Difference between revisions of "Vnx-labo-fw"
(→fw-A scenario) |
(→fw-A scenario) |
||
| Line 57: | Line 57: | ||
<!--vm_mgmt type="none"/!--> | <!--vm_mgmt type="none"/!--> | ||
<vm_mgmt type="private" network="10.20.0.0" mask="16" offset="64"> | <vm_mgmt type="private" network="10.20.0.0" mask="16" offset="64"> | ||
| − | + | <host_mapping /> | |
</vm_mgmt> | </vm_mgmt> | ||
<vm_defaults> | <vm_defaults> | ||
| − | + | <console id="0" display="no"/> | |
| − | + | <console id="1" display="yes"/> | |
</vm_defaults> | </vm_defaults> | ||
</global> | </global> | ||
| Line 101: | Line 101: | ||
<!-- Copy /etc/hosts --> | <!-- Copy /etc/hosts --> | ||
<filetree seq="on_boot, start" root="/tmp/">conf/hosts/</filetree> | <filetree seq="on_boot, start" root="/tmp/">conf/hosts/</filetree> | ||
| − | + | <!-- Copy /etc/resolv.conf --> | |
| − | + | <filetree seq="on_boot, start" root="/etc/">conf/pc1/resolv.conf</filetree> | |
| − | + | <!-- Install /etc/hosts --> | |
<exec seq="on_boot, start" type="verbatim">cat /tmp/hosts >> /etc/hosts</exec> | <exec seq="on_boot, start" type="verbatim">cat /tmp/hosts >> /etc/hosts</exec> | ||
| − | + | <exec seq="on_boot, start" type="verbatim">chmod 644 /etc/resolv.conf</exec> | |
</vm> | </vm> | ||
| Line 120: | Line 120: | ||
<!-- Copy /etc/hosts --> | <!-- Copy /etc/hosts --> | ||
<filetree seq="on_boot, start" root="/tmp/">conf/hosts/</filetree> | <filetree seq="on_boot, start" root="/tmp/">conf/hosts/</filetree> | ||
| − | + | <!-- Copy /etc/resolv.conf --> | |
| − | + | <filetree seq="on_boot, start" root="/etc/">conf/pc1/resolv.conf</filetree> | |
<!-- Copy apache config--> | <!-- Copy apache config--> | ||
| Line 128: | Line 128: | ||
<!-- Install /etc/hosts --> | <!-- Install /etc/hosts --> | ||
<exec seq="on_boot, start" type="verbatim">cat /tmp/hosts >> /etc/hosts</exec> | <exec seq="on_boot, start" type="verbatim">cat /tmp/hosts >> /etc/hosts</exec> | ||
| − | + | <exec seq="on_boot, start" type="verbatim">chmod 644 /etc/resolv.conf</exec> | |
<!-- Restart bind --> | <!-- Restart bind --> | ||
<exec seq="on_boot, start" type="verbatim">/etc/init.d/bind9 restart</exec> | <exec seq="on_boot, start" type="verbatim">/etc/init.d/bind9 restart</exec> | ||
| Line 136: | Line 136: | ||
<exec seq="on_boot, start" type="verbatim">/etc/init.d/apache2 start</exec> | <exec seq="on_boot, start" type="verbatim">/etc/init.d/apache2 start</exec> | ||
<exec seq="on_boot, start" type="verbatim">chmod 755 /var/run/apache2</exec> | <exec seq="on_boot, start" type="verbatim">chmod 755 /var/run/apache2</exec> | ||
| − | + | ||
<exec seq="on_boot, start" type="verbatim">cp /root/index.html /tmp/</exec> | <exec seq="on_boot, start" type="verbatim">cp /root/index.html /tmp/</exec> | ||
| − | + | <exec seq="on_boot, start" type="verbatim">chown daemon:daemon /tmp/index.html</exec> | |
<!-- Stop apache --> | <!-- Stop apache --> | ||
<exec seq="stop" type="verbatim">/etc/init.d/apache2 stop</exec> | <exec seq="stop" type="verbatim">/etc/init.d/apache2 stop</exec> | ||
| − | |||
</vm> | </vm> | ||
| Line 153: | Line 152: | ||
