Skip to content
/ IAC-AD Public

All in one solution to painlessly setup an A/D competition by using IAC and automation tools such as Terraform and Ansible

Notifications You must be signed in to change notification settings

TendTo/IAC-AD

Repository files navigation

Infrastructure As Code - Attack/Defense

Terraform CI Ansible CI

Introduction

This repository contains the code for the Infrastructure As Code - Attack/Defense project. The goal of this project is to create a complete infrastructure, able to host an Attack/Defense challenge, using Infrastructure As Code (IaC) tools.
The provisioning is handled by Terraform and the machine configuration is handled by Ansible.

Requirements

Depending on the provider you want to use, you may need to install the corresponding CLI to handle the authentication.

Running ansible and the run.py script require installing some dependencies via pip. All requirements are listed in the requirements.txt file. The installation can be either system-wide or in a virtual environment.

pip3 install -r requirements.txt

Topology

---
title: Cloud Topology
---
flowchart LR

i((Internet))
n((NAT))

subgraph net[Network - 192.168.0.0/16]

    subgraph lr[Subnet R - 192.168.0.0/24]
        r{{router\n192.168.0.1}}
    end

    subgraph ls[Subnet S - 192.168.1.0/24]
        s[Server\n192.168.1.1]
    end

    subgraph lv[Subnet V - 192.168.2.0/24]
        v1[Vulnbox 1\n192.168.2.1]
        v2[Vulnbox 2\n192.168.2.2]
        v3[Vulnbox 3\n192.168.2.3]
    end

end

    i <--> r --- lv & ls
    lv & ls --> n
Loading
---
title: VPN Topology
---
flowchart TB

subgraph net[Network - 10.0.0.0/8]

    subgraph lr[Subnet R - 10.0.0.1/32]
        r{{router\n10.0.0.1}}
    end

    subgraph ls[Subnet S - 10.10.0.0/16]
        s[Server\n10.10.0.1]
    end

    subgraph lv[Subnet V - 10.60.0.0/16]
        v1[Vulnbox 1\nTeam 1\n10.60.1.1]
        v2[Vulnbox 2\nTeam 2\n10.60.2.1]
        v3[Vulnbox 3\nTeam 3\n10.60.3.1]
    end

    subgraph lp[Subnet P - 10.80.0.0/16]
        p1[Player 1\nTeam 1\n10.80.1.1]
        p2[Player 2\nTeam 1\n10.80.1.2]
        p3[Player 1\nTeam 2\n10.80.2.1]
        p4[Player 2\nTeam 2\n10.80.2.2]
        p5[Player 1\nTeam 3\n10.80.3.1]
    end

end

    r --- lv & ls & lp
Loading

Configuration

Terraform

The suggested way to configure Terraform is creating a terraform.tfvars file in the terraform/<provider> folder.

A list of all the variables that can be configured can be found in the variables.tf file in the same folder.

Ansible

The suggested way to configure Ansible is creating an inventory.yml file in the ansible folder.

See the inventory.yml.example file for an example.

Furthermore, all the vulnerable services the vulnboxes will run can be added in the ansible/services folder. Each subfolder represents a service and is expected to contain a start.sh script that will be executed to start the service.
Similarly, the ansible/checkers folder can be used to add checkers for the services. The checkers must be written in the hackerdom style.
For more information, check the ForcAD documentation.

Some examples have been provided in the examples folder.
Those are taken from CybersecNatLab, adjusted for compatibility. All credits go to the original authors.

Usage

Using the script

In the root of the project, there are two scripts, called run.sh and run.py. Both support the same functions, and are meant to simplify the usage of Terraform and Ansible with this project.
The run.sh script may be faster, but it requires Bash The run.py script requires Python3, but is more portable and has more features.

For a more in depth explanation of the commands, run the script with the -h flag.

# Show the help
./run.py -h
# Run all the commands in sequence to create the infrastructure
./run.py all -p <provider>

Additional information

Credits

About

All in one solution to painlessly setup an A/D competition by using IAC and automation tools such as Terraform and Ansible

Topics

Resources

Stars

Watchers

Forks