Last active
July 24, 2021 16:34
-
-
Save quadcube/af283bb9d30e6f1a017269f5ef7a2f23 to your computer and use it in GitHub Desktop.
CROND-JAIST CyTRONE Install Script for Winter Intensive I465S
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # CROND-JAIST CyTrONE Install Script for Winter Intensive I465S Usage | |
| # chmod +x install_cytrone_i465s.sh | |
| # ./install_cytrone_i465s.sh | |
| # After install, CyTrONE can be launched by: | |
| # ssh -fgL 0.0.0.0:8081:<MOODLE_VM_IP>:443 localhost -N | |
| # cd ~/cytrone/scripts/ | |
| # ./start_cytrone.sh | |
| # Create I465S training scenario by: | |
| # cd ~/cytrone/scripts/ | |
| # ./create_training.sh 5 | |
| # Wait until create_training.sh fully exit | |
| # Try accessing the Moodle LMS website https://<host_machine_ip>:8081 | |
| # CyTrONE can be stopped by: | |
| # cd ~/cytrone/scripts/ | |
| # ./end_training.sh 1 | |
| # ./stop_cytrone.sh | |
| # lsof -i:8081 # Get SSH tunnel PID <ssh_pid> | |
| # sudo kill <ssh_pid> | |
| # CyTrONE ENV | |
| BASE_VM="basevm.tgz" | |
| MOODLE_VM="moodle.tgz" | |
| SCORM_TEMPLATE="create_scorm_template.sh" | |
| MOODLE_VM_IP="192.168.122.232" | |
| BASE_VM_I465S="192.168.122.100" | |
| set -e | |
| sudo apt-get update | |
| IP="$(ip route get 8.8.8.8 | awk -F"src " 'NR==1{split($2,a," ");print a[1]}')" | |
| # 1. Enable sudo no password for current user | |
| echo "$USER ALL=NOPASSWD: ALL" | sudo EDITOR='tee -a' visudo | |
| # 2. Generate and copy SSH key. | |
| ssh-keygen -t rsa -f ~/.ssh/id_rsa -N "" # Remove '-N ""' to provide passphrase | |
| ssh-copy-id localhost | |
| ssh-copy-id 127.0.0.1 | |
| ssh-copy-id $IP | |
| # 3. Install kvm. | |
| sudo apt-get install qemu-kvm libvirt-bin ubuntu-vm-builder bridge-utils ifupdown -y | |
| # 4. Install virt-manager. | |
| sudo apt-get install virt-manager -y | |
| mkdir -p ~/.config/libvirt/ | |
| test -f ~/.config/libvirt/libvirt.conf || echo 'uri_default = "qemu:///system"' >> ~/.config/libvirt/libvirt.conf | |
| sudo usermod -aG libvirt $USER | |
| # 5. Install pip. | |
| sudo apt-get install python-pip -y | |
| # 6. Install python-paramiko. | |
| sudo apt-get install python-paramiko -y | |
| # 7. Install tcpreplay. | |
| sudo apt-get install tcpreplay -y | |
| # 8. Install wireshark. | |
| sudo apt-get install wireshark -y | |
| # 9. Install sshpass. | |
| sudo apt-get install sshpass -y | |
| # 10. Install pssh. | |
| sudo apt-get install pssh -y | |
| # 11. Install yaml for python. | |
| sudo apt-get install python-yaml -y | |
| # 12. Install scapy for python. | |
| sudo apt-get install python-scapy -y | |
| # 13. Install sendemail | |
| sudo apt-get install sendemail -y | |
| # 14. Get CyRIS | |
| cd ~ | |
| mkdir ~/images | |
| git clone https://github.com/crond-jaist/cyris.git | |
| cd ~/images | |
| LATEST="$(curl -fsSLI -o /dev/null -w %{url_effective} https://github.com/crond-jaist/cyris/releases/latest)" | |
| wget "${LATEST/tag/download}""/$BASE_VM" | |
| tar zxvf $BASE_VM | |
| #mv basevm basevm_i465s # old i465s - before 2020 | |
| #mv basevm.xml basevm_i465s.xml # old i465s - before 2020 | |
| #sed -i -e "s/basevm/basevm_i465s/g" basevm_i465s.xml # old i465s - before 2020 | |
| #sudo virsh define basevm_i465s.xml # old i465s - before 2020 | |
| #sudo virsh start basevm_i465s # old i465s - before 2020 | |