<!-- Copy /etc/hosts --> | <!-- Copy /etc/hosts --> | ||
<filetree seq="on_boot, start" root="/tmp/">conf/hosts/</filetree> | <filetree seq="on_boot, start" root="/tmp/">conf/hosts/</filetree> | ||
| − | + | <!-- Copy /etc/resolv.conf --> | |
| − | + | <filetree seq="on_boot, start" root="/etc/">conf/pc1/resolv.conf</filetree> | |
<!-- Install /etc/hosts --> | <!-- Install /etc/hosts --> | ||
<exec seq="on_boot, start" type="verbatim">cat /tmp/hosts >> /etc/hosts</exec> | <exec seq="on_boot, start" type="verbatim">cat /tmp/hosts >> /etc/hosts</exec> | ||
| − | + | <exec seq="on_boot, start" type="verbatim">chmod 644 /etc/resolv.conf</exec> | |
</vm> | </vm> | ||
| Line 186: | Line 185: | ||
<!-- Install /etc/hosts --> | <!-- Install /etc/hosts --> | ||
<exec seq="on_boot, start" type="verbatim">cat /tmp/hosts >> /etc/hosts</exec> | <exec seq="on_boot, start" type="verbatim">cat /tmp/hosts >> /etc/hosts</exec> | ||
| − | + | <exec seq="on_boot, start" type="verbatim">chmod 644 /etc/resolv.conf</exec> | |
</vm> | </vm> | ||
| Line 208: | Line 207: | ||
<!-- Install /etc/hosts --> | <!-- Install /etc/hosts --> | ||
<exec seq="on_boot, start" type="verbatim">cat /tmp/hosts >> /etc/hosts</exec> | <exec seq="on_boot, start" type="verbatim">cat /tmp/hosts >> /etc/hosts</exec> | ||
| − | + | <exec seq="on_boot, start" type="verbatim">chmod 644 /etc/resolv.conf</exec> | |
<!-- Restart bind --> | <!-- Restart bind --> | ||
<exec seq="on_boot, start" type="verbatim">/etc/init.d/bind9 restart</exec> | <exec seq="on_boot, start" type="verbatim">/etc/init.d/bind9 restart</exec> | ||
| Line 217: | Line 216: | ||
<exec seq="on_boot, start" type="verbatim">chmod 755 /var/run/apache2</exec> | <exec seq="on_boot, start" type="verbatim">chmod 755 /var/run/apache2</exec> | ||
| − | + | <exec seq="on_boot, start" type="verbatim">cp /root/index.html /tmp/</exec> | |
| − | + | <exec seq="on_boot, start" type="verbatim">chown daemon:daemon /tmp/index.html</exec> | |
| − | + | <!-- Stop apache --> | |
<exec seq="stop" type="verbatim">/etc/init.d/apache2 stop</exec> | <exec seq="stop" type="verbatim">/etc/init.d/apache2 stop</exec> | ||
| − | |||
</vm> | </vm> | ||
| Line 237: | Line 235: | ||
<!-- Install /etc/hosts --> | <!-- Install /etc/hosts --> | ||
<exec seq="on_boot, start" type="verbatim">cat /tmp/hosts >> /etc/hosts</exec> | <exec seq="on_boot, start" type="verbatim">cat /tmp/hosts >> /etc/hosts</exec> | ||
| − | + | <exec seq="on_boot, start" type="verbatim">chmod 644 /etc/resolv.conf</exec> | |
</vm> | </vm> | ||
| − | |||
<!-- Internet router --> | <!-- Internet router --> | ||
| Line 262: | Line 259: | ||
<!-- Copy quagga config --> | <!-- Copy quagga config --> | ||
<filetree seq="on_boot, start" root="/etc/quagga/">conf/ra/</filetree> | <filetree seq="on_boot, start" root="/etc/quagga/">conf/ra/</filetree> | ||
| − | + | ||
| − | + | <!-- Install /etc/hosts --> | |
<exec seq="on_boot" type="verbatim">cat /tmp/hosts >> /etc/hosts</exec> | <exec seq="on_boot" type="verbatim">cat /tmp/hosts >> /etc/hosts</exec> | ||
| Line 283: | Line 280: | ||
