search

splunk / attack_range

A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk
Apache License 2.0
2.17k stars 358 forks source link

error:local-exec provisioner error #639

Closed restinlinux closed 2 years ago

restinlinux commented 2 years ago

got this error while building the instances , help me out here to resolve this. what am i missing here . Thanks!

Error displaying :

│ Error: local-exec provisioner error │ │ with module.splunk-server.aws_instance.splunk-server, │ on ../modules/splunk-server/resources.tf line 47, in resource "aws_instance" "splunk-server": │ 47: provisioner "local-exec" { │ │ Error running command 'ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u ubuntu --private-key │ /attack_range/root-.key -i '13.127.207.19,' playbooks/splunk_server.yml -e │ 'ansible_python_interpreter=/usr/bin/python3 splunk_admin_password=3kHtgfQueU8TQnijAgx │ splunk_url=https://download.splunk.com/products/splunk/releases/8.2.5/linux/splunk-8.2.5-77015bc7a462-Linux-x86_64.tgz│ splunk_binary=splunk-8.2.5-77015bc7a462-Linux-x86_64.tgz │ s3_bucket_url=https://attack-range-appbinaries.s3-us-west-2.amazonaws.com │ splunk_escu_app=DA-ESS-ContentUpdate-latest.tar.gz splunk_asx_app=Splunk_ASX-latest.tar.gz │ splunk_windows_ta=splunk-add-on-for-microsoft-windows_840.tgz │ splunk_aws_ta=splunk-add-on-for-amazon-web-services-aws_520.tgz │ splunk_cim_app=splunk-common-information-model-cim_500.tgz splunk_sysmon_ta=splunk-add-on-for-sysmon_200.tgz │ splunk_sysmon_linux_ta=add-on-for-linux-sysmon_104.tgz key_name=root-94751 │ splunk_python_app=python-for-scientific-computing-for-linux-64-bit_302.tgz │ splunk_mltk_app=splunk-machine-learning-toolkit_531.tgz install_es=0 splunk_es_app=splunk-enterprise-security_700.spl │ phantom_app=phantom-app-for-splunk_4035.tgz phantom_server=0 phantom_byo=0 phantom_api_token=FIXME │ phantom_byo_ip=8.8.8.8 phantom_server_private_ip=10.0.1.13 phantom_admin_password=3kHtgfQueU8TQnijAgx │ splunk_security_essentials_app=splunk-security-essentials_350.tgz splunk_bots_dataset=0 │ punchard_custom_visualization=punchcard-custom-visualization_150.tgz │ status_indicator_custom_visualization=status-indicator-custom-visualization_150.tgz │ splunk_attack_range_dashboard=splunk_attack_range_reporting-1.0.7.tar.gz │ timeline_custom_visualization=splunk-timeline-custom-visualization_161.tgz │ splunk_stream_app=splunk-app-for-stream_802.tgz splunk_ta_wire_data=splunk-add-on-for-stream-wire-data_802.tgz │ splunk_ta_stream=splunk-add-on-for-stream-forwarders_802.tgz splunk_zeek_ta=splunk-add-on-for-zeek-aka-bro_400.tgz │ splunk_server_private_ip=10.0.1.12 splunk_office_365_ta=splunk-add-on-for-microsoft-office-365_300.tgz │ splunk_kinesis_ta=splunk-add-on-for-amazon-kinesis-firehose_131r7d1d093.tgz │ splunk_linux_ta=splunk-add-on-for-unix-and-linux_840.tgz splunk_es_app_version=700 install_dsp=0 │ dsp_client_cert_path= dsp_node= ta_for_zeek=ta-for-zeek_105.tgz splunk_nginx_ta=splunk-add-on-for-nginx_310.tgz │ prelude=0 │ prelude_operator_url=https://download.prelude.org/latest?arch=x64&platform=linux&variant=zip&edition=headless │ prelude_account_email='': exit status 4. Output: │ PLAY [all] *** │ │ TASK [linux_common : Change the hostname] ** │ changed: [13.127.207.19] │ │ TASK [linux_common : Create resolved.conf.d] * │ changed: [13.127.207.19] │ │ TASK [linux_common : Disable DNSSEC] *** │ changed: [13.127.207.19] │ │ TASK [linux_common : Restart systemd-resolved] * │ changed: [13.127.207.19] │ │ TASK [linux_common : disable ubuntu autoupgrade] * │ changed: [13.127.207.19] │ │ TASK [search_head : add splunk group] ** │ changed: [13.127.207.19] │ │ TASK [search_head : add splunk user] ***** │ changed: [13.127.207.19] │ │ TASK [search_head : make /opt writetable by splunk] **** │ changed: [13.127.207.19] │ │ TASK [search_head : checking if splunk is install] * │ ok: [13.127.207.19] │ │ TASK [search_head : is splunk installed?] ** │ skipping: [13.127.207.19] │ │ TASK [search_head : download splunk] *** │ fatal: [13.127.207.19]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Shared │ connection to 13.127.207.19 closed.", "unreachable": true} │ │ PLAY RECAP │ 13.127.207.19 : ok=9 changed=8 unreachable=1 failed=0 skipped=1 rescued=0 ignored=0 │ │ ╵ ╷ │ Error: local-exec provisioner error │ │ with module.windows-domain-controller.aws_instance.windows_domain_controller[0], │ on ../modules/windows-domain-controller/resources.tf line 57, in resource "aws_instance" "windows_domain_controller": │ 57: provisioner "local-exec" { │ │ Error running command 'ansible-playbook -i '13.233.97.121,' playbooks/windows_dc.yml --extra-vars │ 'splunk_indexer_ip=10.0.1.12 ansible_user=Administrator ansible_password=3kHtgfQueU8TQnijAgx │ win_password=3kHtgfQueU8TQnijAgx │ splunk_uf_win_url=https://download.splunk.com/products/universalforwarder/releases/8.2.5/windows/splunkforwarder-8.2.5-77015bc7a462-x64-release.msi │ win_sysmon_url=https://attack-range-appbinaries.s3-us-west-2.amazonaws.com/Sysmon.zip │ win_sysmon_template=AttackRangeSysmon.xml splunk_admin_password=3kHtgfQueU8TQnijAgx │ splunk_stream_app=splunk-app-for-stream_802.tgz │ s3_bucket_url=https://attack-range-appbinaries.s3-us-west-2.amazonaws.com win_4688_cmd_line=1 │ verbose_win_security_logging=0 key_name=root-94751 install_red_team_tools=0 install_aurora_agent=0 │ aurora_agent_url=https://update1.nextron-systems.com/getupdate.php?product=aurora-agent-lite-win │ aurora_agent_license=https://portal.nextron-systems.com/api/lite/license/2022-2/6beda56036fbe184dd0950fd24acfd59_a1f1081c9d6f0dc29aa0e5609fadf855.lic │ prelude=0 windows_domain_controller_run_badblood=0 '': exit status 2. Output: │ PLAY [all] │ │ TASK [Gathering Facts] *** │ ok: [13.233.97.121] │ │ TASK [windows_common : Change the hostname] **** │ changed: [13.233.97.121] │ │ TASK [windows_common : debug] ** │ ok: [13.233.97.121] => { │ "ansible_distribution": "Microsoft Windows Server 2016 Datacenter" │ } │ │ TASK [windows_common : Disable Real-Time Protection of Windows Defender for Windows 10] * │ skipping: [13.233.97.121] │ │ TASK [windows_common : Disable Windows Defender in Windows Server windows_domain_controller] * │ An exception occurred during task execution. To see the full traceback, use -vvv. The error was: │ requests.exceptions.ConnectionError: ('Connection aborted.', RemoteDisconnected('Remote end closed connection without │ response')) │ fatal: [13.233.97.121]: FAILED! => {"msg": "Unexpected failure during module execution.", "stdout": ""} │ │ PLAY RECAP *** │ 13.233.97.121 : ok=3 changed=1 unreachable=0 failed=1 skipped=1 rescued=0 ignored=0 │

josehelps commented 2 years ago

@restinlinux looks like connection was lost to the windows host during build time 

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: │ requests.exceptions.ConnectionError: ('Connection aborted.', RemoteDisconnected('Remote end closed connection without │ response')

Is this happening on consecutive builds?

restinlinux commented 2 years ago

yes, tried building a windows domain controller. over the aws console the instance was created along with ssh rule but idk why local-exec error pops failed to connect the host via ssh.

P4T12ICK commented 2 years ago

Attack Range will build and configure the Domain Controller for you. There is no need to build it over the AWS console. Were you able to solve your problems?