Skip to content
Permalink
Browse files

Actually add files

  • Loading branch information...
clong committed May 27, 2019
1 parent cd722da commit e78c312bc5393f7ee5fa466fb5cbab9a8c12e9ea
@@ -130,7 +130,7 @@ jobs:
done
- run:
name: Wait for build results
name: Post the build results
command: |
## Recording the build results
STATUS=$(cat /tmp/status)
@@ -17,7 +17,7 @@ if exist "C:\Users\vagrant\windows.iso" (
)

if not exist "C:\Windows\Temp\windows.iso" (
powershell -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile('https://softwareupdate.vmware.com/cds/vmw-desktop/ws/15.0.4/12990004/windows/packages/tools-windows.tar', 'C:\Windows\Temp\vmware-tools.tar')" <NUL
powershell -Command "(New-Object System.Net.WebClient).DownloadFile('https://softwareupdate.vmware.com/cds/vmw-desktop/ws/15.1.0/13591040/windows/packages/tools-windows.tar', 'C:\Windows\Temp\vmware-tools.tar')" <NUL
cmd /c ""C:\Program Files\7-Zip\7z.exe" x C:\Windows\Temp\vmware-tools.tar -oC:\Windows\Temp"
FOR /r "C:\Windows\Temp" %%a in (VMware-tools-windows-*.iso) DO REN "%%~a" "windows.iso"
rd /S /Q "C:\Program Files (x86)\VMWare"
@@ -38,7 +38,7 @@ if exist "C:\Users\vagrant\VBoxGuestAdditions.iso" (
)

if not exist "C:\Windows\Temp\VBoxGuestAdditions.iso" (
powershell -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile('https://download.virtualbox.org/virtualbox/5.2.26/VBoxGuestAdditions_5.2.26.iso', 'C:\Windows\Temp\VBoxGuestAdditions.iso')" <NUL
powershell -Command "(New-Object System.Net.WebClient).DownloadFile('https://download.virtualbox.org/virtualbox/6.0.8/VBoxGuestAdditions_6.0.8.iso', 'C:\Windows\Temp\VBoxGuestAdditions.iso')" <NUL
)

cmd /c ""C:\Program Files\7-Zip\7z.exe" x C:\Windows\Temp\VBoxGuestAdditions.iso -oC:\Windows\Temp\virtualbox"
@@ -2,8 +2,10 @@
# Detection Lab
DetectionLab is tested weekly on Saturdays via a scheduled CircleCI workflow to ensure that builds are passing.

CircleCI: [![CircleCI](https://circleci.com/gh/clong/DetectionLab/tree/master.svg?style=svg)](https://circleci.com/gh/clong/DetectionLab/tree/master)

[![CircleCI](https://circleci.com/gh/clong/DetectionLab/tree/master.svg?style=shield)](https://circleci.com/gh/clong/DetectionLab/tree/master)
[![license](https://img.shields.io/github/license/clong/DetectionLab.svg?style=flat-square)](https://github.com/clong/DetectionLab/blob/master/license.md)
![Maintenance](https://img.shields.io/maintenance/yes/2019.svg?style=flat-square)
[![GitHub last commit](https://img.shields.io/github/last-commit/clong/DetectionLab.svg?style=flat-square)](https://github.com/clong/DetectionLab/commit/master)
[![Twitter](https://img.shields.io/twitter/follow/DetectionLab.svg?style=social)](https://twitter.com/DetectionLab)

