From 8b5daea85aa6a0afbf4b8866eb682ae07e9814f4 Mon Sep 17 00:00:00 2001 From: labmaster-q <57621346+labmaster-q@users.noreply.github.com> Date: Thu, 5 Dec 2019 20:19:01 +0000 Subject: [PATCH 01/19] Delete gateways.tf --- .../infrastructure/assets/network/gateways.tf | 13 ------------- 1 file changed, 13 deletions(-) delete mode 100644 terraform/modules/infrastructure/assets/network/gateways.tf diff --git a/terraform/modules/infrastructure/assets/network/gateways.tf b/terraform/modules/infrastructure/assets/network/gateways.tf deleted file mode 100644 index abc7ec8..0000000 --- a/terraform/modules/infrastructure/assets/network/gateways.tf +++ /dev/null @@ -1,13 +0,0 @@ -resource "aws_internet_gateway" "gw" { - vpc_id = "${aws_vpc.main.id}" -} - -resource "aws_nat_gateway" "nat-a" { - allocation_id = "${aws_eip.nat-a.id}" - subnet_id = "${aws_subnet.attacker_subnet.id}" -} - -resource "aws_nat_gateway" "nat-b" { - allocation_id = "${aws_eip.nat-b.id}" - subnet_id = "${aws_subnet.target_subnet.id}" -} From 9aa371354e36ab0035a579ee03955058bf64ed80 Mon Sep 17 00:00:00 2001 From: labmaster-q <57621346+labmaster-q@users.noreply.github.com> Date: Thu, 5 Dec 2019 20:20:25 +0000 Subject: [PATCH 02/19] Add files via upload --- .../infrastructure/assets/network/gateways.tf | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 terraform/modules/infrastructure/assets/network/gateways.tf diff --git a/terraform/modules/infrastructure/assets/network/gateways.tf b/terraform/modules/infrastructure/assets/network/gateways.tf new file mode 100644 index 0000000..5e87439 --- /dev/null +++ b/terraform/modules/infrastructure/assets/network/gateways.tf @@ -0,0 +1,13 @@ +resource "aws_internet_gateway" "gw" { + vpc_id = aws_vpc.main.id +} + +resource "aws_nat_gateway" "nat-a" { + allocation_id = aws_eip.nat-a.id + subnet_id = aws_subnet.attacker_subnet.id +} + +resource "aws_nat_gateway" "nat-b" { + allocation_id = aws_eip.nat-b.id + subnet_id = aws_subnet.target_subnet.id +} From b5ff2e22df7db6d691823fee11c1bdb03ae8eb14 Mon Sep 17 00:00:00 2001 From: labmaster-q <57621346+labmaster-q@users.noreply.github.com> Date: Thu, 5 Dec 2019 20:20:58 +0000 Subject: [PATCH 03/19] Delete subnets.tf --- .../infrastructure/assets/network/subnets.tf | 93 ------------------- 1 file changed, 93 deletions(-) delete mode 100644 terraform/modules/infrastructure/assets/network/subnets.tf diff --git a/terraform/modules/infrastructure/assets/network/subnets.tf b/terraform/modules/infrastructure/assets/network/subnets.tf deleted file mode 100644 index 5194d61..0000000 --- a/terraform/modules/infrastructure/assets/network/subnets.tf +++ /dev/null @@ -1,93 +0,0 @@ -resource "aws_subnet" "attacker_subnet" { - vpc_id = "${aws_vpc.main.id}" - cidr_block = "${var.cidr}" - availability_zone = "${data.aws_availability_zones.available.names[1]}" - map_public_ip_on_launch = true - - tags = { - name = "attacker_subnet" - environment = "${var.environment}" - } - - lifecycle { - create_before_destroy = true - } -} - -resource "aws_subnet" "target_subnet" { - vpc_id = "${aws_vpc.main.id}" - cidr_block = "192.168.39.0/24" - availability_zone = "${data.aws_availability_zones.available.names[0]}" -// map_public_ip_on_launch = true - - tags = { - name = "target_subnet" - environment = "${var.environment}" - } - lifecycle { - create_before_destroy = true - } -} - -resource "aws_subnet" "malware_subnet" { - vpc_id = "${aws_vpc.main.id}" - cidr_block = "192.168.40.0/24" - availability_zone = "${data.aws_availability_zones.available.names[1]}" - map_public_ip_on_launch = true - - tags = { - name = "malware_subnet" - environment = "${var.environment}" - } - - lifecycle { - create_before_destroy = true - } -} - -resource "aws_subnet" "honeypot_subnet" { - vpc_id = "${aws_vpc.main.id}" - cidr_block = "192.168.41.0/24" - availability_zone = "${data.aws_availability_zones.available.names[1]}" - map_public_ip_on_launch = true - - tags = { - name = "malware_subnet" - environment = "${var.environment}" - } - - lifecycle { - create_before_destroy = true - } -} - -resource "aws_subnet" "private-a" { - vpc_id = "${aws_vpc.main.id}" - cidr_block = "192.168.42.0/24" - availability_zone = "${data.aws_availability_zones.available.names[0]}" - - tags = { - name = "not-in-use-private-a" - environment = "${var.environment}" - } - - lifecycle { - create_before_destroy = true - } -} - -resource "aws_subnet" "private-b" { - vpc_id = "${aws_vpc.main.id}" - cidr_block = "192.168.43.0/24" - availability_zone = "${data.aws_availability_zones.available.names[1]}" - - tags = { - name = "not-in-use-private-b" - environment = "${var.environment}" - } - - lifecycle { - create_before_destroy = true - } -} - From b20003ed91190d26b0ebaff913c9a7980d2d3d36 Mon Sep 17 00:00:00 2001 From: labmaster-q <57621346+labmaster-q@users.noreply.github.com> Date: Thu, 5 Dec 2019 20:21:10 +0000 Subject: [PATCH 04/19] Delete routes.tf --- .../infrastructure/assets/network/routes.tf | 83 ------------------- 1 file changed, 83 deletions(-) delete mode 100644 terraform/modules/infrastructure/assets/network/routes.tf diff --git a/terraform/modules/infrastructure/assets/network/routes.tf b/terraform/modules/infrastructure/assets/network/routes.tf deleted file mode 100644 index c7a308e..0000000 --- a/terraform/modules/infrastructure/assets/network/routes.tf +++ /dev/null @@ -1,83 +0,0 @@ -resource "aws_route_table" "public-a" { - vpc_id = "${aws_vpc.main.id}" - - route { - cidr_block = "0.0.0.0/0" - gateway_id = "${aws_internet_gateway.gw.id}" - } - - tags = { - name = "public-a" - environment = "${var.environment}" - } -} - -resource "aws_route_table_association" "public-a" { - subnet_id = "${aws_subnet.attacker_subnet.id}" - route_table_id = "${aws_route_table.public-a.id}" -} - - -resource "aws_route_table" "public-b" { - vpc_id = "${aws_vpc.main.id}" - - route { - cidr_block = "0.0.0.0/0" - gateway_id = "${aws_internet_gateway.gw.id}" - } - - tags = { - name = "public-b" - environment = "${var.environment}" - } -} - -resource "aws_route_table_association" "public-b" { - subnet_id = "${aws_subnet.target_subnet.id}" - route_table_id = "${aws_route_table.public-b.id}" -} - -resource "aws_route_table" "private-a" { - vpc_id = "${aws_vpc.main.id}" - - route { - cidr_block = "0.0.0.0/0" - nat_gateway_id = "${aws_nat_gateway.nat-a.id}" - } - - tags = { - name = "private-a" - environment = "${var.environment}" - } -} - -resource "aws_route_table_association" "private-a" { - subnet_id = "${aws_subnet.private-a.id}" - route_table_id = "${aws_route_table.private-a.id}" -} - -resource "aws_route_table" "private-b" { - vpc_id = "${aws_vpc.main.id}" - - route { - cidr_block = "0.0.0.0/0" - nat_gateway_id = "${aws_nat_gateway.nat-b.id}" - } - - tags = { - name = "private-b" - environment = "${var.environment}" - } -} - -resource "aws_route_table_association" "private-b" { - subnet_id = "${aws_subnet.private-b.id}" - route_table_id = "${aws_route_table.private-b.id}" -} - -// public-b -//resource "aws_route" "internet_access" { -// route_table_id = "${aws_vpc.main.main_route_table_id}" -// destination_cidr_block = "0.0.0.0/0" -// gateway_id = "${aws_internet_gateway.gw.id}" -//} \ No newline at end of file From 74a7be52a315e12c95de91361933a22ffc4cec0b Mon Sep 17 00:00:00 2001 From: labmaster-q <57621346+labmaster-q@users.noreply.github.com> Date: Thu, 5 Dec 2019 20:21:40 +0000 Subject: [PATCH 05/19] Add files via upload --- .../infrastructure/assets/network/routes.tf | 83 +++++++++++++++++ .../infrastructure/assets/network/subnets.tf | 93 +++++++++++++++++++ 2 files changed, 176 insertions(+) create mode 100644 terraform/modules/infrastructure/assets/network/routes.tf create mode 100644 terraform/modules/infrastructure/assets/network/subnets.tf diff --git a/terraform/modules/infrastructure/assets/network/routes.tf b/terraform/modules/infrastructure/assets/network/routes.tf new file mode 100644 index 0000000..f2bd9d9 --- /dev/null +++ b/terraform/modules/infrastructure/assets/network/routes.tf @@ -0,0 +1,83 @@ +resource "aws_route_table" "public-a" { + vpc_id = aws_vpc.main.id + + route { + cidr_block = "0.0.0.0/0" + gateway_id = aws_internet_gateway.gw.id + } + + tags = { + name = "public-a" + environment = "${var.environment}" + } +} + +resource "aws_route_table_association" "public-a" { + subnet_id = aws_subnet.attacker_subnet.id + route_table_id = aws_route_table.public-a.id +} + + +resource "aws_route_table" "public-b" { + vpc_id = aws_vpc.main.id + + route { + cidr_block = "0.0.0.0/0" + gateway_id = aws_internet_gateway.gw.id + } + + tags = { + name = "public-b" + environment = "${var.environment}" + } +} + +resource "aws_route_table_association" "public-b" { + subnet_id = aws_subnet.target_subnet.id + route_table_id = aws_route_table.public-b.id +} + +resource "aws_route_table" "private-a" { + vpc_id = aws_vpc.main.id + + route { + cidr_block = "0.0.0.0/0" + nat_gateway_id = aws_nat_gateway.nat-a.id + } + + tags = { + name = "private-a" + environment = "${var.environment}" + } +} + +resource "aws_route_table_association" "private-a" { + subnet_id = aws_subnet.private-a.id + route_table_id = aws_route_table.private-a.id +} + +resource "aws_route_table" "private-b" { + vpc_id = aws_vpc.main.id + + route { + cidr_block = "0.0.0.0/0" + nat_gateway_id = aws_nat_gateway.nat-b.id + } + + tags = { + name = "private-b" + environment = "${var.environment}" + } +} + +resource "aws_route_table_association" "private-b" { + subnet_id = aws_subnet.private-b.id + route_table_id = aws_route_table.private-b.id +} + +// public-b +//resource "aws_route" "internet_access" { +// route_table_id = aws_vpc.main.main_route_table_id +// destination_cidr_block = "0.0.0.0/0" +// gateway_id = "aws_internet_gateway.gw.id" +//} \ No newline at end of file diff --git a/terraform/modules/infrastructure/assets/network/subnets.tf b/terraform/modules/infrastructure/assets/network/subnets.tf new file mode 100644 index 0000000..4862837 --- /dev/null +++ b/terraform/modules/infrastructure/assets/network/subnets.tf @@ -0,0 +1,93 @@ +resource "aws_subnet" "attacker_subnet" { + vpc_id = aws_vpc.main.id + cidr_block = var.cidr + availability_zone = data.aws_availability_zones.available.names[1] + map_public_ip_on_launch = true + + tags = { + name = "attacker_subnet" + environment = "${var.environment}" + } + + lifecycle { + create_before_destroy = true + } +} + +resource "aws_subnet" "target_subnet" { + vpc_id = aws_vpc.main.id + cidr_block = "192.168.39.0/24" + availability_zone = data.aws_availability_zones.available.names[0] + map_public_ip_on_launch = false + + tags = { + name = "target_subnet" + environment = "${var.environment}" + } + lifecycle { + create_before_destroy = true + } +} + +resource "aws_subnet" "malware_subnet" { + vpc_id = aws_vpc.main.id + cidr_block = "192.168.40.0/24" + availability_zone = data.aws_availability_zones.available.names[1] + map_public_ip_on_launch = false + + tags = { + name = "malware_subnet" + environment = "${var.environment}" + } + + lifecycle { + create_before_destroy = true + } +} + +resource "aws_subnet" "honeypot_subnet" { + vpc_id = aws_vpc.main.id + cidr_block = "192.168.41.0/24" + availability_zone = data.aws_availability_zones.available.names[1] + map_public_ip_on_launch = false + + tags = { + name = "malware_subnet" + environment = "${var.environment}" + } + + lifecycle { + create_before_destroy = true + } +} + +resource "aws_subnet" "private-a" { + vpc_id = aws_vpc.main.id + cidr_block = "192.168.42.0/24" + availability_zone = data.aws_availability_zones.available.names[0] + + tags = { + name = "not-in-use-private-a" + environment = "${var.environment}" + } + + lifecycle { + create_before_destroy = true + } +} + +resource "aws_subnet" "private-b" { + vpc_id = aws_vpc.main.id + cidr_block = "192.168.43.0/24" + availability_zone = data.aws_availability_zones.available.names[1] + + tags = { + name = "not-in-use-private-b" + environment = "${var.environment}" + } + + lifecycle { + create_before_destroy = true + } +} + From e70afb66fee0b2c4befa89f6a89dccc29fcf64e4 Mon Sep 17 00:00:00 2001 From: labmaster-q <57621346+labmaster-q@users.noreply.github.com> Date: Thu, 5 Dec 2019 20:22:43 +0000 Subject: [PATCH 06/19] Delete attackers.tf --- .../assets/secdevops/attackers.tf | 85 ------------------- 1 file changed, 85 deletions(-) delete mode 100644 terraform/modules/infrastructure/assets/secdevops/attackers.tf diff --git a/terraform/modules/infrastructure/assets/secdevops/attackers.tf b/terraform/modules/infrastructure/assets/secdevops/attackers.tf deleted file mode 100644 index ffa7056..0000000 --- a/terraform/modules/infrastructure/assets/secdevops/attackers.tf +++ /dev/null @@ -1,85 +0,0 @@ -locals { - pen_subnet_ids = [ - "${var.attacker_subnet_id}", - "${var.target_subnet_id}", - ] -} - -resource "aws_instance" "kali" { - count = "${var.kali_ct}" - ami = "${data.aws_ami.kali.id}" - instance_type = "${var.instance_type_kali}" - subnet_id = "${element(local.pen_subnet_ids, count.index)}" - vpc_security_group_ids = ["${aws_security_group.kali.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" - user_data = "${file("../../modules/infrastructure/cloud-init/kali.yml")}" - - root_block_device { - delete_on_termination = true - volume_size = 160 - } - tags = { - Name = "kali-linux-${count.index}" - Environment = "${var.environment}" - Terraform = "True" - } -} - -resource "aws_instance" "commando" { - count = "${var.docker_ct}" - ami = "${data.aws_ami.commando.id}" - instance_type = "${var.instance_type_win}" - subnet_id = "${element(local.pen_subnet_ids, count.index)}" - vpc_security_group_ids = ["${aws_security_group.windows.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" - - root_block_device { - delete_on_termination = true - volume_size = 160 - } - tags = { - Name = "commando-${count.index}" - Environment = "${var.environment}" - Terraform = "True" - } -} - -resource "aws_instance" "r7vm" { - count = "${var.kali_ct}" - - ami = "${data.aws_ami.r7.id}" - instance_type = "${var.instance_type_kali}" - - subnet_id = "${element(local.pen_subnet_ids, count.index)}" - vpc_security_group_ids = ["${aws_security_group.kali.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" - - root_block_device { - delete_on_termination = true - volume_size = 100 - } - - tags = { - Name = "r7-${count.index}" - Environment = "${var.environment}" - Terraform = "True" - } -} - -resource "aws_instance" "commandov2" { - count = "${var.docker_ct}" - ami = "${data.aws_ami.commandov2.id}" - instance_type = "${var.instance_type_commandov2}" - subnet_id = "${element(local.pen_subnet_ids, count.index)}" - vpc_security_group_ids = ["${aws_security_group.kali.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" - root_block_device { - delete_on_termination = true - volume_size = 160 - } - tags = { - Name = "commando-v2-${count.index}" - Environment = "${var.environment}" - Terraform = "True" - } -} \ No newline at end of file From c362fd9f7c3a123f690d798db71189a44e5b6caa Mon Sep 17 00:00:00 2001 From: labmaster-q <57621346+labmaster-q@users.noreply.github.com> Date: Thu, 5 Dec 2019 20:22:56 +0000 Subject: [PATCH 07/19] Delete aws_key_pairs.tf --- .../modules/infrastructure/assets/secdevops/aws_key_pairs.tf | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 terraform/modules/infrastructure/assets/secdevops/aws_key_pairs.tf diff --git a/terraform/modules/infrastructure/assets/secdevops/aws_key_pairs.tf b/terraform/modules/infrastructure/assets/secdevops/aws_key_pairs.tf deleted file mode 100644 index f3e145f..0000000 --- a/terraform/modules/infrastructure/assets/secdevops/aws_key_pairs.tf +++ /dev/null @@ -1,4 +0,0 @@ -resource "aws_key_pair" "circleci_key" { - key_name = "v2" - public_key = "${file("../../keys/circleci_terraform.pub")}" -} From 89b7b8f19ed6378c256373b30bbd228acd08fe3a Mon Sep 17 00:00:00 2001 From: labmaster-q <57621346+labmaster-q@users.noreply.github.com> Date: Thu, 5 Dec 2019 20:23:07 +0000 Subject: [PATCH 08/19] Delete ctf.playground.tf --- .../assets/secdevops/ctf.playground.tf | 35 ------------------- 1 file changed, 35 deletions(-) delete mode 100644 terraform/modules/infrastructure/assets/secdevops/ctf.playground.tf diff --git a/terraform/modules/infrastructure/assets/secdevops/ctf.playground.tf b/terraform/modules/infrastructure/assets/secdevops/ctf.playground.tf deleted file mode 100644 index ea5a96f..0000000 --- a/terraform/modules/infrastructure/assets/secdevops/ctf.playground.tf +++ /dev/null @@ -1,35 +0,0 @@ -locals { - fbctf_subnets_ids = [ - "${var.attacker_subnet_id}", - "${var.target_subnet_id}", - ] -} - -resource "aws_instance" "fbctf" { - count = "${var.fbctf_ct}" - - ami = "${data.aws_ami.ubuntu1604.id}" - instance_type = "${var.instance_type_docker}" - - subnet_id = "${element(local.fbctf_subnets_ids, count.index)}" - - vpc_security_group_ids = ["${aws_security_group.fbctf.id}"] - - key_name = "${aws_key_pair.circleci_key.key_name}" - - user_data = "${file("${var.fbctf_user_data}")}" - - root_block_device { - volume_type = "gp2" - volume_size = "${var.fbctf_root_vol_size}" - delete_on_termination = "true" - } - - tags = { - Name = "FBCTF-${count.index}" - Environment = "${var.environment}" - Terraform = "True" - Zombie = "True" - Initialization_Complete = "True" - } -} \ No newline at end of file From 1e0097259e5ec4f3956df5b4f67928cc18b14ada Mon Sep 17 00:00:00 2001 From: labmaster-q <57621346+labmaster-q@users.noreply.github.com> Date: Thu, 5 Dec 2019 20:23:24 +0000 Subject: [PATCH 09/19] Delete detection.lab.tf --- .../assets/secdevops/detection.lab.tf | 98 ------------------- 1 file changed, 98 deletions(-) delete mode 100644 terraform/modules/infrastructure/assets/secdevops/detection.lab.tf diff --git a/terraform/modules/infrastructure/assets/secdevops/detection.lab.tf b/terraform/modules/infrastructure/assets/secdevops/detection.lab.tf deleted file mode 100644 index 43b2ce9..0000000 --- a/terraform/modules/infrastructure/assets/secdevops/detection.lab.tf +++ /dev/null @@ -1,98 +0,0 @@ -locals { - cyberRange_detection_subnets_ids = [ - "${var.attacker_subnet_id}", - "${var.target_subnet_id}", - ] -} - - -resource "aws_instance" "dl-wef" { - count = "${var.docker_ct}" - ami = "${data.aws_ami.detection-wef.id}" - instance_type = "${var.instance_type_tpot}" - subnet_id = "${element(local.cyberRange_detection_subnets_ids, count.index)}" - vpc_security_group_ids = ["${aws_security_group.windows.