edurange 0.0.1

data/.gitignore

@@ -0,0 +1,18 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+my-user-script.sh

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in edurange.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Stefan Boesen
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,29 @@
+# Edurange
+
+TODO: Write a gem description
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'edurange'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install edurange
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/bin/edurange

@@ -0,0 +1,8 @@
+#!/usr/bin/env ruby
+require 'edurange'
+
+yaml_file = ARGV.shift
+Edurange::Init.init(yaml_file)
+
+
+

data/edurange.gemspec

@@ -0,0 +1,19 @@
+# -*- encoding: utf-8 -*-
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'edurange/version'
+
+Gem::Specification.new do |gem|
+  gem.name          = "edurange"
+  gem.version       = Edurange::VERSION
+  gem.authors       = ["Stefan Boesen"]
+  gem.email         = ["stefan.boesen@gmail.com"]
+  gem.description   = %q{EDURange Project}
+  gem.summary       = %q{Automatic warspace simulations}
+  gem.homepage      = ""
+
+  gem.files         = `git ls-files`.split($/)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.require_paths = ["lib"]
+end

data/final.yml

@@ -0,0 +1,41 @@
+Nodes:
+# Main_Box: # attacking box
+#   AMI_ID: ami-e720ad8e
+#   Users:
+#     - Team_1
+#     - Instructor
+#   Software:
+#     - Attacker_CTF
+  
+  Victim: # victim host
+    AMI_ID: ami-e720ad8e
+    Users:
+      - Instructor
+    Software:
+      - Victim_CTF
+
+Groups:
+  Team_1:
+    - { login: sboesen, pass: password }
+  Instructor:
+    - { login: weissr, pass: pass2 }
+
+Software:
+  Victim_CTF:
+    IPTables:
+      # Ports open
+      20:
+        Protocol: tcp
+        Hosts: 
+          - 127.0.0.1
+          - All
+      80: 
+        Protocol: tcp
+        Hosts:
+          - 127.0.0.1
+          - All
+
+    Packages: # References to puppet modules so we can support different OS options. Otherwise we need to know what OS we're on...
+      - iptables
+      - apache
+

data/lib/edurange/edu_machine.rb

@@ -0,0 +1,49 @@
+module Edurange
+  class EduMachine
+    attr_reader :uuid, :ami_id, :key_name, :vm_size, :ip_address
+
+    EC2_UTILS_PATH = "/home/ubuntu/.ec2/bin/"
+
+    def initialize(uuid, key_name, ami_id, vm_size="t1.micro")
+      # generate uuid
+      @uuid = uuid
+      @instance_id = nil
+      @key_name = key_name
+      @vm_size = vm_size
+      @ami_id = ami_id
+    end
+    def run(command)
+      # runs an ec2 command with full path.
+      command = EC2_UTILS_PATH + command
+      `#{command}`
+    end
+
+    def spin_up
+      # Pref user-data-file for ourselves
+
+      # Create & run instance, setting instance_id and IP to match the newly created ami
+      command = "ec2-run-instances #{@ami_id} -t #{@vm_size} --region us-east-1 --key #{@key_name} --user-data-file my-user-script.sh"
+      puts "Would run: #{command}"
+      self.run(command)
+      @instance_id = self.get_last_instance_id()
+      puts "Waiting for instance #{@instance_id} to spin up..."
+      sleep(40)
+      self.update_ec2_info()
+      self
+    end
+
+    def update_ec2_info
+      command = "ec2-describe-instances | grep INSTANCE | grep '#{@instance_id}'"
+      vm = self.run(command).split("\t")
+      p vm
+      @ip_address = vm[17] # public ip
+      @hostname = vm[3] # ec2 hostname
+    end
+
+    def get_last_instance_id
+      command = 'ec2-describe-instances | grep INSTANCE | tail -n 1'
+      vm = self.run(command)
+      return vm.split("\t")[1]
+    end
+  end
+end

