From 63c8f40768a14214f89fe025c8733eba51c348de Mon Sep 17 00:00:00 2001 From: Alan Orlikoski Date: Tue, 26 Mar 2019 10:56:28 -0500 Subject: [PATCH 1/9] Initial Commit --- Packer/GCP/skadi_server.json | 81 ----------- Packer/VirtualBox/http/preseed.cfg | 43 ------ Packer/VirtualBox/skadi_server.json | 129 ------------------ Packer/auth_files/template_creds.json | 1 - Packer/script/skadi.sh | 17 +++ Packer/script/vagrant.sh | 4 +- Packer/script/virtualbox.sh | 2 +- Packer/skadi_build/build_skadi.ps1 | 2 + ...rver_newbuild.json => create_basebox.json} | 74 +++++----- Packer/skadi_build/create_boxes.json | 82 +++++++++++ Packer/skadi_build/create_cloud_boxes.json | 82 +++++++++++ Packer/skadi_build/create_ova.json | 82 +++++++++++ Packer/skadi_build/http/preseed.cfg | 14 +- .../skadi_build/skadi_server_vagrant_vb.json | 38 ------ .../skadi_server_vagrant_vmware.json | 38 ------ Packer/vmware/http/preseed.cfg | 43 ------ Packer/vmware/skadi_server.json | 123 ----------------- Vagrant/skadi_desktop/virtualbox/Vagrantfile | 29 ---- Vagrant/skadi_desktop/vmware/Vagrantfile | 25 ---- scripts/signedbuildskadi.sh | 5 + 20 files changed, 315 insertions(+), 599 deletions(-) delete mode 100644 Packer/GCP/skadi_server.json delete mode 100644 Packer/VirtualBox/http/preseed.cfg delete mode 100644 Packer/VirtualBox/skadi_server.json delete mode 100644 Packer/auth_files/template_creds.json create mode 100644 Packer/script/skadi.sh create mode 100644 Packer/skadi_build/build_skadi.ps1 rename Packer/skadi_build/{skadi_server_newbuild.json => create_basebox.json} (68%) create mode 100644 Packer/skadi_build/create_boxes.json create mode 100644 Packer/skadi_build/create_cloud_boxes.json create mode 100644 Packer/skadi_build/create_ova.json delete mode 100644 Packer/skadi_build/skadi_server_vagrant_vb.json delete mode 100644 Packer/skadi_build/skadi_server_vagrant_vmware.json delete mode 100644 Packer/vmware/http/preseed.cfg delete mode 100644 Packer/vmware/skadi_server.json delete mode 100644 Vagrant/skadi_desktop/virtualbox/Vagrantfile delete mode 100644 Vagrant/skadi_desktop/vmware/Vagrantfile diff --git a/Packer/GCP/skadi_server.json b/Packer/GCP/skadi_server.json deleted file mode 100644 index 8804b70..0000000 --- a/Packer/GCP/skadi_server.json +++ /dev/null @@ -1,81 +0,0 @@ -{ - "_comment": "Build with `packer build skadi_server.json`", - "builders": [ - { - "type": "googlecompute", - "account_file": "../auth_files/template_creds.json", - "project_id": "insert GCP project_id here", - "source_image": "ubuntu-1604-xenial-v20180831", - "ssh_username": "vagrant", - "image_name": "skadi-server", - "image_family": "skadi-server", - "disk_size": "10", - "machine_type": "n1-standard-2", - "disk_type": "pd-ssd", - "zone": "us-central1-a" - } - ], - "provisioners": [ - { - "environment_vars": [ - "CLEANUP_PAUSE={{user `cleanup_pause`}}", - "DEBIAN_FRONTEND=noninteractive", - "DESKTOP={{user `desktop`}}", - "UPDATE={{user `update`}}", - "INSTALL_VAGRANT_KEY={{user `install_vagrant_key`}}", - "SSH_USERNAME={{user `ssh_username`}}", - "SSH_PASSWORD={{user `ssh_password`}}", - "http_proxy={{user `http_proxy`}}", - "https_proxy={{user `https_proxy`}}", - "ftp_proxy={{user `ftp_proxy`}}", - "rsync_proxy={{user `rsync_proxy`}}", - "no_proxy={{user `no_proxy`}}" - ], - "execute_command": "echo '{{ user `ssh_password` }}' | {{.Vars}} sudo -E -S bash '{{.Path}}'", - "scripts": [ - "../script/vagrant.sh", - "../script/sshd.sh", - "../script/virtualbox.sh", - "../script/motd.sh", - "../{{user `custom_script`}}", - "../script/cleanup.sh" - ], - "type": "shell", - "expect_disconnect": "true" - } - ], - "variables": { - "boot_command_prefix": "", - "cleanup_pause": "", - "cpus": "4", - "memory": "8192", - "custom_script": "../../Docker/BuildDockerSkadi.sh", - "desktop": "true", - "disk_size": "10240", - "ftp_proxy": "{{env `ftp_proxy`}}", - "headless": "false", - "http_proxy": "{{env `http_proxy`}}", - "https_proxy": "{{env `https_proxy`}}", - "install_vagrant_key": "true", - "iso_checksum": "c94de1cc2e10160f325eb54638a5b5aa38f181d60ee33dae9578d96d932ee5f8", - "iso_checksum_type": "sha256", - "iso_name": "ubuntu-16.04.5-server-amd64.iso", - "iso_path": "/Volumes/Storage/software/ubuntu", - "iso_url": "http://releases.ubuntu.com/16.04/ubuntu-16.04.5-server-amd64.iso", - "locale": "en_US", - "no_proxy": "{{env `no_proxy`}}", - "parallels_guest_os_type": "ubuntu", - "preseed" : "preseed.cfg", - "rsync_proxy": "{{env `rsync_proxy`}}", - "hostname": "skadi", - "ssh_fullname": "vagrant", - "ssh_password": "vagrant", - "ssh_username": "vagrant", - "update": "false", - "vagrantfile_template": "../../Vagrant/skadi_server/virtualbox/Vagrantfile", - "version": "2018.3.1", - "virtualbox_guest_os_type": "Ubuntu_64", - "vm_name": "skadi_desktop", - "vmware_guest_os_type": "ubuntu-64" - } -} diff --git a/Packer/VirtualBox/http/preseed.cfg b/Packer/VirtualBox/http/preseed.cfg deleted file mode 100644 index d38c245..0000000 --- a/Packer/VirtualBox/http/preseed.cfg +++ /dev/null @@ -1,43 +0,0 @@ -choose-mirror-bin mirror/http/proxy string -d-i base-installer/kernel/override-image string linux-server -d-i clock-setup/utc boolean true -d-i clock-setup/utc-auto boolean true -d-i finish-install/reboot_in_progress note -d-i grub-installer/only_debian boolean true -d-i grub-installer/with_other_os boolean true -d-i partman-auto/disk string /dev/sda -d-i partman-auto-lvm/guided_size string max -d-i partman-auto/choose_recipe select atomic -d-i partman-auto/method string lvm -d-i partman-lvm/confirm boolean true -d-i partman-lvm/confirm boolean true -d-i partman-lvm/confirm_nooverwrite boolean true -d-i partman-lvm/device_remove_lvm boolean true -d-i partman/choose_partition select finish -d-i partman/confirm boolean true -d-i partman/confirm_nooverwrite boolean true -d-i partman/confirm_write_new_label boolean true -d-i pkgsel/include string openssh-server cryptsetup build-essential libssl-dev libreadline-dev zlib1g-dev linux-source dkms nfs-common -d-i pkgsel/install-language-support boolean false -d-i pkgsel/update-policy select none -d-i pkgsel/upgrade select full-upgrade -d-i time/zone string UTC -tasksel tasksel/first multiselect standard, ubuntu-server - -d-i console-setup/ask_detect boolean false -d-i keyboard-configuration/layoutcode string us -d-i keyboard-configuration/modelcode string pc105 -d-i debian-installer/locale string en_US - -# Create vagrant user account. -d-i passwd/user-fullname string vagrant -d-i passwd/username string vagrant -d-i passwd/user-password password vagrant -d-i passwd/user-password-again password vagrant -d-i user-setup/allow-password-weak boolean true -d-i user-setup/encrypt-home boolean false -d-i passwd/user-default-groups vagrant sudo -d-i passwd/user-uid string 900 - -# Set root passwords -d-i rootpw vagrant diff --git a/Packer/VirtualBox/skadi_server.json b/Packer/VirtualBox/skadi_server.json deleted file mode 100644 index 7a36fa1..0000000 --- a/Packer/VirtualBox/skadi_server.json +++ /dev/null @@ -1,129 +0,0 @@ -{ - "_comment": "Build with `packer build skadi_server.json`", - "builders": [ - { - "boot_command": [ - "{{ user `boot_command_prefix` }}", - "/install/vmlinuz noapic ", - "initrd=/install/initrd.gz ", - "file=/floppy/{{ user `preseed` }} ", - "debian-installer={{ user `locale` }} auto locale={{ user `locale` }} kbd-chooser/method=us ", - "hostname={{ user `hostname` }} ", - "grub-installer/bootdev=/dev/sda ", - "fb=false debconf/frontend=noninteractive ", - "keyboard-configuration/modelcode=SKIP keyboard-configuration/layout=USA ", - "keyboard-configuration/variant=USA console-setup/ask_detect=false ", - "passwd/user-fullname={{ user `ssh_fullname` }} ", - "passwd/user-password={{ user `ssh_password` }} ", - "passwd/user-password-again={{ user `ssh_password` }} ", - "passwd/username={{ user `ssh_username` }} ", - "-- " - ], - "disk_size": "{{ user `disk_size` }}", - "floppy_files": [ - "http/{{ user `preseed` }}" - ], - "guest_additions_path": "VBoxGuestAdditions_{{.Version}}.iso", - "guest_os_type": "{{ user `virtualbox_guest_os_type` }}", - "hard_drive_interface": "sata", - "headless": "{{ user `headless` }}", - "iso_checksum": "{{ user `iso_checksum` }}", - "iso_checksum_type": "{{ user `iso_checksum_type` }}", - "iso_urls": [ - "{{ user `iso_path` }}/{{ user `iso_name` }}", - "{{ user `iso_url` }}" - ], - "output_directory": "output-{{ user `vm_name` }}-virtualbox-iso", - "post_shutdown_delay": "1m", - "shutdown_command": "echo '{{ user `ssh_password` }}'|sudo -S shutdown -P now", - "ssh_password": "{{ user `ssh_password` }}", - "ssh_username": "{{ user `ssh_username` }}", - "ssh_wait_timeout": "10000s", - "type": "virtualbox-iso", - "vboxmanage": [ - [ - "modifyvm", "{{.Name}}", "--nictype1", "virtio" - ], - [ - "modifyvm", "{{.Name}}", "--memory", "{{ user `memory` }}" - ], - [ - "modifyvm", "{{.Name}}", "--cpus", "{{ user `cpus` }}" - ] - ], - "virtualbox_version_file": ".vbox_version", - "vm_name": "{{user `vm_name`}}" - } - ], - "post-processors": [ - { - "keep_input_artifact": false, - "output": "box/{{.Provider}}/{{user `vm_name`}}-{{user `version`}}.box", - "type": "vagrant", - "vagrantfile_template": "{{ user `vagrantfile_template` }}" - } - ], - "provisioners": [ - { - "environment_vars": [ - "CLEANUP_PAUSE={{user `cleanup_pause`}}", - "DEBIAN_FRONTEND=noninteractive", - "DESKTOP={{user `desktop`}}", - "UPDATE={{user `update`}}", - "INSTALL_VAGRANT_KEY={{user `install_vagrant_key`}}", - "SSH_USERNAME={{user `ssh_username`}}", - "SSH_PASSWORD={{user `ssh_password`}}", - "http_proxy={{user `http_proxy`}}", - "https_proxy={{user `https_proxy`}}", - "ftp_proxy={{user `ftp_proxy`}}", - "rsync_proxy={{user `rsync_proxy`}}", - "no_proxy={{user `no_proxy`}}" - ], - "execute_command": "echo '{{ user `ssh_password` }}' | {{.Vars}} sudo -E -S bash '{{.Path}}'", - "scripts": [ - "../script/vagrant.sh", - "../script/sshd.sh", - "../script/virtualbox.sh", - "../script/motd.sh", - "../{{user `custom_script`}}", - "../script/cleanup.sh" - ], - "type": "shell", - "expect_disconnect": "true" - } - ], - "variables": { - "boot_command_prefix": "", - "cleanup_pause": "", - "cpus": "4", - "memory": "8196", - "custom_script": "script/skadibuild.sh", - "desktop": "false", - "disk_size": "10240", - "ftp_proxy": "{{env `ftp_proxy`}}", - "headless": "false", - "http_proxy": "{{env `http_proxy`}}", - "https_proxy": "{{env `https_proxy`}}", - "install_vagrant_key": "true", - "iso_checksum": "c94de1cc2e10160f325eb54638a5b5aa38f181d60ee33dae9578d96d932ee5f8", - "iso_checksum_type": "sha256", - "iso_name": "ubuntu-16.04.5-server-amd64.iso", - "iso_path": "/Volumes/Storage/software/ubuntu", - "iso_url": "http://releases.ubuntu.com/16.04/ubuntu-16.04.5-server-amd64.iso", - "locale": "en_US", - "no_proxy": "{{env `no_proxy`}}", - "parallels_guest_os_type": "ubuntu", - "preseed" : "preseed.cfg", - "rsync_proxy": "{{env `rsync_proxy`}}", - "hostname": "skadi", - "ssh_fullname": "vagrant", - "ssh_password": "vagrant", - "ssh_username": "vagrant", - "update": "false", - "vagrantfile_template": "../../Vagrant/skadi_server/virtualbox/Vagrantfile", - "version": "2018.3.2", - "virtualbox_guest_os_type": "Ubuntu_64", - "vm_name": "skadi_server", - "vmware_guest_os_type": "ubuntu-64" - } -} diff --git a/Packer/auth_files/template_creds.json b/Packer/auth_files/template_creds.json deleted file mode 100644 index dc5d1ae..0000000 --- a/Packer/auth_files/template_creds.json +++ /dev/null @@ -1 +0,0 @@ -Placeholder to put creds diff --git a/Packer/script/skadi.sh b/Packer/script/skadi.sh new file mode 100644 index 0000000..c29d2f9 --- /dev/null +++ b/Packer/script/skadi.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +date > /etc/box_build_time + +SSH_USER=${SSH_USERNAME:-skadi} +SSH_PASS=${SSH_PASSWORD:-skadi} +SSH_USER_HOME=${SSH_USER_HOME:-/home/${SSH_USER}} + +# Set up sudo +echo "==> Giving ${SSH_USER} sudo powers" +echo "${SSH_USER} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/$SSH_USER +chmod 440 /etc/sudoers.d/$SSH_USER + +# Fix stdin not being a tty +if grep -q -E "^mesg n$" /root/.profile && sed -i "s/^mesg n$/tty -s \\&\\& mesg n/g" /root/.profile; then + echo "==> Fixed stdin not being a tty." +fi diff --git a/Packer/script/vagrant.sh b/Packer/script/vagrant.sh index 37a7f1c..ae225a4 100644 --- a/Packer/script/vagrant.sh +++ b/Packer/script/vagrant.sh @@ -2,8 +2,8 @@ date > /etc/box_build_time -SSH_USER=${SSH_USERNAME:-vagrant} -SSH_PASS=${SSH_PASSWORD:-vagrant} +SSH_USER=vagrant +SSH_PASS=vagrant SSH_USER_HOME=${SSH_USER_HOME:-/home/${SSH_USER}} VAGRANT_INSECURE_KEY="ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key" diff --git a/Packer/script/virtualbox.sh b/Packer/script/virtualbox.sh index ac7e314..7a58be3 100644 --- a/Packer/script/virtualbox.sh +++ b/Packer/script/virtualbox.sh @@ -1,6 +1,6 @@ #!