diff --git a/.circleci/config.yml b/.circleci/config.yml index b1df04f..3ee1682 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -325,6 +325,9 @@ jobs: hypervisor: description: hypervisor to validate type: string + version: + description: version of kali to validate + type: string docker: - image: 'hashicorp/packer:light' steps: @@ -336,7 +339,7 @@ jobs: - run: packer version - packer-lint: template-file: kali-template.json - vars-file: variables.json + vars-file: "variables<< parameters.version>>.json" only-builder: '<< parameters.hypervisor >>' @@ -449,6 +452,12 @@ jobs: generate-packer-vars: docker: - image: 'bash' + parameters: + kalitype: + description: "version of kali to build ( i.e. default, min, light )" + type: string + environment: + KALITYPE: "<< parameters.kalitype >>" steps: - run: apk add --update --no-cache git - checkout @@ -456,11 +465,11 @@ jobs: - run: scripts/new-kali.sh - run: | mkdir -p /tmp/packer_workspace - cp -v variables.json /tmp/packer_workspace + cp -v variables*.json /tmp/packer_workspace - persist_to_workspace: root: /tmp/packer_workspace paths: - - "variables.json" + - "variables*.json" terraform-packet_deploy: docker: @@ -497,6 +506,9 @@ jobs: - image: 'elrey741/ansible-playbook_packet:alpine' parameters: build: + description: hypervisor build target for packer to hit + type: string + version: description: build target for packer to hit type: string steps: @@ -517,7 +529,8 @@ jobs: command: | ansible-playbook -i ci/scripts/packet_net.py -u root \ -e "api_key_from_env=${TEXTBELT_KEY:-} phone_from_env=${PERSONAL_NUM:-}" \ - -e CIRCLECI="${CIRCLECI:-}" ci/packer_build.yml --limit="packer-build-box-<< parameters.build >>" + -e CIRCLECI="${CIRCLECI:-}" -e build_version="<< parameters.version >>" \ + ci/packer_build.yml --limit="packer-build-box-<< parameters.build >>" - run: | mkdir -p /tmp/artifacts pwd && ls @@ -545,11 +558,15 @@ workflows: - python-linting - ansible-linting - generate-packer-file - - generate-packer-vars + - generate-packer-vars: + matrix: + parameters: + kalitype: [ "", "light", "min" ] - packer-linting: matrix: parameters: hypervisor: [ "virtualbox-iso", "vmware-iso", "qemu" ] + version: [ "", "-light", "-min" ] requires: - generate-packer-vars - generate-packer-file @@ -570,6 +587,7 @@ workflows: matrix: parameters: build: [ "v", "qemu" ] + version: [ "", "light", "min" ] requires: - ansible-bootstrap - terraform-packet_destroy: @@ -627,6 +645,9 @@ workflows: - master - dev-stage - generate-packer-vars: + matrix: + parameters: + kalitype: [ "", "light", "min" ] filters: branches: ignore: @@ -636,6 +657,7 @@ workflows: matrix: parameters: hypervisor: [ "virtualbox-iso", "vmware-iso", "qemu" ] + version: [ "", "-light", "-min" ] requires: - generate-packer-vars - generate-packer-file @@ -683,6 +705,9 @@ workflows: only: - master - generate-packer-vars: + matrix: + parameters: + kalitype: [ "", "light", "min" ] filters: branches: only: @@ -691,6 +716,7 @@ workflows: matrix: parameters: hypervisor: [ "virtualbox-iso", "vmware-iso", "qemu" ] + version: [ "", "-light", "-min" ] requires: - generate-packer-vars - generate-packer-file @@ -711,6 +737,7 @@ workflows: matrix: parameters: build: [ "v", "qemu" ] + version: [ "", "light", "min" ] requires: - ansible-bootstrap - terraform-packet_destroy: @@ -763,6 +790,9 @@ workflows: only: - dev-stage - generate-packer-vars: + matrix: + parameters: + kalitype: [ "", "light", "min" ] filters: branches: only: @@ -771,6 +801,7 @@ workflows: matrix: parameters: hypervisor: [ "virtualbox-iso", "vmware-iso", "qemu" ] + version: [ "", "-light", "-min" ] requires: - generate-packer-vars - generate-packer-file @@ -791,6 +822,7 @@ workflows: matrix: parameters: build: [ "v", "qemu" ] + version: [ "", "light", "min" ] requires: - ansible-bootstrap - terraform-packet_destroy: diff --git a/.gitignore b/.gitignore index f4ca629..634a75f 100644 --- a/.gitignore +++ b/.gitignore @@ -16,7 +16,7 @@ tmp/ *.orig* # secret files -*variables.json +*variables*.json secrets.txt prov_vagrant/env_vars *.tfstate* diff --git a/ci/packer_build.yml b/ci/packer_build.yml index 43dec04..3748311 100644 --- a/ci/packer_build.yml +++ b/ci/packer_build.yml @@ -53,7 +53,7 @@ - name: launching the packer build process script: - cmd: "{{ local_ci_scripts_dir }}/packer_build-wrapper.sh '{{ provider_string }}'" + cmd: "{{ local_ci_scripts_dir }}/packer_build-wrapper.sh '{{ provider_string }}' '{{ build_version | default() }}'" chdir: '{{ kali_project_folder }}' args: creates: '{{ kali_project_folder }}/packer_build.log' diff --git a/ci/scripts/packer_build-wrapper.sh b/ci/scripts/packer_build-wrapper.sh index 5629a0d..b5edb5b 100755 --- a/ci/scripts/packer_build-wrapper.sh +++ b/ci/scripts/packer_build-wrapper.sh @@ -26,18 +26,41 @@ function packer_build() { ;; *) # just a stop gap to prevent automated tasks from happening. - read -rp 'You are about to try and build all the providers at once...are you sure[N/y]' -n 1 + exit 1 ;; esac } -main() { +function get_variables() { + build_version="${1}" + case "${build_version}" in + light) + packer_build_cmd+=('variables-light.json') + ;; + min) + packer_build_cmd+=('variables-min.json') + ;; + '') + packer_build_cmd+=('variables.json') + ;; + *) + # just a stop gap to prevent automated tasks from happening. + exit 1 + ;; + esac +} + +function main() { providers_to_build="${1}" + build_version="${2}" packer_build_cmd=( 'packer' 'build' - '-var-file' 'variables.json' + '-var-file' ) + + get_variables "${build_version}" + mapfile -t provider_array < <(tr '|' '\n' <<< "${providers_to_build}") setup_env diff --git a/install/http/kali-linux-rolling-light-preseed.cfg b/install/http/kali-linux-rolling-light-preseed.cfg new file mode 100644 index 0000000..7fdcf91 --- /dev/null +++ b/install/http/kali-linux-rolling-light-preseed.cfg @@ -0,0 +1,79 @@ +# Change default hostname +d-i netcfg/get_hostname string vagrant-kali-linux +d-i netcfg/get_domain string + +d-i debian-installer/locale string en_US.UTF-8 +d-i console-keymaps-at/keymap select us +d-i mirror/country string enter information manually +d-i mirror/http/hostname string http.kali.org +d-i mirror/http/directory string /kali +d-i keyboard-configuration/xkb-keymap select us +d-i mirror/http/proxy string +d-i mirror/suite string kali-rolling +d-i mirror/codename string kali-rolling + +d-i clock-setup/utc boolean true +d-i time/zone string US/Eastern + +# Disable security, volatile and backports +d-i apt-setup/services-select multiselect + +# Enable contrib and non-free +d-i apt-setup/non-free boolean true +d-i apt-setup/contrib boolean true + +# Disable source repositories too +d-i apt-setup/enable-source-repositories boolean false + +# Partitioning +d-i partman-auto/method string lvm +d-i partman-lvm/device_remove_lvm boolean true +d-i partman-md/device_remove_md boolean true +d-i partman-lvm/confirm boolean true +d-i partman-auto/choose_recipe select atomic +# d-i partman-auto/disk string /dev/sda +d-i partman/confirm_write_new_label boolean true +d-i partman/confirm boolean true +d-i partman-lvm/confirm boolean true +d-i partman-lvm/confirm_nooverwrite boolean true +d-i partman/confirm_nooverwrite boolean true +d-i partman-auto-lvm/guided_size string max +d-i partman-partitioning/confirm_write_new_label boolean true +d-i partman-md/confirm boolean true +d-i partman/choose_partition select finish + +# Disable CDROM entries after install +d-i apt-setup/disable-cdrom-entries boolean true + +#d-i netcfg/choose_interface select auto +d-i netcfg/choose_interface select eth0 +d-i netcfg/dhcp_timeout string 60 + +d-i hw-detect/load_firmware boolean false + +# Do not create a normal user account +d-i passwd/make-user boolean false +d-i passwd/user-fullname string vagrant +d-i passwd/user-uid string 1000 +d-i passwd/user-password password vagrant +d-i passwd/user-password-again password vagrant +d-i passwd/username string vagrant + +d-i apt-setup/use_mirror boolean true +d-i grub-installer/only_debian boolean true +d-i grub-installer/with_other_os boolean false +d-i grub-installer/bootdev string /dev/sda +d-i finish-install/reboot_in_progress note + +# Disable popularity-contest +popularity-contest popularity-contest/participate boolean false + +# configuring packages +# used to Upgrade installed packages +# d-i pkgsel/upgrade select full-upgrade +# d-i tasksel/first multiselect standard system utilities, meta-top10, desktop-xfce +# found this here... : https://www.offensive-security.com/kali-linux/kali-linux-iso-of-doom/ +tasksel tasksel/first multiselect meta-top10, desktop-xfce +d-i pkgsel/upgrade select none + +d-i preseed/late_command string in-target systemctl enable ssh diff --git a/install/http/kali-linux-rolling-min-preseed.cfg b/install/http/kali-linux-rolling-min-preseed.cfg new file mode 100644 index 0000000..7901a39 --- /dev/null +++ b/install/http/kali-linux-rolling-min-preseed.cfg @@ -0,0 +1,78 @@ +# Change default hostname +d-i netcfg/get_hostname string vagrant-kali-linux +d-i netcfg/get_domain string + +d-i debian-installer/locale string en_US.UTF-8 +d-i console-keymaps-at/keymap select us +d-i mirror/country string enter information manually +d-i mirror/http/hostname string http.kali.org +d-i mirror/http/directory string /kali +d-i keyboard-configuration/xkb-keymap select us +d-i mirror/http/proxy string +d-i mirror/suite string kali-rolling +d-i mirror/codename string kali-rolling + +d-i clock-setup/utc boolean true +d-i time/zone string US/Eastern + +# Disable security, volatile and backports +d-i apt-setup/services-select multiselect + +# Enable contrib and non-free +d-i apt-setup/non-free boolean true +d-i apt-setup/contrib boolean true + +# Disable source repositories too +d-i apt-setup/enable-source-repositories boolean false + +# Partitioning +d-i partman-auto/method string lvm +d-i partman-lvm/device_remove_lvm boolean true +d-i partman-md/device_remove_md boolean true +d-i partman-lvm/confirm boolean true +d-i partman-auto/choose_recipe select atomic +# d-i partman-auto/disk string /dev/sda +d-i partman/confirm_write_new_label boolean true +d-i partman/confirm boolean true +d-i partman-lvm/confirm boolean true +d-i partman-lvm/confirm_nooverwrite boolean true +d-i partman/confirm_nooverwrite boolean true +d-i partman-auto-lvm/guided_size string max +d-i partman-partitioning/confirm_write_new_label boolean true +d-i partman-md/confirm boolean true +d-i partman/choose_partition select finish + +# Disable CDROM entries after install +d-i apt-setup/disable-cdrom-entries boolean true + +#d-i netcfg/choose_interface select auto +d-i netcfg/choose_interface select eth0 +d-i netcfg/dhcp_timeout string 60 + +d-i hw-detect/load_firmware boolean false + +# Do not create a normal user account +d-i passwd/make-user boolean false +d-i passwd/user-fullname string vagrant +d-i passwd/user-uid string 1000 +d-i passwd/user-password password vagrant +d-i passwd/user-password-again password vagrant +d-i passwd/username string vagrant + +d-i apt-setup/use_mirror boolean true +d-i grub-installer/only_debian boolean true +d-i grub-installer/with_other_os boolean false +d-i grub-installer/bootdev string /dev/sda +d-i finish-install/reboot_in_progress note + +# Disable popularity-contest +popularity-contest popularity-contest/participate boolean false + +# configuring packages +# used to Upgrade installed packages +# d-i pkgsel/upgrade select full-upgrade +# d-i tasksel/first multiselect standard system utilities, meta-top10, desktop-xfce +tasksel tasksel/first multiselect standard +d-i pkgsel/upgrade select none + +d-i preseed/late_command string in-target systemctl enable ssh diff --git a/install/http/kali-linux-rolling-preseed.cfg b/install/http/kali-linux-rolling-preseed.cfg index 320f0bc..fa17045 100755 --- a/install/http/kali-linux-rolling-preseed.cfg +++ b/install/http/kali-linux-rolling-preseed.cfg @@ -72,7 +72,10 @@ d-i finish-install/reboot_in_progress note popularity-contest popularity-contest/participate boolean false # configuring packages -d-i tasksel/first multiselect standard system utilities, meta-default, desktop-xfce +# used to Upgrade installed packages +# d-i pkgsel/upgrade select full-upgrade +# found this here... : https://www.offensive-security.com/kali-linux/kali-linux-iso-of-doom/ +tasksel tasksel/first multiselect meta-default, desktop-xfce d-i pkgsel/upgrade select none d-i preseed/late_command string in-target sh -c 'systemctl enable ssh' diff --git a/install/http/reference/preseed.cfg b/install/http/reference/preseed.cfg new file mode 100644 index 0000000..946bda1 --- /dev/null +++ b/install/http/reference/preseed.cfg @@ -0,0 +1,51 @@ +# Default repository information +d-i mirror/country string enter information manually +d-i mirror/suite string kali-rolling +d-i mirror/codename string kali-rolling +d-i mirror/http/hostname string http.kali.org +d-i mirror/http/directory string /kali + +# Disable security, updates and backports +d-i apt-setup/services-select multiselect + +# Enable contrib and non-free +d-i apt-setup/non-free boolean true +d-i apt-setup/contrib boolean true + +# Disable CDROM entries after install +d-i apt-setup/disable-cdrom-entries boolean true + +# Disable source repositories too +d-i apt-setup/enable-source-repositories boolean false + +# Upgrade installed packages +d-i pkgsel/upgrade select full-upgrade + +# Change default hostname +# DISABLED: We take care of this by forking netcfg until #719101 is fixed +# d-i netcfg/get_hostname string kali +# d-i netcfg/get_hostname seen false + +# Disable the root user entirely +d-i passwd/root-login boolean false + +# Enable eatmydata in kali-installer to boost speed installation +d-i preseed/early_command string anna-install eatmydata-udeb + +# Disable question about automatic security updates +d-i pkgsel/update-policy select none + +## Questions from regular packages + +# Disable popularity-contest +popularity-contest popularity-contest/participate boolean false + +# Random other questions +console-setup console-setup/charmap47 select UTF-8 +samba-common samba-common/dhcp boolean false +macchanger macchanger/automatically_run boolean false +kismet-capture-common kismet-capture-common/install-users string +kismet-capture-common kismet-capture-common/install-setuid boolean true +wireshark-common wireshark-common/install-setuid boolean false +sslh sslh/inetd_or_standalone select standalone +atftpd atftpd/use_inetd boolean false diff --git a/install/http/reference/readme.md b/install/http/reference/readme.md new file mode 100644 index 0000000..fab237f --- /dev/null +++ b/install/http/reference/readme.md @@ -0,0 +1,3 @@ +# Kali's Preseed + +this is the preseed file that was built into kali at 2021-05-02 diff --git a/prov_packer/docker.sh b/prov_packer/docker.sh index b70fe5a..3d8092d 100644 --- a/prov_packer/docker.sh +++ b/prov_packer/docker.sh @@ -5,7 +5,7 @@ set -${-//[s]/}eu${DEBUG+xv}o pipefail function get_current_user() { - case "$PACKER_BUILDER_TYPE" in + case "${PACKER_BUILDER_TYPE:-}" in amazon-*) userz='kali' ;; diff --git a/scripts/new-kali.sh b/scripts/new-kali.sh index 1199de6..7ba92cc 100755 --- a/scripts/new-kali.sh +++ b/scripts/new-kali.sh @@ -152,6 +152,11 @@ function info_enum() { currentKaliReleaseVersion=$(grep -oP '\d{4}\.