forked from cliffe/SecGen
-
Notifications
You must be signed in to change notification settings - Fork 0
/
snort.xml
132 lines (116 loc) · 3.63 KB
/
snort.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
<?xml version="1.0"?>
<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
<name>Labtainers lab: snort</name>
<author>Z. Cliffe Schreuders</author>
<description>A Labtainers lab.</description>
<type>ctf-lab</type>
<type>lab-sheet</type>
<difficulty>intermediate</difficulty>
<CyBOK KA="SOIM" topic="Monitor: Data Sources">
<keyword>network traffic</keyword>
</CyBOK>
<CyBOK KA="SOIM" topic="Analyse: Analysis Methods">
<keyword>misuse detection</keyword>
<keyword>anomaly detection</keyword>
</CyBOK>
<CyBOK KA="SOIM" topic="Execute: Mitigation and Countermeasures">
<keyword>intrusion prevention systems</keyword>
</CyBOK>
<CyBOK KA="NS" topic="Network Defence Tools">
<keyword>packet filters</keyword>
<keyword>intrusion detection systems</keyword>
<keyword>IDS rules creation</keyword>
</CyBOK>
<CyBOK KA="MAT" topic="Malware Detection">
<keyword>attack detection</keyword>
</CyBOK>
<system>
<system_name>desktop</system_name>
<base distro="Debian 9" type="desktop" name="KDE"/>
<input into_datastore="IP_addresses">
<value>172.16.0.2</value>
<value>172.16.0.3</value>
</input>
<input into_datastore="accounts">
<generator type="account">
<input into="username">
<generator type="random_sanitised_word">
<input into="wordlist">
<value>mythical_creatures</value>
</input>
</generator>
</input>
<input into="password">
<value>tiaspbiqe2r</value>
</input>
<input into="super_user">
<value>true</value>
</input>
<input into="groups">
<value>docker</value>
</input>
<input into="leaked_filenames">
<value></value>
</input>
<input into="strings_to_leak">
<value></value>
</input>
</generator>
</input>
<input into_datastore="desktop_root_password">
<generator type="strong_password_generator"/>
</input>
<!--Create the groups-->
<utility module_path=".*/groups">
<input into="groups">
<value>docker</value>
</input>
</utility>
<!--Create the users-->
<utility module_path=".*/parameterised_accounts">
<input into="accounts">
<datastore>accounts</datastore>
</input>
</utility>
<utility module_path=".*/kde_minimal">
<input into="autologin_user">
<datastore access="0" access_json="['username']">accounts</datastore>
</input>
<input into="accounts">
<datastore>accounts</datastore>
</input>
<input into="autostart_konsole">
<value>false</value>
</input>
</utility>
<utility module_path=".*/handy_cli_tools"/>
<vulnerability module_path=".*/ssh_root_login">
<input into="root_password">
<datastore>desktop_root_password</datastore>
</input>
</vulnerability>
<utility module_path=".*/labtainers">
<input into="lab">
<value>snort</value>
</input>
<input into="accounts">
<datastore>accounts</datastore>
</input>
</utility>
<network type="private_network">
<input into="IP_address">
<datastore access="0">IP_addresses</datastore>
</input>
</network>
<input into_datastore="spoiler_admin_pass">
<generator type="strong_password_generator"/>
</input>
<build type="cleanup">
<input into="root_password">
<datastore>spoiler_admin_pass</datastore>
</input>
</build>
</system>
</scenario>