<exec seq="stop" type="verbatim" ostype="system">killall zebra</exec> | <exec seq="stop" type="verbatim" ostype="system">killall zebra</exec> | ||
<exec seq="stop" type="verbatim" ostype="system">killall ospfd</exec> | <exec seq="stop" type="verbatim" ostype="system">killall ospfd</exec> | ||
| − | |||
</vm> | </vm> | ||
| Line 324: | Line 320: | ||
</if> | </if> | ||
<route type="ipv4" gw="10.1.100.1">default</route> | <route type="ipv4" gw="10.1.100.1">default</route> | ||
| − | + | <!-- Copy /etc/hosts --> | |
<filetree seq="on_boot, start" root="/tmp/">conf/hosts/</filetree> | <filetree seq="on_boot, start" root="/tmp/">conf/hosts/</filetree> | ||
| − | + | <!--Copiy /etc/resolv.conf--> | |
<filetree seq="on_boot, start" root="/etc/">conf/attacker/resolv.conf</filetree> | <filetree seq="on_boot, start" root="/etc/">conf/attacker/resolv.conf</filetree> | ||
| − | + | <!-- Start nessus--> | |
| − | + | <exec seq="on_boot, start" type="verbatim">/etc/init.d/nessusd start</exec> | |
| − | + | <!-- Start apache2--> | |
| − | + | <exec seq="on_boot, start" type="verbatim">/etc/init.d/apache2 start</exec> | |
<!-- Install /etc/hosts --> | <!-- Install /etc/hosts --> | ||
<exec seq="on_boot, start" type="verbatim">cat /tmp/hosts/ >> /etc/hosts</exec> | <exec seq="on_boot, start" type="verbatim">cat /tmp/hosts/ >> /etc/hosts</exec> | ||
| Line 345: | Line 341: | ||
</if> | </if> | ||
<route type="ipv4" gw="10.1.100.1">default</route> | <route type="ipv4" gw="10.1.100.1">default</route> | ||
| − | + | <!-- Copy /etc/hosts --> | |
<filetree seq="on_boot, start" root="/tmp/">conf/hosts/</filetree> | <filetree seq="on_boot, start" root="/tmp/">conf/hosts/</filetree> | ||
| − | + | <!-- Copy /etc/resolv.conf--> | |
<filetree seq="on_boot, start" root="/etc/">conf/attacker/resolv.conf</filetree> | <filetree seq="on_boot, start" root="/etc/">conf/attacker/resolv.conf</filetree> | ||
| − | + | <!-- Start nessus--> | |
| − | + | <exec seq="on_boot, start" type="verbatim">/etc/init.d/nessusd start</exec> | |
| − | + | <!-- Start apache2--> | |
| − | + | <exec seq="on_boot, start" type="verbatim">/etc/init.d/apache2 start</exec> | |
<!-- Install /etc/hosts --> | <!-- Install /etc/hosts --> | ||
<exec seq="on_boot, start" type="verbatim">cat /tmp/hosts >> /etc/hosts</exec> | <exec seq="on_boot, start" type="verbatim">cat /tmp/hosts >> /etc/hosts</exec> | ||
| Line 358: | Line 354: | ||
</vnx> | </vnx> | ||
| + | |||
</pre> | </pre> | ||
Revision as of 17:21, 6 June 2015
VNX Security laboratory
This scenario has been designed to allow 16 student groups to work together configuring firewalls and using security related tools and Linux security oriented distributions like Kali Linux and Metasploitable.
The full scenario is divided on 8 basic scenarios (Fig. 1) that include the virtual machines used by two student groups. Each student pod is made of a simple corporate network with a DMZ network running a vulnerable server and an internal network with some hosts, as well as an attacker host on Internet with Kali Linux. Additionaly, a server on Internet is included to allow testing connectivity from inside the corporate network to Internet.
