search

VultureProject / vulture-base

Vulture 4 base system and bootstrap scripts
GNU Lesser General Public License v3.0
39 stars 13 forks source link

Nested virtualization not working with freebsd 12 & Proxmox #4

Closed hashimea closed 5 years ago

hashimea commented 5 years ago

I tried the latest vulture 4. The new version uses nested virtualization as there is VM inside FreeBSD which creates the network bridge tap0. I tried with Proxmox, almost used all the combinations for allowing nested virtualization but the kernel module of FreeBSD 12 for vm (vmm) not working properly. so that VM not running.

jjourdin commented 5 years ago

Nested virtualization is only needed in special configurations where Vulture is used as a vulnerability scanning engine / pentest box.

When nested virtualization is found, a "vm-public" interface is created. Otherwise a "tap0" interface is created.

If you can see a tap0 interface, everything is Ok - you can ignore the vmm error at boot time.

Please check in /etc/rc.conf.d/network if you have the correct network interface name for the management IP (default is "vmx0" but on proxmox it is "vtnet0" by default).

hashimea commented 5 years ago 
Aug 20 12:50:25 server1 kernel: in6_purgeaddr: err=65, destination address delete failed

Aug 20 12:50:25 server1 kernel: vtnet0: link state changed to UP

Aug 20 12:50:25 server1 kernel: intsmb0: <Intel PIIX4 SMBUS Interface> irq 9 at device 1.3 on pci0

Aug 20 12:50:25 server1 kernel: intsmb0: intr IRQ 9 enabled revision 0

Aug 20 12:50:25 server1 kernel: smbus0: <System Management Bus> on intsmb0

Aug 20 12:50:25 server1 kernel: uhid0 on uhub0

Aug 20 12:50:25 server1 kernel: uhid0: <QEMU QEMU USB Tablet, class 0/0, rev 2.00/0.00, addr 2> on usbus0

Aug 20 12:50:25 server1 kernel: vmx_init: processor does not support VMX operation

Aug 20 12:50:25 server1 kernel: module_register_init: MOD_LOAD (vmm, 0xffffffff82c4da50, 0) error 6

Aug 20 12:50:25 server1 kernel: driver bug: Unable to set devclass (class: fdc devname: (unknown))

Aug 20 12:50:25 server1 dnsmasq[49328]: unknown interface tap0

Aug 20 12:50:25 server1 dnsmasq[49328]: FAILED to start up

Aug 20 12:50:25 server1 root[17166]: /etc/rc: WARNING: failed to start dnsmasq

Here is the log from /var/log/messages after the reboot. tap0 is not getting created

the /etc/rc.conf.d/network configuration is correct with vtnet0

And a manual tap0 creation solves this issue !

ifconfig tap0 create

still at boot tap0 is not getting created

jjourdin commented 5 years ago

Ok. This has been fixed in development releases.

If you wanna try latest builds, please install Vulture with the following /usr/local/etc/pkg/repos/vulture.conf file:

Vulture: { url: https://download.vultureproject.org/v4/12.0/dev/, signature_type: fingerprints, fingerprints: /usr/share/keys/pkg, enabled: yes }

Followed by pkg update -f

hashimea commented 5 years ago

@jjourdin

Thanks for the quick response. I tried to update the repo, but getting a certificate error

`root@server1:~ # pkg update Updating FreeBSD repository catalogue... FreeBSD repository is up to date. Updating Vulture repository catalogue... Certificate verification failed for /CN=.vultureproject.org 34374606848:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1925: Certificate verification failed for /CN=.vultureproject.org 34374606848:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1925: Certificate verification failed for /CN=.vultureproject.org 34374606848:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1925: pkg: https://download.vultureproject.org/v4/12.0/dev//meta.txz: Authentication error repository Vulture has no meta file, using default settings Certificate verification failed for /CN=.vultureproject.org 34374606848:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1925: Certificate verification failed for /CN=.vultureproject.org 34374606848:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1925: Certificate verification failed for /CN=.vultureproject.org 34374606848:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1925: pkg: https://download.vultureproject.org/v4/12.0/dev//packagesite.txz: Authentication error Unable to update repository Vulture Error updating repositories!

Also, note that in the main release repo

https://download.vultureproject.org/v4/12.0/release/ darwin is missing`

hashimea commented 5 years ago

@jjourdin Could you please look into this certificate issue?

jjourdin commented 5 years ago

Certificate problem + darwin package issue have been fixed. Sorry for the inconvenience.

hashimea commented 5 years ago

@jjourdin Still the certification error persists. Could you please verify

jjourdin commented 5 years ago

no problem on our side use pkg update with the '-f' flag

hashimea commented 5 years ago

@jjourdin yes i followed that. Getting same error with dev and release repo

root@server1:~ # pkg update -f Updating FreeBSD repository catalogue... Fetching meta.txz: 100% 944 B 0.9kB/s 00:01 Fetching packagesite.txz: 100% 6 MiB 3.3MB/s 00:02 Processing entries: 100% FreeBSD repository update completed. 31756 packages processed. Updating Vulture repository catalogue... Certificate verification failed for /CN=*.vultureproject.org 34374606848:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1925: Certificate verification failed for /CN=*.vultureproject.org 34374606848:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1925: Certificate verification failed for /CN=*.vultureproject.org 34374606848:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1925: pkg: https://download.vultureproject.org/v4/12.0/dev//meta.txz: Authentication error repository Vulture has no meta file, using default settings Certificate verification failed for /CN=*.vultureproject.org 34374606848:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1925: Certificate verification failed for /CN=*.vultureproject.org 34374606848:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1925: Certificate verification failed for /CN=*.vultureproject.org 34374606848:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1925: pkg: https://download.vultureproject.org/v4/12.0/dev//packagesite.txz: Authentication error Unable to update repository Vulture Error updating repositories! root@server1:~ #

jjourdin commented 5 years ago

Did you install the ca_root_nss package before trying to pkg update ?

hashimea commented 5 years ago

@jjourdin Issue solved. The problem was with the incorrect date & time