#### Donate to the project:
@@ -26,7 +26,7 @@ Vagrant.configure("2") do |config|
end

config.vm.define "dc" do |cfg|
cfg.vm.box = "detectionlab/win2016"
cfg.vm.box = "../Boxes/windows_2016_vmware.box"
cfg.vm.hostname = "dc"
cfg.vm.boot_timeout = 600
cfg.winrm.transport = :plaintext
@@ -79,7 +79,7 @@ Vagrant.configure("2") do |config|
end

config.vm.define "wef" do |cfg|
cfg.vm.box = "detectionlab/win2016"
cfg.vm.box = "../Boxes/windows_2016_vmware.box"
cfg.vm.hostname = "wef"
cfg.vm.boot_timeout = 600
cfg.vm.communicator = "winrm"
@@ -13,7 +13,7 @@ apt_install_prerequisites() {
apt-get -qq update
apt-get -qq install -y apt-fast
echo "[$(date +%H:%M:%S)]: Running apt-fast install..."
apt-fast -qq install -y jq whois build-essential git docker docker-compose unzip
apt-fast -qq install -y jq whois build-essential git docker docker-compose unzip htop
}

test_prerequisites() {
@@ -110,12 +110,17 @@ install_splunk() {
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_forwarder/splunk-add-on-for-microsoft-windows_500.tgz -auth 'admin:changeme'
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/add-on-for-microsoft-sysmon_800.tgz -auth 'admin:changeme'
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/asn-lookup-generator_100.tgz -auth 'admin:changeme'
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/lookup-file-editor_331.tgz
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/force-directed-app-for-splunk_200.tgz -auth 'admin:changeme'
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/punchcard-custom-visualization_130.tgz -auth 'admin:changeme'
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/sankey-diagram-custom-visualization_130.tgz -auth 'admin:changeme'
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/threathunting_13.tar.gz -auth 'admin:changeme'
# Add custom Macro definitions for ThreatHunting App
cp /vagrant/resources/splunk_server/macros.conf /opt/splunk/etc/apps/ThreatHunting/default/macros.conf
# Fix Windows TA macros
mkdir /opt/splunk/etc/apps/Splunk_TA_windows/local
cp /opt/splunk/etc/apps/Splunk_TA_windows/default/macros.conf /opt/splunk/etc/apps/Splunk_TA_windows/local
sed -i 's/wineventlog_windows/wineventlog/g' /opt/splunk/etc/apps/Splunk_TA_windows/local/macros.conf
# Fix Force Directed App until 2.0.1 is released (https://answers.splunk.com/answers/668959/invalid-key-in-stanza-default-value-light.html#answer-669418)
rm /opt/splunk/etc/apps/force_directed_viz/default/savedsearches.conf

@@ -140,7 +145,7 @@ install_splunk() {
dismissedInstrumentationOptInVersion = 2
[general_default]
hideInstrumentationOptInModal = 1
showWhatsNew = 0' > /opt/splunk/etc/apps/user-prefs/local/user-prefs.conf
showWhatsNew = 0' > /opt/splunk/etc/system/local/user-prefs.conf

# Enable SSL Login for Splunk
echo -e "[settings]\nenableSplunkWebSSL = true" > /opt/splunk/etc/system/local/web.conf
@@ -3,27 +3,27 @@ index = sysmon
disabled = false
renderXml = true

[monitor://c:\programdata\osquery\log\osqueryd.results.log]
[monitor://c:\Program Files\osquery\log\osqueryd.results.log]
index = osquery
disabled = false
sourcetype = osquery:json

[monitor://c:\programdata\osquery\log\osqueryd.snapshots.log]
[monitor://c:\Program Files\osquery\log\osqueryd.snapshots.log]
index = osquery
disabled = false
sourcetype = osquery:json

[monitor://c:\programdata\osquery\log\osqueryd.INFO.*]
[monitor://c:\Program Files\osquery\log\osqueryd.INFO.*]
index = osquery-status
disabled = false
sourcetype = osquery-info:syslog

[monitor://c:\programdata\osquery\log\osqueryd.WARNING.*]
[monitor://c:\Program Files\osquery\log\osqueryd.WARNING.*]
index = osquery-status
disabled = false
sourcetype = osquery-warn:syslog

[monitor://c:\programdata\osquery\log\osqueryd.ERROR.*]
[monitor://c:\Program Files\osquery\log\osqueryd.ERROR.*]
index = osquery-status
disabled = false
sourcetype = osquery-error:syslog
Binary file not shown.
@@ -69,3 +69,7 @@ iseval = 0
[remote_thread_whitelist]
definition = search NOT [| inputlookup threathunting_remote_thread_whitelist.csv | fields mitre_technique_id host_fqdn process_name target_process_path target_process_address]
iseval = 0

[indextime]
definition = _index_earliest=-15m@m AND _index_latest=now
iseval = 0
@@ -5,100 +5,4 @@ for continuous integration testing by installing the prerequisites needed for
Detection Lab. After the prerequisites are installed, the build script is called
and the build will begin in a tmux session.