Installation
- Download the escenario bundle and unpack it:
wget idefix.dit.upm.es/vnx/examples/fw/fw-v01.tgz vnx --unpack fw-v01.tgz
cd fw/filesystems # Create LXC rootfs for firewalls and clients ./create-rootfs # Download Kali rootfs for attackers vnx_download_rootfs -l -r vnx_rootfs_kvm_kali-1.1.0-v025.qcow2 -y # Download metasploitable for DMZ server vnx_download_rootfs -l -r vnx_rootfs_kvm_ubuntu-8.04-metasploitable-v023.qcow2 -y
Starting the scenario
The whole scenario is made of 8 basic scenarios (fw-A.xml, fw-B.xml ... fw-H.xml). Depending on the number of student pods required, start as much scenarios as you need. All the basic scenarios share the "Internet" subnet, so if you start several of them you will get automatic connectivity among all systems (routers run quagga OSPF daemon to provide it).
There is also an scenario named "fw.xml" designed to be used individually that includes only the first pod of fw-A.xml scenario.
To start a basic scenario:
vnx -f fw-A.xml -v -t
fw-A scenario
<?xml version="1.0" encoding="UTF-8"?>
<!--
DESC=PODS 1-2
-->
<vnx xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="/usr/share/xml/vnx/vnx-2.00.xsd">
<global>
<version>2.0</version>
<scenario_name>fw-A</scenario_name>
<!--ssh_version>1</ssh_version-->
<ssh_key>~/.ssh/id_dsa.pub</ssh_key>
<automac offset="1"/>
<!--vm_mgmt type="none"/!-->
<vm_mgmt type="private" network="10.20.0.0" mask="16" offset="64">
<host_mapping />
</vm_mgmt>
<vm_defaults>
<console id="0" display="no"/>
<console id="1" display="yes"/>
</vm_defaults>
</global>
<!-- Networks -->
<!--net name="Internet" mode="virtual_bridge" external="eth1" vlan="71"/!-->
<net name="Internet" mode="virtual_bridge"/>
<!--net name="vlanS1" mode="virtual_bridge" external="eth1" vlan="701"/!-->
<!--net name="vlanS2" mode="virtual_bridge" external="eth1" vlan="702"/!-->
<!-- Internal nets -->
<net name="vlanS1" mode="virtual_bridge"/>
<net name="vlanS2" mode="virtual_bridge"/>
<!-- P2P lines -->
<net name="FW1-RA" mode="virtual_bridge" />
<net name="FW2-RA" mode="virtual_bridge" />
<!-- DMZs -->
<net name="dmz1" mode="virtual_bridge" />
<net name="dmz2" mode="virtual_bridge" />
<!-- POD 1 -->
<!-- FW1 -->
<vm name="fw1" type="lxc">
<filesystem type="cow">filesystems/rootfs_lxc-fw</filesystem>
<console id="1" display="yes"/>
<if id="1" net="vlanS1">
<ipv4 mask="255.255.255.128">10.1.1.1</ipv4>
</if>
<if id="2" net="FW1-RA">
<ipv4 mask="255.255.255.252">10.1.110.2</ipv4>
</if>
<if id="3" net="dmz1">
<ipv4 mask="255.255.255.128">10.1.1.129</ipv4>
</if>
<route type="ipv4" gw="10.1.110.1">default</route>
<forwarding type="ip" />
<!-- Copy /etc/hosts -->
<filetree seq="on_boot, start" root="/tmp/">conf/hosts/</filetree>
<!-- Copy /etc/resolv.conf -->
<filetree seq="on_boot, start" root="/etc/">conf/pc1/resolv.conf</filetree>
<!-- Install /etc/hosts -->
<exec seq="on_boot, start" type="verbatim">cat /tmp/hosts >> /etc/hosts</exec>
<exec seq="on_boot, start" type="verbatim">chmod 644 /etc/resolv.conf</exec>
</vm>
<!-- S1 -->
<vm name="s1" type="libvirt" subtype="kvm" os="linux" exec_mode="sdisk">