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" - private_ip = "192.168.38.103" - - root_block_device { - delete_on_termination = true - } - tags = { - Name = "wef.windomain.local" - Environment = "${var.environment}" - Terraform = "True" - } -} - -resource "aws_instance" "dl-dc" { - count = "${var.docker_ct}" - ami = "${data.aws_ami.detection-dc.id}" - instance_type = "${var.instance_type_tpot}" - subnet_id = "${element(local.cyberRange_detection_subnets_ids, count.index)}" - vpc_security_group_ids = ["${aws_security_group.windows.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" - private_ip = "192.168.38.102" - - root_block_device { - delete_on_termination = true - } - tags = { - Name = "dc.windomain.local" - Environment = "${var.environment}" - Terraform = "True" - } -} -resource "aws_instance" "dl-win10" { - count = "${var.docker_ct}" - ami = "${data.aws_ami.detection-dc.id}" - instance_type = "${var.instance_type_tpot}" - subnet_id = "${element(local.cyberRange_detection_subnets_ids, count.index)}" - vpc_security_group_ids = ["${aws_security_group.windows.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" - private_ip = "192.168.38.104" - - root_block_device { - delete_on_termination = true - } - tags = { - Name = "win10.windomain.local" - Environment = "${var.environment}" - Terraform = "True" - } -} - -resource "aws_instance" "dl-logger" { - count = "${var.docker_ct}" - instance_type = "${var.instance_type_tpot}" - ami = "${data.aws_ami.logger_ami.image_id}" - - tags = { - Name = "dl.logger" - } - - subnet_id = "${element(local.cyberRange_detection_subnets_ids, count.index)}" - vpc_security_group_ids = ["${aws_security_group.logger.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" - private_ip = "192.168.38.105" - - - root_block_device { - delete_on_termination = true - volume_size = 64 - } -} - - -# Adjust VPC DNS settings to not conflict with lab -resource "aws_vpc_dhcp_options" "default" { - domain_name = "windomain.local" - domain_name_servers = concat([aws_instance.dl-dc[0].private_ip], var.external_dns_servers) - netbios_name_servers = [aws_instance.dl-dc[0].private_ip] -} - -resource "aws_vpc_dhcp_options_association" "default" { -vpc_id = var.vpc-id -dhcp_options_id = aws_vpc_dhcp_options.default.id -} - From 74b7a6210c140a04391cbe532d87fa79a5fe1a79 Mon Sep 17 00:00:00 2001 From: labmaster-q <57621346+labmaster-q@users.noreply.github.com> Date: Thu, 5 Dec 2019 20:23:38 +0000 Subject: [PATCH 10/19] Delete honeyPots.tf --- .../assets/secdevops/honeyPots.tf | 52 ------------------- 1 file changed, 52 deletions(-) delete mode 100644 terraform/modules/infrastructure/assets/secdevops/honeyPots.tf diff --git a/terraform/modules/infrastructure/assets/secdevops/honeyPots.tf b/terraform/modules/infrastructure/assets/secdevops/honeyPots.tf deleted file mode 100644 index 8434a64..0000000 --- a/terraform/modules/infrastructure/assets/secdevops/honeyPots.tf +++ /dev/null @@ -1,52 +0,0 @@ -locals { - subnets_ids = [ - "${var.attacker_subnet_id}", - "${var.target_subnet_id}", - ] -} - -resource "aws_instance" "tpot-full-build" { - count = "${var.tpot_ct}" - - ami = "${data.aws_ami.debianstretch.id}" - instance_type = "${var.instance_type_tpot}" - subnet_id = "${element(local.subnets_ids, count.index)}" - vpc_security_group_ids = ["${aws_security_group.tpot.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" - user_data = "${file("../../modules/infrastructure/cloud-init/tpot.setup.yml")}" - - root_block_device { - volume_type = "gp2" - volume_size = "${var.tpot_root_vol_size}" - delete_on_termination = "true" - } - - tags = { - Name = "Tpot-${count.index}" - Environment = "${var.environment}" - Terraform = "True" - } -} - - -resource "aws_instance" "tpot" { - count = "${var.tpot_ct}" - - ami = "${data.aws_ami.tpot.id}" - instance_type = "${var.instance_type_tpot}" - subnet_id = "${element(local.subnets_ids, count.index)}" - vpc_security_group_ids = ["${aws_security_group.tpot.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" - - root_block_device { - volume_type = "gp2" - volume_size = "${var.tpot_root_vol_size}" - delete_on_termination = "true" - } - - tags = { - Name = "Tpot-${count.index}" - Environment = "${var.environment}" - Terraform = "True" - } -} \ No newline at end of file From 13d8ac1b57a8f4f839edb560ad91d574dd443c15 Mon Sep 17 00:00:00 2001 From: labmaster-q <57621346+labmaster-q@users.noreply.github.com> Date: Thu, 5 Dec 2019 20:23:55 +0000 Subject: [PATCH 11/19] Delete range_users.tf --- .../assets/secdevops/range_users.tf | 55 ------------------- 1 file changed, 55 deletions(-) delete mode 100644 terraform/modules/infrastructure/assets/secdevops/range_users.tf diff --git a/terraform/modules/infrastructure/assets/secdevops/range_users.tf b/terraform/modules/infrastructure/assets/secdevops/range_users.tf deleted file mode 100644 index dadb306..0000000 --- a/terraform/modules/infrastructure/assets/secdevops/range_users.tf +++ /dev/null @@ -1,55 +0,0 @@ -//module "create_test1" { -// source = "git::https://github.com/cloudposse/terraform-aws-iam-user.git?ref=master" -// name = "qgaxeevv@sharklasers.com" -// pgp_key = "mQENBF2Y3n8BCAC6tFVgnQdw5KyVN01ngB8bv8r3joVNO8+/fSaOBvRF43F0M/KLtXnHqi/Wues1Y4Z/ByAJjsuTFUN2bsTVjboxWesugOPTh+HGXGB3SwXKuDlVVxD3/H9oxgB6g5lN3u1o1mdmg9FADKYYWn0/pmqwF87L4jusdNYy99ImJKYBfncuTat2ZXwND6VIMXAlvXkrpRqxL40aEY621CyPRV1gl8tLqVVWppHwd8NAQcWgQKWF7dthEqWd5svdWjkh8DCp9Wr2uieBXBs7uf4wHxD22s0MluLWjao8DEQ4SdgKhGToAngHDl0xYTgQk6teN3Pz87Af4EnIe2veJi2dEa67ABEBAAG0I3FnYXhlZXZ2IDxxZ2F4ZWV2dkBzaGFya2xhc2Vycy5jb20+iQFUBBMBCAA+FiEEiD+RXRgaYU/GYJMLeXod5qmKb3EFAl2Y3n8CGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQeXod5qmKb3Fd/wgApZXuTsb1h5OL7RxRkebGXgzVAq2BwEtejlbLZmJ3EDWySNi+/xhMiDSLPXPto2Dzn9F5N65xT8ezw30xN/ydDcAb1C3nvTgtY/u2Lllai83Ae27hls8iZEf9FfzkeJPv5Kg0TSwfSa+WrSuZyYPBcNLhM7Iurv3qJKFDLJ1g31dJmT69mbk70uhtfhpjquU9pxu+GIC66Q2m9Mc5qUphOdzFCr9iU+mOqkRHCGnOzAgsYZySmhVYhvdILGqqHuou7GSqQEtLZ4wh9iCHjnwux9eBAdYklewP4ATzII+Ul+r49AsqTMP7wtqKCrNNpRSJUrko/Y8gdWdA+gm7GRhUjbkBDQRdmN5/AQgAvZG7t9fz8Gz/03zVu7mBqBsqS0ztxow14sfovImUBh5/Uw27fpV1MGGfz/hFBQSWSv58CnUlOOSiFUUQktsZPw+FwsMDHkF5rEzRpcBYXbLVTvajv0qE8pKlBUPsyPs+yLeH9oaVCc0wL8GDgwJVEWeOMxD+H+9hWnvrZiQ0dFgkJjSNE8rM/9mjzzLKodjGpFAKfa1IQXFz7+PUt1T4+gnMkXz8r6TvmidAhcvURg2TFBTRgS/5vMK6wZVUTN8Hfc1KePKvhgzlQpRXKL1VotykgA5VkP2lrCK+UbX+RWtlLRlizjfhSz6zNdGb3Ea/JPIcWGUZPNJ53xHddwrlKQARAQABiQE8BBgBCAAmFiEEiD+RXRgaYU/GYJMLeXod5qmKb3EFAl2Y3n8CGwwFCQPCZwAACgkQeXod5qmKb3EJaQgAr/T9p4UzcMZFfz+DD1rW0EC72lMILCZ78hclFJ7IFfBnraNvEwNP/5TvhR1XG/A1rOOdH6KrSH0Su09XyOvA/OqLlz5RM9l0J2zmbwfw1fmecYjpOg7vsTkaCr5PZjv9PLUlvoOu3YKatrd0D/x8SqdGXb9zMIJiqc36FlRI0V+tohGtln/8uFszhWl+DmBiJyBqHaeaEVkUAMRYnmD3b2EJCjlwLAn7/9kgU1EbFSj0ZJQwYg28Lr6IQIswxG0ai0iGTG/cm88fzowhNo3dOPmci4VM1iOVTF2DY9gokqks/RTADrxS0xq0CU5xmkL8l47uftuIZWqQV92kzbiLFA==" -// groups = ["mgmt"] -//} -resource "aws_iam_user" "cloudgoat" { - name = "cloudgoat" - path = "/cloudgoat/" - -} - -resource "aws_iam_access_key" "cloudgoat" { - user = "${aws_iam_user.cloudgoat.name}" -// pgp_key = "mQENBF2Y3n8BCAC6tFVgnQdw5KyVN01ngB8bv8r3joVNO8+/fSaOBvRF43F0M/KLtXnHqi/Wues1Y4Z/ByAJjsuTFUN2bsTVjboxWesugOPTh+HGXGB3SwXKuDlVVxD3/H9oxgB6g5lN3u1o1mdmg9FADKYYWn0/pmqwF87L4jusdNYy99ImJKYBfncuTat2ZXwND6VIMXAlvXkrpRqxL40aEY621CyPRV1gl8tLqVVWppHwd8NAQcWgQKWF7dthEqWd5svdWjkh8DCp9Wr2uieBXBs7uf4wHxD22s0MluLWjao8DEQ4SdgKhGToAngHDl0xYTgQk6teN3Pz87Af4EnIe2veJi2dEa67ABEBAAG0I3FnYXhlZXZ2IDxxZ2F4ZWV2dkBzaGFya2xhc2Vycy5jb20+iQFUBBMBCAA+FiEEiD+RXRgaYU/GYJMLeXod5qmKb3EFAl2Y3n8CGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQeXod5qmKb3Fd/wgApZXuTsb1h5OL7RxRkebGXgzVAq2BwEtejlbLZmJ3EDWySNi+/xhMiDSLPXPto2Dzn9F5N65xT8ezw30xN/ydDcAb1C3nvTgtY/u2Lllai83Ae27hls8iZEf9FfzkeJPv5Kg0TSwfSa+WrSuZyYPBcNLhM7Iurv3qJKFDLJ1g31dJmT69mbk70uhtfhpjquU9pxu+GIC66Q2m9Mc5qUphOdzFCr9iU+mOqkRHCGnOzAgsYZySmhVYhvdILGqqHuou7GSqQEtLZ4wh9iCHjnwux9eBAdYklewP4ATzII+Ul+r49AsqTMP7wtqKCrNNpRSJUrko/Y8gdWdA+gm7GRhUjbkBDQRdmN5/AQgAvZG7t9fz8Gz/03zVu7mBqBsqS0ztxow14sfovImUBh5/Uw27fpV1MGGfz/hFBQSWSv58CnUlOOSiFUUQktsZPw+FwsMDHkF5rEzRpcBYXbLVTvajv0qE8pKlBUPsyPs+yLeH9oaVCc0wL8GDgwJVEWeOMxD+H+9hWnvrZiQ0dFgkJjSNE8rM/9mjzzLKodjGpFAKfa1IQXFz7+PUt1T4+gnMkXz8r6TvmidAhcvURg2TFBTRgS/5vMK6wZVUTN8Hfc1KePKvhgzlQpRXKL1VotykgA5VkP2lrCK+UbX+RWtlLRlizjfhSz6zNdGb3Ea/JPIcWGUZPNJ53xHddwrlKQARAQABiQE8BBgBCAAmFiEEiD+RXRgaYU/GYJMLeXod5qmKb3EFAl2Y3n8CGwwFCQPCZwAACgkQeXod5qmKb3EJaQgAr/T9p4UzcMZFfz+DD1rW0EC72lMILCZ78hclFJ7IFfBnraNvEwNP/5TvhR1XG/A1rOOdH6KrSH0Su09XyOvA/OqLlz5RM9l0J2zmbwfw1fmecYjpOg7vsTkaCr5PZjv9PLUlvoOu3YKatrd0D/x8SqdGXb9zMIJiqc36FlRI0V+tohGtln/8uFszhWl+DmBiJyBqHaeaEVkUAMRYnmD3b2EJCjlwLAn7/9kgU1EbFSj0ZJQwYg28Lr6IQIswxG0ai0iGTG/cm88fzowhNo3dOPmci4VM1iOVTF2DY9gokqks/RTADrxS0xq0CU5xmkL8l47uftuIZWqQV92kzbiLFA==" -} - -resource "aws_iam_user_policy" "cloudgoat" { - name = "cloudgoat" - user = "${aws_iam_user.cloudgoat.name}" - - policy = < Date: Thu, 5 Dec 2019 20:24:05 +0000 Subject: [PATCH 12/19] Delete security_groups.tf --- .../assets/secdevops/security_groups.tf | 332 ------------------ 1 file changed, 332 deletions(-) delete mode 100644 terraform/modules/infrastructure/assets/secdevops/security_groups.tf diff --git a/terraform/modules/infrastructure/assets/secdevops/security_groups.tf b/terraform/modules/infrastructure/assets/secdevops/security_groups.tf deleted file mode 100644 index a26142a..0000000 --- a/terraform/modules/infrastructure/assets/secdevops/security_groups.tf +++ /dev/null @@ -1,332 +0,0 @@ -resource "aws_security_group" "tpot" { - name = "T-Pot" - description = "T-Pot Honeypot" - vpc_id = "${var.vpc-id}" - - ingress { - from_port = 0 - to_port = 64000 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - ingress { - from_port = 0 - to_port = 64000 - protocol = "udp" - cidr_blocks = ["0.0.0.0/0"] - } - ingress { - from_port = 64294 - to_port = 64294 - protocol = "tcp" - cidr_blocks = ["${var.ip_list}"] - } - ingress { - from_port = 64295 - to_port = 64295 - protocol = "tcp" - cidr_blocks = ["${var.ip_list}"] - } - ingress { - from_port = 64297 - to_port = 64297 - protocol = "tcp" - cidr_blocks = ["${var.ip_list}"] - } - egress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } - - tags = { - Name = "T-Pot", - Environment = "${var.environment}" - Terraform = "True" - } -} - -resource "aws_security_group" "fbctf" { - name = "FB-CTF" - description = "FaceBook Capture The Flag" - vpc_id = "${var.vpc-id}" - - ingress { - from_port = 443 - to_port = 443 - protocol = "tcp" - cidr_blocks = ["${var.ip_list}"] - } - - ingress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["${var.ip_list}"] - } - - # Allow all traffic from the private subnet - ingress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["10.0.1.0/24"] - } - - egress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } - - tags = { - Name = "FB-CTF" - Environment = "${var.environment}" - Terraform = "True" - } -} - -resource "aws_security_group" "kali" { - name = "attackers" - description = "penetration testing assets" - vpc_id = "${var.vpc-id}" - - - # terminal/ssh rule - ingress { - from_port = 22 - to_port = 22 - protocol = "tcp" - cidr_blocks = ["${var.ip_list}"] - } - - # vnc rule - ingress { - from_port = 5901 - to_port = 5901 - protocol = "tcp" - cidr_blocks = ["${var.ip_list}"] - } - - # just open up everything else - ingress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["${var.ip_list}"] - } - # Allow all traffic from the private subnet - ingress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["10.0.1.0/24"] - } - - egress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } - tags = { - Name = "kali" - Environment = "${var.environment}" - Terraform = "True" - } -} - -#loot aka security group rules -resource "aws_security_group" "targets" { - name = "targets" - description = "windows / linux targets" - vpc_id = "${var.vpc-id}" - - # terminal/ssh rule - ingress { - from_port = 22 - to_port = 22 - protocol = "tcp" - cidr_blocks = ["${var.ip_list}"] - } - - # terminal/ssh rule - ingress { - from_port = 8080 - to_port = 8080 - protocol = "tcp" - cidr_blocks = ["${var.ip_list}"] - } - - # inbound rules - ingress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["${var.ip_list}"] - } - - # Allow all traffic from the private subnet - ingress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["10.0.1.0/24"] - } - - # outbound rules - egress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["${var.ip_list}"] - } - tags = { - Name = "webgoat_sg" - Environment = "${var.environment}" - Terraform = "True" - } -} - -// import from https://github.com/clong/DetectionLab -resource "aws_security_group" "logger" { - name = "logger_security_group" - description = "DetectionLab: Security Group for the logger host" - vpc_id = "${var.vpc-id}" - - # SSH access - ingress { - from_port = 22 - to_port = 22 - protocol = "tcp" - cidr_blocks = ["${var.ip_list}"] - } - - # Splunk access - ingress { - from_port = 8000 - to_port = 8000 - protocol = "tcp" - cidr_blocks = ["${var.ip_list}"] - } - - # Fleet access - ingress { - from_port = 8412 - to_port = 8412 - protocol = "tcp" - cidr_blocks = ["${var.ip_list}"] - } - - # Caldera access - ingress { - from_port = 8888 - to_port = 8888 - protocol = "tcp" - cidr_blocks = ["${var.ip_list}"] - } - - # Allow all traffic from the private subnet - ingress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["10.0.1.0/24"] - } - - # outbound internet access - egress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } -} -// import from https://github.com/clong/DetectionLab -resource "aws_security_group" "windows" { - name = "windows_security_group" - description = "DetectionLab: Security group for the Windows hosts" - vpc_id = "${var.vpc-id}" - - # RDP - ingress { - from_port = 3389 - to_port = 3389 - protocol = "tcp" - cidr_blocks = ["${var.ip_list}"] - } - - # WinRM - ingress { - from_port = 5985 - to_port = 5986 - protocol = "tcp" - cidr_blocks = ["${var.ip_list}"] - } - - # Windows ATA - ingress { - from_port = 443 - to_port = 443 - protocol = "tcp" - cidr_blocks = ["${var.ip_list}"] - } - - # Allow all traffic from the private subnet - ingress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["10.0.1.0/24"] - } - - # outbound internet access - egress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } - tags = { - Name = "detectionlab_sg" - Environment = "${var.environment}" - Terraform = "True" - } -} - -resource "aws_security_group" "malware" { - name = "malware" - description = "flarevm malware security group" - vpc_id = "${var.vpc-id}" - - # RDP - ingress { - from_port = 3389 - to_port = 3389 - protocol = "tcp" - cidr_blocks = ["${var.ip_list}"] - } - - # ssh access - ingress { - from_port = 0 - to_port = 22 - protocol = "tcp" - cidr_blocks = ["${var.ip_list}"] - } - - # outbound internet access - eliminate everything - egress { - from_port = 1 - to_port = 1 - protocol = "tcp" - cidr_blocks = ["66.66.66.66/32"] - } - tags = { - Name = "malware_sg" - Environment = "${var.environment}" - Terraform = "True" - } -} \ No newline at end of file From 87a1beb173288a1a9cbf4138b2d0ca68e8a86818 Mon Sep 17 00:00:00 2001 From: labmaster-q <57621346+labmaster-q@users.noreply.github.com> Date: Thu, 5 Dec 2019 20:24:20 +0000 Subject: [PATCH 13/19] Delete security_groups_rules.tf --- .../assets/secdevops/security_groups_rules.tf | 28 ------------------- 1 file changed, 28 deletions(-) delete mode 100644 terraform/modules/infrastructure/assets/secdevops/security_groups_rules.tf diff --git a/terraform/modules/infrastructure/assets/secdevops/security_groups_rules.tf b/terraform/modules/infrastructure/assets/secdevops/security_groups_rules.tf deleted file mode 100644 index a1bf88c..0000000 --- a/terraform/modules/infrastructure/assets/secdevops/security_groups_rules.tf +++ /dev/null @@ -1,28 +0,0 @@ -// A centralized location for all security group rules... - -resource "aws_security_group_rule" "allow_all_between_webgoat_and_kali" { - type = "ingress" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - security_group_id = "${aws_security_group.targets.id}" -} - -resource "aws_security_group_rule" "allow_all_between_kali_and_webgoat" { - type = "ingress" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - security_group_id = "${aws_security_group.kali.id}" -} - -resource "aws_security_group_rule" "allow_malware_to_malware" { - type = "ingress" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - security_group_id = "${aws_security_group.malware.id}" -} \ No newline at end of file From ea6d3a73f9b847e5e979ea4d8e230420d50e6a2c Mon Sep 17 00:00:00 2001 From: labmaster-q <57621346+labmaster-q@users.noreply.github.com> Date: Thu, 5 Dec 2019 20:24:30 +0000 Subject: [PATCH 14/19] Delete target.metasplotables.tf --- .../assets/secdevops/target.metasplotables.tf | 58 ------------------- 1 file changed, 58 deletions(-) delete mode 100644 terraform/modules/infrastructure/assets/secdevops/target.metasplotables.tf diff --git a/terraform/modules/infrastructure/assets/secdevops/target.metasplotables.tf b/terraform/modules/infrastructure/assets/secdevops/target.metasplotables.tf deleted file mode 100644 index cf45bb1..0000000 --- a/terraform/modules/infrastructure/assets/secdevops/target.metasplotables.tf +++ /dev/null @@ -1,58 +0,0 @@ - -resource "aws_instance" "cr_ms3_2k8" { - count = "${var.docker_ct}" - - ami = "${data.aws_ami.ms3_2k8.id}" - instance_type = "${var.instance_type_win}" - - subnet_id = "${element(local.cyberRange_windows_subnets_ids, count.index)}" - vpc_security_group_ids = ["${aws_security_group.targets.id}"] - - key_name = "${aws_key_pair.circleci_key.key_name}" - - root_block_device { - delete_on_termination = true - } - - tags = { - Name = "MetaSploitable_3_win2k8-${count.index}" - Environment = "${var.environment}" - Terraform = "True" - } -} - -resource "aws_instance" "ami_ms3_2k12" { - count = "${var.docker_ct}" - ami = "${data.aws_ami.ms3_2k12.id}" - instance_type = "${var.instance_type_win}" - subnet_id = "${element(local.cyberRange_windows_subnets_ids, count.index)}" - vpc_security_group_ids = [ - "${aws_security_group.targets.