Kali linux Missing on Azure

[patel-bhavin]

Slack Thread Details: https://splunk-usergroups.slack.com/archives/CDNHXVBGS/p1653332688795899

Matthew Whitener from Splunk user group:

Hello everyone! I am trying to utilize splunk attack_range in azure from a macbook. I have followed the configuration settings on the github page but I am hitting errors during the build phase. It looks like I am in the ansible phase when this occurs. Attached is the console output.

│ Error: compute.VirtualMachinesClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="ResourcePurchaseValidationFailed" Message="User failed validation to purchase resources. Error message: 'You have not accepted the legal terms on this subscription: '0d928df6-3c62-4265-9691-e7df3f94d281' for this plan. Before the subscription can be used, you need to accept the legal terms of the image. To read and accept legal terms, use the Azure CLI commands described at https://go.microsoft.com/fwlink/?linkid=2110637 or the PowerShell commands available at https://go.microsoft.com/fwlink/?linkid=862451. Alternatively, deploying via the Azure portal provides a UI experience for reading and accepting the legal terms. Offer details: publisher='kali-linux' offer = 'kali-linux', sku = 'kali', Correlation Id: 'e40c95a9-b76d-a99d-d149-f5d7198e15c2'.'" │ │ with module.kali_machine.azurerm_virtual_machine.kali[0], │ on ../modules/kali_machine/resources.tf line 25, in resource "azurerm_virtual_machine" "kali": │ 25: resource "azurerm_virtual_machine" "kali" { │ ╵ ╷ │ Error: Unsupported attribute │ │ on ../modules/splunk-server/resources.tf line 73, in resource "azurerm_virtual_machine" "splunk": │ 73: command = "ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u ubuntu --private-key ${var.config.private_key_path} -i '${azurerm_public_ip.splunk-publicip.ip_address},' playbooks/splunk_server.yml -e 'ansible_python_interpreter=/usr/bin/python3 splunk_admin_password=${var.config.attack_range_password} splunk_url=${var.config.splunk_url} splunk_binary=${var.config.splunk_binary} s3_bucket_url=${var.config.s3_bucket_url} splunk_escu_app=${var.config.splunk_escu_app} splunk_asx_app=${var.config.splunk_asx_app} splunk_windows_ta=${var.config.splunk_windows_ta} splunk_aws_ta=${var.config.splunk_aws_ta} splunk_cim_app=${var.config.splunk_cim_app} splunk_sysmon_ta=${var.config.splunk_sysmon_ta} splunk_sysmon_linux_ta=${var.config.splunk_sysmon_linux_ta} splunk_python_app=${var.config.splunk_python_app} splunk_mltk_app=${var.config.splunk_mltk_app} caldera_password=${var.config.attack_range_password} install_es=${var.config.install_es} splunk_es_app=${var.config.splunk_es_app} phantom_app=${var.config.phantom_app} phantom_server=${var.config.phantom_server} phantom_byo=${var.config.phantom_byo} phantom_api_token=${var.config.phantom_api_token} phantom_byo_ip=${var.config.phantom_byo_ip} phantom_server_private_ip=${var.config.phantom_server_private_ip} phantom_admin_password=${var.config.attack_range_password} splunk_security_essentials_app=${var.config.splunk_security_essentials_app} splunk_bots_dataset=${var.config.splunk_bots_dataset} punchard_custom_visualization=${var.config.punchard_custom_visualization} status_indicator_custom_visualization=${var.config.status_indicator_custom_visualization} splunk_attack_range_dashboard=${var.config.splunk_attack_range_dashboard} timeline_custom_visualization=${var.config.timeline_custom_visualization} splunk_stream_app=${var.config.splunk_stream_app} splunk_ta_wire_data=${var.config.splunk_ta_wire_data} splunk_ta_stream=${var.config.splunk_ta_stream} splunk_zeek_ta=${var.config.splunk_zeek_ta} splunk_server_private_ip=${var.config.splunk_server_private_ip} splunk_office_365_ta=${var.config.splunk_office_365_ta} splunk_kinesis_ta=${var.config.splunk_kinesis_ta} splunk_linux_ta=${var.config.splunk_linux_ta} splunk_es_app_version=${var.config.splunk_es_app_version} install_dsp=${var.config.install_dsp} dsp_client_cert_path=${var.config.dsp_client_cert_path} dsp_node=${var.config.dsp_node} splunk_dashboard_beta=${var.config.splunk_dashboard_beta} splunk_dashboard_beta=${var.config.splunk_dashboard_beta} ta_for_zeek=${var.config.ta_for_zeek} splunk_nginx_ta=${var.config.splunk_nginx_ta}'" │ ├──────────────── │ │ var.config is object with 115 attributes │ │ This object does not have an attribute named "splunk_dashboard_beta". ╵ ╷ │ Error: Unsupported attribute │ │ on ../modules/splunk-server/resources.tf line 73, in resource "azurerm_virtual_machine" "splunk": │ 73: command = "ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u ubuntu --private-key ${var.config.private_key_path} -i '${azurerm_public_ip.splunk-publicip.ip_address},' playbooks/splunk_server.yml -e 'ansible_python_interpreter=/usr/bin/python3 