rufflabs / defenselab Goto Github PK

During the DC01 script New-DefenseNetADUsersAndGroups.ps1 the password selection for the user accounts is randomized, randomly selecting between one of the two options in the AD_Users.csv file. Some of these passwords are too short and fail to be set despite the complexity requirements being relaxed.

Need to find the specific passwords that fail and update them to meet the minimum requirements. Maybe just update all of the passwords a tad to meet minimum requirements.

soc01 fails after obtaining wazuh passwords, this halts the vagrant up command.

    soc01: # Password for wazuh-wui API user
    soc01:   api_username: 'wazuh-wui'
    soc01:   api_password: '?2Or4SXnNiLO.UZUhj3h*0G7*44zEzxh'
    soc01:
The SSH command responded with a non-zero exit status. Vagrant
assumes that this means the command failed. The output for this command
should be in the log above. Please read the output to determine what
went wrong.
PS C:\Code\defenselab>

Convert SOC01 to an ElasticStack instead of Wazuh.

Will require updating provisioning scripts for other VM's to move to Elastic Agent instead.

Virtualbox on Linux and Mac are restricted by default to the 192.168.56.0/21 IP range.

Update the VM IP's to be within this range.

Multiple scripts will need to be adjusted, at least:
- linux/60-defense-net-dns.yaml
- windows/Set-DnsServer.ps1
- windows/Install-WazuhAgent.ps1
- web01/InstallTomcat.ps1 context file update.

The scripts/windows/Install-WazuhAgent.ps1 script fails to start the WazuhSvc service. It cannot be found, as if it is not installed properly.

Perhaps the VM needs a reboot? Maybe I need to move away from Wazuh and to Elastic...

Create the default kali:kali user in the attack box.

Configure DNS for attack box so defense.local domains can be looked up.

Create provisioning script that will join the Linux boxes to the AD domain.

Update the scripts/dev01/ scripts for Tomcat, Jenkins, and Corretto to download and cache the downloads into the files directory.

This will speed up re-deployment of the lab.

Install and configure LAPS on the Windows systems.

Encountered error during vagrant up while bringing up web01:

    web01: E: Failed to fetch http://us.archive.ubuntu.com/ubuntu/pool/main/p/php8.1/php8.1_8.1.2-1ubuntu2.9_all.deb  404  Not Found [IP: 91.189.91.39 80]
    web01: E: Failed to fetch http://us.archive.ubuntu.com/ubuntu/pool/main/p/php8.1/php8.1-mysql_8.1.2-1ubuntu2.9_amd64.deb  404  Not Found [IP: 91.189.91.39 80]
    web01: E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?
The SSH command responded with a non-zero exit status. Vagrant
assumes that this means the command failed. The output for this command
should be in the log above. Please read the output to determine what
went wrong.
PS C:\Code\defenselab>

Create script to add a domain account as local sudo user for linux boxes.

I would like to support VMware and Hyper-V.

I was unable to find a Windows Server and Ubuntu box that supported all of those providers. The few VMware boxes I did find were very unreliable, often freezing at boot or timing out unexpectedly.

Perhaps I need to learn Packer and create my own multi-provider boxes.

Load the AdventureWorks sample database into SQL01.

I started working on scripts/sql01/DownloadAdventureWorksDatabase.ps1 but it is not currently ready.

Create script and CSV to maintain and manage DNS entries for linux servers, or other hostnames that can be valid in the lab. Have this script run during DC01 provisioning.

Add Active Directory Certificate Services to the lab. Create and apply some certificate templates, potentially with some vulnerabilities?