Vnx-labo-fw

From VNX
Revision as of 16:29, 6 June 2015 by David (talk | contribs) (Starting the scenario)
Jump to: navigation, search

VNX Security laboratory

This scenario has been designed to allow 16 student groups to work together configuring firewalls and using security related tools and Linux security oriented distributions like Kali Linux and Metasploitable.

The full scenario is divided on 8 basic scenarios (Fig. 1) that include the virtual machines used by two student groups. Each student pod is made of a simple corporate network with a DMZ network running a vulnerable server and an internal network with some hosts, as well as an attacker host on Internet with Kali Linux. Additionaly, a server on Internet is included to allow testing connectivity from inside the corporate network to Internet.

Figure 1: basic scenario for two student groups

Installation

  • Download the escenario bundle and unpack it:
  • wget idefix.dit.upm.es/vnx/examples/fw/fw-v01.tgz
    vnx --unpack fw-v01.tgz
    
  • Download and create the root filesystems needed:
  • cd fw/filesystems
    # Create LXC rootfs for firewalls and clients
    ./create-rootfs
    # Download Kali rootfs for attackers
    vnx_download_rootfs -l -r vnx_rootfs_kvm_kali-1.1.0-v025.qcow2 -y
    # Download metasploitable for DMZ server
    vnx_download_rootfs -l -r vnx_rootfs_kvm_ubuntu-8.04-metasploitable-v023.qcow2 -y
    

Starting the scenario

The whole scenario is made of 8 basic scenarios (fw-A.xml, fw-B.xml ... fw-H.xml). Depending on the number of student pods required, start as much scenarios as you need. All the basic scenarios share the "Internet" subnet, so if you start several of them you will get automatic connectivity among all systems (routers run quagga OSPF daemon to provide it).

There is also an scenario named "fw.xml" designed to be used individually that includes only the first pod of fw-A.xml scenario.

To start a basic scenario:

vnx -f fw-A.xml -v -t
Figure 2: fw-A scenario topology

Accessing virtual machines

You have several possibilities to access the virtual machines in the scenario:

Using VM consoles

If you have access to the console of the system where the scenario has been started, you can access the VM consoles directly. All VM offer a textual console but the attackers running Linux that also offer a graphical console.

Using ssh

All the scenarios are configured with VM management interfaces enabled, so you can access all VM from the system where the scenario was started using ssh. Specially useful is to access using "X forwarding option" to be able to start graphical applications.

For example, to access a firewall and start Firewallvuilder application:

slogin fw -X
fwbuilder

fw-A scenario

<?xml version="1.0" encoding="UTF-8"?>

<!--
DESC=PODS 1-2
-->

<vnx xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="/usr/share/xml/vnx/vnx-2.00.xsd">
  <global>
    <version>2.0</version>
    <scenario_name>fw-A</scenario_name>
    <!--ssh_version>1</ssh_version-->
    <ssh_key>~/.ssh/id_dsa.pub</ssh_key>
    <automac offset="1"/>
    <!--vm_mgmt type="none"/!-->
    <vm_mgmt type="private" network="10.20.0.0" mask="16" offset="64">
      <host_mapping />
    </vm_mgmt>
    <vm_defaults>
      <console id="0" display="no"/>
      <console id="1" display="yes"/>
    </vm_defaults>
  </global>

  <!-- Networks -->
  <!--net name="Internet"  mode="virtual_bridge" external="eth1" vlan="71"/!-->
  <net name="Internet"  mode="virtual_bridge"/>
  <!--net name="vlanS1"  mode="virtual_bridge" external="eth1" vlan="701"/!-->
  <!--net name="vlanS2"  mode="virtual_bridge" external="eth1" vlan="702"/!-->
  <!-- Internal nets -->
  <net name="vlanS1"  mode="virtual_bridge"/>
  <net name="vlanS2"  mode="virtual_bridge"/>
  <!-- P2P lines -->
  <net name="FW1-RA" mode="virtual_bridge" />
  <net name="FW2-RA" mode="virtual_bridge" />
  <!-- DMZs -->
  <net name="dmz1"  mode="virtual_bridge" />
  <net name="dmz2"  mode="virtual_bridge" />


  <!-- POD 1 -->

  <!-- FW1 -->
  <vm name="fw1" type="lxc">
    <filesystem type="cow">filesystems/rootfs_lxc-fw</filesystem>
    <console id="1" display="yes"/>
    <if id="1" net="vlanS1">
      <ipv4 mask="255.255.255.128">10.1.1.1</ipv4>
    </if>
    <if id="2" net="FW1-RA">
      <ipv4 mask="255.255.255.252">10.1.110.2</ipv4>
    </if>
    <if id="3" net="dmz1">
      <ipv4 mask="255.255.255.128">10.1.1.129</ipv4>
    </if>
    <route type="ipv4" gw="10.1.110.1">default</route>
    <forwarding type="ip" />