splunk_admin_password=${var.config.attack_range_password} splunk_url=${var.config.splunk_url} splunk_binary=${var.config.splunk_binary} s3_bucket_url=${var.config.s3_bucket_url} splunk_escu_app=${var.config.splunk_escu_app} splunk_asx_app=${var.config.splunk_asx_app} splunk_windows_ta=${var.config.splunk_windows_ta} splunk_aws_ta=${var.config.splunk_aws_ta} splunk_cim_app=${var.config.splunk_cim_app} splunk_sysmon_ta=${var.config.splunk_sysmon_ta} splunk_sysmon_linux_ta=${var.config.splunk_sysmon_linux_ta} splunk_python_app=${var.config.splunk_python_app} splunk_mltk_app=${var.config.splunk_mltk_app} caldera_password=${var.config.attack_range_password} install_es=${var.config.install_es} splunk_es_app=${var.config.splunk_es_app} phantom_app=${var.config.phantom_app} phantom_server=${var.config.phantom_server} phantom_byo=${var.config.phantom_byo} phantom_api_token=${var.config.phantom_api_token} phantom_byo_ip=${var.config.phantom_byo_ip} phantom_server_private_ip=${var.config.phantom_server_private_ip} phantom_admin_password=${var.config.attack_range_password} splunk_security_essentials_app=${var.config.splunk_security_essentials_app} splunk_bots_dataset=${var.config.splunk_bots_dataset} punchard_custom_visualization=${var.config.punchard_custom_visualization} status_indicator_custom_visualization=${var.config.status_indicator_custom_visualization} splunk_attack_range_dashboard=${var.config.splunk_attack_range_dashboard} timeline_custom_visualization=${var.config.timeline_custom_visualization} splunk_stream_app=${var.config.splunk_stream_app} splunk_ta_wire_data=${var.config.splunk_ta_wire_data} splunk_ta_stream=${var.config.splunk_ta_stream} splunk_zeek_ta=${var.config.splunk_zeek_ta} splunk_server_private_ip=${var.config.splunk_server_private_ip} splunk_office_365_ta=${var.config.splunk_office_365_ta} splunk_kinesis_ta=${var.config.splunk_kinesis_ta} splunk_linux_ta=${var.config.splunk_linux_ta} splunk_es_app_version=${var.config.splunk_es_app_version} install_dsp=${var.config.install_dsp} dsp_client_cert_path=${var.config.dsp_client_cert_path} dsp_node=${var.config.dsp_node} splunk_dashboard_beta=${var.config.splunk_dashboard_beta} splunk_dashboard_beta=${var.config.splunk_dashboard_beta} ta_for_zeek=${var.config.ta_for_zeek} splunk_nginx_ta=${var.config.splunk_nginx_ta}'" │ ├──────────────── │ │ var.config is object with 115 attributes │ │ This object does not have an attribute named "splunk_dashboard_beta". ╵ ╷ │ Error: local-exec provisioner error │ │ with module.windows-domain-controller.azurerm_virtual_machine.dc[0], │ on ../modules/windows-domain-controller/resources.tf line 96, in resource "azurerm_virtual_machine" "dc": │ 96: provisioner "local-exec" { │ │ Error running command 'ansible-playbook -i 'XX.XXX.XXX.91,' playbooks/windows_dc.yml --extra-vars 'ansible_port=5985 │ splunk_indexer_ip=10.0.1.12 ansible_user=AzureAdmin ansible_password=[cleared for sensitivity] win_password=[cleared for sensitivity] │ splunk_uf_win_url=https://download.splunk.com/products/universalforwarder/releases/8.2.5/windows/splunkforwarder-8.2.5-77015bc7a462-x64-release.msi │ win_sysmon_url=https://attack-range-appbinaries.s3-us-west-2.amazonaws.com/Sysmon.zip win_sysmon_template=AttackRangeSysmon.xml │ splunk_admin_password=[cleared for sensitivity] splunk_stream_app=splunk-app-for-stream_802.tgz │ s3_bucket_url=https://attack-range-appbinaries.s3-us-west-2.amazonaws.com win_4688_cmd_line=1 verbose_win_security_logging=0 │ install_red_team_tools=0 install_aurora_agent=0 │ aurora_agent_url=https://update1.nextron-systems.com/getupdate.php?product=aurora-agent-lite-win │ aurora_agent_license=https://portal.nextron-systems.com/api/lite/license/2022-2/6beda56036fbe184dd0950fd24acfd59_a1f1081c9d6f0dc29aa0e5609fadf855.lic'': │ exit status 2. Output: │ PLAY [all] ********************************************************************* │ │ TASK [Gathering Facts] ********************************************************* │ ok: [XX.XXX.XXX.91] │ │ TASK [windows_common : Change the hostname] ************************************ │ fatal: [XX.XXX.XXX.91]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'key_name' is │ undefined\n\nThe error appears to be in '/Users/mwhitener/attack_range/ansible/roles/windows_common/tasks/set-hostname.yml': line 3, │ column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: │ Change the hostname\n ^ here\n"} │ │ PLAY RECAP ********************************************************************* │ XX.XXX.XXX.91 : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0 │ │

[P4T12ICK]

The kali image is not available anymore in the Azure marketplace. That's why building a kali instance in Azure doesn't work in the moment.

[josehelps]

duplicate of #548 #548

[P4T12ICK]

this should be fixed