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" - root_block_device { - delete_on_termination = true - } - - tags = { - Name = "MetaSploitable_3_win2k12-${count.index}" - Environment = "${var.environment}" - Terraform = "True" - } -} - -resource "aws_instance" "cr_ms3_nix" { - count = "${var.docker_ct}" - ami = "${data.aws_ami.ms3_nix.id}" - instance_type = "${var.instance_type_docker}" - subnet_id = "${element(local.cyberRange_subnets_ids, count.index)}" - vpc_security_group_ids = ["${aws_security_group.targets.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" - root_block_device { - delete_on_termination = true - } - tags = { - Name = "ms3_nix-${count.index}" - Environment = "${var.environment}" - Terraform = "True" - } -} \ No newline at end of file From c6b55fe51ab2b9abec0a47c6004174b25bebc231 Mon Sep 17 00:00:00 2001 From: labmaster-q <57621346+labmaster-q@users.noreply.github.com> Date: Thu, 5 Dec 2019 20:24:43 +0000 Subject: [PATCH 15/19] Delete target.windows.tf --- .../assets/secdevops/target.windows.tf | 145 ------------------ 1 file changed, 145 deletions(-) delete mode 100644 terraform/modules/infrastructure/assets/secdevops/target.windows.tf diff --git a/terraform/modules/infrastructure/assets/secdevops/target.windows.tf b/terraform/modules/infrastructure/assets/secdevops/target.windows.tf deleted file mode 100644 index 72dfd0a..0000000 --- a/terraform/modules/infrastructure/assets/secdevops/target.windows.tf +++ /dev/null @@ -1,145 +0,0 @@ -locals { - cyberRange_windows_subnets_ids = [ - "${var.attacker_subnet_id}", - "${var.target_subnet_id}", - ] -} - - -resource "aws_instance" "win2008" { - count = "${var.docker_ct}" - ami = "${data.aws_ami.win2k8.id}" - instance_type = "${var.instance_type}" - subnet_id = "${element(local.cyberRange_windows_subnets_ids, count.index)}" - vpc_security_group_ids = ["${aws_security_group.targets.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" - root_block_device { - delete_on_termination = true - } - tags = { - Name = "win2008-${count.index}" - Environment = "${var.environment}" - Terraform = "True" - } -} - -resource "aws_instance" "win7" { - count = "${var.docker_ct}" - ami = "${data.aws_ami.win7.id}" - instance_type = "${var.instance_type}" - subnet_id = "${element(local.cyberRange_windows_subnets_ids, count.index)}" - vpc_security_group_ids = ["${aws_security_group.targets.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" - user_data = "${var.win_bootstrap_user_data}" - root_block_device { - delete_on_termination = true - } - tags = { - Name = "win7-${count.index}" - Environment = "${var.environment}" - Terraform = "True" - } -} - -resource "aws_instance" "win8" { - count = "${var.docker_ct}" - ami = "${data.aws_ami.win8.id}" - instance_type = "${var.instance_type}" - subnet_id = "${element(local.cyberRange_windows_subnets_ids, count.index)}" - vpc_security_group_ids = ["${aws_security_group.targets.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" - root_block_device { - delete_on_termination = true - } - tags = { - Name = "win8-${count.index}" - Environment = "${var.environment}" - Terraform = "True" - } -} - -resource "aws_instance" "defender_win2k10" { - count = "${var.docker_ct}" - ami = "${data.aws_ami.win2k10.id}" - instance_type = "${var.instance_type}" - subnet_id = "${element(local.cyberRange_windows_subnets_ids, count.index)}" - vpc_security_group_ids = ["${aws_security_group.targets.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" - root_block_device { - delete_on_termination = true - } - tags = { - Name = "win2k10-${count.index}" - Environment = "${var.environment}" - Terraform = "True" - } -} - -resource "aws_instance" "win2012" { - count = "${var.docker_ct}" - ami = "${data.aws_ami.win2k12.id}" - instance_type = "${var.instance_type}" - subnet_id = "${element(local.cyberRange_windows_subnets_ids, count.index)}" - vpc_security_group_ids = ["${aws_security_group.targets.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" - root_block_device { - delete_on_termination = true - } - tags = { - Name = "win2012-${count.index}" - Environment = "${var.environment}" - Terraform = "True" - } -} - -resource "aws_instance" "win2012_RTM" { - count = "${var.docker_ct}" - ami = "${data.aws_ami.win2k12_RTM.id}" - instance_type = "${var.instance_type}" - subnet_id = "${element(local.cyberRange_windows_subnets_ids, count.index)}" - vpc_security_group_ids = ["${aws_security_group.targets.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" - root_block_device { - delete_on_termination = true - } - tags = { - Name = "win2012_RTM-${count.index}" - Environment = "${var.environment}" - Terraform = "True" - } -} - -resource "aws_instance" "win2016" { - count = "${var.docker_ct}" - ami = "${data.aws_ami.win2k16.id}" - instance_type = "${var.instance_type_win}" - subnet_id = "${element(local.cyberRange_windows_subnets_ids, count.index)}" - vpc_security_group_ids = ["${aws_security_group.targets.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" - user_data = "${var.win_bootstrap_user_data}" - root_block_device { - delete_on_termination = true - } - tags = { - Name = "win2016-${count.index}" - Environment = "${var.environment}" - Terraform = "True" - } -} - -resource "aws_instance" "win2019" { - count = "${var.docker_ct}" - ami = "${data.aws_ami.win2k19.id}" - instance_type = "${var.instance_type}" - subnet_id = "${element(local.cyberRange_windows_subnets_ids, count.index)}" - vpc_security_group_ids = ["${aws_security_group.targets.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" - root_block_device { - delete_on_termination = true - } - tags = { - Name = "win2019-${count.index}" - Environment = "${var.environment}" - Terraform = "True" - } -} From 1a3a05323b3f1e42b39829f806fe9848145d7606 Mon Sep 17 00:00:00 2001 From: labmaster-q <57621346+labmaster-q@users.noreply.github.com> Date: Thu, 5 Dec 2019 20:24:58 +0000 Subject: [PATCH 16/19] Delete target.window.volumes.tf --- .../assets/secdevops/target.window.volumes.tf | 122 ------------------ 1 file changed, 122 deletions(-) delete mode 100644 terraform/modules/infrastructure/assets/secdevops/target.window.volumes.tf diff --git a/terraform/modules/infrastructure/assets/secdevops/target.window.volumes.tf b/terraform/modules/infrastructure/assets/secdevops/target.window.volumes.tf deleted file mode 100644 index 7921bf5..0000000 --- a/terraform/modules/infrastructure/assets/secdevops/target.window.volumes.tf +++ /dev/null @@ -1,122 +0,0 @@ - -data "aws_ebs_volume" "win2008_ebs_volume" { - most_recent = true - - filter { - name = "attachment.instance-id" - values = ["${aws_instance.win2008[0].id}"] - } -} - -output "win2008_ebs_vol_id" { - value = "${data.aws_ebs_volume.win2008_ebs_volume.id}" -} - -data "aws_ebs_volume" "cr_ms3_2k8" { - most_recent = true - - filter { - name = "attachment.instance-id" - values = ["${aws_instance.cr_ms3_2k8[0].id}"] - } -} - -output "cr_ms3_2k8_vol_id" { - value = "${data.aws_ebs_volume.cr_ms3_2k8.id}" -} - -data "aws_ebs_volume" "win7" { - most_recent = true - - filter { - name = "attachment.instance-id" - values = ["${aws_instance.win7[0].id}"] - } -} - -output "win7_vol_id" { - value = "${data.aws_ebs_volume.win7.id}" -} - -data "aws_ebs_volume" "win8" { - most_recent = true - - filter { - name = "attachment.instance-id" - values = ["${aws_instance.win8[0].id}"] - } -} - -output "win8_vol_id" { - value = "${data.aws_ebs_volume.win8.id}" -} - - -data "aws_ebs_volume" "win2k10" { - most_recent = true - - filter { - name = "attachment.instance-id" - values = ["${aws_instance.defender_win2k10[0].id}"] - } -} - -output "win2k10_vol_id" { - value = "${data.aws_ebs_volume.win2k10.id}" -} - - -data "aws_ebs_volume" "win2012" { - most_recent = true - - filter { - name = "attachment.instance-id" - values = ["${aws_instance.win2012[0].id}"] - } -} - -output "win2k12_vol_id" { - value = "${data.aws_ebs_volume.win2012.id}" -} - - -data "aws_ebs_volume" "win2012_RTM" { - most_recent = true - - filter { - name = "attachment.instance-id" - values = ["${aws_instance.win2012_RTM[0].id}"] - } -} - -output "win2012_RTM_vol_id" { - value = "${data.aws_ebs_volume.win2012_RTM.id}" -} - - -data "aws_ebs_volume" "win2016" { - most_recent = true - - filter { - name = "attachment.instance-id" - values = ["${aws_instance.win2016[0].id}"] - } -} - -output "win2k16_vol_id" { - value = "${data.aws_ebs_volume.win2016.id}" -} - - -data "aws_ebs_volume" "win2019" { - most_recent = true - - filter { - name = "attachment.instance-id" - values = ["${aws_instance.win2019[0].id}"] - } -} - -output "win2k19_vol_id" { - value = "${data.aws_ebs_volume.win2019.id}" -} From 9dd60eb4b1d0cb0d963d9bfd39e6d65f3c08fab1 Mon Sep 17 00:00:00 2001 From: labmaster-q <57621346+labmaster-q@users.noreply.github.com> Date: Thu, 5 Dec 2019 20:25:10 +0000 Subject: [PATCH 17/19] Delete targets.nix.tf --- .../assets/secdevops/targets.nix.tf | 180 ------------------ 1 file changed, 180 deletions(-) delete mode 100644 terraform/modules/infrastructure/assets/secdevops/targets.nix.tf diff --git a/terraform/modules/infrastructure/assets/secdevops/targets.nix.tf b/terraform/modules/infrastructure/assets/secdevops/targets.nix.tf deleted file mode 100644 index e844df1..0000000 --- a/terraform/modules/infrastructure/assets/secdevops/targets.nix.tf +++ /dev/null @@ -1,180 +0,0 @@ -# Webgoat instance details -# original reference: https://github.com/BlacksInTechnologyOrg/bit-pentest-labs/blob/master/aws/terraform/modules/webgoat/webgoat.tf -locals { - cyberRange_subnets_ids = [ - "${var.attacker_subnet_id}", - "${var.target_subnet_id}", - ] -} - -resource "aws_instance" "cr_skytower" { - count = "${var.docker_ct}" - ami = "${data.aws_ami.skytower.id}" - instance_type = "${var.instance_type}" - subnet_id = "${element(local.cyberRange_subnets_ids, count.index)}" - vpc_security_group_ids = ["${aws_security_group.targets.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" - root_block_device { - delete_on_termination = true - } - tags = { - Name = "Skytower-${count.index}" - Environment = "${var.environment}" - Terraform = "True" - } -} - -resource "aws_instance" "cr_stapler" { - count = "${var.docker_ct}" - ami = "${data.aws_ami.stapler.id}" - instance_type = "${var.instance_type}" - subnet_id = "${element(local.cyberRange_subnets_ids, count.index)}" - vpc_security_group_ids = ["${aws_security_group.targets.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" - root_block_device { - delete_on_termination = true - } - tags = { - Name = "Stapler-${count.index}" - Environment = "${var.environment}" - Terraform = "True" - } -} - -resource "aws_instance" "cr_vulnos" { - count = "${var.docker_ct}" - ami = "${data.aws_ami.vulnos.id}" - instance_type = "${var.instance_type}" - subnet_id = "${element(local.cyberRange_subnets_ids, count.index)}" - vpc_security_group_ids = ["${aws_security_group.targets.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" - root_block_device { - delete_on_termination = true - } - tags = { - Name = "Vulnos-${count.index}" - Environment = "${var.environment}" - Terraform = "True" - } -} - -resource "aws_instance" "cr_sickos" { - count = "${var.docker_ct}" - ami = "${data.aws_ami.sickos.id}" - instance_type = "${var.instance_type}" - subnet_id = "${element(local.cyberRange_subnets_ids, count.index)}" - vpc_security_group_ids = ["${aws_security_group.targets.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" - root_block_device { - delete_on_termination = true - } - tags = { - Name = "Sickos-${count.index}" - Environment = "${var.environment}" - Terraform = "True" - } -} - -resource "aws_instance" "cr_mrrobot" { - count = "${var.docker_ct}" - ami = "${data.aws_ami.mrrobot.id}" - instance_type = "${var.instance_type}" - subnet_id = "${element(local.cyberRange_subnets_ids, count.index)}" - vpc_security_group_ids = ["${aws_security_group.targets.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" - root_block_device { - delete_on_termination = true - } - tags = { - Name = "MrRobot-${count.index}" - Environment = "${var.environment}" - Terraform = "True" - } -} - -resource "aws_instance" "cr_fristileaks" { - count = "${var.docker_ct}" - ami = "${data.aws_ami.fristileaks.id}" - instance_type = "${var.instance_type}" - subnet_id = "${element(local.cyberRange_subnets_ids, count.index)}" - vpc_security_group_ids = ["${aws_security_group.targets.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" - root_block_device { - delete_on_termination = true - } - tags = { - Name = "fristileaks-${count.index}" - Environment = "${var.environment}" - Terraform = "True" - } -} - -resource "aws_instance" "cr_hackinos" { - count = "${var.docker_ct}" - ami = "${data.aws_ami.hackinos.id}" - instance_type = "${var.instance_type}" - subnet_id = "${element(local.cyberRange_subnets_ids, count.index)}" - vpc_security_group_ids = ["${aws_security_group.targets.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" - root_block_device { - delete_on_termination = true - } - tags = { - Name = "hackinos-${count.index}" - Environment = "${var.environment}" - Terraform = "True" - } -} - -resource "aws_instance" "cr_bulldog" { - count = "${var.docker_ct}" - ami = "${data.aws_ami.bulldog.id}" - instance_type = "${var.instance_type_docker}" - subnet_id = "${element(local.cyberRange_subnets_ids, count.index)}" - vpc_security_group_ids = ["${aws_security_group.targets.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" - root_block_device { - delete_on_termination = true - } - tags = { - Name = "bulldog-${count.index}" - Environment = "${var.environment}" - Terraform = "True" - } -} - -resource "aws_instance" "cr_myhouse7" { - count = "${var.docker_ct}" - ami = "${data.aws_ami.myhouse7.id}" - instance_type = "${var.instance_type_docker}" - subnet_id = "${element(local.cyberRange_subnets_ids, count.index)}" - vpc_security_group_ids = ["${aws_security_group.targets.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" - root_block_device { - delete_on_termination = true - } - tags = { - Name = "myhouse7-${count.index}" - Environment = "${var.environment}" - Terraform = "True" - } -} - -resource "aws_instance" "docker" { - count = "${var.docker_ct}" - - ami = "${data.aws_ami.ubuntu.id}" - instance_type = "${var.instance_type_docker}" - subnet_id = "${element(local.cyberRange_subnets_ids, count.index)}" - vpc_security_group_ids = ["${aws_security_group.targets.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" - user_data = "${file("../../modules/infrastructure/cloud-init/docker.targets.yml")}" - root_block_device { - delete_on_termination = true - } - tags = { - Name = "docker-via-cloudinit-${count.index}" - Environment = "${var.environment}" - Terraform = "True" - } -} From d63b99442dd9e0027687469e00c21a92f7e60f6c Mon Sep 17 00:00:00 2001 From: labmaster-q <57621346+labmaster-q@users.noreply.github.com> Date: Thu, 5 Dec 2019 20:25:20 +0000 Subject: [PATCH 18/19] Delete tenable.tf --- .../assets/secdevops/tenable.tf | 70 ------------------- 1 file changed, 70 deletions(-) delete mode 100644 terraform/modules/infrastructure/assets/secdevops/tenable.tf diff --git a/terraform/modules/infrastructure/assets/secdevops/tenable.tf b/terraform/modules/infrastructure/assets/secdevops/tenable.tf deleted file mode 100644 index 6054825..0000000 --- a/terraform/modules/infrastructure/assets/secdevops/tenable.tf +++ /dev/null @@ -1,70 +0,0 @@ -locals { - tenable_subnet_ids = [ - "${var.attacker_subnet_id}", - "${var.target_subnet_id}", - ] -} - -resource "aws_instance" "nessus" { - count = "${var.kali_ct}" - - ami = "${data.aws_ami.nessus.id}" - instance_type = "${var.instance_type_kali}" - subnet_id = "${element(local.tenable_subnet_ids, count.index)}" - vpc_security_group_ids = ["${aws_security_group.kali.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" - - root_block_device { - delete_on_termination = true - volume_size = 120 - } - - tags = { - Name = "CyberRange-nessus-${count.index}" - Environment = "${var.environment}" - Terraform = "True" - } -} - -resource "aws_instance" "sc" { - count = "${var.kali_ct}" - - ami = "${data.aws_ami.sc.id}" - instance_type = "${var.instance_type_kali}" - subnet_id = "${element(local.tenable_subnet_ids, count.index)}" - vpc_security_group_ids = ["${aws_security_group.kali.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" - - root_block_device { - delete_on_termination = true - volume_size = 250 - } - - tags = { - Name = "CyberRange-sc-${count.index}" - Environment = "${var.environment}" - Terraform = "True" - } -} - - -resource "aws_instance" "nnm" { - count = "${var.kali_ct}" - - ami = "${data.aws_ami.nnm.id}" - instance_type = "${var.instance_type_kali}" - subnet_id = "${element(local.tenable_subnet_ids, count.index)}" - vpc_security_group_ids = ["${aws_security_group.kali.