/bin/bash -eux -SSH_USER=${SSH_USERNAME:-vagrant} +SSH_USER=${SSH_USERNAME:-skadi} #SSH_USER="root" diff --git a/Packer/skadi_build/build_skadi.ps1 b/Packer/skadi_build/build_skadi.ps1 new file mode 100644 index 0000000..a406809 --- /dev/null +++ b/Packer/skadi_build/build_skadi.ps1 @@ -0,0 +1,2 @@ +packer build -force .\create_basebox.json +packer build -force .\create_boxes.json diff --git a/Packer/skadi_build/skadi_server_newbuild.json b/Packer/skadi_build/create_basebox.json similarity index 68% rename from Packer/skadi_build/skadi_server_newbuild.json rename to Packer/skadi_build/create_basebox.json index 24e471d..26922ec 100644 --- a/Packer/skadi_build/skadi_server_newbuild.json +++ b/Packer/skadi_build/create_basebox.json @@ -3,7 +3,7 @@ "builders": [ { "boot_command": [ - "{{ user `boot_command_prefix` }}", + "{{ user `bionic_boot_command_prefix` }}", "/install/vmlinuz noapic ", "initrd=/install/initrd.gz ", "file=/floppy/{{ user `preseed` }} ", @@ -26,11 +26,11 @@ ], "guest_os_type": "{{ user `vmware_guest_os_type` }}", "headless": "{{ user `headless` }}", - "iso_checksum": "{{ user `iso_checksum` }}", + "iso_checksum": "{{ user `iso_bionic_checksum` }}", "iso_checksum_type": "{{ user `iso_checksum_type` }}", "iso_urls": [ - "{{ user `iso_path` }}/{{ user `iso_name` }}", - "{{ user `iso_url` }}" + "{{ user `iso_path` }}/{{ user `iso_bionic_name` }}", + "{{ user `iso_bionic_url` }}" ], "output_directory": "output-{{ user `vm_name` }}-vmware-iso", "shutdown_timeout": "1m", @@ -47,7 +47,7 @@ }, { "boot_command": [ - "{{ user `boot_command_prefix` }}", + "{{ user `bionic_boot_command_prefix` }}", "/install/vmlinuz noapic ", "initrd=/install/initrd.gz ", "file=/floppy/{{ user `preseed` }} ", @@ -71,11 +71,11 @@ "guest_os_type": "{{ user `virtualbox_guest_os_type` }}", "hard_drive_interface": "sata", "headless": "{{ user `headless` }}", - "iso_checksum": "{{ user `iso_checksum` }}", + "iso_checksum": "{{ user `iso_bionic_checksum` }}", "iso_checksum_type": "{{ user `iso_checksum_type` }}", "iso_urls": [ - "{{ user `iso_path` }}/{{ user `iso_name` }}", - "{{ user `iso_url` }}" + "{{ user `iso_path` }}/{{ user `iso_bionic_name` }}", + "{{ user `iso_bionic_url` }}" ], "output_directory": "output-{{ user `vm_name` }}-virtualbox-iso", "post_shutdown_delay": "1m", @@ -102,65 +102,61 @@ "provisioners": [ { "environment_vars": [ - "CLEANUP_PAUSE={{user `cleanup_pause`}}", "DEBIAN_FRONTEND=noninteractive", - "DESKTOP={{user `desktop`}}", - "UPDATE={{user `update`}}", - "INSTALL_VAGRANT_KEY={{user `install_vagrant_key`}}", - "SSH_USERNAME={{user `ssh_username`}}", - "SSH_PASSWORD={{user `ssh_password`}}", - "http_proxy={{user `http_proxy`}}", - "https_proxy={{user `https_proxy`}}", - "ftp_proxy={{user `ftp_proxy`}}", - "rsync_proxy={{user `rsync_proxy`}}", - "no_proxy={{user `no_proxy`}}", - "DEFAULT_PASSWORDS={{user `skadi_default_passwords`}}" + "SSH_USERNAME=skadi", + "CDQR_VERSION=4.4.0", + "DEFAULT_PASSWORDS=true", + "INSTALL_BRANCH=esxi_packer", + "SKADI_HOSTNAME=true", + "MAKE_SKADI_USER=true", + "UTC_TIME=true" ], "execute_command": "echo '{{ user `ssh_password` }}' | {{.Vars}} sudo -E -S bash '{{.Path}}'", "scripts": [ - "../script/vagrant.sh", - "../script/sshd.sh", - "../script/vmware.sh", - "../script/motd.sh", "../script/update.sh", - "{{user `custom_script`}}", - "../script/cleanup.sh" + "../script/skadi.sh", + "../script/motd.sh", + "{{user `custom_script` }}" ], "type": "shell", "expect_disconnect": "true" } ], "variables": { + "custom_script": "../../scripts/signedbuildskadi.sh", "skadi_default_passwords": "true", - "boot_command_prefix": "", + "xenial_boot_command_prefix": "", + "bionic_boot_command_prefix": "", "cleanup_pause": "", "cpus": "4", "memory": "8196", - "custom_script": "../../Docker/BuildDockerSkadi.sh", "desktop": "false", "disk_size": "102400", "ftp_proxy": "{{env `ftp_proxy`}}", - "headless": "false", + "headless": "true", "http_proxy": "{{env `http_proxy`}}", "https_proxy": "{{env `https_proxy`}}", - "install_vagrant_key": "true", - "iso_checksum": "c94de1cc2e10160f325eb54638a5b5aa38f181d60ee33dae9578d96d932ee5f8", - "iso_checksum_type": "sha256", - "iso_name": "ubuntu-16.04.5-server-amd64.iso", + "install_vagrant_key": "false", "iso_path": "/Volumes/Storage/software/ubuntu", - "iso_url": "http://releases.ubuntu.com/16.04/ubuntu-16.04.5-server-amd64.iso", + "iso_checksum_type": "sha256", + "iso_xenial_checksum": "c94de1cc2e10160f325eb54638a5b5aa38f181d60ee33dae9578d96d932ee5f8", + "iso_xenial_name": "ubuntu-16.04.5-server-amd64.iso", + "iso_xenial_url": "http://releases.ubuntu.com/16.04/ubuntu-16.04.5-server-amd64.iso", + "iso_bionic_checksum": "a2cb36dc010d98ad9253ea5ad5a07fd6b409e3412c48f1860536970b073c98f5", + "iso_bionic_name": "ubuntu-18.04.2-server-amd64.iso", + "iso_bionic_url": "http://cdimage.ubuntu.com/releases/18.04.2/release/ubuntu-18.04.2-server-amd64.iso", "locale": "en_US", "no_proxy": "{{env `no_proxy`}}", "parallels_guest_os_type": "ubuntu", "preseed" : "preseed.cfg", "rsync_proxy": "{{env `rsync_proxy`}}", "hostname": "skadi", - "ssh_fullname": "vagrant", - "ssh_password": "vagrant", - "ssh_username": "vagrant", - "update": "false", + "ssh_fullname": "skadi", + "ssh_password": "skadi", + "ssh_username": "skadi", + "update": "true", "vagrantfile_template": "../../Vagrant/skadi_server/vmware/Vagrantfile", - "version": "2019.1", + "version": "2019.2", "virtualbox_guest_os_type": "Ubuntu_64", "vm_name": "skadi_basebox", "vmware_guest_os_type": "ubuntu-64" diff --git a/Packer/skadi_build/create_boxes.json b/Packer/skadi_build/create_boxes.json new file mode 100644 index 0000000..4618d47 --- /dev/null +++ b/Packer/skadi_build/create_boxes.json @@ -0,0 +1,82 @@ +{ + "_comment": "Build with `packer build create_boxes.json`", + "builders": [ + { + "type": "vmware-vmx", + "source_path": "output-skadi_basebox-vmware-iso/skadi_basebox.vmx", + "ssh_username": "skadi", + "ssh_password": "skadi", + "shutdown_command": "sudo shutdown -P now", + "headless": "{{ user `headless` }}" + }, + { + "type": "virtualbox-ovf", + "source_path": "output-skadi_basebox-virtualbox-iso/skadi_basebox.ovf", + "ssh_username": "skadi", + "ssh_password": "skadi", + "shutdown_command": "sudo shutdown -P now", + "headless": "{{ user `headless` }}" + } + ], + "provisioners": [ + { + "environment_vars": [ + "DEBIAN_FRONTEND=noninteractive", + ], + "execute_command": "echo '{{ user `ssh_password` }}' | {{.Vars}} sudo -E -S bash '{{.Path}}'", + "scripts": [ + "../script/vmware.sh" + ], + "type": "shell", + "expect_disconnect": "true", + "only": ["vmware-vmx"] + }, + { + "environment_vars": [ + "DEBIAN_FRONTEND=noninteractive", + ], + "execute_command": "echo '{{ user `ssh_password` }}' | {{.Vars}} sudo -E -S bash '{{.Path}}'", + "scripts": [ + "../script/virtualbox.sh" + ], + "type": "shell", + "expect_disconnect": "true", + "only": ["virtualbox-ovf"] + }, + { + "environment_vars": [ + "DEBIAN_FRONTEND=noninteractive", + ], + "execute_command": "echo '{{ user `ssh_password` }}' | {{.Vars}} sudo -E -S bash '{{.Path}}'", + "scripts": [ + "../script/vagrant.sh", + "../script/sshd.sh", + "../script/motd.sh", + "../script/cleanup.sh" + ], + "type": "shell", + "expect_disconnect": "true" + } + ], + "post-processors": [ + { + "keep_input_artifact": false, + "output": "box/{{.Provider}}/{{user `vm_name`}}-{{user `version`}}.box", + "type": "vagrant", + "vagrantfile_template": "../../Vagrant/skadi_server/vmware/Vagrantfile", + "only": ["vmware-vmx"] + }, + { + "keep_input_artifact": false, + "output": "box/{{.Provider}}/{{user `vm_name`}}-{{user `version`}}.box", + "type": "vagrant", + "vagrantfile_template": "../../Vagrant/skadi_server/virtualbox/Vagrantfile", + "only": ["virtualbox-ovf"] + } + ], + "variables": { + "version": "2019.2", + "vm_name": "skadi_server", + "headless": "true" + } +} diff --git a/Packer/skadi_build/create_cloud_boxes.json b/Packer/skadi_build/create_cloud_boxes.json new file mode 100644 index 0000000..24bfe0f --- /dev/null +++ b/Packer/skadi_build/create_cloud_boxes.json @@ -0,0 +1,82 @@ +{ + "_comment": "Build with `packer build create_VMWare_box.json`", + "builders": [ + { + "type": "vmware-vmx", + "source_path": "output-skadi_basebox-vmware-iso/skadi_basebox.vmx", + "ssh_username": "vagrant", + "ssh_password": "vagrant", + "shutdown_command": "sudo shutdown -P now", + "headless": "{{ user `headless` }}" + }, + { + "type": "virtualbox-ovf", + "source_path": "output-skadi_basebox-virtualbox-iso/skadi_basebox.ovf", + "ssh_username": "vagrant", + "ssh_password": "vagrant", + "shutdown_command": "sudo shutdown -P now", + "headless": "{{ user `headless` }}" + } + ], + "provisioners": [ + { + "environment_vars": ["CDQR_VERSION=4.4.0", + "DEFAULT_PASSWORDS=true", + "INSTALL_BRANCH=master", + "SKADI_HOSTNAME=true", + "MAKE_SKADI_USER=true", + "UTC_TIME=true"], + "execute_command": "echo '{{ user `ssh_password` }}' | {{.Vars}} sudo -E -S bash '{{.Path}}'", + "scripts": [ + "../script/update.sh", + "../script/vagrant.sh", + "{{user `custom_script`}}", + "../script/sshd.sh", + "../script/motd.sh", + "../script/cleanup.sh" + ], + "type": "shell", + "expect_disconnect": "true" + }, + { + "execute_command": "echo '{{ user `ssh_password` }}' | {{.Vars}} sudo -E -S bash '{{.Path}}'", + "scripts": [ + "../script/vmware.sh" + ], + "type": "shell", + "expect_disconnect": "true", + "only": ["vmware-vmx"] + }, + { + "execute_command": "echo '{{ user `ssh_password` }}' | {{.Vars}} sudo -E -S bash '{{.Path}}'", + "scripts": [ + "../script/virtualbox.sh" + ], + "type": "shell", + "expect_disconnect": "true", + "only": ["virtualbox-ovf"] + } + ], + "post-processors": [ + { + "keep_input_artifact": false, + "output": "box/{{.Provider}}/{{user `vm_name`}}-{{user `version`}}.box", + "type": "vagrant", + "vagrantfile_template": "../../Vagrant/skadi_server/vmware/Vagrantfile", + "only": ["vmware-vmx"] + }, + { + "keep_input_artifact": false, + "output": "box/{{.Provider}}/{{user `vm_name`}}-{{user `version`}}.box", + "type": "vagrant", + "vagrantfile_template": "../../Vagrant/skadi_server/virtualbox/Vagrantfile", + "only": ["virtualbox-ovf"] + } + ], + "variables": { + "custom_script": "../../scripts/signedbuildskadi.sh", + "version": "2019.2", + "vm_name": "skadi_server", + "headless": "true" + } +} diff --git a/Packer/skadi_build/create_ova.json b/Packer/skadi_build/create_ova.json new file mode 100644 index 0000000..24bfe0f --- /dev/null +++ b/Packer/skadi_build/create_ova.json @@ -0,0 +1,82 @@ +{ + "_comment": "Build with `packer build create_VMWare_box.json`", + "builders": [ + { + "type": "vmware-vmx", + "source_path": "output-skadi_basebox-vmware-iso/skadi_basebox.vmx", + "ssh_username": "vagrant", + "ssh_password": "vagrant", + "shutdown_command": "sudo shutdown -P now", + "headless": "{{ user `headless` }}" + }, + { + "type": "virtualbox-ovf", + "source_path": "output-skadi_basebox-virtualbox-iso/skadi_basebox.ovf", + "ssh_username": "vagrant", + "ssh_password": "vagrant", + "shutdown_command": "sudo shutdown -P now", + "headless": "{{ user `headless` }}" + } + ], + "provisioners": [ + { + "environment_vars": ["CDQR_VERSION=4.4.0", + "DEFAULT_PASSWORDS=true", + "INSTALL_BRANCH=master", + "SKADI_HOSTNAME=true", + "MAKE_SKADI_USER=true", + "UTC_TIME=true"], + "execute_command": "echo '{{ user `ssh_password` }}' | {{.Vars}} sudo -E -S bash '{{.Path}}'", + "scripts": [ + "../script/update.sh", + "../script/vagrant.sh", + "{{user `custom_script`}}", + "../script/sshd.sh", + "../script/motd.sh", + "../script/cleanup.sh" + ], + "type": "shell", + "expect_disconnect": "true" + }, + { + "execute_command": "echo '{{ user `ssh_password` }}' | {{.Vars}} sudo -E -S bash '{{.Path}}'", + "scripts": [ + "../script/vmware.sh" + ], + "type": "shell", + "expect_disconnect": "true", + "only": ["vmware-vmx"] + }, + { + "execute_command": "echo '{{ user `ssh_password` }}' | {{.Vars}} sudo -E -S bash '{{.Path}}'", + "scripts": [ + "../script/virtualbox.sh" + ], + "type": "shell", + "expect_disconnect": "true", + "only": ["virtualbox-ovf"] + } + ], + "post-processors": [ + { + "keep_input_artifact": false, + "output": "box/{{.Provider}}/{{user `vm_name`}}-{{user `version`}}.box", + "type": "vagrant", + "vagrantfile_template": "../../Vagrant/skadi_server/vmware/Vagrantfile", + "only": ["vmware-vmx"] + }, + { + "keep_input_artifact": false, + "output": "box/{{.Provider}}/{{user `vm_name`}}-{{user `version`}}.box", + "type": "vagrant", + "vagrantfile_template": "../../Vagrant/skadi_server/virtualbox/Vagrantfile", + "only": ["virtualbox-ovf"] + } + ], + "variables": { + "custom_script": "../../scripts/signedbuildskadi.sh", + "version": "2019.2", + "vm_name": "skadi_server", + "headless": "true" + } +} diff --git a/Packer/skadi_build/http/preseed.cfg b/Packer/skadi_build/http/preseed.cfg index d38c245..e22d446 100644 --- a/Packer/skadi_build/http/preseed.cfg +++ b/Packer/skadi_build/http/preseed.cfg @@ -29,15 +29,15 @@ d-i keyboard-configuration/layoutcode string us d-i keyboard-configuration/modelcode string pc105 d-i debian-installer/locale string en_US -# Create vagrant user account. -d-i passwd/user-fullname string vagrant -d-i passwd/username string vagrant -d-i passwd/user-password password vagrant -d-i passwd/user-password-again password vagrant +# Create skadi user account. +d-i passwd/user-fullname string skadi +d-i passwd/username string skadi +d-i passwd/user-password password skadi +d-i passwd/user-password-again password skadi d-i user-setup/allow-password-weak boolean true d-i user-setup/encrypt-home boolean false -d-i passwd/user-default-groups vagrant sudo -d-i passwd/user-uid string 900 +d-i passwd/user-default-groups skadi sudo +d-i passwd/user-uid string 1001 # Set root passwords d-i rootpw vagrant diff --git a/Packer/skadi_build/skadi_server_vagrant_vb.json b/Packer/skadi_build/skadi_server_vagrant_vb.json deleted file mode 100644 index 50c70dc..0000000 --- a/Packer/skadi_build/skadi_server_vagrant_vb.json +++ /dev/null @@ -1,38 +0,0 @@ -{ - "_comment": "Build with `packer build skadi_server.json`", - "builders": [ - { - "type": "virtualbox-ovf", - "source_path": "F:/VirtualBox/OVA/skadi_server_2019.1.ova", - "ssh_username": "vagrant", - "ssh_password": "vagrant", - "shutdown_command": "sudo shutdown -P now" - } - ], - "provisioners": [ - { - "execute_command": "echo '{{ user `ssh_password` }}' | {{.Vars}} sudo -E -S bash '{{.Path}}'", - "scripts": [ - "../script/vagrant.sh", - "../script/sshd.sh", - "../script/motd.sh", - "../script/cleanup.sh" - ], - "type": "shell", - "expect_disconnect": "true" - } - ], - "post-processors": [ - { - "keep_input_artifact": false, - "output": "box/{{.Provider}}/{{user `vm_name`}}-{{user `version`}}.box", - "type": "vagrant", - "vagrantfile_template": "{{ user `vagrantfile_template` }}" - } - ], - "variables": { - "vagrantfile_template": "../../Vagrant/skadi_server/virtualbox/Vagrantfile", - "version": "2019.1", - "vm_name": "skadi_server" - } -} diff --git a/Packer/skadi_build/skadi_server_vagrant_vmware.json b/Packer/skadi_build/skadi_server_vagrant_vmware.json deleted file mode 100644 index f41d5c9..0000000 --- a/Packer/skadi_build/skadi_server_vagrant_vmware.json +++ /dev/null @@ -1,38 +0,0 @@ -{ - "_comment": "Build with `packer build skadi_server.json`", - "builders": [ - { - "type": "vmware-vmx", - "source_path": "F:/VMWARE/Skadi Server 2019.1/Skadi Server 2019.1.vmx", - "ssh_username": "vagrant", - "ssh_password": "vagrant", - "shutdown_command": "sudo shutdown -P now" - } - ], - "provisioners": [ - { - "execute_command": "echo '{{ user `ssh_password` }}' | {{.Vars}} sudo -E -S bash '{{.Path}}'", - "scripts": [ - "../script/vagrant.sh", - "../script/sshd.sh", - "../script/motd.sh", - "../script/cleanup.sh" - ], - "type": "shell", - "expect_disconnect": "true" - } - ], - "post-processors": [ - { - "keep_input_artifact": false, - "output": "box/{{.Provider}}/{{user `vm_name`}}-{{user `version`}}.box", - "type": "vagrant", - "vagrantfile_template": "{{ user `vagrantfile_template` }}" - } - ], - "variables": { - "vagrantfile_template": "../../Vagrant/skadi_server/vmware/Vagrantfile", - "version": "2019.1", - "vm_name": "skadi_server" - } -} diff --git a/Packer/vmware/http/preseed.cfg b/Packer/vmware/http/preseed.cfg deleted file mode 100644 index d38c245..0000000 --- a/Packer/vmware/http/preseed.cfg +++ /dev/null @@ -1,43 +0,0 @@ -choose-mirror-bin mirror/http/proxy string -d-i base-installer/kernel/override-image string linux-server -d-i clock-setup/utc boolean true -d-i clock-setup/utc-auto boolean true -d-i finish-install/reboot_in_progress note -d-i grub-installer/only_debian boolean true -d-i grub-installer/with_other_os boolean true -d-i partman-auto/disk string /dev/sda -d-i partman-auto-lvm/guided_size string max -d-i partman-auto/choose_recipe select atomic -d-i partman-auto/method string lvm -d-i partman-lvm/confirm boolean true -d-i partman-lvm/confirm boolean true -d-i partman-lvm/confirm_nooverwrite boolean true -d-i partman-lvm/device_remove_lvm boolean true -d-i partman/choose_partition select finish -d-i partman/confirm boolean true -d-i partman/confirm_nooverwrite boolean true -d-i partman/confirm_write_new_label boolean true -d-i pkgsel/include string openssh-server cryptsetup build-essential libssl-dev libreadline-dev zlib1g-dev linux-source dkms nfs-common -d-i pkgsel/install-language-support boolean false -d-i pkgsel/update-policy select none -d-i pkgsel/upgrade select full-upgrade -d-i time/zone string UTC -tasksel tasksel/first multiselect standard, ubuntu-server - -d-i console-setup/ask_detect boolean false -d-i keyboard-configuration/layoutcode string us -d-i keyboard-configuration/modelcode string pc105 -d-i debian-installer/locale string en_US - -# Create vagrant user account. -d-i passwd/user-fullname string vagrant -d-i passwd/username string vagrant -d-i passwd/user-password password vagrant -d-i passwd/user-password-again password vagrant -d-i user-setup/allow-password-weak boolean true -d-i user-setup/encrypt-home boolean false -d-i passwd/user-default-groups vagrant sudo -d-i passwd/user-uid string 900 - -# Set root passwords -d-i rootpw vagrant diff --git a/Packer/vmware/skadi_server.json b/Packer/vmware/skadi_server.json deleted file mode 100644 index 0897196..0000000 --- a/Packer/vmware/skadi_server.json +++ /dev/null @@ -1,123 +0,0 @@ -{ - "_comment": "Build with `packer build skadi_server_newbuild.json`", - "builders": [ - { - "boot_command": [ - "{{ user `boot_command_prefix` }}", - "/install/vmlinuz noapic ", - "initrd=/install/initrd.gz ", - "file=/floppy/{{ user `preseed` }} ", - "debian-installer={{ user `locale` }} auto locale={{ user `locale` }} kbd-chooser/method=us ", - "hostname={{ user `hostname` }} ", - "grub-installer/bootdev=/dev/sda ", - "fb=false debconf/frontend=noninteractive ", - "keyboard-configuration/modelcode=SKIP keyboard-configuration/layout=USA ", - "keyboard-configuration/variant=USA console-setup/ask_detect=false ", - "passwd/user-fullname={{ user `ssh_fullname` }} ", - "passwd/user-password={{ user `ssh_password` }} ", - "passwd/user-password-again={{ user `ssh_password` }} ", - "passwd/username={{ user `ssh_username` }} ", - "-- " - ], - "disk_adapter_type": "sata", - "disk_size": "{{ user `disk_size` }}", - "floppy_files": [ - "http/{{ user `preseed` }}" - ], - "guest_os_type": "{{ user `vmware_guest_os_type` }}", - "headless": "{{ user `headless` }}", - "iso_checksum": "{{ user `iso_checksum` }}", - "iso_checksum_type": "{{ user `iso_checksum_type` }}", - "iso_urls": [ - "{{ user `iso_path` }}/{{ user `iso_name` }}", - "{{ user `iso_url` }}" - ], - "output_directory": "output-{{ user `vm_name` }}-virtualbox-iso", - "shutdown_timeout": "1m", - "shutdown_command": "echo '{{ user `ssh_password` }}'|sudo -S shutdown -P now", - "ssh_password": "{{ user `ssh_password` }}", - "ssh_username": "{{ user `ssh_username` }}", - "ssh_wait_timeout": "10000s", - "type": "vmware-iso", - "vmx_data": { - "memsize": "{{ user `memory` }}", - "numvcpus": "{{ user `cpus` }}", - }, - "vm_name": "{{user `vm_name`}}" - } - ], - "post-processors": [ - { - "keep_input_artifact": false, - "output": "box/{{.Provider}}/{{user `vm_name`}}-{{user `version`}}.box", - "type": "vagrant", - "vagrantfile_template": "{{ user `vagrantfile_template` }}" - } - ], - "provisioners": [ - { - "environment_vars": [ - "CLEANUP_PAUSE={{user `cleanup_pause`}}", - "DEBIAN_FRONTEND=noninteractive", - "DESKTOP={{user `desktop`}}", - "UPDATE={{user `update`}}", - "INSTALL_VAGRANT_KEY={{user `install_vagrant_key`}}", - "SSH_USERNAME={{user `ssh_username`}}", - "SSH_PASSWORD={{user `ssh_password`}}", - "http_proxy={{user `http_proxy`}}", - "https_proxy={{user `https_proxy`}}", - "ftp_proxy={{user `ftp_proxy`}}", - "rsync_proxy={{user `rsync_proxy`}}", - "no_proxy={{user `no_proxy`}}", - "DEFAULT_PASSWORDS={{user `skadi_default_passwords`}}" - ], - "execute_command": "echo '{{ user `ssh_password` }}' | {{.Vars}} sudo -E -S bash '{{.Path}}'", - "scripts": [ - "../script/vagrant.sh", - "../script/sshd.sh", - "../script/vmware.sh", - "../script/motd.sh", - "../script/update.sh", - "{{user `custom_script`}}", - "../script/cleanup.sh" - ], - "type": "shell", - "expect_disconnect": "true" - } - ], - "variables": { - "skadi_default_passwords": "true", - "boot_command_prefix": "", - "cleanup_pause": "", - "cpus": "4", - "memory": "8196", - "custom_script": "../../scripts/signedbuildskadi.sh", - "desktop": "false", - "disk_size": "102400", - "ftp_proxy": "{{env `ftp_proxy`}}", - "headless": "false", - "http_proxy": "{{env `http_proxy`}}", - "https_proxy": "{{env `https_proxy`}}", - "install_vagrant_key": "true", - "iso_checksum": "c94de1cc2e10160f325eb54638a5b5aa38f181d60ee33dae9578d96d932ee5f8", - "iso_checksum_type": "sha256", - "iso_name": "ubuntu-16.04.5-server-amd64.iso", - "iso_path": "/Volumes/Storage/software/ubuntu", - "iso_url": "http://releases.ubuntu.com/16.04/ubuntu-16.04.5-server-amd64.iso", - "locale": "en_US", - "no_proxy": "{{env `no_proxy`}}", - "parallels_guest_os_type": "ubuntu", - "preseed" : "preseed.cfg", - "rsync_proxy": "{{env `rsync_proxy`}}", - "hostname": "skadi", - "ssh_fullname": "vagrant", - "ssh_password": "vagrant", - "ssh_username": "vagrant", - "update": "false", - "vagrantfile_template": "../../Vagrant/skadi_server/vmware/Vagrantfile", - "version": "2018.4", - "virtualbox_guest_os_type": "Ubuntu_64", - "vm_name": "skadi_basebox", - "vmware_guest_os_type": "ubuntu-64" - } -} diff --git a/Vagrant/skadi_desktop/virtualbox/Vagrantfile b/Vagrant/skadi_desktop/virtualbox/Vagrantfile deleted file mode 100644 index d607769..0000000 --- a/Vagrant/skadi_desktop/virtualbox/Vagrantfile +++ /dev/null @@ -1,29 +0,0 @@ -# -*- mode: ruby -*- -# vi: set ft=ruby : - -Vagrant.configure("2") do |config| - - config.vm.box = "skadivm/skadi_desktop" - config.vm.define "skadi_desktop" - # Uncomment this line to choose specific version - # config.vm.box_version = "2018.3" - - # Change the following to align with resources available - config.vm.provider :virtualbox do |v| - v.name = "skadi_desktop" - v.gui = true - v.customize ["modifyvm", :id, "--memory", 12288] - v.customize ["modifyvm", :id, "--cpus", 6] - v.customize ["modifyvm", :id, "--vram", "256"] - v.customize ["setextradata", "global", "GUI/MaxGuestResolution", "any"] - v.customize ["setextradata", :id, "CustomVideoMode1", "1024x768x32"] - v.customize ["modifyvm", :id, "--ioapic", "on"] - v.customize ["modifyvm", :id, "--rtcuseutc", "on"] - v.customize ["modifyvm", :id, "--accelerate3d", "on"] - v.customize ["modifyvm", :id, "--clipboard", "bidirectional"] - end - # Uncomment the following lines to run the update script each time the VM is created - # config.vm.provision "shell", inline: <<-SHELL - # /opt/skadi/update.sh - # SHELL -end diff --git a/Vagrant/skadi_desktop/vmware/Vagrantfile b/Vagrant/skadi_desktop/vmware/Vagrantfile deleted file mode 100644 index 5010f36..0000000 --- a/Vagrant/skadi_desktop/vmware/Vagrantfile +++ /dev/null @@ -1,25 +0,0 @@ -# -*- mode: ruby -*- -# vi: set ft=ruby : - -Vagrant.configure("2") do |config| - - config.vm.box = "skadivm/skadi_desktop" - config.vm.define "skadi_desktop" - # Uncomment this line to choose specific version - # config.vm.box_version = "2018.3" - - # Change the following to align with resources available - ["vmware_desktop"].each do |provider| - config.vm.provider provider do |v, override| - v.name = "skadi_desktop" - v.gui = true - v.vmx["memsize"] = "12288" - v.vmx["numvcpus"] = "6" - #v.vmx["cpuid.coresPerSocket"] = "6" - end - end - # Uncomment the following lines to run the update script each time the VM is created - # config.vm.provision "shell", inline: <<-SHELL - # /opt/skadi/update.sh - # SHELL -end diff --git a/scripts/signedbuildskadi.sh b/scripts/signedbuildskadi.sh index 3c26772..03e9502 100644 --- a/scripts/signedbuildskadi.sh +++ b/scripts/signedbuildskadi.sh @@ -207,6 +207,11 @@ curl -XPUT 'localhost:9200/_template/number_of_replicas' \ -d '{"template": "*","settings": {"number_of_replicas": 0}}' \ -H'Content-Type: application/json' +echo "Importing Saved Objects to Kibana" +sleep 10 +curl -o /tmp/kibana_6.x.json https://raw.githubusercontent.com/orlikoski/Skadi/master/objects/kibana_6.x_cli_import.json +curl -X POST "http://localhost:5601/api/saved_objects/_bulk_create" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' --data-binary @/tmp/kibana_6.x_cli_import.json + # The TimeSketch container needs to be running before continuing and this # requires the other containers to be up and running too. This can take time # so this loop ensures all the parts are running and timesketch is responding From a747abdab84dd24e747893b17f8c1c9ce885f871 Mon Sep 17 00:00:00 2001 From: Alan Orlikoski Date: Tue, 26 Mar 2019 19:55:18 -0500 Subject: [PATCH 2/9] adding cli kibana saved searches --- objects/kibana_6.x_cli_import.json | 785 +++++++++++++++++++++++++++++ 1 file changed, 785 insertions(+) create mode 100644 objects/kibana_6.x_cli_import.json diff --git a/objects/kibana_6.x_cli_import.json b/objects/kibana_6.x_cli_import.json new file mode 100644 index 0000000..bca5634 --- /dev/null +++ b/objects/kibana_6.x_cli_import.json @@ -0,0 +1,785 @@ +[ + { + "id": "IR_06-Persistence-slash-Prefetch", + "type": "dashboard", + "attributes": { + "title": "Prefetch", + "hits": 0, + "description": "", + "panelsJSON": "[{\"panelIndex\":\"3\",\"gridData\":{\"x\":0,\"y\":0,\"w\":12,\"h\":6,\"i\":\"3\"},\"id\":\"Prefetch\",\"type\":\"visualization\",\"version\":\"6.2.3\"}]", + "optionsJSON": "{\"darkTheme\":false,\"useMargins\":false}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"highlightAll\":true,\"version\":true}" + } + } + }, + { + "id": "IR_03-Ant-Virus-slash-FIrewall", + "type": "dashboard", + "attributes": { + "title": "FIrewall", + "hits": 0, + "description": "", + "panelsJSON": "[{\"panelIndex\":\"2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":12,\"h\":4,\"i\":\"2\"},\"id\":\"Firewall\",\"type\":\"visualization\",\"version\":\"6.2.3\"}]", + "optionsJSON": "{\"darkTheme\":false,\"useMargins\":false}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"},\"highlightAll\":true,\"version\":true}" + } + } + }, + { + "id": "f7a91780-35ca-11e8-b33b-ff969cd97ce8", + "type": "dashboard", + "attributes": { + "title": "Torrents", + "hits": 0, + "description": "", + "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":5,\"i\":\"1\"},\"version\":\"6.2.3\",\"type\":\"visualization\",\"id\":\"dfa77640-35ca-11e8-b33b-ff969cd97ce8\"}]", + "optionsJSON": "{\"darkTheme\":false,\"useMargins\":true,\"hidePanelTitles\":false}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"highlightAll\":true,\"version\":true}" + } + } + }, + { + "id": "IR_05-Linux-slash-Mac", + "type": "dashboard", + "attributes": { + "title": "Mac Items", + "hits": 0, + "description": "", + "panelsJSON": "[{\"panelIndex\":\"2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":12,\"h\":4,\"i\":\"2\"},\"id\":\"MAC\",\"type\":\"visualization\",\"version\":\"6.2.3\"}]", + "optionsJSON": "{\"darkTheme\":false,\"useMargins\":false}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"highlightAll\":true,\"version\":true}" + } + } + }, + { + "id": "IR_01-Parser-Details", + "type": "dashboard", + "attributes": { + "title": "Data Sources", + "hits": 0, + "description": "", + "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"x\":0,\"y\":25,\"w\":48,\"h\":15,\"i\":\"1\"},\"id\":\"Parser-Results\",\"type\":\"visualization\",\"version\":\"6.4.2\"},{\"panelIndex\":\"2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":25,\"i\":\"2\"},\"version\":\"6.4.2\",\"type\":\"visualization\",\"id\":\"3184b570-3604-11e8-abe3-892c2e94b163\"}]", + "optionsJSON": "{\"darkTheme\":false,\"useMargins\":false}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}},\"highlightAll\":true,\"version\":true}" + } + } + }, + { + "id": "Parser-Results", + "type": "visualization", + "attributes": { + "title": "Parser Results", + "visState": "{\"title\":\"Parser Results\",\"type\":\"table\",\"params\":{\"perPage\":100,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Number of Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"parser.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":1000,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Parser Name\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"datetime\",\"customLabel\":\"Latest Activity\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"datetime\",\"customLabel\":\"Earliest Activity\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"06876cd0-dfc5-11e8-bc06-31e345541948\",\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}},\"filter\":[]}" + } + } + }, + { + "id": "User-Information", + "type": "visualization", + "attributes": { + "title": "User Information", + "visState": "{\"title\":\"User Information\",\"type\":\"table\",\"params\":{\"perPage\":100,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user_sid.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":1000,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"User SID (Up to 1,000 entries shown)\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":1000,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Username (if parsed)\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"datetime\",\"customLabel\":\"Latest Activity\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"datetime\",\"customLabel\":\"Earliest Activity\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Number of Associated Logs\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"06876cd0-dfc5-11e8-bc06-31e345541948\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + } + }, + { + "id": "3184b570-3604-11e8-abe3-892c2e94b163", + "type": "visualization", + "attributes": { + "title": "Parser Graph", + "visState": "{\"title\":\"Parser Graph\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Number of Events\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"parser.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":1000,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Parser Information\"}}]}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"06876cd0-dfc5-11e8-bc06-31e345541948\",\"filter\":[],\"query\":{\"query\":\"*\",\"language\":\"lucene\"}}" + } + } + }, + { + "id": "Scheduled-Tasks", + "type": "visualization", + "attributes": { + "title": "Scheduled Tasks", + "visState": "{\"title\":\"Scheduled Tasks\",\"type\":\"table\",\"params\":{\"perPage\":100,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"message.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":1000,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Scheduled Task Messages (Up to 1,000 entries shown)\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"parser.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Parser\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"datetime\",\"customLabel\":\"Latest Activity\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"datetime\",\"customLabel\":\"Earliest Activity\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "savedSearchId": "Scheduled-Tasks", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}" + } + } + }, + { + "id": "File-System", + "type": "visualization", + "attributes": { + "title": "File System", + "visState": "{\"title\":\"File System\",\"type\":\"table\",\"params\":{\"perPage\":100,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"message.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":1000,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"File System Messages (Up to 1,000 entries shown)\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"datetime\",\"customLabel\":\"Latest Activity\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"datetime\",\"customLabel\":\"Earliest Activity\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"is_allocated\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"3\",\"customLabel\":\"Is Allocated\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", + "description": "", + "savedSearchId": "File-System", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}" + } + } + }, + { + "id": "Windows-Event-Logs", + "type": "visualization", + "attributes": { + "title": "Windows Event Logs", + "visState": "{\"title\":\"Windows Event Logs\",\"type\":\"table\",\"params\":{\"perPage\":100,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"datetime\",\"customLabel\":\"DateTime\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"message.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":1000,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Windows Event Logs (Up to 1,000 entries shown)\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hostname.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Hostname\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "savedSearchId": "Windows-Event-Logs", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + } + } + }, + { + "id": "Registry", + "type": "visualization", + "attributes": { + "title": "Registry", + "visState": "{\"title\":\"Registry\",\"type\":\"table\",\"params\":{\"perPage\":100,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"message.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":1000,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Registry Messages (Up to 1,000 entries shown)\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"parser.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Parser\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"datetime\",\"customLabel\":\"Latest Activity\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"datetime\",\"customLabel\":\"Earliest Activity\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "savedSearchId": "Registry", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}" + } + } + }, + { + "id": "Firewall", + "type": "visualization", + "attributes": { + "title": "Firewall", + "visState": "{\"title\":\"Firewall\",\"type\":\"table\",\"params\":{\"perPage\":100,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"message.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":1000,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Firewall Messages (Up to 1,000 entries shown)\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"datetime\",\"customLabel\":\"Latest Activity\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"datetime\",\"customLabel\":\"Earliest Activity\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "savedSearchId": "Firewall", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + } + } + }, + { + "id": "Prefetch", + "type": "visualization", + "attributes": { + "title": "Prefetch", + "visState": "{\"title\":\"Prefetch\",\"type\":\"table\",\"params\":{\"perPage\":100,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"message.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":1000,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Prefetch Messages (Up to 1,000 entries shown)\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"datetime\",\"customLabel\":\"Latest Activity\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"datetime\",\"customLabel\":\"Earliest Activity\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "savedSearchId": "Prefetch", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + } + } + }, + { + "id": "Persistence", + "type": "visualization", + "attributes": { + "title": "Persistence", + "visState": "{\"title\":\"Persistence\",\"type\":\"table\",\"params\":{\"perPage\":100,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"message.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":1000000,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Persistence Messages (Up to 1,000 entries shown)\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"parser.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Parser\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"datetime\",\"customLabel\":\"Latest Activity\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"datetime\",\"customLabel\":\"Earliest Activity\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "savedSearchId": "Persistence", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + } + } + }, + { + "id": "MAC", + "type": "visualization", + "attributes": { + "title": "MacOS", + "visState": "{\"title\":\"MacOS\",\"type\":\"table\",\"params\":{\"perPage\":100,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"message.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":1000,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"MacOS Messages (Up to 1,000 entries shown)\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"parser.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Parser\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"datetime\",\"customLabel\":\"Latest Activity\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"datetime\",\"customLabel\":\"Earliest Activity\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "savedSearchId": "Mac", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}" + } + } + }, + { + "id": "Internet-History", + "type": "visualization", + "attributes": { + "title": "Internet History", + "visState": "{\"title\":\"Internet History\",\"type\":\"table\",\"params\":{\"perPage\":100,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"message.