## Understanding the build process

Once a PR is created, the contents of that PR will be copied to a CircleCI worker to be tested.
The CircleCI worker will evaluate which files have been modified and set environment variables accordingly. There are 4 possible options and 3 different tests:

1. Code in both the Packer and Vagrant directories was modified
* In this case, the CircleCI worker will execute `ci/circle_workflows/packer_and_vagrant_changes.sh`
2. Code in neither the Packer and Vagrant directories was modified
* In this case, the CircleCI worker will execute the default test `ci/circle_worker/vagrant_changes.sh`
3. Code in only the Packer directory was modified
* In this case, the CircleCI worker will execute `ci/circle_worker/packer_changes.sh`
4. Code in only the Vagrant directory was modified
* In this case, the CircleCI worker will execute `ci/circle_worker/vagrant_changes.sh`

## Test Case Walkthroughs

### packer_and_vagrant_changes.sh
1. Spins up a single Packet server
2. Bootstraps the Packet server by calling `ci/build_machine_bootstrap.sh` with no arguments
3. Builds the Windows10 and Windows2016 images one at a time
4. Moves the resulting boxes to the Boxes directory
5. Brings each Vagrant host online one-by-one
6. CircleCI records the build results from the Packet server

### vagrant_changes.sh
1. Spins up a single Packet server
2. Bootstraps the Packet server by calling `ci/build_machine_bootstrap.sh` with the `--vagrant-only` argument
3. Downloads the pre-build Windows10 and Windows2016 boxes from Vagrant Cloud
4. Brings each Vagrant host online one-by-one
5. CircleCI records the build results from the Packet server


### packer_changes.sh
1. Spins up two separate Packet servers to allow the Packer boxes to be built in parallel
2. Bootstraps each packet Server by calling `ci/build_machine_bootstrap.sh` with the `--packer-only` argument
3. Starts the Packer build process on each server
4. CircleCI records the build result from each Packet server

```
+------------+
| |
| |
| |
| Github |
| |
| |
+------+-----+
|
|
| Pull Request
|
v
+------+-----+
| |
| |
| Circle |
+----------------------------->| Worker |
| | |
| | |
| | |
| +------+-----+
| |
| | Code changes are evaluated
| | to determine which test suite
| | to run
| |
| v
| +----------------+--------------+
Circle Worker | | packer_and_vagrant_changes.sh |
queries for | | vagrant_changes.sh |
build results | | packer_changes.sh |
| +----------------+--------------+
| |
| |
| |
| |
| |
| |
| |
| | 1. Provision Packet server(s)
| | 2. Copy repo to server
| | 3. Run server bootstrap
| | 4. Bootstrap calls build.sh with
| | the appropriate arguments
| |
| |
| +---------v---------+
| | |
| | |
| | |
+-------------------------->| Packet Server |
| |
| |
| |
+-------------------+
```
![DetectionLab](../img/build.png)
@@ -6,7 +6,7 @@ export DEBIAN_FRONTEND=noninteractive
export SERIALNUMBER="SECRET"
export LICENSEFILE="SECRET"

sed -i 's/archive.ubuntu.com/us.archive.ubuntu.com/g' /etc/apt/sources.list
sed -i 's#http://archive.ubuntu.com#http://us.archive.ubuntu.com#g' /etc/apt/sources.list

# Install VMWare Workstation 15
apt-get update

0 comments on commit e78c312

Please sign in to comment.
You can’t perform that action at this time.