data/lib/edurange/parser.rb

@@ -0,0 +1,73 @@
+module Edurange
+  class Parser
+    def self.facter_facts(uuid)
+      facter_conf = <<conf
+uuid=#{uuid}
+services=apache2,vsftpd,iptables
+conf
+    end
+    def self.parse_yaml(filename)
+      nodes = []
+      file = YAML.load_file(filename)
+
+      softwares = {}
+      file["Software"].each do |software|
+        softwares[software[0]] = software[1]
+      end
+
+      groups = {}
+      file["Groups"].each do |group|
+        groups[group[0]] = group[1]
+      end
+
+      file["Nodes"].each do |node|
+        node_name = node[0]
+        ami_id = node[1]["AMI_ID"]
+
+        users = []
+        users_groups = node[1]["Users"]
+        users_groups.each do |user_group|
+          users.push groups[user_group]
+        end
+        users.flatten!
+
+        software = []
+        software_groups = node[1]["Software"]
+        software_groups.each do |software_group|
+          software.push softwares[software_group]
+        end
+        software.flatten!
+
+        iptables_rules = []
+        packages = []
+        software.each do |sw|
+          if !sw["IPTables"].nil?
+            sw["IPTables"].each do |iptable_rule|
+              port = iptable_rule[0]
+              protocol = iptable_rule[1]["Protocol"]
+              hosts = iptable_rule[1]["Hosts"]
+              hosts.each do |host|
+                iptables_rules.push [protocol, port, host]
+              end
+            end
+          end
+          if !sw["Packages"].nil?
+            sw["Packages"].each do |package|
+              packages.push package
+            end
+          end
+        end
+        nodes.push [
+          ami_id,
+          users,
+          iptables_rules,
+          packages
+        ]
+        p ami_id
+        p users
+        p iptables_rules
+        p packages
+      end
+    end
+  end
+end

data/lib/edurange/puppet_master.rb

@@ -0,0 +1,86 @@
+module Edurange
+  class PuppetMaster
+    def self.puppetmaster_ip
+      `curl http://169.254.169.254/latest/meta-data/public-ipv4 2>/dev/null`
+    end
+    def self.get_our_ssh_key
+      # make some ssh keys
+      `ssh-keygen -t rsa -f /home/ubuntu/.ssh/id_rsa -N '' -q` unless File.exists?("/home/ubuntu/.ssh/id_rsa")
+      # return our public key                                                                                                                                                                        
+      file = File.open("/home/ubuntu/.ssh/id_rsa.pub", "rb")
+      contents = file.read
+    end
+
+    def self.gen_client_ssl_cert
+      # We need to:
+      # Generate unique name (UUIDgen)
+      uuid = `uuidgen`.chomp
+      # Create cert for name on puppetmaster
+      `sudo puppet cert --generate #{uuid}`
+      ssl_cert = `sudo cat /var/lib/puppet/ssl/certs/#{uuid}.pem`.chomp
+      ca_cert = `sudo cat /var/lib/puppet/ssl/certs/ca.pem`.chomp
+      private_key = `sudo cat /var/lib/puppet/ssl/private_keys/#{uuid}.pem`.chomp
+      return [uuid, ssl_cert, ca_cert, private_key]
+    end
+    def self.write_shell_config_file(ssh_key, puppetmaster_ip, certs, puppet_conf, facter_facts)
+      File.open("my-user-script.sh", 'w') do |file|
+        file_contents = <<contents
+#!/bin/sh
+set -e
+set -x
+echo "Hello World.  The time is now $(date -R)!" | tee /root/output.txt
+apt-get update; apt-get upgrade -y
+
+key='#{ssh_key.chomp}'
+echo $key >> /home/ubuntu/.ssh/authorized_keys
+
+echo #{puppetmaster_ip} puppet >> /etc/hosts
+apt-get -y install puppet
+
+mkdir -p /var/lib/puppet/ssl/certs
+mkdir -p /var/lib/puppet/ssl/private_keys
+mkdir -p /etc/puppet
+
+mkdir -p /etc/facter/facts.d
+echo '#{facter_facts}' >> "/etc/facter/facts.d/facts.txt"
+
+echo '#{certs[1]}' >> "/var/lib/puppet/ssl/certs/#{certs[0]}.pem"
+echo '#{certs[2]}' >> "/var/lib/puppet/ssl/certs/ca.pem"
+echo '#{certs[3]}' >> "/var/lib/puppet/ssl/private_keys/#{certs[0]}.pem"
+
+echo '#{puppet_conf.chomp}' > /etc/puppet/puppet.conf
+
+sed -i /etc/default/puppet -e 's/START=no/START=yes/'
+service puppet restart
+
+echo "Goodbye World.  The time is now $(date -R)!" | tee /root/output.txt
+contents
+        file.write(file_contents)
+      end
+    end
+    def self.generate_puppet_conf(uuid)
+  conf_file = <<conf
+[main]
+logdir=/var/log/puppet
+vardir=/var/lib/puppet
+ssldir=/var/lib/puppet/ssl
+rundir=/var/run/puppet
+factpath=$vardir/lib/facter
+templatedir=$confdir/templates
+prerun_command=/etc/puppet/etckeeper-commit-pre
+postrun_command=/etc/puppet/etckeeper-commit-post
+runinterval=60 # run every minute for debug TODO REMOVE
+pluginsync=true
+
+[master]
+# These are needed when the puppetmaster is run by passenger
+# and can safely be removed if webrick is used.
+ssl_client_header = SSL_CLIENT_S_DN 
+ssl_client_verify_header = SSL_CLIENT_VERIFY
+
+[agent]                                                                                                                                                                                          
+certname=#{uuid}
+conf
+    end
+  end
+end

