Caldera integration by ZachTheSplunker

Author: Patrick Bareiss

README.md

@@ -162,6 +162,10 @@ python attack_range.py replay --file_name attack_data/dump.log --source test --s
   * Preconfigured Kali Linux machine for penetration testing
   * ssh connection over configured ssh key
 
+- [Caldera](https://github.com/mitre/caldera)
+  * Attack Simulation with [Caldera](https://github.com/mitre/caldera)
+  * Can be enabled, disabled and configured over [attack_range.yml](https://github.com/splunk/attack_range/blob/develop/attack_range.yml)
+
 
 ## Support 📞
 Please use the [GitHub issue tracker](https://github.com/splunk/attack_range/issues) to submit bugs or request features.
@@ -199,4 +203,5 @@ We welcome feedback and contributions from the community! Please see our [contri
 * Eric McGinnis
 * [Micheal Haag](https://twitter.com/M_haggis)
 * Gowthamaraj Rajendran
-* [Christopher Caldwell](https://github.com/cudgel)
+* [Christopher Caldwell](https://github.com/cudgel)
+* [Zachary Christensen](https://github.com/ZachTheSplunker)

terraform/ansible/caldera_eip.yml

@@ -1,16 +1,8 @@
 - hosts: all
   gather_facts: false
   become: false
+  vars:
+    caldera_server_action: "install"
   roles:
-    - role: caldera_server
-      vars:
-        caldera_server_action: "install"
-        caldera_server_skip_start: true
-      when: aws_eip == "1"
-
-    - role: caldera_server
-      vars:
-        caldera_server_action: "install"
-        caldera_server_skip_start: false
-      when: aws_eip == "0"
+    - caldera_server
 

terraform/ansible/caldera_server.yml

@@ -26,7 +26,7 @@
         arguments: -server http://{{ caldera_server.private_ip }}:8888 -group red
     triggers:
       - type: boot
-    username: "ATTACKRANGE\\Administrator"
+    username: "Administrator"
     password: "{{ general.attack_range_password }}"
     run_level: highest
     hidden: true

terraform/ansible/roles/caldera_agent/tasks/windows.yml

@@ -7,4 +7,3 @@
     daemon_reload: true
     name: caldera.service
   listen: caldera_systemd
-  when: caldera_server_skip_start == false

terraform/ansible/roles/caldera_server/handlers/main.yml

@@ -6,7 +6,6 @@
 
 - name: Update URL [Caldera]
   ansible.builtin.import_tasks: update_ip.yml
-  when: caldera_server_skip_start == false
 
 - name: Update Password [Caldera]
   ansible.builtin.replace:
@@ -31,7 +30,7 @@
     nvm=$(find /home/admin/.nvm/versions/node/*/bin -type d)
     echo "PATH=$reqs:$upx:$nvm" > caldera.env
     pipenv install
-    pipenv run pip install -r requirements-dev.txt
+    pipenv run pip install -r requirements.txt
 
 - name: Create Systemd service [Caldera]
   become: true

terraform/ansible/roles/caldera_server/tasks/caldera.yml

@@ -1,32 +1,24 @@
 ---
 - name: Set Hostname [Caldera]
   ansible.builtin.import_tasks: hostname.yml
-  when: caldera_server_action == "install"
 
 - name: Install dependencies [Caldera]
   ansible.builtin.import_tasks: dependencies.yml
-  when: caldera_server_action == "install"
 
 - name: Install GO [Caldera]
   ansible.builtin.import_tasks: go.yml
-  when: caldera_server_action == "install"
 
 - name: Install Node [Caldera]
   ansible.builtin.import_tasks: node.yml
-  when: caldera_server_action == "install"
 
 - name: Install UPX [Caldera]
   ansible.builtin.import_tasks: upx.yml
-  when: caldera_server_action == "install"
 
 - name: Update Path [Caldera]
   ansible.builtin.import_tasks: path.yml
-  when: caldera_server_action == "install"
 
 - name: Install [Caldera]
   ansible.builtin.import_tasks: caldera.yml
-  when: caldera_server_action == "install"
 
 - name: Update EIP [Caldera]
   ansible.builtin.import_tasks: update_ip.yml
-  when: caldera_server_action == "update_eip"

terraform/ansible/roles/caldera_server/tasks/main.yml

@@ -17,7 +17,7 @@ data "aws_ami" "caldera_server" {
 
 resource "aws_instance" "caldera_server" {
   count                  = var.caldera_server.caldera_server == "1" ? 1 : 0
-  ami                    = data.aws_ami.caldera_server[count.index].id
+  ami                    = data.aws_ami.caldera_server[0].id
   instance_type          = "m5.2xlarge"
   key_name               = var.general.key_name
   subnet_id              = var.ec2_subnet_id
@@ -71,40 +71,3 @@ resource "aws_instance" "caldera_server" {
 
 }
 
-resource "aws_eip" "caldera_ip" {
-  count    = (var.caldera_server.caldera_server == "1") && (var.aws.use_elastic_ips == "1") ? 1 : 0
-  instance = aws_instance.caldera_server[0].id
-
-  provisioner "remote-exec" {
-    inline = ["echo booted"]
-
-    connection {
-      type        = "ssh"
-      user        = "admin"
-      host        = self.public_ip
-      private_key = file(var.aws.private_key_path)
-    }
-  }
-
-  provisioner "local-exec" {
-    working_dir = "../ansible"
-    command = <<-EOT
-      cat <<EOF > vars/caldera_vars.json
-      {
-        "ansible_python_interpreter": "/usr/bin/python3",
-        "general": ${jsonencode(var.general)},
-        "aws": ${jsonencode(var.aws)},
-        "caldera_server": ${jsonencode(var.caldera_server)},
-        "public_ip": ${jsonencode(self.public_ip)}
-      }
-      EOF
-    EOT
-  }
-
-  provisioner "local-exec" {
-    working_dir = "../ansible"
-    command = <<-EOT
-      ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u admin --private-key '${var.aws.private_key_path}' -i '${self.public_ip},' caldera_eip.yml -e "@vars/caldera_vars.json"
-    EOT
-  }
-}