| sudo virsh define basevm.xml # 2020 i465s | |
| sudo virsh start basevm # 2020 i465s | |
| until ssh -o BatchMode=yes -o ConnectTimeout=5 -o StrictHostKeyChecking=no -o PubkeyAuthentication=no -o PasswordAuthentication=no -o KbdInteractiveAuthentication=no -o ChallengeResponseAuthentication=no $BASE_VM_I465S 2>&1 | grep "Permission denied"; do | |
| echo "Waiting for Base VM I465S to come online..." | |
| sleep 1 | |
| done # test whether Base VM I465S is up | |
| echo "root@$BASE_VM_I465S (I465S BASE VM) password is the same as MOODLE VM. (theroot)" | |
| ssh root@$BASE_VM_I465S 'echo "net.ipv6.conf.all.disable_ipv6=1" >>/etc/sysctl.d/disable_ipv6.conf; echo "net.ipv6.conf.default.disable_ipv6=1" >>/etc/sysctl.d/disable_ipv6.conf; ip route add default via 192.168.122.1; yum clean all; yum -y update; shutdown -h && exit' | |
| # 15. Get CyLMS | |
| cd ~ | |
| sudo apt-get install zip -y | |
| #while true; do | |
| # read -n 1 -p "Install CyLMS from GitHub (y/n)? " user_input | |
| # case $user_input in | |
| # [Yy]* ) git clone https://github.com/crond-jaist/cylms.git; break;; | |
| # [Nn]* ) echo ""; while true; do read -n 1 -p "Move CyLMS to home directory and press any key to continue... "; if [[ -d ~/cylms && -d ~/cylms/Template ]] ; then echo $'\n'CyLMS and Template found!; break; else echo $'\n'CyLMS and Template does not exist!; fi; done; break;; | |
| # * ) echo $'\n'Please answer Y/y or N/n.;; | |
| # esac | |
| #done | |
| git clone https://github.com/crond-jaist/cylms.git # 2020 i465s | |
| cd ~/images | |
| LATEST="$(curl -fsSLI -o /dev/null -w %{url_effective} https://github.com/crond-jaist/cylms/releases/latest)" | |
| wget "${LATEST/tag/download}""/$MOODLE_VM" | |
| tar zxvf $MOODLE_VM | |
| sudo virsh define moodle.xml | |
| sudo virsh autostart moodle | |
| sudo virsh start moodle | |
| cd ~ | |
| #case $user_input in | |
| # [Yy]* ) wget "${LATEST/tag/download}""/$SCORM_TEMPLATE"; chmod +x $SCORM_TEMPLATE; ./$SCORM_TEMPLATE /home/$USER/cylms/;; | |
| #esac | |
| wget "${LATEST/tag/download}""/$SCORM_TEMPLATE" | |
| chmod +x $SCORM_TEMPLATE | |
| ./$SCORM_TEMPLATE /home/$USER/cylms/ | |
| # 16. Get CyPROM | |
| cd ~ | |
| git clone https://github.com/crond-jaist/cyprom.git | |
| sudo apt -y install python-msgpack | |
| # 17. Get CyTrONE | |
| cd ~ | |
| git clone https://github.com/crond-jaist/cytrone.git | |
| sudo apt -y install python-passlib | |
| cd cytrone/scripts/ | |
| cp -a CONFIG.dist CONFIG | |
| sed -i "s/172\.16\.1\.7/$IP/g" CONFIG | |
| sed -i "s/172\.16\.1\.7/$IP/g" ~/cytrone/database/users.yml | |
| while true; do | |
| read -n 1 -p "Move I465S contents (e.g.: i465s_20200915.tar) into cytrone/database and press any key to continue... " | |
| if [[ -f ~/cytrone/database/i465s_*.tar ]] ; then | |
| echo $'\n'I465S contents found! | |
| tar -xvf i465s*.tar | |
| cd ~/cytrone/database/ | |
| cp -a training-en.yml training-en.yml.NIST-level1 | |
| cp -a i465s/training-en.yml.i464s training-en.yml | |
| break | |
| else | |
| echo $'\n'I465S contents does not exist in cytrone/database! | |
| fi | |
| done | |
| #while true; do | |
| # read -n 1 -p "Move I465S contents into cytrone/database and press any key to continue... " | |
