Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merge dev into main #82

Merged
merged 21 commits into from
Sep 16, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
60 changes: 33 additions & 27 deletions .github/workflows/socbed-systemtest-dev.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ on:
schedule:
- cron: "0 1 * * THU" # At 01:00 on Thursday


jobs:
prepare-environment:
runs-on: [self-hosted, linux]
Expand All @@ -12,18 +13,15 @@ jobs:
with:
ref: dev

- name: Create virtual environment
run: python3 -m venv /usr/share/runner-dependencies/socbed_env

- name: Activate virtual environment
run: source /usr/share/runner-dependencies/socbed_env/bin/activate

- name: Upgrade pip3 inside virtual environment
run: pip3 install --upgrade pip

- name: Install requirements in virtual environment (without using cached packages)
run: pip3 install -r requirements.txt --no-cache-dir

- uses: actions/setup-python@v5
with:
python-version: '3.12'
cache: 'pip'
- name: Install dependencies
run: pip install -r requirements.txt --no-cache-dir
- name: Install SOCBED
run: pip install --editable .

build-machines:
runs-on: [self-hosted, linux]
needs: [prepare-environment]
Expand All @@ -32,10 +30,12 @@ jobs:
- uses: actions/checkout@v4
with:
ref: dev

- name: Activate virtual environment
run: source /usr/share/runner-dependencies/socbed_env/bin/activate


- uses: actions/setup-python@v5
with:
python-version: '3.12'
cache: 'pip'

- name: Build Internet Router
uses: nick-invision/retry@v3
with:
Expand Down Expand Up @@ -94,14 +94,16 @@ jobs:

test-machines:
runs-on: [self-hosted, linux]
needs: [prepare-environment, build-machines]
needs: [build-machines]
steps:
- uses: actions/checkout@v4
with:
ref: dev

- name: Activate virtual environment
run: source /usr/share/runner-dependencies/socbed_env/bin/activate

- uses: actions/setup-python@v5
with:
python-version: '3.12'
cache: 'pip'

- name: Ensure all machines are powered off
run: ./tools/cleanup_failed_session
Expand All @@ -117,18 +119,22 @@ jobs:
delete-machines:
runs-on: [self-hosted, linux]
if: always()
needs: [prepare-environment, build-machines, test-machines]
needs: [test-machines]
steps:
- uses: actions/checkout@v4
with:
ref: dev

- uses: actions/setup-python@v5
with:
python-version: '3.12'
cache: 'pip'

- name: Delete created VMs
run: ./tools/delete_vms

- name: Deactivate virtual environment
run: deactivate || true

- name: Delete virtual environment
run: rm -rf /usr/share/runner-dependencies/socbed_env

- name: Uninstall SOCBED
run: pip uninstall socbed -y

- name: Remove all installed packages
run: pip freeze | xargs pip uninstall -y
55 changes: 29 additions & 26 deletions .github/workflows/socbed-systemtest.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,19 +11,13 @@ jobs:
steps:
- uses: actions/checkout@v4

- name: Create virtual environment
run: python3 -m venv /usr/share/runner-dependencies/socbed_env

- name: Activate virtual environment
run: source /usr/share/runner-dependencies/socbed_env/bin/activate

- name: Upgrade pip3 inside virtual environment
run: pip3 install --upgrade pip

- name: Install requirements in virtual environment (without using cached packages)
run: pip3 install -r requirements.txt --no-cache-dir

- name: Install socbed
- uses: actions/setup-python@v5
with:
python-version: '3.12'
cache: 'pip'
- name: Install dependencies
run: pip install -r requirements.txt --no-cache-dir
- name: Install SOCBED
run: pip install --editable .

build-machines:
Expand All @@ -33,9 +27,11 @@ jobs:
steps:
- uses: actions/checkout@v4

- name: Activate virtual environment
run: source /usr/share/runner-dependencies/socbed_env/bin/activate

- uses: actions/setup-python@v5
with:
python-version: '3.12'
cache: 'pip'

- name: Build Internet Router
uses: nick-invision/retry@v3
with:
Expand Down Expand Up @@ -94,12 +90,14 @@ jobs:

test-machines:
runs-on: [self-hosted, linux]
needs: [prepare-environment, build-machines]
needs: [build-machines]
steps:
- uses: actions/checkout@v4

- name: Activate virtual environment
run: source /usr/share/runner-dependencies/socbed_env/bin/activate
- uses: actions/setup-python@v5
with:
python-version: '3.12'
cache: 'pip'

- name: Ensure all machines are powered off
run: ./tools/cleanup_failed_session
Expand All @@ -115,16 +113,21 @@ jobs:
delete-machines:
runs-on: [self-hosted, linux]
if: always()
needs: [prepare-environment, build-machines, test-machines]
needs: [test-machines]
steps:
- uses: actions/checkout@v4

- uses: actions/setup-python@v5
with:
python-version: '3.12'
cache: 'pip'

- name: Delete created VMs
run: ./tools/delete_vms
- name: Deactivate virtual environment
run: deactivate || true
- name: Delete virtual environment
run: rm -rf /usr/share/runner-dependencies/socbed_env

- name: Uninstall SOCBED
run: pip uninstall socbed -y

- name: Remove all installed packages
run: pip freeze | xargs pip uninstall -y

4 changes: 4 additions & 0 deletions .github/workflows/socbed-unittest.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,5 +9,9 @@ jobs:
runs-on: [self-hosted, linux]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: '3.12'
- run: pip install tox==4.18.1
- run: tox -- -m "not systest"

2 changes: 1 addition & 1 deletion .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ __pycache__/
### Cache ###
.cache/*

# DS_STORE
# DS_STORE
.DS_STORE

### PyCharm ###
Expand Down
14 changes: 7 additions & 7 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ After the build process is finished, SOCBED sessions can be started, controlled,
## System Requirements

* Physical host with Linux or macOS. Note: Running SOCBED (and therefore VirtualBox) in a virtual machine might work as well but was not tested.
* Python v3.8 or newer
* Python v3.9 or newer
* RAM: 16 GB minimum, 32 GB recommended
* CPU: Quad-core with hardware support for virtualization
* HDD: 50 GB free, SSD strongly recommended
Expand Down Expand Up @@ -165,12 +165,12 @@ The domain name is `BREACH`.

The following table shows all available web interfaces and their logins:

| Machine | Service | Username | Password | URL |
| --- | --- | --- | --- | --- |
| Company Router | IPFire | admin | breach | https://192.168.56.10:444/ |
| DMZ Server | phpMyAdmin | root | breach | http://192.168.56.20/phpmyadmin/ |
| Log Server | Kibana | - | - | http://192.168.56.12:5601/app/kibana |
| Internet Router | IPFire | admin | breach | https://192.168.56.30:444/ |
| Machine | Service | Username | Password | URL |
| --------------- | ---------- | -------- | -------- | ------------------------------------ |
| Company Router | IPFire | admin | breach | https://192.168.56.10:444/ |
| DMZ Server | phpMyAdmin | root | breach | http://192.168.56.20/phpmyadmin/ |
| Log Server | Kibana | - | - | http://192.168.56.12:5601/app/kibana |
| Internet Router | IPFire | admin | breach | https://192.168.56.30:444/ |