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" - - root_block_device { - delete_on_termination = true - volume_size = 120 - } - - tags = { - Name = "CyberRange-nnm-${count.index}" - Environment = "${var.environment}" - Terraform = "True" - } -} \ No newline at end of file From 7b57d0f246d812ce6bdc1584b98fd87ba37851cb Mon Sep 17 00:00:00 2001 From: labmaster-q <57621346+labmaster-q@users.noreply.github.com> Date: Thu, 5 Dec 2019 20:31:28 +0000 Subject: [PATCH 19/19] removed "${ }" characters and subnet variables As per the terrafrom deprecation the "${ }" characters surrounding environment variables have been removed. Local variables assigning the subnet in each file has been corrected. --- .../assets/secdevops/attackers.tf | 85 +++++ .../assets/secdevops/aws_key_pairs.tf | 4 + .../assets/secdevops/ctf.playground.tf | 37 ++ .../assets/secdevops/detection.lab.tf | 98 ++++++ .../assets/secdevops/honeyPots.tf | 51 +++ .../assets/secdevops/malware.tf | 43 ++- .../assets/secdevops/range_users.tf | 55 +++ .../assets/secdevops/security_groups.tf | 332 ++++++++++++++++++ .../assets/secdevops/security_groups_rules.tf | 28 ++ .../assets/secdevops/target.metasplotables.tf | 58 +++ .../assets/secdevops/target.windows.tf | 144 ++++++++ .../assets/secdevops/targets.nix.tf | 179 ++++++++++ .../assets/secdevops/tenable.tf | 70 ++++ 13 files changed, 1162 insertions(+), 22 deletions(-) create mode 100644 terraform/modules/infrastructure/assets/secdevops/attackers.tf create mode 100644 terraform/modules/infrastructure/assets/secdevops/aws_key_pairs.tf create mode 100644 terraform/modules/infrastructure/assets/secdevops/ctf.playground.tf create mode 100644 terraform/modules/infrastructure/assets/secdevops/detection.lab.tf create mode 100644 terraform/modules/infrastructure/assets/secdevops/honeyPots.tf create mode 100644 terraform/modules/infrastructure/assets/secdevops/range_users.tf create mode 100644 terraform/modules/infrastructure/assets/secdevops/security_groups.tf create mode 100644 terraform/modules/infrastructure/assets/secdevops/security_groups_rules.tf create mode 100644 terraform/modules/infrastructure/assets/secdevops/target.metasplotables.tf create mode 100644 terraform/modules/infrastructure/assets/secdevops/target.windows.tf create mode 100644 terraform/modules/infrastructure/assets/secdevops/targets.nix.tf create mode 100644 terraform/modules/infrastructure/assets/secdevops/tenable.tf diff --git a/terraform/modules/infrastructure/assets/secdevops/attackers.tf b/terraform/modules/infrastructure/assets/secdevops/attackers.tf new file mode 100644 index 0000000..482d297 --- /dev/null +++ b/terraform/modules/infrastructure/assets/secdevops/attackers.tf @@ -0,0 +1,85 @@ +locals { + pen_subnet_ids = [ + "${var.attacker_subnet_id}", + "${var.target_subnet_id}", + ] +} + +resource "aws_instance" "kali" { + count = var.kali_ct + ami = data.aws_ami.kali.id + instance_type = var.instance_type_kali + subnet_id = element(local.pen_subnet_ids, count.index) + vpc_security_group_ids = ["${aws_security_group.kali.id}"] + key_name = aws_key_pair.circleci_key.key_name + user_data = file("../../modules/infrastructure/cloud-init/kali.yml") + + root_block_device { + delete_on_termination = true + volume_size = 160 + } + tags = { + Name = "kali-linux-${count.index}" + Environment = "${var.environment}" + Terraform = "True" + } +} + +resource "aws_instance" "commando" { + count = var.docker_ct + ami = data.aws_ami.commando.id + instance_type = var.instance_type_win + subnet_id = element(local.pen_subnet_ids, count.index) + vpc_security_group_ids = ["${aws_security_group.windows.id}"] + key_name = aws_key_pair.circleci_key.key_name + + root_block_device { + delete_on_termination = true + volume_size = 160 + } + tags = { + Name = "commando-${count.index}" + Environment = "${var.environment}" + Terraform = "True" + } +} + +resource "aws_instance" "r7vm" { + count = var.kali_ct + + ami = data.aws_ami.r7.id + instance_type = var.instance_type_kali + + subnet_id = element(local.pen_subnet_ids, count.index) + vpc_security_group_ids = ["${aws_security_group.kali.id}"] + key_name = aws_key_pair.circleci_key.key_name + + root_block_device { + delete_on_termination = true + volume_size = 100 + } + + tags = { + Name = "r7-${count.index}" + Environment = "${var.environment}" + Terraform = "True" + } +} + +resource "aws_instance" "commandov2" { + count = var.docker_ct + ami = data.aws_ami.commandov2.id + instance_type = var.instance_type_commandov2 + subnet_id = element(local.pen_subnet_ids, count.index) + vpc_security_group_ids = ["${aws_security_group.kali.id}"] + key_name = aws_key_pair.circleci_key.key_name + root_block_device { + delete_on_termination = true + volume_size = 160 + } + tags = { + Name = "commando-v2-${count.index}" + Environment = "${var.environment}" + Terraform = "True" + } +} \ No newline at end of file diff --git a/terraform/modules/infrastructure/assets/secdevops/aws_key_pairs.tf b/terraform/modules/infrastructure/assets/secdevops/aws_key_pairs.tf new file mode 100644 index 0000000..e114344 --- /dev/null +++ b/terraform/modules/infrastructure/assets/secdevops/aws_key_pairs.tf @@ -0,0 +1,4 @@ +resource "aws_key_pair" "circleci_key" { + key_name = "v2" + public_key = file("../../keys/circleci_terraform.pub") +} diff --git a/terraform/modules/infrastructure/assets/secdevops/ctf.playground.tf b/terraform/modules/infrastructure/assets/secdevops/ctf.playground.tf new file mode 100644 index 0000000..6b971d6 --- /dev/null +++ b/terraform/modules/infrastructure/assets/secdevops/ctf.playground.tf @@ -0,0 +1,37 @@ +locals { + fbctf_subnets_ids = [ + "${var.target_subnet_id}", + ] +} + +resource "aws_instance" "fbctf" { + count = var.fbctf_ct + + ami = data.aws_ami.ubuntu1604.id + instance_type = var.instance_type_docker + + subnet_id = element(local.fbctf_subnets_ids, count.index) + + vpc_security_group_ids = ["${aws_security_group.fbctf.id}"] + + key_name = aws_key_pair.circleci_key.key_name + + #user_data = "${file("var.fbctf_user_data")}" + + + + + root_block_device { + volume_type = "gp2" + volume_size = var.fbctf_root_vol_size + delete_on_termination = "true" + } + + tags = { + Name = "FBCTF-${count.index}" + Environment = "${var.environment}" + Terraform = "True" + Zombie = "True" + Initialization_Complete = "True" + } +} \ No newline at end of file diff --git a/terraform/modules/infrastructure/assets/secdevops/detection.lab.tf b/terraform/modules/infrastructure/assets/secdevops/detection.lab.tf new file mode 100644 index 0000000..9616a9f --- /dev/null +++ b/terraform/modules/infrastructure/assets/secdevops/detection.lab.tf @@ -0,0 +1,98 @@ +locals { + cyberRange_detection_subnets_ids = [ + "${var.attacker_subnet_id}", + "${var.target_subnet_id}", + ] +} + + +resource "aws_instance" "dl-wef" { + count = var.docker_ct + ami = data.aws_ami.detection-wef.id + instance_type = var.instance_type_tpot + subnet_id = element(local.cyberRange_detection_subnets_ids, count.index) + vpc_security_group_ids = [aws_security_group.windows.id] + key_name = aws_key_pair.circleci_key.key_name + private_ip = "192.168.38.103" + + root_block_device { + delete_on_termination = true + } + tags = { + Name = "wef.windomain.local" + Environment = "${var.environment}" + Terraform = "True" + } +} + +resource "aws_instance" "dl-dc" { + count = var.docker_ct + ami = data.aws_ami.detection-dc.id + instance_type = var.instance_type_tpot + subnet_id = element(local.cyberRange_detection_subnets_ids, count.index) + vpc_security_group_ids = [aws_security_group.windows.id] + key_name = aws_key_pair.circleci_key.key_name + private_ip = "192.168.38.102" + + root_block_device { + delete_on_termination = true + } + tags = { + Name = "dc.windomain.local" + Environment = "${var.environment}" + Terraform = "True" + } +} +resource "aws_instance" "dl-win10" { + count = var.docker_ct + ami = data.aws_ami.detection-dc.id + instance_type = var.instance_type_tpot + subnet_id = element(local.cyberRange_detection_subnets_ids, count.index) + vpc_security_group_ids = [aws_security_group.windows.id] + key_name = aws_key_pair.circleci_key.key_name + private_ip = "192.168.38.104" + + root_block_device { + delete_on_termination = true + } + tags = { + Name = "win10.windomain.local" + Environment = "${var.environment}" + Terraform = "True" + } +} + +resource "aws_instance" "dl-logger" { + count = var.docker_ct + instance_type = var.instance_type_tpot + ami = data.aws_ami.logger_ami.image_id + + tags = { + Name = "dl.logger" + } + + subnet_id = element(local.cyberRange_detection_subnets_ids, count.index) + vpc_security_group_ids = [aws_security_group.logger.id] + key_name = aws_key_pair.circleci_key.key_name + private_ip = "192.168.38.105" + + + root_block_device { + delete_on_termination = true + volume_size = 64 + } +} + + +# Adjust VPC DNS settings to not conflict with lab +resource "aws_vpc_dhcp_options" "default" { + domain_name = "windomain.local" + domain_name_servers = concat([aws_instance.dl-dc[0].private_ip], var.external_dns_servers) + netbios_name_servers = [aws_instance.dl-dc[0].private_ip] +} + +resource "aws_vpc_dhcp_options_association" "default" { +vpc_id = var.vpc-id +dhcp_options_id = aws_vpc_dhcp_options.default.id +} + diff --git a/terraform/modules/infrastructure/assets/secdevops/honeyPots.tf b/terraform/modules/infrastructure/assets/secdevops/honeyPots.tf new file mode 100644 index 0000000..8031133 --- /dev/null +++ b/terraform/modules/infrastructure/assets/secdevops/honeyPots.tf @@ -0,0 +1,51 @@ +locals { + subnets_ids = [ + "${var.honeypot_subnet_id}", + ] +} + +resource "aws_instance" "tpot-full-build" { + count = var.tpot_ct + + ami = data.aws_ami.debianstretch.id + instance_type = var.instance_type_tpot + subnet_id = element(local.subnets_ids, count.index) + vpc_security_group_ids = ["${aws_security_group.tpot.id}"] + key_name = aws_key_pair.circleci_key.key_name + user_data = file("../../modules/infrastructure/cloud-init/tpot.setup.yml") + + root_block_device { + volume_type = "gp2" + volume_size = var.tpot_root_vol_size + delete_on_termination = "true" + } + + tags = { + Name = "Tpot-${count.index}" + Environment = "${var.environment}" + Terraform = "True" + } +} + + +resource "aws_instance" "tpot" { + count = var.tpot_ct + + ami = data.aws_ami.tpot.id + instance_type = var.instance_type_tpot + subnet_id = element(local.subnets_ids, count.index) + vpc_security_group_ids = ["${aws_security_group.tpot.id}"] + key_name = aws_key_pair.circleci_key.key_name + + root_block_device { + volume_type = "gp2" + volume_size = var.tpot_root_vol_size + delete_on_termination = "true" + } + + tags = { + Name = "Tpot-${count.index}" + Environment = "${var.environment}" + Terraform = "True" + } +} \ No newline at end of file diff --git a/terraform/modules/infrastructure/assets/secdevops/malware.tf b/terraform/modules/infrastructure/assets/secdevops/malware.tf index 7678c3c..fbe7f38 100644 --- a/terraform/modules/infrastructure/assets/secdevops/malware.tf +++ b/terraform/modules/infrastructure/assets/secdevops/malware.tf @@ -1,17 +1,16 @@ locals { malware_subnet_ids = [ - "${var.attacker_subnet_id}", - "${var.target_subnet_id}", + "${var.malware_subnet_id}", ] } resource "aws_instance" "flarevm-win7" { - count = "${var.docker_ct}" - ami = "${data.aws_ami.flare.id}" + count = var.docker_ct + ami = data.aws_ami.flare.id instance_type = "t2.xlarge" - subnet_id = "${element(local.malware_subnet_ids, count.index)}" + subnet_id = element(local.malware_subnet_ids, count.index) vpc_security_group_ids = ["${aws_security_group.malware.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" + key_name = aws_key_pair.circleci_key.key_name root_block_device { delete_on_termination = true volume_size = 150 @@ -27,12 +26,12 @@ resource "aws_instance" "flarevm-win7" { resource "aws_instance" "cuckoo_guest" { - count = "${var.docker_ct}" - ami = "${data.aws_ami.win7.id}" - instance_type = "${var.instance_type_win}" - subnet_id = "${element(local.malware_subnet_ids, count.index)}" + count = var.docker_ct + ami = data.aws_ami.win7.id + instance_type = var.instance_type_win + subnet_id = element(local.malware_subnet_ids, count.index) vpc_security_group_ids = ["${aws_security_group.malware.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" + key_name = aws_key_pair.circleci_key.key_name root_block_device { delete_on_termination = true volume_size = 150 @@ -48,11 +47,11 @@ resource "aws_instance" "cuckoo_guest" { } resource "aws_instance" "cuckoo-host-ubuntu" { - count = "${var.docker_ct}" - ami = "${data.aws_ami.cuckoo-host.id}" - instance_type = "${var.instance_type_kali}" - subnet_id = "${element(local.malware_subnet_ids, count.index)}" - key_name = "${aws_key_pair.circleci_key.key_name}" + count = var.docker_ct + ami = data.aws_ami.cuckoo-host.id + instance_type = var.instance_type_kali + subnet_id = element(local.malware_subnet_ids, count.index) + key_name = aws_key_pair.circleci_key.key_name vpc_security_group_ids = ["${aws_security_group.malware.id}"] tags = { @@ -67,13 +66,13 @@ resource "aws_instance" "cuckoo-host-ubuntu" { resource "aws_instance" "remnux" { - count = "${var.docker_ct}" - ami = "${data.aws_ami.remnux.id}" - instance_type = "${var.instance_type_kali}" - subnet_id = "${element(local.malware_subnet_ids, count.index)}" - key_name = "${aws_key_pair.circleci_key.key_name}" + count = var.docker_ct + ami = data.aws_ami.remnux.id + instance_type = var.instance_type_kali + subnet_id = element(local.malware_subnet_ids, count.index) + key_name = aws_key_pair.circleci_key.key_name vpc_security_group_ids = ["${aws_security_group.malware.id}"] - user_data = "${file("../../modules/infrastructure/cloud-init/remnux.ssh.enable.yml")}" + user_data = file("../../modules/infrastructure/cloud-init/remnux.ssh.enable.yml") tags = { // todo: tag standardization Name = "remnux-6.0" diff --git a/terraform/modules/infrastructure/assets/secdevops/range_users.tf b/terraform/modules/infrastructure/assets/secdevops/range_users.tf new file mode 100644 index 0000000..cb8b2b4 --- /dev/null +++ b/terraform/modules/infrastructure/assets/secdevops/range_users.tf @@ -0,0 +1,55 @@ +//module "create_test1" { +// source = "git::https://github.com/cloudposse/terraform-aws-iam-user.git?ref=master" +// name = "qgaxeevv@sharklasers.com" +// pgp_key = "mQENBF2Y3n8BCAC6tFVgnQdw5KyVN01ngB8bv8r3joVNO8+/fSaOBvRF43F0M/KLtXnHqi/Wues1Y4Z/ByAJjsuTFUN2bsTVjboxWesugOPTh+HGXGB3SwXKuDlVVxD3/H9oxgB6g5lN3u1o1mdmg9FADKYYWn0/pmqwF87L4jusdNYy99ImJKYBfncuTat2ZXwND6VIMXAlvXkrpRqxL40aEY621CyPRV1gl8tLqVVWppHwd8NAQcWgQKWF7dthEqWd5svdWjkh8DCp9Wr2uieBXBs7uf4wHxD22s0MluLWjao8DEQ4SdgKhGToAngHDl0xYTgQk6teN3Pz87Af4EnIe2veJi2dEa67ABEBAAG0I3FnYXhlZXZ2IDxxZ2F4ZWV2dkBzaGFya2xhc2Vycy5jb20+iQFUBBMBCAA+FiEEiD+RXRgaYU/GYJMLeXod5qmKb3EFAl2Y3n8CGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQeXod5qmKb3Fd/wgApZXuTsb1h5OL7RxRkebGXgzVAq2BwEtejlbLZmJ3EDWySNi+/xhMiDSLPXPto2Dzn9F5N65xT8ezw30xN/ydDcAb1C3nvTgtY/u2Lllai83Ae27hls8iZEf9FfzkeJPv5Kg0TSwfSa+WrSuZyYPBcNLhM7Iurv3qJKFDLJ1g31dJmT69mbk70uhtfhpjquU9pxu+GIC66Q2m9Mc5qUphOdzFCr9iU+mOqkRHCGnOzAgsYZySmhVYhvdILGqqHuou7GSqQEtLZ4wh9iCHjnwux9eBAdYklewP4ATzII+Ul+r49AsqTMP7wtqKCrNNpRSJUrko/Y8gdWdA+gm7GRhUjbkBDQRdmN5/AQgAvZG7t9fz8Gz/03zVu7mBqBsqS0ztxow14sfovImUBh5/Uw27fpV1MGGfz/hFBQSWSv58CnUlOOSiFUUQktsZPw+FwsMDHkF5rEzRpcBYXbLVTvajv0qE8pKlBUPsyPs+yLeH9oaVCc0wL8GDgwJVEWeOMxD+H+9hWnvrZiQ0dFgkJjSNE8rM/9mjzzLKodjGpFAKfa1IQXFz7+PUt1T4+gnMkXz8r6TvmidAhcvURg2TFBTRgS/5vMK6wZVUTN8Hfc1KePKvhgzlQpRXKL1VotykgA5VkP2lrCK+UbX+RWtlLRlizjfhSz6zNdGb3Ea/JPIcWGUZPNJ53xHddwrlKQARAQABiQE8BBgBCAAmFiEEiD+RXRgaYU/GYJMLeXod5qmKb3EFAl2Y3n8CGwwFCQPCZwAACgkQeXod5qmKb3EJaQgAr/T9p4UzcMZFfz+DD1rW0EC72lMILCZ78hclFJ7IFfBnraNvEwNP/5TvhR1XG/A1rOOdH6KrSH0Su09XyOvA/OqLlz5RM9l0J2zmbwfw1fmecYjpOg7vsTkaCr5PZjv9PLUlvoOu3YKatrd0D/x8SqdGXb9zMIJiqc36FlRI0V+tohGtln/8uFszhWl+DmBiJyBqHaeaEVkUAMRYnmD3b2EJCjlwLAn7/9kgU1EbFSj0ZJQwYg28Lr6IQIswxG0ai0iGTG/cm88fzowhNo3dOPmci4VM1iOVTF2DY9gokqks/RTADrxS0xq0CU5xmkL8l47uftuIZWqQV92kzbiLFA==" +// groups = ["mgmt"] +//} +resource "aws_iam_user" "cloudgoat" { + name = "cloudgoat" + path = "/cloudgoat/" + +} + +resource "aws_iam_access_key" "cloudgoat" { + user = aws_iam_user.cloudgoat.name +// pgp_key = "mQENBF2Y3n8BCAC6tFVgnQdw5KyVN01ngB8bv8r3joVNO8+/fSaOBvRF43F0M/KLtXnHqi/Wues1Y4Z/ByAJjsuTFUN2bsTVjboxWesugOPTh+HGXGB3SwXKuDlVVxD3/H9oxgB6g5lN3u1o1mdmg9FADKYYWn0/pmqwF87L4jusdNYy99ImJKYBfncuTat2ZXwND6VIMXAlvXkrpRqxL40aEY621CyPRV1gl8tLqVVWppHwd8NAQcWgQKWF7dthEqWd5svdWjkh8DCp9Wr2uieBXBs7uf4wHxD22s0MluLWjao8DEQ4SdgKhGToAngHDl0xYTgQk6teN3Pz87Af4EnIe2veJi2dEa67ABEBAAG0I3FnYXhlZXZ2IDxxZ2F4ZWV2dkBzaGFya2xhc2Vycy5jb20+iQFUBBMBCAA+FiEEiD+RXRgaYU/GYJMLeXod5qmKb3EFAl2Y3n8CGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQeXod5qmKb3Fd/wgApZXuTsb1h5OL7RxRkebGXgzVAq2BwEtejlbLZmJ3EDWySNi+/xhMiDSLPXPto2Dzn9F5N65xT8ezw30xN/ydDcAb1C3nvTgtY/u2Lllai83Ae27hls8iZEf9FfzkeJPv5Kg0TSwfSa+WrSuZyYPBcNLhM7Iurv3qJKFDLJ1g31dJmT69mbk70uhtfhpjquU9pxu+GIC66Q2m9Mc5qUphOdzFCr9iU+mOqkRHCGnOzAgsYZySmhVYhvdILGqqHuou7GSqQEtLZ4wh9iCHjnwux9eBAdYklewP4ATzII+Ul+r49AsqTMP7wtqKCrNNpRSJUrko/Y8gdWdA+gm7GRhUjbkBDQRdmN5/AQgAvZG7t9fz8Gz/03zVu7mBqBsqS0ztxow14sfovImUBh5/Uw27fpV1MGGfz/hFBQSWSv58CnUlOOSiFUUQktsZPw+FwsMDHkF5rEzRpcBYXbLVTvajv0qE8pKlBUPsyPs+yLeH9oaVCc0wL8GDgwJVEWeOMxD+H+9hWnvrZiQ0dFgkJjSNE8rM/9mjzzLKodjGpFAKfa1IQXFz7+PUt1T4+gnMkXz8r6TvmidAhcvURg2TFBTRgS/5vMK6wZVUTN8Hfc1KePKvhgzlQpRXKL1VotykgA5VkP2lrCK+UbX+RWtlLRlizjfhSz6zNdGb3Ea/JPIcWGUZPNJ53xHddwrlKQARAQABiQE8BBgBCAAmFiEEiD+RXRgaYU/GYJMLeXod5qmKb3EFAl2Y3n8CGwwFCQPCZwAACgkQeXod5qmKb3EJaQgAr/T9p4UzcMZFfz+DD1rW0EC72lMILCZ78hclFJ7IFfBnraNvEwNP/5TvhR1XG/A1rOOdH6KrSH0Su09XyOvA/OqLlz5RM9l0J2zmbwfw1fmecYjpOg7vsTkaCr5PZjv9PLUlvoOu3YKatrd0D/x8SqdGXb9zMIJiqc36FlRI0V+tohGtln/8uFszhWl+DmBiJyBqHaeaEVkUAMRYnmD3b2EJCjlwLAn7/9kgU1EbFSj0ZJQwYg28Lr6IQIswxG0ai0iGTG/cm88fzowhNo3dOPmci4VM1iOVTF2DY9gokqks/RTADrxS0xq0CU5xmkL8l47uftuIZWqQV92kzbiLFA==" +} + +resource "aws_iam_user_policy" "cloudgoat" { + name = "cloudgoat" + user = aws_iam_user.cloudgoat.name + + policy = <