| # if [[ -f ~/cytrone/database/i465s-content-ja.yml && -f ~/cytrone/database/i465s-range.yml && -f ~/cytrone/database/training-en.yml ]] ; then | |
| # echo $'\n'I465S contents found! | |
| # break | |
| # else | |
| # echo $'\n'I465S contents does not exist in cytrone/database! "(i465s-content-ja.yml, i465s-range.yml, training-en.yml)" | |
| # fi | |
| #done | |
| # | |
| #while true; do | |
| # read -n 1 -p "Move I465S program/ and data/ into home directory and press any key to continue... " | |
| # if [[ -d ~/data && -d ~/program ]] ; then | |
| # echo $'\n'I465S program/ and data/ found! | |
| # break | |
| # else | |
| # echo $'\n'I465S program/ and/or data/ does not exist in home directory! | |
| # fi | |
| #done | |
| # 18. Modify cytrone/scripts/create_training.sh option 5 with I465 content (hardcoded to year 2021, replace with other years) | |
| perl -0777 -pi -w -e 's/\b5\) LANGUAGE="en"\n TYPE="Scenario-Based Training"\n SCENARIO="Information Security Testing and Assessment"\n LEVEL="Demo Level"/5\) LANGUAGE="en"\n TYPE="Scenario-Based Training"\n SCENARIO="I465S Winter Intensive Courses"\n LEVEL="I465S Literacy in Information Security Management"/gm' ~/cytrone/scripts/create_training.sh | |
| # 19. Setup Moodle VM | |
| until ssh -o BatchMode=yes -o ConnectTimeout=5 -o StrictHostKeyChecking=no -o PubkeyAuthentication=no -o PasswordAuthentication=no -o KbdInteractiveAuthentication=no -o ChallengeResponseAuthentication=no $MOODLE_VM_IP 2>&1 | grep "Permission denied"; do | |
| echo "Waiting for Moodle VM to come online..." | |
| sleep 1 | |
| done # test whether Moodle VM is up | |
| echo "root@$MOODLE_VM_IP (Moodle VM) password can be found in user guide. (theroot)" | |
| ssh-copy-id root@$MOODLE_VM_IP | |
| ssh root@$MOODLE_VM_IP 'sed -i "s/https:\/\/localhost/https:\/\/'"$IP"':8081/g" /var/www/html/moodle/config.php; systemctl restart httpd; exit' | |
| #read -n 1 -p "Installation complete...installing CyTrONE Door" user_input | |
| # 20. Get CyTrONE Door | |
| #cd ~ | |
| #git clone https://github.com/crond-jaist/cytrone-ui-web.git | |
| #sudo env PERL_MM_USE_DEFAULT=1 cpan install Net::WebSocket::Server | |
| #sudo cpan install Digest::MD5 | |
| #sudo cpan install LWP::UserAgent | |
| #sudo cpan install JSON | |
| #sudo apt -y install libyaml-tiny-perl libdata-dump-perl | |
| #cd cytrone-ui-web | |
| #wget https://cpan.metacpan.org/authors/id/O/OA/OALDERS/LWP-Protocol-https-6.09.tar.gz | |
| #tar zxvf LWP-Protocol-https-6.09.tar.gz | |
| #cd LWP-Protocol-https-6.09 | |
| #perl Makefile.PL | |
| #make | |
| #cd .. | |
| #cat <<EOF >door.conf | |
| #> httpd_addr 172.20.1.12 | |
| #> httpd_port 1180 | |
| #> | |
| #> sweep_HTMLcontfiles . | |
| #> set_maincontfile np.html | |
| #> httpd_userpasswd admin jtvp8343 | |
| #> | |
| #> wsd_addr 172.20.1.12 | |
| #> wsd_port 9999 | |
| #> | |
| #> trngsrv_proto https | |
| #> trngsrv_host 172.20.1.12 | |
| #> trngsrv_port 8082 | |
| #> trngsrv_lang en | |
| #> EOF | |
| # | |
| ## 21. Start CyTrONE | |
| #cd ~/cytrone/scripts | |
| #./start_cytrone.sh | |
| # | |
| ## 22. Start CyTrONE Door (http://172.20.1.12:1180) | |
| #cd ~/cytrone-ui-web | |
| #export PERL_LWP_SSL_VERIFY_HOSTNAME=0 | |
| #perl -I LWP-Protocol-https-6.09/lib door.pl -f door.conf -m | |
| echo "Setup completed!" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment