For the past couple weeks, my coworkers and I have been working on setting up a new virtual environment for our users using a tool called Packer. Learning how to build images with Packer inspired me to use it for a personal project, both to learn more about it and to make use of what I was learning for work. I decided that I would use Packer to automate builds of practice images for CCDC and CyberPatriot.
Currently the CyberPatriot images are far more developed, so I’ll talk about them first. I am building images of Ubuntu 16.04, Windows 10, and Windows Server 2012r2. My plan is for each to be independent (Ubuntu won’t authenticate with AD and such) but be related by the premise given in the README that can be found on each image. The goal for each box is for Ubuntu to be a web server, Windows 10 a normal workstation, and Windows Server a domain controller. The rest of this post is going to be a brief look at each image and aspect of the system. I plan to have a post dedicated to each part, which should be coming out across the next few weeks. I will add links to those under each paragraph as I write them.
As of writing this, I have a very rudimentary scoring system for Ubuntu that I am honestly not terribly proud of, but for now it functions. Basically, it is just a shell script (a plain text one that is readable by the user, ew) that runs checks and then outputs to a WordPress post, since that is the web app being run by the server. I plan to keep the output mode the same, since I think it’s cool, but I will probably rebuild the rest of it once I have a clear idea of how I want to do it. Going forward I also plan to get more in depth with what I look for and have less rigid ways of checking for it. I’ve not yet built any sort of scoring system for Windows, but I’m guessing I’ll do something similar and have it output either an html file, or just give console output when run manually.
CyberPatriot Practice Images
As I mentioned above, the CyberPatriot Ubuntu image is acting as a web server. Critical services for it are Apache2, MySQL/MariaDB, FTP, and SSH. This should be interpreted as a “go ahead” to kill anything like VNC or remote desktop that is found on the box. I’ve not yet added forensic questions to it, but I plan to do so in the future, along with adding point values that I feel fairly represent the difficulty of each bit of the image. I currently do not check for all the things that I have done to the box in the scoring engine, but I will go over all of those in the more in-depth write-up for this box.
Edit 3/19/2018: The write-up dedicated to Ubuntu 0.1.0 can be found here:
The next machine for CyberPatriot is the Windows 10 workstation. I currently don’t have any forensic questions or scoring system for this one, and I’m not 100% sure how I want to handle either of those. The overkill side of me wants to build a C# app that will do it, while the other side wants to make a PowerShell script that will run every X length of time and will output what has been done so far to a file. This is also true for the Server image. Back to Windows 10, most of the things that I have done to this box are pretty basic things like messing up the hosts file to block search engine websites, setting an invalid web proxy, and disabling firewall. I think I could get a lot more in depth with this one than I currently do, and I plan to do so in future versions.
Finally, the last image for my CyberPatriot practice stuff is Windows Server 2012r2. Like with the other Windows machine, I feel I could get a bit fancier with this one. While I do do a lot of the same stuff that I did to the other Windows, the fact that this one is Server means I can get a bit meaner. For example, messing up DNS rules (not going to do that to a high schooler though, that’s something you do to CCDC competitors) and changing Active Directory rules (which I will definitely do). It is also going to be an Exchange server, so that’s fun.
CCDC Practice Images
That’s currently it for the CyberPatriot images, at least for this brief overview. So now onto what I currently have done for the CCDC practice images. There’s not as much to talk about for each one right now, since the idea isn’t as fleshed out and will require a lot more intricacy, as they will have to be properly networked together. I will probably use something like Puppet or Chef to assist in that during the builds, to handle Kerberos configs for me.
My current vision is roughly:
- Gentoo web server
- Arch database
- Windows XP or 7 workstation
- Fedora or Debian Linux workstation
- Windows Server AD and DNS (not sure what year)
- Windows Exchange server (not sure what year)
- Something RHEL as a web server (unless I do a Fedora workstation)
- Something BSD as a web server
- OpenWRT router/firewall
- An automated attack system (Won’t do anything super malicious if it gets in, but it will make it obvious that it did.)
I don’t want the needed host resources to become a major barrier to students or clubs that want to use the environment, so I may either scale that down or find some other way of handling having the all worked together.
Currently from that list, I have Gentoo, Arch, and Fedora building, but I have not yet done the configuration for them. I will probably be able to reuse a lot of the Server 2012r2 setup scripts from my CyberPatriot images for the Windows Server setups. However, since it is CCDC practice, I get to be much more demanding with what I do, which also means that building this out will take even more time since I will have to be much more subtle and thorough with what I do.