    <!-- Copy /etc/hosts -->
    <filetree seq="on_boot, start" root="/tmp/">conf/hosts/</filetree>
    <!-- Copy /etc/resolv.conf -->
    <filetree seq="on_boot, start" root="/etc/">conf/pc1/resolv.conf</filetree>
    
    <!-- Install /etc/hosts -->
    <exec seq="on_boot, start" type="verbatim">cat /tmp/hosts >> /etc/hosts</exec>
    <exec seq="on_boot, start" type="verbatim">chmod 644 /etc/resolv.conf</exec>
  </vm>

  <!-- S1 -->
  <vm name="s1" type="libvirt" subtype="kvm" os="linux" exec_mode="sdisk">
    <filesystem type="cow">filesystems/rootfs_metasploitable</filesystem>
    <mem>192M</mem>
    <if id="1" net="dmz1">
      <ipv4 mask="255.255.255.128">10.1.1.130</ipv4>
    </if>
    <route type="ipv4" gw="10.1.1.129">default</route>

    <!-- Copy /etc/hosts -->
    <filetree seq="on_boot, start" root="/tmp/">conf/hosts/</filetree>
    <!-- Copy /etc/resolv.conf -->
    <filetree seq="on_boot, start" root="/etc/">conf/pc1/resolv.conf</filetree>

    <!-- Copy apache config-->
    <filetree root="/var/www/"  seq="on_boot, start" perms="644">conf/s1/html</filetree>
    <filetree root="/usr/lib/cgi-bin/" seq="on_boot, start" perms="755">conf/s1/lg</filetree>
    <!-- Install /etc/hosts -->
    <exec seq="on_boot, start" type="verbatim">cat /tmp/hosts >> /etc/hosts</exec>
    <exec seq="on_boot, start" type="verbatim">chmod 644 /etc/resolv.conf</exec>
    <!-- Restart bind -->
    <exec seq="on_boot, start" type="verbatim">/etc/init.d/bind9 restart</exec>
    <!-- Start apache -->
    <!--exec seq="on_boot, start" type="verbatim">chmod 644 /var/www/*</exec-->
    <!--exec seq="on_boot, start" type="verbatim">chmod 755 /usr/lib/cgi-bin/*</exec-->
    <exec seq="on_boot, start" type="verbatim">/etc/init.d/apache2 start</exec>
    <exec seq="on_boot, start" type="verbatim">chmod 755 /var/run/apache2</exec>
  
    <exec seq="on_boot, start" type="verbatim">cp /root/index.html /tmp/</exec>
    <exec seq="on_boot, start" type="verbatim">chown daemon:daemon /tmp/index.html</exec>
    <!-- Stop apache -->
    <exec seq="stop"  type="verbatim">/etc/init.d/apache2 stop</exec>
  </vm>

  <!-- PC1 -->
  <vm name="pc1" type="lxc">
    <filesystem type="cow">filesystems/rootfs_lxc-fw</filesystem>
    <if id="1" net="vlanS1">
      <ipv4 mask="255.255.255.128">10.1.1.10</ipv4>
    </if>
    <route type="ipv4" gw="10.1.1.1">default</route>
    <!-- Copy /etc/hosts -->
    <filetree seq="on_boot, start" root="/tmp/">conf/hosts/</filetree>
    <!-- Copy /etc/resolv.conf -->
    <filetree seq="on_boot, start" root="/etc/">conf/pc1/resolv.conf</filetree>
    <!-- Install /etc/hosts -->
    <exec seq="on_boot, start" type="verbatim">cat /tmp/hosts >> /etc/hosts</exec>
    <exec seq="on_boot, start" type="verbatim">chmod 644 /etc/resolv.conf</exec>
  </vm>


  <!-- POD 2 -->

  <!-- FW2 -->
  <vm name="fw2" type="lxc">
    <filesystem type="cow">filesystems/rootfs_lxc-fw</filesystem>
    <console id="1" display="yes"/>
    <if id="1" net="vlanS2">
      <ipv4 mask="255.255.255.128">10.1.2.1</ipv4>
    </if>
    <if id="2" net="FW2-RA">
      <ipv4 mask="255.255.255.252">10.1.110.6</ipv4>
    </if>
    <if id="3" net="dmz2">
      <ipv4 mask="255.255.255.128">10.1.2.129</ipv4>
    </if>
    <route type="ipv4" gw="10.1.110.5">default</route>
    <forwarding type="ip" />

    <!-- Copy /etc/hosts -->
    <filetree seq="on_boot, start" root="/tmp/">conf/hosts/</filetree>
    <!-- Copy /etc/resolv.conf -->
    <filetree seq="on_boot, start" root="/etc/">conf/pc2/resolv.conf</filetree>

