-
Notifications
You must be signed in to change notification settings - Fork 318
Baseboxes
- What are baseboxes?
- How do I use baseboxes in SecGen?
- Where are base modules stored?
- What do base modules actually contain?
- Where can I get new base modules from?
- Why do I need to import my own baseboxes?
- Where will we be importing the basebox from?
- Why not create my own basebox?
- Create a custom basebox
- Where can I get more information on creating base modules?
TODO re-arrange contents and sections to be similar to services, vulnerabilities and utilities modules
Baseboxes are copies of an operating system with all the prerequisite software installed in order for SecGen to function properly.
SecGen uses base modules to spawn baseboxes and to install them on virtual machines.
Base modules contain all necessary information on the selected baseboxes operating system, distro/version, author, licence and where to download the basebox from (usually an online repository).
Base modules are stored in the bases directory, a simplified SecGen file structure to the bases directory is below:
/SecGen
/modules
/bases
Base modules contain all information necessary to spawn the selected basebox into a virtual machine in vagrant.
A variation on the default module structure is used for base modules.
The module structure for base modules is:
/bases
/{module_#1_name}
/secgen_metadata.xml
/{module_#2_name}
/secgen_metadata.xml
The secgen_metadata.xml files for the base modules are based on following structure:
Minimal bases secgen_metadata.xml file
<?xml version="1.0"?>
<base xmlns="http://www.github/cliffe/SecGen/base"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/base">
<name>“”</name>
<author>“”</author>
<module_licence>MIT // Apache v2 // GPLv3</module_licence>
<description>“”</description>
<type>server // desktop // cli</type>
<platform>“”</platform>
<distro>“”</distro>
<url>“”</url>
</base>All values for bases secgen_metadata.xml file
<?xml version="1.0"?>
<base xmlns="http://www.github/cliffe/SecGen/base"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/base">
<name>“”</name>
<author>“”</author>
<module_licence>MIT // Apache v2 // GPLv3</module_licence>
<description>“”</description>
<type>server // desktop // cli</type>
<platform>“”</platform>
<distro>“”</distro>
<url>“”</url>
<reference>“”</reference>
<software_name>“”</software_name>
<software_licence>“”</software_licence>
<conflict>
<module_path>“”</module_path>
<name>“”</name>
<author>“”</author>
<module_licence>“”</module_licence>
<description>“”</description>
<type>“”</type>
<platform>linux // unix // windows</platform>
<distro>“”</distro>
<url>“”</url>
<vagrantbase>“”</vagrantbase>
<reference>“”</reference>
<software_licence>“”</software_licence>
</conflict>
<requires>
<module_path>“”</module_path>
<name>“”</name>
<author>“”</author>
<module_licence>“”</module_licence>
<description>“”</description>
<type>“”</type>
<platform>linux // unix // windows</platform>
<distro>“”</distro>
<url>“”</url>
<vagrantbase>“”</vagrantbase>
<reference>“”</reference>
<software_licence>“”</software_licence>
</requires>
</base>For more in depth detail on what secgen_metadata.xml contains, visit here.
Baseboxes are usually downloaded from a remote repository, an example repository that some of the SecGen baseboxes use is https://atlas.hashicorp.com/boxes/search.
Atlas contains a large selection of baseboxes, however most are biased towards linux.
The most probable scenario for gaining more windows baseboxes is by creating them yourself, this can also help with licensing, as you can use your own windows licenses or free trials.
Please note: Like all code in SecGen, we do not want non foss (free open source software) licences in SecGen's core code repositories, this is because SecGen will not be able to group the entire code base under a foss license. This doesn't however mean that you can't use other licenses in your local copies, just that we don't want these licenses to touch the main SecGen repositories.
Baseboxes include all Operating system and Distro information, therefore acting as a base to the whole generated system.
Baseboxes can be imported from many sites, the site used in this tutorial is Atlas by Hashicorp.
Baseboxes can be simple to make, but complex to optimise, therefore it is recommended to use pre-made baseboxes for secgen. However, as some baseboxes may be hard to find or may not exist, creating baseboxes for Operating Systems like windows may be neccesary.
First log onto Atlas and find a sufficient basebox, we will be using ubuntu-16.04-32-puppet.
First, create a new directory inside the bases directory
mkdir ~/{path_to_SecGen}/SecGen/modules/bases/ubuntu_puppet_32
Next, change to the newly created directory
cd ~/{path_to_SecGen/SecGen/modules/bases/ubuntu_puppet_32
Then, create the secgen_metadata.xml file for the basebox.
TODO
More detailed information about the general structure of modules can be found in: Module development overview.
A detailed analysis of all the different tags and types allowed in the secgen_metadata.xml and scenario files is in: SecGen schemas.