## Documentation

Expand Down
6 changes: 3 additions & 3 deletions provisioning/ansible/roles/auditbeat/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
---
- include: add_auditbeat_apt_repository.yml
- include: install_auditbeat.yml
- include: configure_auditbeat.yml
- include_tasks: add_auditbeat_apt_repository.yml
- include_tasks: install_auditbeat.yml
- include_tasks: configure_auditbeat.yml
34 changes: 17 additions & 17 deletions provisioning/ansible/roles/configure_company_router/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -1,17 +1,17 @@
- include: configure_suricata.yml
- include: configure_dhcpd.yml
- include: configure_fwhosts_customservices.yml
- include: configure_hosts.yml
- include: configure_K00squid.yml
- include: configure_loggings_settings.yml
- include: configure_ntp.yml
- include: configure_proxy_advanced.yml
- include: configure_proxy_cachemgr.yml
- include: configure_proxy_settings.yml
- include: configure_proxy_viewersettings.yml
- include: configure_squid.yml
- include: configure_squid_cachemgr.yml
- include: configure_syslog.yml
- include: configure_time_settings.yml
- include: create_ipfire_proxy_enable.yml
- include: create_symbolic_link_for_syslog.yml
- include_tasks: configure_suricata.yml
- include_tasks: configure_dhcpd.yml
- include_tasks: configure_fwhosts_customservices.yml
- include_tasks: configure_hosts.yml
- include_tasks: configure_K00squid.yml
- include_tasks: configure_loggings_settings.yml
- include_tasks: configure_ntp.yml
- include_tasks: configure_proxy_advanced.yml
- include_tasks: configure_proxy_cachemgr.yml
- include_tasks: configure_proxy_settings.yml
- include_tasks: configure_proxy_viewersettings.yml
- include_tasks: configure_squid.yml
- include_tasks: configure_squid_cachemgr.yml
- include_tasks: configure_syslog.yml
- include_tasks: configure_time_settings.yml
- include_tasks: create_ipfire_proxy_enable.yml
- include_tasks: create_symbolic_link_for_syslog.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
- include: configure_etc_hosts.yml
- include: configure_etc_unbound_hosts.yml
- include: configure_hosts.yml
- include: configure_ntp.yml
- include: create_symbolic_link_for_syslog.yml
- include_tasks: configure_etc_hosts.yml
- include_tasks: configure_etc_unbound_hosts.yml
- include_tasks: configure_hosts.yml
- include_tasks: configure_ntp.yml
- include_tasks: create_symbolic_link_for_syslog.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@
src: files/win10_firefox/mozilla.cfg
dest: C:\Program Files (x86)\Mozilla Firefox\mozilla.cfg

- include: set_default_browser.yml
- include_tasks: set_default_browser.yml
42 changes: 21 additions & 21 deletions provisioning/ansible/roles/configure_win10_client/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -1,21 +1,21 @@
- include: setup_user.yml
- include: set_timezone.yml
- include: add_exclusion_folder.yml
- include: disable_firewall.yml
- include: disable_screen_lock.yml
- include: install_python.yml
- include: update_pip.yml
- include: install_pip_selenium.yml
- include: upload_assets.yml
- include: upload_userbehavior_src.yml
- include: install_firefox.yml
- include: disable_automatic_updates.yml
- include: run_init_tbf_client_on_boot.yml
- include: install_ssh_server.yml
- include: disable_ipv6.yml
- include: set_autostart.yml
- include: install_imdisk.yml
- include: set_logging_config.yml
- include: install_sysmon.yml
- include: install_winlogbeat.yml
- include: disable_defender.yml
- include_tasks: setup_user.yml
- include_tasks: set_timezone.yml
- include_tasks: add_exclusion_folder.yml
- include_tasks: disable_firewall.yml
- include_tasks: disable_screen_lock.yml
- include_tasks: install_python.yml
- include_tasks: update_pip.yml
- include_tasks: install_pip_selenium.yml
- include_tasks: upload_assets.yml
- include_tasks: upload_userbehavior_src.yml
- include_tasks: install_firefox.yml
- include_tasks: disable_automatic_updates.yml
- include_tasks: run_init_tbf_client_on_boot.yml
- include_tasks: install_ssh_server.yml
- include_tasks: disable_ipv6.yml
- include_tasks: set_autostart.yml
- include_tasks: install_imdisk.yml
- include_tasks: set_logging_config.yml
- include_tasks: install_sysmon.yml
- include_tasks: install_winlogbeat.yml
- include_tasks: disable_defender.yml
Loading
Loading