secgen's VM build process fails with "hostonlyif" message

[Tigershark2005-zz]

I am able to build a default scenario and save it to a folder as expected. The build fails with the following:

milk@Ubutarget:~/SecGen$ sudo ruby secgen.rb -p projects/SecGen20220617_055954 v
WARNING: Nokogiri was built against libxml version 2.9.14, but has dynamically loaded 2.9.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SecGen - Creates virtualised security scenarios
            Licensed GPLv3 2014-22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please take a minute to tell us how you are using SecGen:
 https://tinyurl.com/SecGenFeedback

Relative path to project detected
Using /home/milk/SecGen/projects/SecGen20220617_055954
Building project: /home/milk/SecGen/projects/SecGen20220617_055954
Loading vagrant (up) in /home/milk/SecGen/projects/SecGen20220617_055954
Bringing machine 'escalation' up with 'virtualbox' provider...
==> escalation: Importing base box 'modules_bases_debian_stretch_server'...
==> escalation: Matching MAC address for NAT networking...
==> escalation: Setting the name of the VM: SecGen20220617_055954_escalation_1655446585628_80840
==> escalation: Clearing any previously set network interfaces...
There was an error while executing `VBoxManage`, a CLI used by Vagrant
for controlling VirtualBox. The command and stderr is shown below.

Command: ["hostonlyif", "ipconfig", "vboxnet3", "--ip", "172.28.128.1", "--netmask", "255.255.255.0"]

Stderr: VBoxManage: error: Code E_ACCESSDENIED (0x80070005) - Access denied (extended info not available)
VBoxManage: error: Context: "EnableStaticIPConfig(Bstr(pszIp).raw(), Bstr(pszNetmask).raw())" at line 242 of file VBoxManageHostonly.cpp

Non-zero exit status...
Error provisioning VMs, destroying VMs and exiting SecGen.
Loading vagrant (destroy -f) in /home/milk/SecGen/projects/SecGen20220617_055954
==> escalation: Destroying VM and associated drives...

[Halfwhit]

Hey @Tigershark2005 ,

I fixed this issue by adding the following to /etc/vbox/networks.conf: * 0.0.0.0/0 ::/0

[Tigershark2005-zz]

I saw that on Google, the directory /etc/vbox doesn't exist.

---

From: Halfwhit @.> Sent: Friday, June 17, 2022 3:32:00 AM To: cliffe/SecGen @.> Cc: Cliff, of the East @.>; Mention @.> Subject: Re: [cliffe/SecGen] secgen's VM build process fails with "hostonlyif" message (Issue #221)

Hey @Tigershark2005https://github.com/Tigershark2005 ,

I fixed this issue by adding the following to /etc/vbox/networks.conf:

• 0.0.0.0/0 ::/0

— Reply to this email directly, view it on GitHubhttps://github.com/cliffe/SecGen/issues/221#issuecomment-1158581702, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AE46WAJYTUYBLBWQJ52N2D3VPQSXBANCNFSM5ZBGGQ4Q. You are receiving this because you were mentioned.Message ID: @.***>

[Halfwhit]

Yeah, you will have to create both the directory and the file using sudo

[Tigershark2005-zz]

That should be added to the readme since it's mandatory, but it did get me past that part. I'm now getting:

==> escalation: Running provisioner: puppet...
The following SSH command responded with a non-zero exit status.
Vagrant assumes that this means the command failed!

mkdir -p /tmp/vagrant-puppet; chmod 0777 /tmp/vagrant-puppet

Stdout from the command:

Stderr from the command:

Non-zero exit status...

[Halfwhit]

I think this is related to #216 and #114 . I'm still trying to slog through the errors to get a working project. Currently trying to update the base boxed to see if this resolves the error

[cliffe]

Sorry, I've not seen this error. The Vagrant cloud boxes do need some updates to work, but I can confirm we are using SecGen on a daily basis -- once you get all the software updated, it should work for you! Apologies we don't actively maintain the vagrant cloud boxes -- we will try to get these updated at some point to make it easier to get going with SecGen.