<filesystem type="cow">filesystems/rootfs_metasploitable</filesystem>
<mem>192M</mem>
<if id="1" net="dmz1">
<ipv4 mask="255.255.255.128">10.1.1.130</ipv4>
</if>
<route type="ipv4" gw="10.1.1.129">default</route>
<!-- Copy /etc/hosts -->
<filetree seq="on_boot, start" root="/tmp/">conf/hosts/</filetree>
<!-- Copy /etc/resolv.conf -->
<filetree seq="on_boot, start" root="/etc/">conf/pc1/resolv.conf</filetree>
<!-- Copy apache config-->
<filetree root="/var/www/" seq="on_boot, start" perms="644">conf/s1/html</filetree>
<filetree root="/usr/lib/cgi-bin/" seq="on_boot, start" perms="755">conf/s1/lg</filetree>
<!-- Install /etc/hosts -->
<exec seq="on_boot, start" type="verbatim">cat /tmp/hosts >> /etc/hosts</exec>
<exec seq="on_boot, start" type="verbatim">chmod 644 /etc/resolv.conf</exec>
<!-- Restart bind -->
<exec seq="on_boot, start" type="verbatim">/etc/init.d/bind9 restart</exec>
<!-- Start apache -->
<!--exec seq="on_boot, start" type="verbatim">chmod 644 /var/www/*</exec-->
<!--exec seq="on_boot, start" type="verbatim">chmod 755 /usr/lib/cgi-bin/*</exec-->
<exec seq="on_boot, start" type="verbatim">/etc/init.d/apache2 start</exec>
<exec seq="on_boot, start" type="verbatim">chmod 755 /var/run/apache2</exec>
<exec seq="on_boot, start" type="verbatim">cp /root/index.html /tmp/</exec>
<exec seq="on_boot, start" type="verbatim">chown daemon:daemon /tmp/index.html</exec>
<!-- Stop apache -->
<exec seq="stop" type="verbatim">/etc/init.d/apache2 stop</exec>
</vm>
<!-- PC1 -->
<vm name="pc1" type="lxc">
<filesystem type="cow">filesystems/rootfs_lxc-fw</filesystem>
<if id="1" net="vlanS1">
<ipv4 mask="255.255.255.128">10.1.1.10</ipv4>
</if>
<route type="ipv4" gw="10.1.1.1">default</route>
<!-- Copy /etc/hosts -->
<filetree seq="on_boot, start" root="/tmp/">conf/hosts/</filetree>
<!-- Copy /etc/resolv.conf -->
<filetree seq="on_boot, start" root="/etc/">conf/pc1/resolv.conf</filetree>
<!-- Install /etc/hosts -->
<exec seq="on_boot, start" type="verbatim">cat /tmp/hosts >> /etc/hosts</exec>
<exec seq="on_boot, start" type="verbatim">chmod 644 /etc/resolv.conf</exec>
</vm>
<!-- POD 2 -->
<!-- FW2 -->
<vm name="fw2" type="lxc">
<filesystem type="cow">filesystems/rootfs_lxc-fw</filesystem>
<console id="1" display="yes"/>
<if id="1" net="vlanS2">
<ipv4 mask="255.255.255.128">10.1.2.1</ipv4>
</if>
<if id="2" net="FW2-RA">
<ipv4 mask="255.255.255.252">10.1.110.6</ipv4>
</if>
<if id="3" net="dmz2">
<ipv4 mask="255.255.255.128">10.1.2.129</ipv4>
</if>
<route type="ipv4" gw="10.1.110.5">default</route>
<forwarding type="ip" />
<!-- Copy /etc/hosts -->
<filetree seq="on_boot, start" root="/tmp/">conf/hosts/</filetree>
<!-- Copy /etc/resolv.conf -->
<filetree seq="on_boot, start" root="/etc/">conf/pc2/resolv.conf</filetree>
<!-- Install /etc/hosts -->
<exec seq="on_boot, start" type="verbatim">cat /tmp/hosts >> /etc/hosts</exec>
<exec seq="on_boot, start" type="verbatim">chmod 644 /etc/resolv.conf</exec>
</vm>
<!-- S2 -->
<vm name="s2" type="libvirt" subtype="kvm" os="linux" exec_mode="sdisk">
<filesystem type="cow">filesystems/rootfs_metasploitable</filesystem>