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10000,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Internet History Messages (Up to 1,000 entries shown)\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"parser.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Parser\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"datetime\",\"customLabel\":\"Latest Activity\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"datetime\",\"customLabel\":\"Earliest Activity\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "savedSearchId": "Internet-History", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + } + } + }, + { + "id": "dfa77640-35ca-11e8-b33b-ff969cd97ce8", + "type": "visualization", + "attributes": { + "title": "Torrents", + "visState": "{\"title\":\"Torrents\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"datetime\",\"customLabel\":\"Latest Activity\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"datetime\",\"customLabel\":\"Earliest Activity\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"message.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":1000,\"order\":\"desc\",\"orderBy\":\"2\",\"customLabel\":\"Torrent Messages (Up to 1,000 entries shown)\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "savedSearchId": "781db980-35ca-11e8-b33b-ff969cd97ce8", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + } + } + }, + { + "id": "Appcompatcache", + "type": "search", + "attributes": { + "title": "Appcompatcache", + "description": "", + "hits": 0, + "columns": [ + "attributes" + ], + "sort": [ + "datetime", + "desc" + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"06876cd0-dfc5-11e8-bc06-31e345541948\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":{\"query_string\":{\"query\":\"parser:appcompatcache\",\"analyze_wildcard\":true}},\"language\":\"lucene\"}}" + } + } + }, + { + "id": "Anti-Virus", + "type": "search", + "attributes": { + "title": "Anti-Virus", + "description": "", + "hits": 0, + "columns": [ + "attributes" + ], + "sort": [ + "datetime", + "desc" + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"06876cd0-dfc5-11e8-bc06-31e345541948\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":\"parser:mcafee_protection* OR parser:symantec_scanlog* OR parser:winfirewall* OR parser:ccleaner*\",\"language\":\"lucene\"},\"highlightAll\":true,\"version\":true}" + } + } + }, + { + "id": "Mac", + "type": "search", + "attributes": { + "title": "Mac", + "description": "", + "hits": 0, + "columns": [ + "message", + "parser" + ], + "sort": [ + "datetime", + "desc" + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"06876cd0-dfc5-11e8-bc06-31e345541948\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":\"parser:airport* OR parser:appleid* OR parser:bash* OR parser:bash_history* OR parser:bsm_log* OR parser:cron* OR parser:cups_ipp* OR parser:dockerjson* OR parser:dpkg* OR parser:fsevents* OR parser:google_drive* OR parser:hachoir* OR parser:imessage* OR parser:ipod_device* OR parser:javaidx* OR parser:mac_document_versions* OR parser:mac_keychain* OR parser:mac_securityd* OR parser:mackeeper_cache* OR parser:macosx_bluetooth* OR parser:macosx_install_history* OR parser:mactime* OR parser:macuser* OR parser:macwifi* OR parser:maxos_software_update* OR parser:mcafee_protection* OR parser:olecf* OR parser:openxml* OR parser:pe* OR parser:plist* OR parser:plist_default* OR parser:popularity_contest* OR parser:selinux* OR parser:spotlight* OR parser:sqlite* OR parser:ssh* OR parser:syslog* OR parser:systemd_journal* OR parser:time_machine* OR parser:utmp* OR parser:xchatlog* OR parser:xchatscrollback* OR parser:zeitgeist* OR parser:zsh_extended_history*\",\"language\":\"lucene\"},\"highlightAll\":true,\"version\":true}" + } + } + }, + { + "id": "File-System", + "type": "search", + "attributes": { + "title": "File System", + "description": "", + "hits": 0, + "columns": [ + "attributes" + ], + "sort": [ + "datetime", + "desc" + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"06876cd0-dfc5-11e8-bc06-31e345541948\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":\"parser:filestat OR parser:recycle_bin*\",\"language\":\"lucene\"},\"highlightAll\":true,\"version\":true}" + } + } + }, + { + "id": "Linux", + "type": "search", + "attributes": { + "title": "Linux", + "description": "", + "hits": 0, + "columns": [ + "parser", + "message" + ], + "sort": [ + "datetime", + "desc" + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"06876cd0-dfc5-11e8-bc06-31e345541948\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":\"parser:bash* OR parser:binary_cookies* OR parser:bsm_log* OR parser:cron* OR parser:cups_ipp* OR parser:dockerjson* OR parser:dpkg* OR parser:fsevents* OR parser:google_drive* OR parser:hachoir* OR parser:imessage* OR parser:javaidx* OR parser:olecf* OR parser:openxml* OR parser:pe* OR parser:popularity_contest* OR parser:selinux* OR parser:sqlite* OR parser:ssh OR parser:syslog* OR parser:systemd_journal* OR parser:utmp* OR parser:utmpx* OR parser:xchatlog* OR parser:xchatscrollback* OR parser:zsh_extended_history*\",\"language\":\"lucene\"},\"highlightAll\":true,\"version\":true}" + } + } + }, + { + "id": "Firewall", + "type": "search", + "attributes": { + "title": "Firewall", + "description": "", + "hits": 0, + "columns": [ + "attributes" + ], + "sort": [ + "datetime", + "desc" + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"06876cd0-dfc5-11e8-bc06-31e345541948\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":\"parser:winfirewall* OR parser:mac_appfirewall_log*\",\"language\":\"lucene\"},\"highlightAll\":true,\"version\":true}" + } + } + }, + { + "id": "System-Information", + "type": "search", + "attributes": { + "title": "System Information", + "description": "", + "hits": 0, + "columns": [ + "attributes" + ], + "sort": [ + "datetime", + "desc" + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"06876cd0-dfc5-11e8-bc06-31e345541948\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":\"parser:dockerjson* OR parser:dpkg* OR parser:explorer_* OR parser:fsevents* OR parser:mac_keychain* OR parser:mac_securityd* OR parser:mackeeper_cache* OR parser:macosx_bluetooth* OR parser:macosx_install_history* OR parser:mactime* OR parser:macuser* OR parser:macwifi* OR parser:network_drives* OR parser:rplog* OR parser:windows_shutdown* OR parser:windows_timezone* OR parser:windows_usb_devices* OR parser:windows_usbstor_devices* OR parser:windows_version*\",\"language\":\"lucene\"},\"highlightAll\":true,\"version\":true}" + } + } + }, + { + "id": "Windows-Event-Logs", + "type": "search", + "attributes": { + "title": "Windows Event Logs", + "description": "", + "hits": 0, + "columns": [ + "attributes" + ], + "sort": [ + "datetime", + "desc" + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"06876cd0-dfc5-11e8-bc06-31e345541948\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":\"parser:winevt*\",\"language\":\"lucene\"},\"highlightAll\":true,\"version\":true}" + } + } + }, + { + "id": "USNJRNL", + "type": "search", + "attributes": { + "title": "USNJRNL", + "description": "", + "hits": 0, + "columns": [ + "attributes" + ], + "sort": [ + "datetime", + "desc" + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"06876cd0-dfc5-11e8-bc06-31e345541948\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":\"parser:usnjrnl*\",\"language\":\"lucene\"},\"highlightAll\":true,\"version\":true}" + } + } + }, + { + "id": "781db980-35ca-11e8-b33b-ff969cd97ce8", + "type": "search", + "attributes": { + "title": "Torrents", + "description": "", + "hits": 0, + "columns": [ + "message" + ], + "sort": [ + "datetime", + "desc" + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"06876cd0-dfc5-11e8-bc06-31e345541948\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"parser:bencode*\"},\"filter\":[]}" + } + } + }, + { + "id": "Prefetch", + "type": "search", + "attributes": { + "title": "Prefetch", + "description": "", + "hits": 0, + "columns": [ + "attributes" + ], + "sort": [ + "datetime", + "desc" + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"06876cd0-dfc5-11e8-bc06-31e345541948\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":{\"query_string\":{\"query\":\"parser:prefetch\",\"analyze_wildcard\":true}},\"language\":\"lucene\"}}" + } + } + }, + { + "id": "7a9bca50-35f5-11e8-bb5c-418087d19514", + "type": "search", + "attributes": { + "title": "OS Version", + "description": "", + "hits": 0, + "columns": [ + "attributes" + ], + "sort": [ + "datetime", + "desc" + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"06876cd0-dfc5-11e8-bc06-31e345541948\",\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"parser:windows_version*\",\"language\":\"lucene\"},\"filter\":[]}" + } + } + }, + { + "id": "IR_04-Appcompat-slash-Internet-History", + "type": "dashboard", + "attributes": { + "title": "Internet History", + "hits": 0, + "description": "", + "panelsJSON": "[{\"panelIndex\":\"2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":12,\"h\":5,\"i\":\"2\"},\"id\":\"Internet-History\",\"type\":\"visualization\",\"version\":\"6.2.3\"}]", + "optionsJSON": "{\"darkTheme\":false,\"useMargins\":false}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"highlightAll\":true,\"version\":true}" + } + } + }, + { + "id": "445be4b0-3704-11e8-a971-414e54e085c1", + "type": "dashboard", + "attributes": { + "title": "Appcompat", + "hits": 0, + "description": "", + "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":12,\"h\":4,\"i\":\"1\"},\"id\":\"Appcompat\",\"type\":\"visualization\",\"version\":\"6.2.3\"}]", + "optionsJSON": "{\"darkTheme\":false,\"useMargins\":false}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"highlightAll\":true,\"version\":true}" + } + } + }, + { + "id": "IR_02-General-Information", + "type": "dashboard", + "attributes": { + "title": "Windows System and User Information", + "hits": 0, + "description": "", + "panelsJSON": "[{\"panelIndex\":\"2\",\"gridData\":{\"x\":5,\"y\":0,\"w\":7,\"h\":6,\"i\":\"2\"},\"id\":\"User-Information\",\"type\":\"visualization\",\"version\":\"6.2.3\"},{\"panelIndex\":\"3\",\"gridData\":{\"x\":0,\"y\":0,\"w\":5,\"h\":6,\"i\":\"3\"},\"version\":\"6.2.3\",\"type\":\"visualization\",\"id\":\"e306a2d0-35f6-11e8-bb5c-418087d19514\"}]", + "optionsJSON": "{\"darkTheme\":false,\"useMargins\":false}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"highlightAll\":true,\"version\":true}" + } + } + }, + { + "id": "4a0196a0-3603-11e8-abe3-892c2e94b163", + "type": "dashboard", + "attributes": { + "title": "Persistence", + "hits": 0, + "description": "", + "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":12,\"h\":5,\"i\":\"1\"},\"id\":\"Persistence\",\"type\":\"visualization\",\"version\":\"6.2.3\"}]", + "optionsJSON": "{\"darkTheme\":false,\"useMargins\":false}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"highlightAll\":true,\"version\":true}" + } + } + }, + { + "id": "76162600-3704-11e8-a971-414e54e085c1", + "type": "dashboard", + "attributes": { + "title": "Ant-Virus", + "hits": 0, + "description": "", + "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":12,\"h\":4,\"i\":\"1\"},\"id\":\"Anti-Virus\",\"type\":\"visualization\",\"version\":\"6.2.3\"}]", + "optionsJSON": "{\"darkTheme\":false,\"useMargins\":false}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"},\"highlightAll\":true,\"version\":true}" + } + } + }, + { + "id": "c9570d00-3602-11e8-abe3-892c2e94b163", + "type": "dashboard", + "attributes": { + "title": "Linux Items", + "hits": 0, + "description": "", + "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":12,\"h\":5,\"i\":\"1\"},\"id\":\"Linux\",\"type\":\"visualization\",\"version\":\"6.2.3\"}]", + "optionsJSON": "{\"darkTheme\":false,\"useMargins\":false}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"highlightAll\":true,\"version\":true}" + } + } + }, + { + "id": "Persistence", + "type": "search", + "attributes": { + "title": "Persistence", + "description": "", + "hits": 0, + "columns": [ + "attributes" + ], + "sort": [ + "datetime", + "desc" + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"06876cd0-dfc5-11e8-bc06-31e345541948\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":\"parser:bagmru* OR parser:bencode* OR parser:mrulist* OR parser:msie_zone* OR parser:mstsc_rdp* OR parser:userassist* OR parser:windows_bootwindows_run* OR parser:windows_sam_users* OR parser:windows_services* OR parser:winrar_mru*\",\"language\":\"lucene\"},\"highlightAll\":true,\"version\":true}" + } + } + }, + { + "id": "Internet-History", + "type": "search", + "attributes": { + "title": "Internet