DISCONTINUATION OF PROJECT.
This project will no longer be maintained by Intel.
Intel has ceased development and contributions including, but not limited to, maintenance, bug fixes, new releases, or updates, to this project.
Intel no longer accepts patches to this project.
If you have an ongoing need to use this project, are interested in independently developing it, or would like to maintain patches for the open source software community, please create your own fork of this project.
This project houses reference deployment recipies that can be used to build Red Team Infrastructure. As such, there are no security guarantees or promises. Use at your own risk.
See contributing.md
This tool is for the maintenance of users and ssh keys for our operations. The tool encodes data into a json file. It can also use the json file to change the current state of the system to include the users in the json file.
Note the UID is the consistent thing between runs. Never delete a UID from the json file.
AUTHORIZED_KEYS ARE YOUR PUBLIC KEYS OR KEY, NEVER A PRIVATE KEY
DO NOT COMMIT WITH GITHUB ENTERPRISE
Run this or have a friend do it:
git config user.name "<USERID>" && git config user.email "<EMAIL>"
user_tool.py add -j users.json -u '<USERID>' -n '<YOUR NAME>' -k <PATH OF AUTHROZIED_KEYS> [-t <tag>] [-t <tag>] [-s <shell>]
git add users.json
git commit -m 'adding <YOUR NAME>'
git push origin master
- uid
- name
- username
- authorized_keys
- tags
The following tags are supported
redteam
signifies the public key belongs to a member of the redteamcore
signifies redteam corevolunteer
signifies redteam volunteer
The default tags are redteam
, volunteer
if -t
is not specified.
Multiple tags will be needed for some users in which case -t
will be issued twice. Example: -t redteam -t volunteer
.
{
"users" : [
{
"uid" : 6001,
"name" : "Some Name 1",
"username" : "somename1",
"authorized_keys" : "BASE64 GARBAGE",
"shell" : "/bin/bash",
"tags" : [
"volunteer" ,
"redteam"
],
},
{
"uid" : 6002,
"name" : "Some Name 2",
"username" : "somename2",
"authorized_keys" : "BASE64 GARBAGE"
"shell" : "/bin/bash",
"tags" : [
"core",
"redteam"
]
}
}
user_tool.py new -j <json_file>
Create a new json file with no users in it
user_tool.py apply -j <json_file> -t <tag> [-t <tag>]
Make this system match the configuration in the json file
user_tool.py add -j <json_file> -n <name> -u <username> -k <authorized_keys_file> [-t <tag>] [-s <shell>]
Add a user to the json file. The allocated UID is returned.
user_tool.py del -j <json_file> --uid <uid>
Deactivate a user from the json file. This just clears the authorized keys. Users are not deleted, but rather are unable to log in.
user_tool.py mod -j <json_file> --uid <uid> [-n <name>] [-u <username>] [-k <authorized_keys_file>] [-t <tag>]
Modify a user. This can be name, keys, username, or tags.
Add an ssh key for a user.
- Find the authorized keys attribute in the users.json for the user in question and paste into a file called based.
cat based | base64 -d > authorized_keys
- add your public key to authorized_keys
user_tool.py mod -j <json_file> --uid <uid> -k ./authorized_keys
This tool is a script that is run via your internal host that syncronizes the ssh repo to homebases that are deployed in AWS. This tool is executed every 30 minutes via cron as the sshsyncrobot user. This user has a public key that is stored in the users.json such that it can push to AWS. The shell for this user is git-shell, however. Due to the way groups are done, which should probably be improved in the future, this user is a redteam user on homebase, which does give it sudo access. However, git-shell keeps it from executing commands. The invocation of this tool is similar to user_tool.py
above.
- Add a homebase
sync_tool.py add -i <ipaddr>
- Del a homebase
sync_tool.py del -i <ipaddr>
- Push to all the hosts in instances.json
Note that this logs into syslog.
sync_tool.py push -k <keypath>
Put the following in the sshsyncrobot user's crontab
*/30 * * * * ~/sync_tool.py push -k ~/.ssh/id_ed25519