    <!-- Install /etc/hosts -->
    <exec seq="on_boot, start" type="verbatim">cat /tmp/hosts >> /etc/hosts</exec>
    <exec seq="on_boot, start" type="verbatim">chmod 644 /etc/resolv.conf</exec>
  </vm>

  <!-- S2 -->
  <vm name="s2" type="libvirt" subtype="kvm" os="linux" exec_mode="sdisk">
    <filesystem type="cow">filesystems/rootfs_metasploitable</filesystem>
    <mem>192M</mem>
    <if id="1" net="dmz2">
      <ipv4 mask="255.255.255.128">10.1.2.130</ipv4>
    </if>
    <route type="ipv4" gw="10.1.2.129">default</route>

    <!-- Copy /etc/hosts -->
    <filetree seq="on_boot, start" root="/tmp/">conf/hosts/</filetree>
    <!-- Copy /etc/resolv.conf -->
    <filetree seq="on_boot, start" root="/etc/">conf/pc2/resolv.conf</filetree>
    <!-- Copy apache config-->
    <filetree root="/var/www/"  seq="on_boot, start" perms="644">conf/s2/html</filetree>
    <filetree root="/usr/lib/cgi-bin/" seq="on_boot, start" perms="755">conf/s2/lg</filetree>

    <!-- Install /etc/hosts -->
    <exec seq="on_boot, start" type="verbatim">cat /tmp/hosts >> /etc/hosts</exec>
    <exec seq="on_boot, start" type="verbatim">chmod 644 /etc/resolv.conf</exec>
    <!-- Restart bind -->
    <exec seq="on_boot, start" type="verbatim">/etc/init.d/bind9 restart</exec>
    <!-- Start apache -->
    <!--exec seq="on_boot, start" type="verbatim">chmod 644 /var/www/*</exec-->
    <!--exec seq="on_boot, start" type="verbatim">chmod 755 /usr/lib/cgi-bin/*</exec-->
    <exec seq="on_boot, start" type="verbatim">/etc/init.d/apache2 start</exec>
    <exec seq="on_boot, start" type="verbatim">chmod 755 /var/run/apache2</exec>
   
    <exec seq="on_boot, start" type="verbatim">cp /root/index.html /tmp/</exec>
    <exec seq="on_boot, start" type="verbatim">chown daemon:daemon /tmp/index.html</exec>
    <!-- Stop apache -->
    <exec seq="stop"  type="verbatim">/etc/init.d/apache2 stop</exec>
  </vm>

  <!-- PC2 -->
  <vm name="pc2" type="lxc">
    <filesystem type="cow">filesystems/rootfs_lxc-fw</filesystem>
    <if id="1" net="vlanS2">
      <ipv4 mask="255.255.255.128">10.1.2.10</ipv4>
    </if>
    <route type="ipv4" gw="10.1.2.1">default</route>
    <!-- Copy /etc/hosts -->
    <filetree seq="on_boot, start" root="/tmp/">conf/hosts/</filetree>
    <!-- Copy /etc/resolv.conf -->
    <filetree seq="on_boot, start" root="/etc/">conf/pc2/resolv.conf</filetree>
    <!-- Install /etc/hosts -->
    <exec seq="on_boot, start" type="verbatim">cat /tmp/hosts >> /etc/hosts</exec>
  <exec seq="on_boot, start" type="verbatim">chmod 644 /etc/resolv.conf</exec>
  </vm>

  <!-- Internet router -->
  <!-- RA -->
  <vm name="ra" type="lxc">
    <filesystem type="cow">filesystems/rootfs_lxc-fw</filesystem>
    <if id="1" net="Internet">
      <ipv4 mask="255.255.255.0">10.1.100.1</ipv4>
    </if>
    <if id="2" net="FW1-RA">
      <ipv4 mask="255.255.255.252">10.1.110.1</ipv4>
    </if>
    <if id="3" net="FW2-RA">
      <ipv4 mask="255.255.255.252">10.1.110.5</ipv4>
    </if>
    <route type="ipv4" gw="10.1.110.2">10.1.1.0/24</route>
    <route type="ipv4" gw="10.1.110.6">10.1.2.0/24</route>
    <forwarding type="ip" />

    <!-- Copy /etc/hosts -->
    <filetree seq="on_boot, start" root="/tmp/">conf/hosts/</filetree>
    <!-- Copy quagga config -->
    <filetree seq="on_boot, start" root="/etc/quagga/">conf/ra/</filetree>
  
    <!-- Install /etc/hosts -->
    <exec seq="on_boot" type="verbatim">cat /tmp/hosts >> /etc/hosts</exec>

