PurpleDome/doc/source/basics/windows_targets.rst

===============
Windows targets
===============

Windows Vagrant boxes need a special setup. They have to be created from a running windows machine.

Windows Box
-----------

If you use Vagrant you need a vagrant box first. It is a base image the vm will be based on.

The base vm must be running in VirtualBox !

Bash::

    vagrant package --base 'Windows 10 x64'

In this example the running Virtual Box VM named 'Windows 10 x64'

Adding the box in bash::

    vagrant box add --name windows10_64 "file:///home/ts/vagrantboxes/win10_64/package.box"

After that it can be used under this name in a Vagrantfile.

Setting up Windows for Purple Dome
----------------------------------

* Mount the vagrant share to X: (at least my scripts expect it) *net use x:\\vboxsvr\share*
* Create a batch file in C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup to automatically start *caldera_agent.bat* in the vagrant share for this machine. This ensures that the caldera agent can be started in reboot
* Install OpenSSH on the windows target (https://docs.microsoft.com/de-de/windows-server/administration/openssh/openssh_install_firstuse  and https://docs.microsoft.com/de-de/windows-server/administration/openssh/openssh_keymanagement)

Some SSH hints (powershell):

Powershell::

    Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
    Start-Service sshd
    Set-Service -Name sshd -StartupType 'Automatic'
    Install-Module -Force OpenSSHUtils -Scope AllUsers


To create a user key in a private user folder call (as user) Powershell::

    ssh-keygen

This can be used for remote login

To be able to log into the Windows box, *c:\users\PurpleDome\.ssh\authorized_keys* needs to be created. Add the public key there.

For admin users, the file is *C:\ProgramData\ssh\administrators_authorized_keys*

Copy your public key into that (open file in administrator notepad, copy&paste)

The file needs special permissions. Powershell::

    $acl = Get-Acl C:\ProgramData\ssh\administrators_authorized_keys
    $acl.SetAccessRuleProtection($true, $false)
    $administratorsRule = New-Object system.security.accesscontrol.filesystemaccessrule("Administrators","FullControl","Allow")
    $systemRule = New-Object system.security.accesscontrol.filesystemaccessrule("SYSTEM","FullControl","Allow")
    $acl.SetAccessRule($administratorsRule)
    $acl.SetAccessRule($systemRule)
    $acl | Set-Acl

See: https://www.concurrency.com/blog/may-2019/key-based-authentication-for-openssh-on-windows

https://github.com/PowerShell/Win32-OpenSSH/wiki/Troubleshooting-Steps

To connect from linux call bash::

    ssh -o "IdentitiesOnly=yes" -i ~/.ssh/id_rsa.3  -v  PURPLEDOME@192.168.178.189

(Capital letters for user name !)
* The parameters enforce the use of a specific key. You can also drop that into the ssh config

Footnote: WinRM failed. I tried. The python code does not support ssh-style "disown". Vagrant files needed a special configuration-and sometimes failed connecting to the windows host properly. Base problem was that it does not properly support empty passwords (not on python, anyway) - and I used them for auto-login. Because some windows versions are a bit tricky with auto-login settings as they should be. Windows 10 is mutating here like hell.

SCP from and to Windows
-----------------------

Just use the user's home folder as entry and do::

    scp win10:my_logs.zip .

Reduces the hassle with slashes.
Initial update Started documentation Added documentation Fixed README Autor: Thorsten Sick <thorsten.sick@avast.com> Datum: Fri Apr 16 11:16:03 2021 +0200 Initial commit 3 years ago			`===============`
			`Windows targets`
			`===============`

			`Windows Vagrant boxes need a special setup. They have to be created from a running windows machine.`

			`Windows Box`
			`-----------`

			`If you use Vagrant you need a vagrant box first. It is a base image the vm will be based on.`

			`The base vm must be running in VirtualBox !`

			`Bash::`

			`vagrant package --base 'Windows 10 x64'`

			`In this example the running Virtual Box VM named 'Windows 10 x64'`

			`Adding the box in bash::`

			`vagrant box add --name windows10_64 "file:///home/ts/vagrantboxes/win10_64/package.box"`

			`After that it can be used under this name in a Vagrantfile.`

			`Setting up Windows for Purple Dome`
			`----------------------------------`

			`* Mount the vagrant share to X: (at least my scripts expect it) net use x:\\vboxsvr\share`
			`* Create a batch file in C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup to automatically start caldera_agent.bat in the vagrant share for this machine. This ensures that the caldera agent can be started in reboot`
			`* Install OpenSSH on the windows target (https://docs.microsoft.com/de-de/windows-server/administration/openssh/openssh_install_firstuse and https://docs.microsoft.com/de-de/windows-server/administration/openssh/openssh_keymanagement)`

			`Some SSH hints (powershell):`

			`Powershell::`

			`Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0`
			`Start-Service sshd`
			`Set-Service -Name sshd -StartupType 'Automatic'`
			`Install-Module -Force OpenSSHUtils -Scope AllUsers`



			`To create a user key in a private user folder call (as user) Powershell::`

			`ssh-keygen`

			`This can be used for remote login`

			`To be able to log into the Windows box, c:\users\PurpleDome\.ssh\authorized_keys needs to be created. Add the public key there.`

			`For admin users, the file is C:\ProgramData\ssh\administrators_authorized_keys`

			`Copy your public key into that (open file in administrator notepad, copy&paste)`

			`The file needs special permissions. Powershell::`

			`$acl = Get-Acl C:\ProgramData\ssh\administrators_authorized_keys`
			`$acl.SetAccessRuleProtection($true, $false)`
			`$administratorsRule = New-Object system.security.accesscontrol.filesystemaccessrule("Administrators","FullControl","Allow")`
			`$systemRule = New-Object system.security.accesscontrol.filesystemaccessrule("SYSTEM","FullControl","Allow")`
			`$acl.SetAccessRule($administratorsRule)`
			`$acl.SetAccessRule($systemRule)`
			`$acl \| Set-Acl`

			`See: https://www.concurrency.com/blog/may-2019/key-based-authentication-for-openssh-on-windows`

			`https://github.com/PowerShell/Win32-OpenSSH/wiki/Troubleshooting-Steps`

			`To connect from linux call bash::`

			`ssh -o "IdentitiesOnly=yes" -i ~/.ssh/id_rsa.3 -v PURPLEDOME@192.168.178.189`

			`(Capital letters for user name !)`
			`* The parameters enforce the use of a specific key. You can also drop that into the ssh config`

			`Footnote: WinRM failed. I tried. The python code does not support ssh-style "disown". Vagrant files needed a special configuration-and sometimes failed connecting to the windows host properly. Base problem was that it does not properly support empty passwords (not on python, anyway) - and I used them for auto-login. Because some windows versions are a bit tricky with auto-login settings as they should be. Windows 10 is mutating here like hell.`
Extended windows documentation and added scp workarounds 3 years ago
			`SCP from and to Windows`
			`-----------------------`

			`Just use the user's home folder as entry and do::`

			`scp win10:my_logs.zip .`

			`Reduces the hassle with slashes.`