History", + "description": "", + "hits": 0, + "columns": [ + "message", + "parser" + ], + "sort": [ + "datetime", + "desc" + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"06876cd0-dfc5-11e8-bc06-31e345541948\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"language\":\"lucene\",\"query\":\"parser:bencode* OR parser:binary_cookies* OR parser:chrome_* OR parser:firefox_* OR parser:google_drive* OR parser:javaidx* OR parser:msiecf* OR parser:opera_* OR parser:safari_* OR parser:sqlite* OR parser:windowstyped_urls*\"},\"highlightAll\":true,\"version\":true}" + } + } + }, + { + "id": "Scheduled-Tasks", + "type": "search", + "attributes": { + "title": "Scheduled Tasks", + "description": "", + "hits": 0, + "columns": [ + "attributes" + ], + "sort": [ + "datetime", + "desc" + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"06876cd0-dfc5-11e8-bc06-31e345541948\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":\"parser:winjob* OR parser:windows_task_cache* OR parser:cron*\",\"language\":\"lucene\"},\"highlightAll\":true,\"version\":true}" + } + } + }, + { + "id": "Registry", + "type": "search", + "attributes": { + "title": "Registry", + "description": "", + "hits": 0, + "columns": [ + "attributes" + ], + "sort": [ + "datetime", + "desc" + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"06876cd0-dfc5-11e8-bc06-31e345541948\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":\"parser:winreg*\",\"language\":\"lucene\"},\"highlightAll\":true,\"version\":true}" + } + } + }, + { + "id": "MFT-Results", + "type": "search", + "attributes": { + "title": "MFT", + "description": "", + "hits": 0, + "columns": [ + "attributes" + ], + "sort": [ + "datetime", + "desc" + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"06876cd0-dfc5-11e8-bc06-31e345541948\",\"query\":{\"query\":\"parser:mft\",\"language\":\"lucene\"},\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"highlightAll\":true,\"version\":true}" + } + } + }, + { + "id": "06876cd0-dfc5-11e8-bc06-31e345541948", + "type": "index-pattern", + "attributes": { + "title": "case_cdqr-*", + "timeFieldName": "datetime", + "fields": "[{\"name\":\"_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"computer_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"computer_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"datetime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"display_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"display_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_identifier\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_entry_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_entry_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_system_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_system_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"filename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"filename.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"inode\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_allocated\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"md5_hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"md5_hash.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message_identifier\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"offset\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parser\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parser.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pathspec\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"pathspec.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"record_number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"recovered\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_long\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_long.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_short\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_short.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"strings\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"strings.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"strings_parsed.source_user_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"strings_parsed.source_user_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"strings_parsed.source_user_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"strings_parsed.source_user_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"strings_parsed.target_machine_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"strings_parsed.target_machine_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"strings_parsed.target_machine_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"strings_parsed.target_machine_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"strings_parsed.target_user_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"strings_parsed.target_user_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"strings_parsed.target_user_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"strings_parsed.target_user_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"timestamp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"timestamp_desc\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"timestamp_desc.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_sid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user_sid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"xml_string\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"xml_string.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]" + }, + "migrationVersion": { + "index-pattern": "6.5.0" + } + }, + { + "id": "Linux", + "type": "visualization", + "attributes": { + "title": "Linux", + "visState": "{\"title\":\"Linux\",\"type\":\"table\",\"params\":{\"perPage\":100,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"message.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":1000,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Linux Messages (Up to 1,000 entries shown)\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"parser.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Parser\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"datetime\",\"customLabel\":\"Latest Activity\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"datetime\",\"customLabel\":\"Earliest Activity\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "savedSearchId": "Linux", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}" + } + } + }, + { + "id": "Anti-Virus", + "type": "visualization", + "attributes": { + "title": "Anti-Virus", + "visState": "{\"title\":\"Anti-Virus\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"message.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":1000,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Anti-Virus Message (Up to 1,000 entries shown)\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"datetime\",\"customLabel\":\"Latest Activity\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"datetime\",\"customLabel\":\"Earliest Activity\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "savedSearchId": "Anti-Virus", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + } + } + }, + { + "id": "Appcompat", + "type": "visualization", + "attributes": { + "title": "Appcompat", + "visState": "{\"title\":\"Appcompat\",\"type\":\"table\",\"params\":{\"perPage\":100,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"datetime\",\"customLabel\":\"Last Modified DateTime\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"message.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":1000,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Appcompat Messages (Up to 1,000 entries shown)\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", + "description": "", + "savedSearchId": "Appcompatcache", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + } + } + }, + { + "id": "e306a2d0-35f6-11e8-bb5c-418087d19514", + "type": "visualization", + "attributes": { + "title": "Windows OS Information", + "visState": "{\"title\":\"Windows OS Information\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"product_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Windows OS Versions Found\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"datetime\",\"customLabel\":\"Latest Activity\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"datetime\",\"customLabel\":\"Earliest Activity\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hostname.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Number of Associated Logs\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "savedSearchId": "7a9bca50-35f5-11e8-bb5c-418087d19514", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + } + } + } +] From ab7f28cc12a3f2ad112fff7927f9f55fe2375b90 Mon Sep 17 00:00:00 2001 From: Alan Orlikoski Date: Tue, 26 Mar 2019 20:17:13 -0500 Subject: [PATCH 3/9] Updates --- Packer/skadi_build/create_basebox.json | 14 +--------- Packer/skadi_build/create_boxes.json | 14 +++++++--- Packer/skadi_build/create_ova.json | 37 +++----------------------- scripts/signedbuildskadi.sh | 3 +-- 4 files changed, 16 insertions(+), 52 deletions(-) diff --git a/Packer/skadi_build/create_basebox.json b/Packer/skadi_build/create_basebox.json index 26922ec..7c46d39 100644 --- a/Packer/skadi_build/create_basebox.json +++ b/Packer/skadi_build/create_basebox.json @@ -101,29 +101,17 @@ ], "provisioners": [ { - "environment_vars": [ - "DEBIAN_FRONTEND=noninteractive", - "SSH_USERNAME=skadi", - "CDQR_VERSION=4.4.0", - "DEFAULT_PASSWORDS=true", - "INSTALL_BRANCH=esxi_packer", - "SKADI_HOSTNAME=true", - "MAKE_SKADI_USER=true", - "UTC_TIME=true" - ], "execute_command": "echo '{{ user `ssh_password` }}' | {{.Vars}} sudo -E -S bash '{{.Path}}'", "scripts": [ "../script/update.sh", "../script/skadi.sh", - "../script/motd.sh", - "{{user `custom_script` }}" + "../script/motd.sh" ], "type": "shell", "expect_disconnect": "true" } ], "variables": { - "custom_script": "../../scripts/signedbuildskadi.sh", "skadi_default_passwords": "true", "xenial_boot_command_prefix": "", "bionic_boot_command_prefix": "", diff --git a/Packer/skadi_build/create_boxes.json b/Packer/skadi_build/create_boxes.json index 4618d47..5115e34 100644 --- a/Packer/skadi_build/create_boxes.json +++ b/Packer/skadi_build/create_boxes.json @@ -21,7 +21,7 @@ "provisioners": [ { "environment_vars": [ - "DEBIAN_FRONTEND=noninteractive", + "DEBIAN_FRONTEND=noninteractive" ], "execute_command": "echo '{{ user `ssh_password` }}' | {{.Vars}} sudo -E -S bash '{{.Path}}'", "scripts": [ @@ -33,7 +33,7 @@ }, { "environment_vars": [ - "DEBIAN_FRONTEND=noninteractive", + "DEBIAN_FRONTEND=noninteractive" ], "execute_command": "echo '{{ user `ssh_password` }}' | {{.Vars}} sudo -E -S bash '{{.Path}}'", "scripts": [ @@ -45,13 +45,20 @@ }, { "environment_vars": [ - "DEBIAN_FRONTEND=noninteractive", + "SSH_USERNAME=skadi", + "CDQR_VERSION=4.4.0", + "DEFAULT_PASSWORDS=true", + "INSTALL_BRANCH=esxi_packer", + "SKADI_HOSTNAME=true", + "MAKE_SKADI_USER=true", + "UTC_TIME=true" ], "execute_command": "echo '{{ user `ssh_password` }}' | {{.Vars}} sudo -E -S bash '{{.Path}}'", "scripts": [ "../script/vagrant.sh", "../script/sshd.sh", "../script/motd.sh", + "{{user `custom_script` }}", "../script/cleanup.sh" ], "type": "shell", @@ -75,6 +82,7 @@ } ], "variables": { + "custom_script": "../../scripts/signedbuildskadi.sh", "version": "2019.2", "vm_name": "skadi_server", "headless": "true" diff --git a/Packer/skadi_build/create_ova.json b/Packer/skadi_build/create_ova.json index 24bfe0f..01996d0 100644 --- a/Packer/skadi_build/create_ova.json +++ b/Packer/skadi_build/create_ova.json @@ -1,14 +1,6 @@ { "_comment": "Build with `packer build create_VMWare_box.json`", "builders": [ - { - "type": "vmware-vmx", - "source_path": "output-skadi_basebox-vmware-iso/skadi_basebox.vmx", - "ssh_username": "vagrant", - "ssh_password": "vagrant", - "shutdown_command": "sudo shutdown -P now", - "headless": "{{ user `headless` }}" - }, { "type": "virtualbox-ovf", "source_path": "output-skadi_basebox-virtualbox-iso/skadi_basebox.ovf", @@ -30,6 +22,8 @@ "scripts": [ "../script/update.sh", "../script/vagrant.sh", + "../script/vmware.sh", + "../script/virtualbox.sh", "{{user `custom_script`}}", "../script/sshd.sh", "../script/motd.sh", @@ -37,37 +31,12 @@ ], "type": "shell", "expect_disconnect": "true" - }, - { - "execute_command": "echo '{{ user `ssh_password` }}' | {{.Vars}} sudo -E -S bash '{{.Path}}'", - "scripts": [ - "../script/vmware.sh" - ], - "type": "shell", - "expect_disconnect": "true", - "only": ["vmware-vmx"] - }, - { - "execute_command": "echo '{{ user `ssh_password` }}' | {{.Vars}} sudo -E -S bash '{{.Path}}'", - "scripts": [ - "../script/virtualbox.sh" - ], - "type": "shell", - "expect_disconnect": "true", - "only": ["virtualbox-ovf"] } ], "post-processors": [ { "keep_input_artifact": false, - "output": "box/{{.Provider}}/{{user `vm_name`}}-{{user `version`}}.box", - "type": "vagrant", - "vagrantfile_template": "../../Vagrant/skadi_server/vmware/Vagrantfile", - "only": ["vmware-vmx"] - }, - { - "keep_input_artifact": false, - "output": "box/{{.Provider}}/{{user `vm_name`}}-{{user `version`}}.box", + "output": "OVA/{{user `vm_name`}}-{{user `version`}}.box", "type": "vagrant", "vagrantfile_template": "../../Vagrant/skadi_server/virtualbox/Vagrantfile", "only": ["virtualbox-ovf"] diff --git a/scripts/signedbuildskadi.sh b/scripts/signedbuildskadi.sh index 03e9502..9403a21 100644 --- a/scripts/signedbuildskadi.sh +++ b/scripts/signedbuildskadi.sh @@ -209,8 +209,7 @@ curl -XPUT 'localhost:9200/_template/number_of_replicas' \ echo "Importing Saved Objects to Kibana" sleep 10 -curl -o /tmp/kibana_6.x.json https://raw.githubusercontent.com/orlikoski/Skadi/master/objects/kibana_6.x_cli_import.json -curl -X POST "http://localhost:5601/api/saved_objects/_bulk_create" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' --data-binary @/tmp/kibana_6.x_cli_import.json +curl -X POST "http://localhost:5601/api/saved_objects/_bulk_create" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' --data-binary @/opt/Skadi/objects/kibana_6.x_cli_import.json # The TimeSketch container needs to be running before continuing and this # requires the other containers to be up and running too. This can take time From 7dc15fdef2377b6b90efd4af1e1e5db7e2528af9 Mon Sep 17 00:00:00 2001 From: Alan Orlikoski Date: Tue, 26 Mar 2019 22:18:28 -0500 Subject: [PATCH 4/9] build updates --- Docker/docker-compose.yml | 4 ++-- Packer/script/cleanup.sh | 4 +++- Packer/script/vagrant.sh | 13 ++++++++----- 3 files changed, 13 insertions(+), 8 deletions(-) diff --git a/Docker/docker-compose.yml b/Docker/docker-compose.yml index 733e069..de1f416 100644 --- a/Docker/docker-compose.yml +++ b/Docker/docker-compose.yml @@ -1,7 +1,7 @@ version: '2.4' services: timesketch: - image: aorlikoski/skadi_timesketch:1.4 + image: aorlikoski/skadi_timesketch:20190326 container_name: timesketch ports: - 127.0.0.1:5000:5000 @@ -115,7 +115,7 @@ services: restart: always cyberchef: - image: aorlikoski/skadi_cyberchef:latest + image: aorlikoski/skadi_cyberchef:20190326 container_name: cyberchef ports: - 127.0.0.1:8000:8000 diff --git a/Packer/script/cleanup.sh b/Packer/script/cleanup.sh index 0fcb989..87d0d38 100644 --- a/Packer/script/cleanup.sh +++ b/Packer/script/cleanup.sh @@ -24,6 +24,8 @@ echo "pre-up sleep 2" >> /etc/network/interfaces echo "==> Cleaning up tmp" rm -rf /tmp/* +rm -rf /home/vagrant/* +rm -rf /home/skadi/* # Cleanup apt cache apt-get -y autoremove --purge @@ -34,7 +36,7 @@ apt-get -y autoclean # Remove Bash history unset HISTFILE rm -f /root/.bash_history -rm -f /home/${SSH_USER}/.bash_history +rm -f /home/$SKADI_USER/.bash_history rm -f /home/$SKADI_USER/.bash_history # Clean up log files diff --git a/Packer/script/vagrant.sh b/Packer/script/vagrant.sh index ae225a4..368fdec 100644 --- a/Packer/script/vagrant.sh +++ b/Packer/script/vagrant.sh @@ -4,7 +4,7 @@ date > /etc/box_build_time SSH_USER=vagrant SSH_PASS=vagrant -SSH_USER_HOME=${SSH_USER_HOME:-/home/${SSH_USER}} +SSH_USER_HOME=/home/$SSH_USER VAGRANT_INSECURE_KEY="ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key" @@ -12,14 +12,17 @@ if ! id -u $SSH_USER >/dev/null 2>&1; then echo "==> Creating $SSH_USER user" /usr/sbin/groupadd $SSH_USER /usr/sbin/useradd $SSH_USER -g $SSH_USER -G sudo -d $SSH_USER_HOME --create-home - echo "${SSH_USER}:${SSH_PASS}" | chpasswd + echo "$SSH_USER:$SSH_PASS" | chpasswd fi # Set up sudo -echo "==> Giving ${SSH_USER} sudo powers" -echo "${SSH_USER} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/$SSH_USER +echo "==> Giving $SSH_USER sudo powers" +echo "$SSH_USER ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/$SSH_USER chmod 440 /etc/sudoers.d/$SSH_USER +# Add vagrant user to the docker usergroup +sudo usermod -aG docker $SSH_USER + # Fix stdin not being a tty if grep -q -E "^mesg n$" /root/.profile && sed -i "s/^mesg n$/tty -s \\&\\& mesg n/g" /root/.profile; then echo "==> Fixed stdin not being a tty." @@ -31,6 +34,6 @@ chmod 700 $SSH_USER_HOME/.ssh cd $SSH_USER_HOME/.ssh # https://raw.githubusercontent.com/mitchellh/vagrant/master/keys/vagrant.pub -echo "${VAGRANT_INSECURE_KEY}" > $SSH_USER_HOME/.ssh/authorized_keys +echo "$VAGRANT_INSECURE_KEY" > $SSH_USER_HOME/.ssh/authorized_keys chmod 600 $SSH_USER_HOME/.ssh/authorized_keys chown -R $SSH_USER:$SSH_USER $SSH_USER_HOME/.ssh From 67ec0bfae16306c959c62e169ff2ef994dc43bc3 Mon Sep 17 00:00:00 2001 From: Alan Orlikoski Date: Tue, 26 Mar 2019 22:33:40 -0500 Subject: [PATCH 5/9] Updating Build --- Packer/script/cleanup.sh | 3 --- Packer/script/virtualbox.sh | 10 +++++----- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/Packer/script/cleanup.sh b/Packer/script/cleanup.sh index 87d0d38..beb8220 100644 --- a/Packer/script/cleanup.sh +++ b/Packer/script/cleanup.sh @@ -24,15 +24,12 @@ echo "pre-up sleep 2" >> /etc/network/interfaces echo "==> Cleaning up tmp" rm -rf /tmp/* -rm -rf /home/vagrant/* -rm -rf /home/skadi/* # Cleanup apt cache apt-get -y autoremove --purge apt-get -y clean apt-get -y autoclean - # Remove Bash history unset HISTFILE rm -f /root/.bash_history diff --git a/Packer/script/virtualbox.sh b/Packer/script/virtualbox.sh index 7a58be3..d55e059 100644 --- a/Packer/script/virtualbox.sh +++ b/Packer/script/virtualbox.sh @@ -1,6 +1,6 @@ #!/bin/bash -eux -SSH_USER=${SSH_USERNAME:-skadi} +SSH_USER=skadi #SSH_USER="root" @@ -9,9 +9,9 @@ echo "==> Installing VirtualBox guest additions" #apt-get install -y linux-headers-$(uname -r) build-essential perl #apt-get install -y dkms -VBOX_VERSION=$(cat /home/${SSH_USER}/.vbox_version) -mount -o loop /home/${SSH_USER}/VBoxGuestAdditions_$VBOX_VERSION.iso /mnt +VBOX_VERSION=$(cat /home/$SSH_USER/.vbox_version) +mount -o loop /home/$SSH_USER/VBoxGuestAdditions_$VBOX_VERSION.iso /mnt sh /mnt/VBoxLinuxAdditions.run umount /mnt -rm /home/${SSH_USER}/VBoxGuestAdditions_$VBOX_VERSION.iso -rm /home/${SSH_USER}/.vbox_version +rm /home/$SSH_USER/VBoxGuestAdditions_$VBOX_VERSION.iso +rm /home/$SSH_USER/.vbox_version From 69d07b2e7010713b05613660a945fcece6693cb0 Mon Sep 17 00:00:00 2001 From: Alan Orlikoski Date: Tue, 26 Mar 2019 23:10:17 -0500 Subject: [PATCH 6/9] Updated --- Packer/script/update.sh | 12 ++++++++---- Packer/skadi_build/build_skadi.ps1 | 6 ++++-- Packer/skadi_build/create_boxes.json | 2 +- scripts/signedbuildskadi.sh | 1 + 4 files changed, 14 insertions(+), 7 deletions(-) diff --git a/Packer/script/update.sh b/Packer/script/update.sh index 3d59538..c4b8fac 100644 --- a/Packer/script/update.sh +++ b/Packer/script/update.sh @@ -4,13 +4,17 @@ echo "==> Disabling the release upgrader" sed -i.bak 's/^Prompt=.*$/Prompt=never/' /etc/update-manager/release-upgrades +# Sync Date +sudo timedatectl set-ntp off +sudo timedatectl set-ntp on + echo "==> Checking version of Ubuntu" . /etc/lsb-release -if [[ $DISTRIB_RELEASE == 16.04 || $DISTRIB_RELEASE == 16.10 ]]; then - echo "==> Disabling periodic apt upgrades" - echo 'APT::Periodic::Enable "0";' >> /etc/apt/apt.conf.d/10periodic -fi + +echo "==> Disabling periodic apt upgrades" +echo 'APT::Periodic::Enable "0";' >> /etc/apt/apt.conf.d/10periodic + echo "==> Updating list of repositories" diff --git a/Packer/skadi_build/build_skadi.ps1 b/Packer/skadi_build/build_skadi.ps1 index a406809..89a4a06 100644 --- a/Packer/skadi_build/build_skadi.ps1 +++ b/Packer/skadi_build/build_skadi.ps1 @@ -1,2 +1,4 @@ -packer build -force .\create_basebox.json -packer build -force .\create_boxes.json +packer build -force create_basebox.json +packer build -force create_boxes.json +vagrant.exe box add box/virtualbox/skadi_server-2019.2.box --name skadivm/skadi_server +vagrant.exe box add box/vmware/skadi_server-2019.2.box --name skadivm/skadi_server diff --git a/Packer/skadi_build/create_boxes.json b/Packer/skadi_build/create_boxes.json index 5115e34..c8f4c76 100644 --- a/Packer/skadi_build/create_boxes.json +++ b/Packer/skadi_build/create_boxes.json @@ -55,10 +55,10 @@ ], "execute_command": "echo '{{ user `ssh_password` }}' | {{.Vars}} sudo -E -S bash '{{.Path}}'", "scripts": [ - "../script/vagrant.sh", "../script/sshd.sh", "../script/motd.sh", "{{user `custom_script` }}", + "../script/vagrant.sh", "../script/cleanup.sh" ], "type": "shell", diff --git a/scripts/signedbuildskadi.sh b/scripts/signedbuildskadi.sh index 9403a21..4356ca4 100644 --- a/scripts/signedbuildskadi.sh +++ b/scripts/signedbuildskadi.sh @@ -41,6 +41,7 @@ sudo apt-get install -y \ htop \ screen \ gnupg \ + net-tools \ software-properties-common \ apache2-utils From 80ba072a201c53a35cce49d2b5a13d566e2c116d Mon Sep 17 00:00:00 2001 From: Alan Orlikoski Date: Tue, 26 Mar 2019 23:53:05 -0500 Subject: [PATCH 7/9] Updated build --- Packer/skadi_build/create_boxes.json | 11 +++++++++++ Packer/skadi_build/create_ova.json | 16 ++++++++-------- scripts/signedbuildskadi.sh | 4 ++-- 3 files changed, 21 insertions(+), 10 deletions(-) diff --git a/Packer/skadi_build/create_boxes.json b/Packer/skadi_build/create_boxes.json index c8f4c76..c60bbaf 100644 --- a/Packer/skadi_build/create_boxes.json +++ b/Packer/skadi_build/create_boxes.json @@ -16,6 +16,16 @@ "ssh_password": "skadi", "shutdown_command": "sudo shutdown -P now", "headless": "{{ user `headless` }}" + }, + { + "type": "virtualbox-ovf", + "source_path": "output-skadi_basebox-virtualbox-iso/skadi_basebox.ovf", + "ssh_username": "skadi", + "ssh_password": "skadi", + "shutdown_command": "sudo shutdown -P now", + "headless": "{{ user `headless` }}", + "output_directory": "ova", + "format": "ova" } ], "provisioners": [ @@ -55,6 +65,7 @@ ], "execute_command": "echo '{{ user `ssh_password` }}' | {{.Vars}} sudo -E -S bash '{{.Path}}'", "scripts": [ + "../script/update.sh", "../script/sshd.sh", "../script/motd.sh", "{{user `custom_script` }}", diff --git a/Packer/skadi_build/create_ova.json b/Packer/skadi_build/create_ova.json index 01996d0..aaddb55 100644 --- a/Packer/skadi_build/create_ova.json +++ b/Packer/skadi_build/create_ova.json @@ -4,29 +4,29 @@ { "type": "virtualbox-ovf", "source_path": "output-skadi_basebox-virtualbox-iso/skadi_basebox.ovf", - "ssh_username": "vagrant", - "ssh_password": "vagrant", + "ssh_username": "skadi", + "ssh_password": "skadi", "shutdown_command": "sudo shutdown -P now", - "headless": "{{ user `headless` }}" + "headless": "{{ user `headless` }}", + "output_directory": "output-{{ user `vm_name` }}-vmware-iso", + "format": "ova" } ], "provisioners": [ { "environment_vars": ["CDQR_VERSION=4.4.0", "DEFAULT_PASSWORDS=true", - "INSTALL_BRANCH=master", + "INSTALL_BRANCH=esxi_packer", "SKADI_HOSTNAME=true", "MAKE_SKADI_USER=true", "UTC_TIME=true"], "execute_command": "echo '{{ user `ssh_password` }}' | {{.Vars}} sudo -E -S bash '{{.Path}}'", "scripts": [ + "../script/skadi.sh", "../script/update.sh", - "../script/vagrant.sh", - "../script/vmware.sh", - "../script/virtualbox.sh", - "{{user `custom_script`}}", "../script/sshd.sh", "../script/motd.sh", + "{{user `custom_script` }}", "../script/cleanup.sh" ], "type": "shell", diff --git a/scripts/signedbuildskadi.sh b/scripts/signedbuildskadi.sh index 4356ca4..efcc40e 100644 --- a/scripts/signedbuildskadi.sh +++ b/scripts/signedbuildskadi.sh @@ -207,9 +207,9 @@ echo "Setting the ElasticSearch default number of replicas to 0" curl -XPUT 'localhost:9200/_template/number_of_replicas' \ -d '{"template": "*","settings": {"number_of_replicas": 0}}' \ -H'Content-Type: application/json' - +echo "Waiting 30 seconds for Kibana to start" +sleep 30 echo "Importing Saved Objects to Kibana" -sleep 10 curl -X POST "http://localhost:5601/api/saved_objects/_bulk_create" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' --data-binary @/opt/Skadi/objects/kibana_6.x_cli_import.json # The TimeSketch container needs to be running before continuing and this From 8c0d05f7e5c852f9ce39e66b07a192966d3e173d Mon Sep 17 00:00:00 2001 From: Alan Orlikoski Date: Wed, 27 Mar 2019 02:07:03 -0500 Subject: [PATCH 8/9] Updated for Skadi 2019.2 --- Packer/script/skadi.sh | 10 +++--- Packer/skadi_build/create_boxes.json | 20 +++++++++-- Packer/skadi_build/create_ova.json | 51 --------------------------- scripts/buildskadi.sig | Bin 512 -> 512 bytes scripts/buildskadi.tgz | Bin 3607 -> 3561 bytes 5 files changed, 22 insertions(+), 59 deletions(-) delete mode 100644 Packer/skadi_build/create_ova.json diff --git a/Packer/script/skadi.sh b/Packer/script/skadi.sh index c29d2f9..f45c75e 100644 --- a/Packer/script/skadi.sh +++ b/Packer/script/skadi.sh @@ -2,13 +2,13 @@ date > /etc/box_build_time -SSH_USER=${SSH_USERNAME:-skadi} -SSH_PASS=${SSH_PASSWORD:-skadi} -SSH_USER_HOME=${SSH_USER_HOME:-/home/${SSH_USER}} +SSH_USER=$skadi +SSH_PASS=$skadi +SSH_USER_HOME=$/home/$SSH_USER # Set up sudo -echo "==> Giving ${SSH_USER} sudo powers" -echo "${SSH_USER} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/$SSH_USER +echo "==> Giving $SSH_USER sudo powers" +echo "$SSH_USER ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/$SSH_USER chmod 440 /etc/sudoers.d/$SSH_USER # Fix stdin not being a tty diff --git a/Packer/skadi_build/create_boxes.json b/Packer/skadi_build/create_boxes.json index c60bbaf..8cf28b3 100644 --- a/Packer/skadi_build/create_boxes.json +++ b/Packer/skadi_build/create_boxes.json @@ -18,13 +18,15 @@ "headless": "{{ user `headless` }}" }, { + "name": "ova", + "vm_name": "{{user `vm_name`}}-{{user `version`}}.", + "output_directory": "ova", "type": "virtualbox-ovf", "source_path": "output-skadi_basebox-virtualbox-iso/skadi_basebox.ovf", "ssh_username": "skadi", "ssh_password": "skadi", "shutdown_command": "sudo shutdown -P now", "headless": "{{ user `headless` }}", - "output_directory": "ova", "format": "ova" } ], @@ -55,10 +57,11 @@ }, { "environment_vars": [ + "DEBIAN_FRONTEND=noninteractive", "SSH_USERNAME=skadi", "CDQR_VERSION=4.4.0", "DEFAULT_PASSWORDS=true", - "INSTALL_BRANCH=esxi_packer", + "INSTALL_BRANCH=master", "SKADI_HOSTNAME=true", "MAKE_SKADI_USER=true", "UTC_TIME=true" @@ -69,11 +72,22 @@ "../script/sshd.sh", "../script/motd.sh", "{{user `custom_script` }}", - "../script/vagrant.sh", "../script/cleanup.sh" ], "type": "shell", "expect_disconnect": "true" + }, + { + "environment_vars": [ + "DEBIAN_FRONTEND=noninteractive" + ], + "execute_command": "echo '{{ user `ssh_password` }}' | {{.Vars}} sudo -E -S bash '{{.Path}}'", + "scripts": [ + "../script/vagrant.sh" + ], + "type": "shell", + "expect_disconnect": "true", + "only": ["virtualbox-ovf", "vmware-vmx"] } ], "post-processors": [ diff --git a/Packer/skadi_build/create_ova.json b/Packer/skadi_build/create_ova.json deleted file mode 100644 index aaddb55..0000000 --- a/Packer/skadi_build/create_ova.json +++ /dev/null @@ -1,51 +0,0 @@ -{ - "_comment": "Build with `packer build create_VMWare_box.json`", - "builders": [ - { - "type": "virtualbox-ovf", - "source_path": "output-skadi_basebox-virtualbox-iso/skadi_basebox.ovf", - "ssh_username": "skadi", - "ssh_password": "skadi", - "shutdown_command": "sudo shutdown -P now", - "headless": "{{ user `headless` }}", - "output_directory": "output-{{ user `vm_name` }}-vmware-iso", - "format": "ova" - } - ], - "provisioners": [ - { - "environment_vars": ["CDQR_VERSION=4.4.0", - "DEFAULT_PASSWORDS=true", - "INSTALL_BRANCH=esxi_packer", - "SKADI_HOSTNAME=true", - "MAKE_SKADI_USER=true", - "UTC_TIME=true"], - "execute_command": "echo '{{ user `ssh_password` }}' | {{.Vars}} sudo -E -S bash '{{.Path}}'", - "scripts": [ - "../script/skadi.sh", - "../script/update.sh", - "../script/sshd.sh", - "../script/motd.sh", - "{{user `custom_script` }}", - "../script/cleanup.sh" - ], - "type": "shell", - "expect_disconnect": "true" - } - ], - "post-processors": [ - { - "keep_input_artifact": false, - "output": "OVA/{{user `vm_name`}}-{{user `version`}}.box", - "type": "vagrant", - "vagrantfile_template": "../../Vagrant/skadi_server/virtualbox/Vagrantfile", - "only": ["virtualbox-ovf"] - } - ], - "variables": { - "custom_script": "../../scripts/signedbuildskadi.sh", - "version": "2019.2", - "vm_name": "skadi_server", - "headless": "true" - } -} diff --git a/scripts/buildskadi.sig b/scripts/buildskadi.sig index 8e1ee0ad3d62cc85481a93892ac2dbd6b30d06b2..1d7da95a8c30a07889e8e368efb76dd53c189b7a 100644 GIT binary patch literal 512 zcmV+b0{{KOj?0s9$@Qg1f`K>?H3u}QJ2anf3U$wNOiZBR#-r-zt?eZ!;{#iH-9T~o z!0xrNStBZNTm^qpvhN!Mx)H&1k|gp$fw@}7etEoIs%<}BXmPmm32#4*f;7EwXev$Y z2E`MCqCxMdmir)6?wXZO5%<9nT;zr=v61I<8p4}m3AqXYhB&97e{!>j1dnk1KNHK! zRR7s8moRK~IdCL0VE6(nv#zhYK_P2cTsSUCL$PpkjF{<6!yajd7wF1Dxjd^94W+J* zGQwGr;SX0K2^$a+E)SZteh?fj?0C_U+-xwbg1YX!6V0Uo0>y^O%CtQqaqurlK zMtX!RnP-bU@o{f1ho!|Gv@6$!#zBMn9~)nd`cv`?y%p^+Fj3Kvmdm&xKn>#|6{VqK zc0NYbv)wHT2r)?20nvqdhq31tdtVm9)wKeO^myUXi#Rtk4pU0)kZtP%yGV zkwsk33l$}MrS8tbUMQA#X>+GXJ(sV7lY@Fp&LH0R(IFvVCcbt!{P`Q?`sZTYQ6AH( z8Yg1h{&VHuj5TM9xV%Acm~I&&Q>^p7sVcXve9jR)bJF!a2p)%AnhWGqe*z?g*hY`g zP|;ia)%NU^;}zaAEBpHPNrYM9M~AQNa8c>3jvEeZCu`P2O{);M6INPHnj>bpU`jrq Cj`#Wi literal 512 zcmV+b0{{J=)O_ZQGGHCM_YnUkeL^l*Rm=^wEDV~BiL#2918^-ipS?wPm`5LJa$Op8 zuFlJ=D5~_?BTIDAwz+lzdC(}K@T&D0py=}t+sGy|J@70h0b25p zj`~Kx{yLZZu5jWuSxP4Uh-hMT8R+nUV4eVenw5z%O^J_ieQrHUy8~qK!31f#%0HE5~WYQbk8o8)r_tBAs#2 z$vr)iJyk>s^b$TCWewn9HBYH=ebxkaFPx!X%n3oR zj(*0kWobf$MrvY9HVhS4tS!;2bOe?GSinr^>D4bN5a<6=S$n9rrLU75#m1^y62#5- z=(?~;YI{SGX-{89tdjWt7|r0rO*rWAs*PYPk9T#_&cH9XLGZlH%`Acth6lM=eU>G@ z^q25P4(~SN!=T-@Ps znUq3GO01S}Sdeec53ABEf-q<-MZd&l#ea{S`Y z9y>6Oj*jqi_vp<|@e{`0{^6U07rXlh2Zx7yu(JPRXZOwS;n54W^QTj?Vx%&0V#Z!L zQpACOFV?|5xBh=RUVdc_{LmUWa$J)m+jp0J`=;INeSdv>+H09ZCy@LP#NUIHk}+p~2;2_> zC-Ftd2C);mnc)la~5anf?XrEr#=hwadRr_PNWhQaTpGHp?M&88517hwZ zaDe*MOhFhp;$!Vf6S5r%nXSeP5?W?wet>^pZ3-cZIG6uZ!UE~4xYcll&bE3o?0mD+7W3OJZ(zNHx z#7v`6?0B4+Gu(Zl)DKiXl4TrPF#(SKRAWp;Jd|>5YANB=$WQ3gP2)gK1fauQ()Tp{ z&5!8YgFm6qaU#@&1cl+D+7SXd^eyCxnFtZ6-BJvbsS|TEis9fm@wqfzF_{Rp&50a$ z%=gSR@dJt1XnP(z74AJyHUfnAd{!f>%%SXE!pTV_TbAXCX&4B{YkCCQ1dLYThv}o0 z4$?45E!_Jl=NX`34q!GlXFSiu>6l00E)o&XnBnmO`_YNPa-E5Hc<}SaXR-QLAP08L z1MYy!FCH8%4ROORbXbYH6v{Oqb+K5ON0YW8x+O;~}EgAj^lC9WjB6X~c?s zm(0j61kxU-1GW4m?( z;oP%LoN<}p(xRyuZ@iO^DKmcyI1jMFq?+Eh+wdv!Bs$H3E_jgW5JADFo6jMdOT}>jzR8cnxQ#v z&};*pUf|7V>sxP0*4e~1x+xUMJoMHJNZ5(x@dqnR!MyfPUhQVU$P3eFhP3JhTe6Cq7FXC>O!o<8>lF~>wO(KDVIh>;(9P4w=*yS$%6Dl_Ne6)-=} zIEhCZwV_X;2y>?yE`V(Yvn)X<FoRr@g?vkDd9KN_P_C3yl?0m+bw>#t>YC`Zc?P`#&-WH;*%Bv9s72I-z3}4){Ly6FdSP zrkmRt-ob+FSc=-hirTz7bFkN$&i2x-JobNywIQ;lMC7^C7t)k3K6q_jQ(Rn|+aORO zUHf7xHp%aDF*9~UI`AsfflOUm20K|J>C$!>CRze1V2c&54G1>JaHF+$jv?dAW>_{o zD>s4SJ-_Ip3!46=w_Tz7PodJDsq6-Nfcnkj9*1xZ=$plYZxI+F9vkb%t*dWVY=ABB?4-R&o1_irWN-5k-Q}bp65?msyc{L3XiSw!4snm_4xIz=N|?mOQ!l{Fs@MA|pft#-x7O^cL4i*kho)5EZ5@Rrl$8E0fV)tBF@$$2&k`#%u9R zr&H_eXV~g`zsA@G@FU8?%LUykN)@cMXyZcthjUL?hy*uh%q>J?C4(fdsdnN| z+-o{#8AQ>>i=DnnbK*SO6DP7MUNC?SIo*Nm9qpG4DsT5W3B#U3!uAgLb`K6HIz#;R zQkP6H&FXw8UyvK-bm@>|wNr_B&0;2Mte;Frdo038`j2-fkHY>9)H)-moGAY% zikm!qAcs(My%iRrPG2km7BeOAt4#|rErI8`@rp?dcEx?=g1uh)xfV7*K^OIlkmud@ zjorKWSNC{#R9GWRR$h@8t5xI$lVaYJX0AixViFTDjQXk!;|_SetlD%W!54B-#XqS? z*xfs7?!doY9hGWW8bY%0%sy5N>*=;G6{axF6vW!-WE_0fBh-BV&zv>K}InU zR2%`H@Y#7grtr1kwQJ>W!@Im21b(OS7C!B>YmonW_qKb|SXi#-KO66|Zp6YdiwC?# zHN)qGlb>2|Gp#y#S60KHTA7+{iuS5|eegFs!;QqLrqPOp`nigd)5B#vWr{aWBX!xx({K%+7Ks{%{S-vckRxH?$t8tb*rCo!pnCQ zI8px!kT2h5rc<2Ukml}XyVt+y(2El?aBeJ(rKOT>H#Q{sU4zUG@~1iG*5UrqH;sHj zeX7X~saAqtL34RQ>El{T=~XHU#Ee{=DiNg!Qi@}cZTTS_=!f7}%Pr&P4DuzSXrbo} z8I0)_V!Z?YWfBGW70`5ha1KOIh@;A>hUsJgp&6>(7|8HlNBLjuV)>!RA5|*5Q`1c@ zM>V++q^m^HQ*Ji%)s*+jNI*E$DKH0*X4D|6`T?tNsm{A8(j-bDVV#$#mOKa=ML=uAu-d(HzE?So$+CnN@_twzQKN(t0!Pe~qc4tI7fCxR3l5!gZ@u%{_BBPy)zj9TReNC!Vo)g)o<$b5B&-hs{UZ4Sd_D z`!sPknm~WN7(x>V3@R?AlyMq{$bkU|j&TC=!<1UNsKjGm0w!I{DVq`SUz}sh5P{|4 zjtpNSL=z~0FpoJ-;@oq}&;c3cKQJE%5iuUh6cMAvA@T_11i#{(Fd}2_HW+Nw76yxe z4Gy33figANxpa-9mzekUb9@U5v|Co70{7^WE_N!M2QW?b6sh!SH`AvZz%N;+e|u?m zFiCg9nR>7%4TRek|HR=>a|#8gn!ARqaiEzc`RnZRnLAji8OZGEGB1Gs1XR!&0hDT! zJj2!89RYI+{-|*1oQ+M)m9?}=ue(``871*ig!rb60?iu;Pxb|L#SSDwX*9tG0ahX9 z**w+E&Z3u|RTT`;-#-0#aiuGWV*7rfMp0mS@vzv;FINg=B#@XX>spR;aQ`%NyRYE_r6%dq>lsyBIi1MM1XciOnJpZOJ9np2wH8WZxmVM|U~LLO~O(m4gn2E(0dG?HChHZyO zMjQ-7YBOR?arK!8GId>Ivw&x5IBLcZn8*3Z;4FM#AsIT6K#4-?@xTuwV-!UJCl)m< z7Dmp%v0!WX9fvOA{vevrkQqS;WMGzY!}7;t-y^{^8u^|PH~|^D)U#ko?0te?56+m3 zB0qp#s5N3$BaR%G3wCWbps^eEg!cCW%K5|(ZC>B_eAGH_T%UJ)myJ&6=Hlw8Q!|PK z>T*{6il^+rd72@!nHM=QTIjTzSFLXEP3zbC#&dZCR) zjpIhUA-CR0*~m<$+hn&DNS!y0qcffLqBe|}k7q6=-8;Q_+o~7Mkw0eUMmnzFJ|UMv zHJ&A^k!Vq^NDfyhKxR3BL9Ufv)`%tzAh14#OQp;+3W>PZqq6Q^sb%QreAGeb4B)Y+ zU1Aa6BE`T@EO>_wq7mg@mOBaJ4~U>v6Mxrr87~BpjMrFh_^ZuZpI@-prFN-L{U=Oq zaroQTGjNiKcIxv;h#H)wAOg{1GE#%}k{Bu#eAk|hZ9IQzf|SiLV^6lJ|s02H56mw55$49#6*+s{Mw)A<6*siD2bus z>kE-+@ewXTa%OAR@MxEyDaj+fL8_JCqhQ87G&yFY!_bcdYTNq$b0{dAISgWC#b=zz zOx4I>2_qneVF@7_XbZ&Pq&Q21b%}3$P8WWyCBN`6UyBf`tdVd=wq`$ZAT}+eS9{_- zh>O)pNyY+y!a_(smh43oG|tcK&*9Ie`rW<|p5Um4Ga{a$k|Q;sRJL`iE?A?nZLpL#h@+8IoVf^r8IVP1Eel5ea=u>3<;31y-YB}j+?3tJwKLq@RjayWteI4D=j+ae~bnorz?BxamS zL{$vJ_j+C88;0i_7M5rRXaW*Gayad~;AST@P(B;J`GWy5sHVKAlu(L>z@Q&ab!`%| z#%VKATC|G&{rz+X=`_HX$h#oJU`X!Sv>>WYW57G-GnKJH;a#8FWm}*M-Ekc+{%FR1 zaI>+AYrmugGLRwYr3_UD+qQwjAq#x&Ag82gvp)HahSsP~$M)XNA8YSLHlDk@-wT<` zAd!YU=9>fr3c@NT2fB1AM~g^yTggQb(Av-$fUyb!b9KCu3+7FN;E**~Sk;Y{=yQ=}hj^R9P>_5O6j35q& zYyri>#Y-2;86`WJO@Ix^ZACB^aY-)4pQuO%JxMU;+-g>OM$;dIxD`86wa!U#i7%4W zz-tJ6Q{6A0>4Ujdu5OpN%tW>l&)9e#i#*5Ro9XxQW|0`a^eE^LT@mH7D|NH@>El|s ziu;85kWR|-04No3cM*j3WoJ>GBSz@-#jwlJFNnZ9x0hfXy%x^(Qd|gNb4)461!)y| z7?;QNV{c4@o=AMakVB6NpC!^O400k&^cjxfHyRO?a73zm)vcW!;j^GpuwzREmN+>z z=p!nlF}u-ykau(3YeH0R7GS#QN#;fVYG@4_Qz9UQcj-FBAeil`(aduU!Gw(r!*Mem)iCps3^Ci@L zEeV-Q*+fbU=xL?1WDqk(eOpS_a{(3R8HRqL=cH@%VmEWJt!(YbBrH+YFE z*>1dT9sXW>nW)y`tE|fYUQ1MRU9wVD6WYj}?CCC<*qAkb*Je6v2tqR1p~KP=oUFa9 zyP0`?d4AD2>b2U9U(Q=d=omZ3i^JV8PRsxA&^)343$+c92B|K**q;{_46zskWu^3+;b<@W{)SUKN*c`Dzl760z=@1;%Im+Liz96xO zuRf4z2ww?htLslN#6ynEI1m;LtJF;HU_^wbm7c7EQjTg{L2G8)KjWDN1*G4O)DQb_k*$D%UaU>4wbHv1@x=8Eb;+)(*)f+#JiY#kX@lF%e7 zY##V`o)(&u7=SgeuakHr^7m1%PL{kgcf7=|lfzs^XUmYOnM zHoDV*)u18~Xd);6zUNF#=>Itl&DEh9MZzBAAJA~ zl=ZSytgXZhE`dHL&FyfBe2; zR}ZFix?B16_O*9+`|eHCjk>~(%~?DV%^SDM41-?`cSWS<=K{&D5a`|5FQpS-_+ z=iMLlZ{KtKi4PMRnfBE`X08B&_LJhu&QP$s2o(;V{9B?VVNCG z3xZ@X@gB3RC>26)9KAhjtD;bUUz;mCC0bhO&A+x~>p9`{Ab*zLaxpx^`D0H6Z=BB_ zKs4RH9lw<{xy*Kw+7aB&(Yq^^0VR!g?11Q{H@8A3h`1?RZ)HA`Em(118EWME_=X&V z$DhDX%5()D`URXDs5#L_@Z2f-Z+}8A0_Jr(r-E2}=wZY87(7`~^}YrZh4-(@{K(GE z_WV#uQ7fer-~s&*Y(wf;L2*`G@hP(=+5LtqY06d*n@7ViDVyUVdw_Vx)c=TZu@H}f z5ey<6wLqaUl?B(Xobb!DOYHig-#;Xv*7LrZID^FLtEUCXL2Jdo^KUTSOxB8#64glm ze--s2gFPz2u?)8|4aMW&8jk%=p@hp{){t?Cz@lMKh74kZcpB6(Cg7KWBhEZXVf5!l z@g0(pHU3!vU%(b`BR!sco*B`H>gEE)Ojiqiz_&57_O2HExBr_jha7UqA%`4t$RURua>yZv9CFAZha7UqA%`4t$RURu da>yZv9CFAZha7UqA&37L_%|(!PoV%%000ps{xtvq From d00f959ff120b4a727bb7f2b2307f38203aece6c Mon Sep 17 00:00:00 2001 From: Alan Orlikoski Date: Wed, 27 Mar 2019 02:11:37 -0500 Subject: [PATCH 9/9] Updates --- Packer/skadi_build/create_cloud_boxes.json | 82 ---------------------- 1 file changed, 82 deletions(-) delete mode 100644 Packer/skadi_build/create_cloud_boxes.json diff --git a/Packer/skadi_build/create_cloud_boxes.json b/Packer/skadi_build/create_cloud_boxes.json deleted file mode 100644 index 24bfe0f..0000000 --- a/Packer/skadi_build/create_cloud_boxes.json +++ /dev/null @@ -1,82 +0,0 @@ -{ - "_comment": "Build with `packer build create_VMWare_box.json`", - "builders": [ - { - "type": "vmware-vmx", - "source_path": "output-skadi_basebox-vmware-iso/skadi_basebox.vmx", - "ssh_username": "vagrant", - "ssh_password": "vagrant", - "shutdown_command": "sudo shutdown -P now", - "headless": "{{ user `headless` }}" - }, - { - "type": "virtualbox-ovf", - "source_path": "output-skadi_basebox-virtualbox-iso/skadi_basebox.ovf", - "ssh_username": "vagrant", - "ssh_password": "vagrant", - "shutdown_command": "sudo shutdown -P now", - "headless": "{{ user `headless` }}" - } - ], - "provisioners": [ - { - "environment_vars": ["CDQR_VERSION=4.4.0", - "DEFAULT_PASSWORDS=true", - "INSTALL_BRANCH=master", - "SKADI_HOSTNAME=true", - "MAKE_SKADI_USER=true", - "UTC_TIME=true"], - "execute_command": "echo '{{ user `ssh_password` }}' | {{.Vars}} sudo -E -S bash '{{.Path}}'", - "scripts": [ - "../script/update.sh", - "../script/vagrant.sh", - "{{user `custom_script`}}", - "../script/sshd.sh", - "../script/motd.sh", - "../script/cleanup.sh" - ], - "type": "shell", - "expect_disconnect": "true" - }, - { - "execute_command": "echo '{{ user `ssh_password` }}' | {{.Vars}} sudo -E -S bash '{{.Path}}'", - "scripts": [ - "../script/vmware.sh" - ], - "type": "shell", - "expect_disconnect": "true", - "only": ["vmware-vmx"] - }, - { - "execute_command": "echo '{{ user `ssh_password` }}' | {{.Vars}} sudo -E -S bash '{{.Path}}'", - "scripts": [ - "../script/virtualbox.sh" - ], - "type": "shell", - "expect_disconnect": "true", - "only": ["virtualbox-ovf"] - } - ], - "post-processors": [ - { - "keep_input_artifact": false, - "output": "box/{{.Provider}}/{{user `vm_name`}}-{{user `version`}}.box", - "type": "vagrant", - "vagrantfile_template": "../../Vagrant/skadi_server/vmware/Vagrantfile", - "only": ["vmware-vmx"] - }, - { - "keep_input_artifact": false, - "output": "box/{{.Provider}}/{{user `vm_name`}}-{{user `version`}}.box", - "type": "vagrant", - "vagrantfile_template": "../../Vagrant/skadi_server/virtualbox/Vagrantfile", - "only": ["virtualbox-ovf"] - } - ], - "variables": { - "custom_script": "../../scripts/signedbuildskadi.sh", - "version": "2019.2", - "vm_name": "skadi_server", - "headless": "true" - } -}