republic-dc = {
vm_name = "republic-dc"
ip = "192.168.56.10"
vm_details = {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2019-Datacenter"
version = "latest"
}
vm_size = var.default_vm_size
}
All domain config and deployment will be managed from the ansible/config/data/config.json file. When adding new hosts simple add the hosts configuration within the ansible/config/data/config.json file and update the hosts file accordingly. Within the hosts file you will find the children groups. (Add the new hosts accordingly)