    <!-- Config quagga -->
    <exec seq="on_boot,start" type="verbatim" ostype="system">
        mkdir -v /var/log/zebra;
        chown quagga.quagga /var/log/zebra;
        sleep 4;
        mkdir -v /var/run/quagga;
        chown quagga.quagga /var/run/quagga;
        chmod 755 /var/run/quagga;
        chown quagga.quagga /etc/quagga;
        chown quagga.quagga /etc/quagga/*;
        /usr/lib/quagga/zebra  -d;
        /usr/lib/quagga/ospfd -d;
    </exec>

    <!-- Stop Quagga -->
    <exec seq="stop" type="verbatim" ostype="system">killall zebra</exec>
    <exec seq="stop" type="verbatim" ostype="system">killall ospfd</exec>
  </vm>

  <!--Virtual machines in Internet: servers and attackers -->

  <!-- SC -->
  <vm name="sca" type="lxc">
    <filesystem type="cow">filesystems/rootfs_lxc-fw</filesystem>
    <console id="1" display="yes"/>
    <if id="1" net="Internet">
      <ipv4 mask="255.255.255.0">10.1.100.31</ipv4>
    </if>
    <route type="ipv4" gw="10.1.100.1">default</route>

    <!-- Copy /etc/hosts -->
    <filetree seq="on_boot" root="/tmp">conf/hosts/</filetree>
    <!-- Copy apache config -->
    <filetree root="/var/www"  seq="on_boot, start" perms="644">conf/sca/html</filetree>
    <filetree root="/usr/lib/cgi-bin" seq="on_boot, start" perms="755">conf/sca/lg</filetree>

    <!-- Install /etc/hosts -->
    <exec seq="on_boot" type="verbatim">cat /tmp/hosts >> /etc/hosts</exec>
    <!-- Start apache -->
    <exec seq="on_boot, start" type="verbatim">/etc/init.d/apache2 start</exec>
    <!-- Create user/user account-->
    <exec seq="on_boot, start" type="verbatim">mkdir /home/user</exec>
    <exec seq="on_boot, start" type="verbatim">useradd -d /home/user -p x user</exec>
    <exec seq="on_boot, start" type="verbatim">echo "user:user" | chpasswd</exec>
    <!-- Stop apache -->
    <exec seq="stop"  type="verbatim">/etc/init.d/apache2 stop</exec>
  </vm>

  <!-- ATTACKER1 -->
  <vm name="att1" type="libvirt" subtype="kvm" os="linux" exec_mode="sdisk">
    <filesystem type="cow">filesystems/rootfs_kali</filesystem>
    <mem>512M</mem>
    <console id="0" display="yes"/>
    <if id="1" net="Internet">
      <ipv4 mask="255.255.255.0">10.1.100.21</ipv4>
    </if>
    <route type="ipv4" gw="10.1.100.1">default</route>
    <!-- Copy /etc/hosts -->
    <filetree seq="on_boot, start" root="/tmp/">conf/hosts/</filetree>
    <!--Copiy /etc/resolv.conf-->
    <filetree seq="on_boot, start" root="/etc/">conf/attacker/resolv.conf</filetree>
    <!-- Start nessus-->
    <exec seq="on_boot, start" type="verbatim">/etc/init.d/nessusd start</exec> 
    <!-- Start apache2-->
    <exec seq="on_boot, start" type="verbatim">/etc/init.d/apache2 start</exec> 
    <!-- Install /etc/hosts -->
    <exec seq="on_boot, start" type="verbatim">cat /tmp/hosts/ >> /etc/hosts</exec>
  </vm>

  <!-- ATTACKER2 -->
  <vm name="att2" type="libvirt" subtype="kvm" os="linux" exec_mode="sdisk">
    <filesystem type="cow">filesystems/rootfs_kali</filesystem>
    <mem>512M</mem>
    <console id="0" display="yes"/>
    <if id="1" net="Internet">
      <ipv4 mask="255.255.255.0">10.1.100.22</ipv4>
    </if>
    <route type="ipv4" gw="10.1.100.1">default</route>
    <!-- Copy /etc/hosts -->
    <filetree seq="on_boot, start" root="/tmp/">conf/hosts/</filetree>
    <!-- Copy /etc/resolv.conf-->
    <filetree seq="on_boot, start" root="/etc/">conf/attacker/resolv.conf</filetree>
    <!-- Start nessus-->
    <exec seq="on_boot, start" type="verbatim">/etc/init.d/nessusd start</exec> 
    <!-- Start apache2-->
    <exec seq="on_boot, start" type="verbatim">/etc/init.d/apache2 start</exec> 
    <!-- Install /etc/hosts -->
    <exec seq="on_boot, start" type="verbatim">cat /tmp/hosts >> /etc/hosts</exec>
  </vm>

</vnx>