search

splunk / attack_range

A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk
Apache License 2.0
2.15k stars 357 forks source link

Build error on Windows 11 / WSL v2 #889

Closed darach closed 2 months ago

darach commented 7 months ago

Following the documentation to setup dependencies for WSL results in an installation where the build step fails consistently:

paranoid in 🌐 the-machine in attack_range on  develop [!] via 🐍 v3.10.12 (attack-range-py3.10)
➜ python attack_range.py build

                              __
                            .d$$b
                          .' TO$;\
                         /  : TP._;
                        / _.;  :Tb|
                       /   /   ;j$j
                   _.-"       d$$$$
                 .' ..       d$$$$;
                /  /P'      d$$$$P. |\
               /   "      .d$$$P' |\^"l
             .'           `T$P^"""""  :
         ._.'      _.'                ;
      `-.-".-'-' ._.       _.-"    .-"
    `.-" _____  ._              .-"
   -(.g$$$$$$$b.              .'
     ""^^T$$$P^)            .(:
       _/  -"  /.'         /:/;
    ._.'-'`-'  ")/         /;/;
 `-.-"..--""   " /         /  ;
.-" ..--""        -'          :
..--""--.-"         (\      .-(\
  ..--""              `-\(\/;`
    _.                      :
                            ;`-
                           :\
                           ;  bug

By: Splunk Threat Research Team [STRT] - research@splunk.com

2024-04-10 12:36:10,516 - INFO - attack_range - [action] > build

Bringing machine 'ar-phantom-attack-range-key-pair-ar' up with 'virtualbox' provider...
Bringing machine 'ar-splunk-attack-range-key-pair-ar' up with 'virtualbox' provider...
Bringing machine 'ar-win-attack-range-key-pair-ar-0' up with 'virtualbox' provider...
Bringing machine 'ar-win-attack-range-key-pair-ar-1' up with 'virtualbox' provider...
Bringing machine 'ar-linux-attack-range-key-pair-ar-0' up with 'virtualbox' provider...
==> ar-phantom-attack-range-key-pair-ar: Checking if box 'centos/7' version '2004.01' is up to date...
==> ar-phantom-attack-range-key-pair-ar: Running provisioner: ansible...
    ar-phantom-attack-range-key-pair-ar: Running ansible-playbook...
[DEPRECATION WARNING]: "include" is deprecated, use include_tasks/import_tasks
instead. This feature will be removed in version 2.16. Deprecation warnings can
 be disabled by setting deprecation_warnings=False in ansible.cfg.

PLAY [all] *********************************************************************

TASK [phantom : Copy Splunk SOAR to server] ************************************
skipping: [ar-phantom-attack-range-key-pair-ar]

TASK [phantom : Creates directory] *********************************************
skipping: [ar-phantom-attack-range-key-pair-ar]

TASK [phantom : prepare phantom install script without apps] *******************
skipping: [ar-phantom-attack-range-key-pair-ar]

TASK [phantom : copy splunk soar folder] ***************************************
skipping: [ar-phantom-attack-range-key-pair-ar]

TASK [phantom : chown splunk soar folder] **************************************
skipping: [ar-phantom-attack-range-key-pair-ar]

TASK [phantom : run the phantom install script] ********************************
skipping: [ar-phantom-attack-range-key-pair-ar]

TASK [phantom : Creates directory] *********************************************
fatal: [ar-phantom-attack-range-key-pair-ar]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: ssh: connect to host 127.0.0.1 port 2200: Connection refused", "unreachable": true}

PLAY RECAP *********************************************************************
ar-phantom-attack-range-key-pair-ar : ok=0    changed=0    unreachable=1    failed=0    skipped=6    rescued=0    ignored=0

Ansible failed to complete successfully. Any error output should be
visible above. Please fix these errors and try again.
2024-04-10 12:36:15,206 - ERROR - attack_range - vagrant failed to build

A partial fix follows:

 export PATH=$PATH:/mnt/c/Windows/System32/WindowsPowerShell/v1.0

TASK [phantom : Copy Splunk SOAR to server] **** [WARNING]: Error deleting remote temporary files (rc: 1, stderr: Could not chdir to home directory /home/vagrant: Permission denied bash: /home/vagrant/.bashrc: Permission denied }) changed: [ar-phantom-attack-range-key-pair-ar]

TASK [phantom : prepare phantom install script without apps] *** fatal: [ar-phantom-attack-range-key-pair-ar]: UNREACHABLE! => {"changed": false, "msg": "Failed to create temporary directory.In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote tmp path in ansible.cfg to a path rooted in \"/tmp\", for more error information use -vvv. Failed command was: ( umask 77 && mkdir -p \"echo /home/vagrant/.ansible/tmp\"&& mkdir \"echo /home/vagrant/.ansible/tmp/ansible-tmp-1712746651.3498158-484253-99714747439301\" && echo ansible-tmp-1712746651.3498158-484253-99714747439301=\"echo /home/vagrant/.ansible/tmp/ansible-tmp-1712746651.3498158-484253-99714747439301\" ), exited with result 1", "unreachable": true}

PLAY RECAP ***** ar-phantom-attack-range-key-pair-ar : ok=2 changed=2 unreachable=1 failed=0 skipped=6 rescued=0 ignored=0

Ansible failed to complete successfully. Any error output should be visible above. Please fix these errors and try again. 2024-04-10 12:57:31,511 - ERROR - attack_range - vagrant failed to build



At a minimum, it is worth documenting the above two steps. I have yet to attend to the ansible issue above.
P4T12ICK commented 2 months ago

I did a bunch of updates on the local install of Splunk SOAR/Phantom. This will be pushed soon.