local target doesn't work for multiple reasons

[jpdborgna]

Hi, I've been asked to deploy this lab on a bare metal server, that's using the local build target. After several attempts on the last 5 days I'm giving up. I'm reporting here what I could dig but at the end of the day I wasn't able to get this running. Here are some notes: Please note that I just learned about ansible and vagrant with this project so don't discard that I just don't know how to hack or work with them.

My setup is a fresh server, bare metal, running debian bookworm from a clean install. After the first boot I setup the dependencies with this exact sequence of commands:

` apt update apt -y upgrade apt -y install tmux vim htop git wget gpg python3-poetry

Vagrant

wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/vagrant.list apt update && apt -y install vagrant

VirtualBox

wget -O- https://www.virtualbox.org/download/oracle_vbox_2016.asc | sudo gpg --yes --output /usr/share/keyrings/oracle-virtualbox-2016.gpg --dearmor echo "deb [arch=amd64 signed-by=/usr/share/keyrings/oracle-virtualbox-2016.gpg] https://download.virtualbox.org/virtualbox/debian bookworm contrib" | tee /etc/apt/sources.list.d/virtualbox.list apt update && apt -y install virtualbox-7.0 `

Then as regular user (not root): git clone https://github.com/splunk/attack_range.git cd attack_range poetry shell export PYTHON_KEYRING_BACKEND=keyring.backends.null.Keyring poetry install python attack_range.py configure

I got to see 3 VMs in virtualbox, the final crash I got to overcome is at the second windows server. With some hacking I think I got the linux and the dc working fully. I have tried with the 3 windows versions available, same results.

Issues:

• The recipes are not idempotent, after a crash I need to delete all the VMs and start over from zero, even when 2 VMs were fully finished, at the next run ansible commands blow up.
• The linux server for splunk breaks at terraform/ansible/roles/splunk_server/tasks/splunk.yml when "accept license and start splunk" because splunk is already running, I hacked this by adding a shell comand before to stop splunk and one after to start it.
• Second windows server fails to join the domain consistently, the error is it can't find the domain on the network thus it can't join
• Second windows server fails to configure sysmon because it's already registered. It seems it tries to install it 2 times.
• I don't see anything hinting me that the Kali server is going to be installed
• Even if you say no to have the linux server it installs it anyways.

While I'm happy to contribute to this project I really need to have this out so any hack or trick for me to be able to iterate, ignore errors and continue o even how to run provisioning for a single machine without waiting the full hour a run is taking me is appreciated.

[sourceXORapprentice]

I've experienced this as well on Debian 12, there are a ton of breakages and the fact the attack_range.yml configuration settings dont seem to be respected, like Linux installing anyway and Kali not working. This is compounded by the non-idempotent Ansible script leading to a really frustrating experience in troubleshooting.

I got through the build by fixing it at each fail and then going into the Ansible configuration files and commenting out completed steps - but this defeats the project's purpose. This could probably be overcome with some error handling with Ansible break and rescue clauses, and an initial gathering script to identify the state of the build and what is completed. Password changes, for example, should probably be step one instead of the post section so that reruns don't die trying the hard coded initial password. That way any inevitable dependency issues that break a step over time is not blowing away hours restarting from scratch.

Am I right in that the Docker image isn't shipping now with a local option - as it doesn't appear to come with Vagrant?

[P4T12ICK]

Thank you for your feedback @jpdborgna .

• The recipes are not idempotent, after a crash I need to delete all the VMs and start over from zero, even when 2 VMs were fully finished, at the next run ansible commands blow up. Yes this is intended behaviour.
• The linux server for splunk breaks at terraform/ansible/roles/splunk_server/tasks/splunk.yml when "accept license and start splunk" because splunk is already running, I hacked this by adding a shell comand before to stop splunk and one after to start it. I will need to test it.
• Second windows server fails to join the domain consistently, the error is it can't find the domain on the network thus it can't join I will need to test it
• Second windows server fails to configure sysmon because it's already registered. It seems it tries to install it 2 times. This is weird because everything is the same between windows server 1 and windows server 2. It should either fail for both of them or be successful for both of them. Are you sure with that?
• I don't see anything hinting me that the Kali server is going to be installed Kali server will be not installed by default. You will need to add the corresponding configuration it to the attack_range.yml.
• Even if you say no to have the linux server it installs it anyways. By default, no linux server will be installed. You will need to add the corresponding configuration it to the attack_range.yml