[Halfwhit]

I'm happy to submit a pull request to update the README.md to reflect how to install secgen once I have found a deterministic method to do so @cliffe do you have an exported ovf of secgen running on a VM as a quick-start?

[cliffe]

Pull requests very much welcomed. We don't have a ovf sorry. We use SecGen directing installed on dev and prod servers (and using oVirt rather than VirtualBox). Our base boxes are standard affairs with no magic involved. At some point they basically matched our published VirtualBox base boxes; unfortunately, we've not been in the habit of updating the VB baseboxes (as we don't use them -- so there's often been higher priorities). In theory, it should be a simple matter of simply updating the base boxes that we have published, but there may be a few issues to solve along the way due to keys expiring, etc).

[Tigershark2005-zz]

Ok, I'm essentially starting at 0 using the basic build method so I can either post here with the adjustment that was needed or submit a pull for the readme update. What I have so far is the networks.conf file and "bundle update --updater" will require you to run bundle install beforehand. Which on Ubu22 I'm getting an error for Ruby ~> 2.2 so I'll either retry with Ubu20 that the documentation mentions or fix the Ubu22. Either way will post my findings, I expect it should be simple.

[Tigershark2005-zz]

On Ubu22 the bundle install is failing on

    digest-whirlpool was resolved to 1.0.3, which depends on
      Ruby (~> 2.2)

ruby -v shows 3.0.2p107, seems like the bundler isn't reading the version correctly.

[Halfwhit]

Ubuntu 22.x has the updated ruby 3 versions, you should be able to use rvm/rbenv to run it I believe (I've not tried this myself yet)

[cliffe]

IIRC on the systems we run SecGen we are running Ubuntu 20.04, having followed an upgrade path from earlier versions. If the version of ruby is an issue, it's likely pretty safe to bump the version forward.

If you want a quick fix you could try commenting out digest-whirlpool as it's likely only used in an specific encoding module that won't be used often.

[Halfwhit]

... We use SecGen directing installed on dev and prod servers (and using oVirt rather than VirtualBox).

Sorry to piggyback on this issue, is there a guide to how to use ovirt instead of virtualbox?

[Tigershark2005-zz]

I'm happy to submit a pull request to update the README.md to reflect how to install secgen once I have found a deterministic method to do so @cliffe do you have an exported ovf of secgen running on a VM as a quick-start?

Missed that reply, no I'm still trying to set up a box fresh so I don't have a working one yet. The readme and wiki setup instructions are slightly different and I get stuck at different issues depending on which steps I use. Starting with 20.04 LTS, the bundle install fails on credy trying to find the dependancy thor. I did a gem install thor and gem install credy which worked, but still getting the error when rerunning bundle install. I'm not that familiar with gem files though. Just not having luck in any scenario yet.

[cliffe]

... We use SecGen directing installed on dev and prod servers (and using oVirt rather than VirtualBox).

Sorry to piggyback on this issue, is there a guide to how to use ovirt instead of virtualbox?

It's mostly a matter of supplying the ovirt parameters to SecGen. However, you would also need to build and maintain all the VM templates (as we only publish the VirtualBox ones to Vagrant cloud -- although they are mostly just minimal installs of the OSs with puppet and drivers installed), probably not worth attempting unless you were doing something on a larger scale.

[cliffe]

I'm happy to submit a pull request to update the README.md to reflect how to install secgen once I have found a deterministic method to do so @cliffe do you have an exported ovf of secgen running on a VM as a quick-start?

Missed that reply, no I'm still trying to set up a box fresh so I don't have a working one yet. The readme and wiki setup instructions are slightly different and I get stuck at different issues depending on which steps I use. Starting with 20.04 LTS, the bundle install fails on credy trying to find the dependancy thor. I did a gem install thor and gem install credy which worked, but still getting the error when rerunning bundle install. I'm not that familiar with gem files though. Just not having luck in any scenario yet.

Hopefully someone else who has done an install recently can point you in the right direction, in the meantime I'll add it to our todo list to sort out fresh installs (seems some of the gems have some dependency issues that we didn't see due to our upgrade path from a functioning Ubuntu 16.04 install through to 18.04 and 20.04)