Skip to content

Azure: MacOS Installation

P4T12ICK edited this page Feb 2, 2021 · 7 revisions

Automated installation

This will build a range automatically in MacOS. You will need also to sign up for an Azure account here as a prerequisite

  1. Install all the project dependencies with this 1 liner: source <(curl -s 'https://raw.githubusercontent.com/splunk/attack_range/develop/scripts/macos_deploy_azure.sh')
  2. Run aws configure to configure your credentials on the local machine.
  3. Finally configure your attack_range by running python attack_range.py configure
  4. Build Attack Range python attack_range.py build

Manual installation

Prerequisite

  1. Obtain a copy of the Attack Range on your local computer. For example, this can be done by copying or cloning Attack Range from GitHub: git clone https://github.com/splunk/attack_range
  2. Go to the install directory of the Attack Range: cd attack_range
  3. Install virtual environment and all default packages required for the Attack Range project: pip install virtualenv && virtualenv -p python3 venv && source venv/bin/activate && pip install -r requirements.txt
  4. If you don't have one, sign up for an Azure account here

Rest of Configuration

  1. Install Terraform: Brew-install via brew install terraform, or download from this link
  2. Initialize Terraform: cd terraform/azure && terraform init && cd ../..
  3. Install Azure CLI: brew install azure-cli, otherwise see the guide on installing Azure CLI
  4. Prepare public-private SSH keys for access to Azure VMs - at your local machine, use existing default keys (id_rsa and id_rsa.pub stored at ACCOUNT_HOME_FOLDER/.ssh), or generate a new SSH key pair via ssh-keygen with no passphrase
  5. Login with Azure CLI by running the following command az login
  6. On your local machine, instantiate an Attack Range config file: cp attack_range.conf.template attack_range.conf && vim attack_range.conf.
  7. Modify these parameters in the local config file:
  • attack_range_password, any password you chose
  • cloud_provider, change to value: azure
  • azure_subscription_id, your Azure subscription ID
  • ip_whitelist, to improve security, allow only AWS access from your public IP addresses, i.e., replace default permissions from 0.0.0.0/0 to your exact public IP addresses and masks.
  • private_key_path, the path on your local machine to the private key you want to use
  • public_key_path, the path on your local machine to the public key you want to use
  • region, name of the preferred region in Azure

Running and turning off Attack Range instances

After configurations are complete, run Attack Range:

python attack_range.py build

Verify that the instance is present in Azure:

python attack_range.py show

Once done, shoot down Attack Range to save on Azure costs:

python attack_range.py destroy