data/lib/edurange/version.rb

@@ -0,0 +1,3 @@
+module Edurange
+  VERSION = "0.0.1"
+end

data/lib/edurange.rb

@@ -0,0 +1,13 @@
+require "edurange/version"
+require "edurange/parser"
+require "edurange/puppet_master"
+require "edurange/edu_machine"
+
+module Edurange
+  class Init
+    def self.init(filename)
+      Edurange::Parser.parse_yaml(filename)
+
+    end
+  end
+end

data/parser.rb

@@ -0,0 +1,57 @@
+require 'yaml'
+
+file = YAML.load_file('final.yml')
+
+softwares = {}
+file["Software"].each do |software|
+  softwares[software[0]] = software[1]
+end
+
+groups = {}
+file["Groups"].each do |group|
+  groups[group[0]] = group[1]
+end
+
+file["Nodes"].each do |node|
+  node_name = node[0]
+  ami_id = node[1]["AMI_ID"]
+
+  users = []
+  users_groups = node[1]["Users"]
+  users_groups.each do |user_group|
+    users.push groups[user_group]
+  end
+  users.flatten!
+
+  software = []
+  software_groups = node[1]["Software"]
+  software_groups.each do |software_group|
+    software.push softwares[software_group]
+  end
+  software.flatten!
+
+  iptables_rules = []
+  packages = []
+  software.each do |sw|
+    if !sw["IPTables"].nil?
+      sw["IPTables"].each do |iptable_rule|
+        port = iptable_rule[0]
+        protocol = iptable_rule[1]["Protocol"]
+        hosts = iptable_rule[1]["Hosts"]
+        hosts.each do |host|
+          iptables_rules.push [protocol, port, host]
+        end
+      end
+    end
+    if !sw["Packages"].nil?
+      sw["Packages"].each do |package|
+        packages.push package
+      end
+    end
+  end
+  p ami_id
+  p users
+  p iptables_rules
+  p packages
+end
+

data/site.pp

@@ -0,0 +1,20 @@
+node default {
+  include stdlib
+
+  file { "/tmp/test1":
+    ensure => present
+  } 
+  file { "/tmp/derp":
+    ensure => present,
+    content => $aaaaaafact
+  }
+}
+define install_software {
+        $package = $name
+        package { $name:
+          name => $name,
+          ensure => latest,
+        }
+}
+$packages = split($services,',')
+install_software{ $packages:; }

metadata

@@ -0,0 +1,61 @@
+--- !ruby/object:Gem::Specification
+name: edurange
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Stefan Boesen
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-02-15 00:00:00.000000000 Z
+dependencies: []
+description: EDURange Project
+email:
+- stefan.boesen@gmail.com
+executables:
+- edurange
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/edurange
+- edurange.gemspec
+- final.yml
+- lib/edurange.rb
+- lib/edurange/edu_machine.rb
+- lib/edurange/parser.rb
+- lib/edurange/puppet_master.rb
+- lib/edurange/version.rb
+- parser.rb
+- site.pp
+homepage: ''
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.24
+signing_key: 
+specification_version: 3
+summary: Automatic warspace simulations
+test_files: []