\w' <<< "${currentKaliISO}") printf '\nthe selected release for kali is: %s\n' "${currentKaliReleaseVersion}" + preseed_path="kali-linux-rolling${kaliInstallType}-preseed.cfg" + printf '\nthe current install type is : %s\n' "${install_type_print}" + printf '\nwhich means preseed file chosen is this : %s\n' "${preseed_path}" + packer_var_json_string+="$(printf '"preseed_path":"%s",' "${preseed_path}")" + printf '\nthe current version of the box is: %s\n\n' "${vm_version}" packer_var_json_string+="$(printf '"vm_version":"%s"' "${vm_version}")" @@ -210,6 +215,9 @@ function main() { # this is the iso version you would like to install # i.e. installer-amd64.iso or netinst-amd64.iso kaliInstallISOVersion='netinst-amd64' + # this is the install type ( i.e. default, light, min) + # so, this will limit how many tools will get installed with your kali installation + kaliInstallType="${KALITYPE:-}" # the hash algorithm wanted for the kali version # NOTE: try and always make this the best it can be hashAlg='SHA256SUMS' @@ -220,11 +228,20 @@ function main() { ## vagrant box information # name of the vagrant box - if [[ "$(git branch --show-current)" == dev* ]] || [[ "${CIRCLE_BRANCH:-}" == dev* ]]; then + if [[ "$(git branch --show-current)" == dev* ]] || [[ "$(git branch --show-current)" == feat/* ]] || [[ "${CIRCLE_BRANCH:-}" == dev* ]]; then dev_branch='-dev' fi - namez="kali-linux_amd64${dev_branch:-}" - variables_out_file='variables.json' + + # type of install + if [[ -z "${kaliInstallType}" ]]; then + install_type_print='default' + else + install_type_print="${kaliInstallType}" + kaliInstallType="-${kaliInstallType}" + fi + + # name of the vagrant box + namez="kali-linux_amd64${kaliInstallType}${dev_branch:-}" ## commands and combined variables # current version of kali's url combined with the base path @@ -238,21 +255,27 @@ function main() { hashiName="${VAGRANT_CLOUD_USER:-}" vagrant_cloud_token="${VAGRANT_CLOUD_TOKEN:-}" + if [[ -n "${CIRCLECI}" ]]; then + variables_out_file="variables${kaliInstallType}.json" + else + variables_out_file='variables.json' + fi + packer_var_json_string='{' deps_install cryptographical_verification hashicorp_setup_env info_enum - if [[ -z "${CIRCLECI}" ]] && command -v docker; then - aws_env - fi + # if [[ -z "${CIRCLECI}" ]] && command -v docker; then + # aws_env + # fi packer_out cleanup } # https://blog.elreydetoda.site/cool-shell-tricks/#bashscriptingbashsmain -if [[ "${0}" = "${BASH_SOURCE[0]}" ]]; then +if [[ "${0}" == "${BASH_SOURCE[0]}" ]]; then main "${@}" fi diff --git a/scripts/template_gen.py b/scripts/template_gen.py index 59a7308..8f99179 100755 --- a/scripts/template_gen.py +++ b/scripts/template_gen.py @@ -171,12 +171,21 @@ def builder_alterations(packer_template_data: dict, new_builder_data: dict) -> d "disk_cache": "unsafe", "disk_image": False, } + vbox_update = { + "gfx_controller": "vmsvga", + "gfx_vram_size": "48" + } for builder_dict in packer_builder_list: logging("updated property: {} in: {}".format(prop_update, builder_dict["type"])) builder_dict.update(prop_update) + # adding vbox specific properties + if builder_dict["type"] == "virtualbox-iso": + logging("updated property: {} in: {}".format(vbox_update, builder_dict["type"])) + builder_dict.update(vbox_update) # adding libvirt/qemu specific properties if builder_dict["type"] == "qemu": + logging("updated property: {} in: {}".format(qemu_update, builder_dict["type"])) builder_dict.update(qemu_update) # logging(packer_builder_list) @@ -397,7 +406,9 @@ def main(): new_packer_template = project_root / "kali-template.json" http_preseed_dir = project_root / "install" / "http" - http_preseed_file = "kali-linux-rolling-preseed.cfg" + # TODO: handle when variables.json doesn't exist and default to below + # http_preseed_file = 'kali-linux-rolling-preseed.cfg' + http_preseed_file = '' vagrant_template_file = project_root / "install" / "vagrantfile-kali_linux.template" build_cpus = "2" diff --git a/tmp_vagrant/Vagrantfile b/tmp_vagrant/Vagrantfile index ce31497..84059a8 100644 --- a/tmp_vagrant/Vagrantfile +++ b/tmp_vagrant/Vagrantfile @@ -2,7 +2,7 @@ # vi: set ft=ruby : Vagrant.configure("2") do |config| - config.vm.box = "kali-linux-2018_dev" + config.vm.box = "kali-linux-dev" # for provisioning I would always recommend # a script, because then you can leave # documentation