<mem>192M</mem>
<if id="1" net="dmz2">
<ipv4 mask="255.255.255.128">10.1.2.130</ipv4>
</if>
<route type="ipv4" gw="10.1.2.129">default</route>
<!-- Copy /etc/hosts -->
<filetree seq="on_boot, start" root="/tmp/">conf/hosts/</filetree>
<!-- Copy /etc/resolv.conf -->
<filetree seq="on_boot, start" root="/etc/">conf/pc2/resolv.conf</filetree>
<!-- Copy apache config-->
<filetree root="/var/www/" seq="on_boot, start" perms="644">conf/s2/html</filetree>
<filetree root="/usr/lib/cgi-bin/" seq="on_boot, start" perms="755">conf/s2/lg</filetree>
<!-- Install /etc/hosts -->
<exec seq="on_boot, start" type="verbatim">cat /tmp/hosts >> /etc/hosts</exec>
<exec seq="on_boot, start" type="verbatim">chmod 644 /etc/resolv.conf</exec>
<!-- Restart bind -->
<exec seq="on_boot, start" type="verbatim">/etc/init.d/bind9 restart</exec>
<!-- Start apache -->
<!--exec seq="on_boot, start" type="verbatim">chmod 644 /var/www/*</exec-->
<!--exec seq="on_boot, start" type="verbatim">chmod 755 /usr/lib/cgi-bin/*</exec-->
<exec seq="on_boot, start" type="verbatim">/etc/init.d/apache2 start</exec>
<exec seq="on_boot, start" type="verbatim">chmod 755 /var/run/apache2</exec>
<exec seq="on_boot, start" type="verbatim">cp /root/index.html /tmp/</exec>
<exec seq="on_boot, start" type="verbatim">chown daemon:daemon /tmp/index.html</exec>
<!-- Stop apache -->
<exec seq="stop" type="verbatim">/etc/init.d/apache2 stop</exec>
</vm>
<!-- PC2 -->
<vm name="pc2" type="lxc">
<filesystem type="cow">filesystems/rootfs_lxc-fw</filesystem>
<if id="1" net="vlanS2">
<ipv4 mask="255.255.255.128">10.1.2.10</ipv4>
</if>
<route type="ipv4" gw="10.1.2.1">default</route>
<!-- Copy /etc/hosts -->
<filetree seq="on_boot, start" root="/tmp/">conf/hosts/</filetree>
<!-- Copy /etc/resolv.conf -->
<filetree seq="on_boot, start" root="/etc/">conf/pc2/resolv.conf</filetree>
<!-- Install /etc/hosts -->
<exec seq="on_boot, start" type="verbatim">cat /tmp/hosts >> /etc/hosts</exec>
<exec seq="on_boot, start" type="verbatim">chmod 644 /etc/resolv.conf</exec>
</vm>
<!-- Internet router -->
<!-- RA -->
<vm name="ra" type="lxc">
<filesystem type="cow">filesystems/rootfs_lxc-fw</filesystem>
<if id="1" net="Internet">
<ipv4 mask="255.255.255.0">10.1.100.1</ipv4>
</if>
<if id="2" net="FW1-RA">
<ipv4 mask="255.255.255.252">10.1.110.1</ipv4>
</if>
<if id="3" net="FW2-RA">
<ipv4 mask="255.255.255.252">10.1.110.5</ipv4>
</if>
<route type="ipv4" gw="10.1.110.2">10.1.1.0/24</route>
<route type="ipv4" gw="10.1.110.6">10.1.2.0/24</route>
<forwarding type="ip" />
<!-- Copy /etc/hosts -->
<filetree seq="on_boot, start" root="/tmp/">conf/hosts/</filetree>
<!-- Copy quagga config -->
<filetree seq="on_boot, start" root="/etc/quagga/">conf/ra/</filetree>
<!-- Install /etc/hosts -->
<exec seq="on_boot" type="verbatim">cat /tmp/hosts >> /etc/hosts</exec>
<!-- Config quagga -->
<exec seq="on_boot,start" type="verbatim" ostype="system">
mkdir -v /var/log/zebra;
chown quagga.quagga /var/log/zebra;
sleep 4;
mkdir -v /var/run/quagga;
chown quagga.quagga /var/run/quagga;
chmod 755 /var/run/quagga;
chown quagga.quagga /etc/quagga;
chown quagga.quagga /etc/quagga/*;
/usr/lib/quagga/zebra -d;
/usr/lib/quagga/ospfd -d;
</exec>
<!-- Stop Quagga -->
<exec seq="stop" type="verbatim" ostype="system">killall zebra</exec>
<exec seq="stop" type="verbatim" ostype="system">killall ospfd</exec>
</vm>
<!--Virtual machines in Internet: servers and attackers -->
<!-- SC -->
<vm name="sca" type="lxc">
<filesystem type="cow">filesystems/rootfs_lxc-fw</filesystem>
<console id="1" display="yes"/>
<if id="1" net="Internet">
<ipv4 mask="255.255.255.0">10.1.100.31</ipv4>
</if>
<route type="ipv4" gw="10.1.100.1">default</route>
<!-- Copy /etc/hosts -->
<filetree seq="on_boot" root="/tmp">conf/hosts/</filetree>
<!-- Copy apache config -->
<filetree root="/var/www" seq="on_boot, start" perms="644">conf/sca/html</filetree>
<filetree root="/usr/lib/cgi-bin" seq="on_boot, start" perms="755">conf/sca/lg</filetree>
<!-- Install /etc/hosts -->
<exec seq="on_boot" type="verbatim">cat /tmp/hosts >> /etc/hosts</exec>
<!-- Start apache -->
<exec seq="on_boot, start" type="verbatim">/etc/init.d/apache2 start</exec>
<!-- Create user/user account-->
<exec seq="on_boot, start" type="verbatim">mkdir /home/user</exec>
<exec seq="on_boot, start" type="verbatim">useradd -d /home/user -p x user</exec>
<exec seq="on_boot, start" type="verbatim">echo "user:user" | chpasswd</exec>
<!-- Stop apache -->
<exec seq="stop" type="verbatim">/etc/init.d/apache2 stop</exec>
</vm>
<!-- ATTACKER1 -->
<vm name="att1" type="libvirt" subtype="kvm" os="linux" exec_mode="sdisk">
<filesystem type="cow">filesystems/rootfs_kali</filesystem>
<mem>512M</mem>
<console id="0" display="yes"/>
<if id="1" net="Internet">
<ipv4 mask="255.255.255.0">10.1.100.21</ipv4>
</if>
<route type="ipv4" gw="10.1.100.1">default</route>
<!-- Copy /etc/hosts -->
<filetree seq="on_boot, start" root="/tmp/">conf/hosts/</filetree>
<!--Copiy /etc/resolv.conf-->
<filetree seq="on_boot, start" root="/etc/">conf/attacker/resolv.conf</filetree>
<!-- Start nessus-->
<exec seq="on_boot, start" type="verbatim">/etc/init.d/nessusd start</exec>
<!-- Start apache2-->
<exec seq="on_boot, start" type="verbatim">/etc/init.d/apache2 start</exec>
<!-- Install /etc/hosts -->
<exec seq="on_boot, start" type="verbatim">cat /tmp/hosts/ >> /etc/hosts</exec>
</vm>
<!-- ATTACKER2 -->
<vm name="att2" type="libvirt" subtype="kvm" os="linux" exec_mode="sdisk">
<filesystem type="cow">filesystems/rootfs_kali</filesystem>
<mem>512M</mem>
<console id="0" display="yes"/>
<if id="1" net="Internet">
<ipv4 mask="255.255.255.0">10.1.100.22</ipv4>
</if>
<route type="ipv4" gw="10.1.100.1">default</route>
<!-- Copy /etc/hosts -->
<filetree seq="on_boot, start" root="/tmp/">conf/hosts/</filetree>
<!-- Copy /etc/resolv.conf-->
<filetree seq="on_boot, start" root="/etc/">conf/attacker/resolv.conf</filetree>
<!-- Start nessus-->
<exec seq="on_boot, start" type="verbatim">/etc/init.d/nessusd start</exec>
<!-- Start apache2-->
<exec seq="on_boot, start" type="verbatim">/etc/init.d/apache2 start</exec>
<!-- Install /etc/hosts -->
<exec seq="on_boot, start" type="verbatim">cat /tmp/hosts >> /etc/hosts</exec>
</vm>
</vnx>
