You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
PurpleDome/doc/source/basics/windows_targets.rst

86 lines
3.4 KiB
ReStructuredText

===============
Windows targets
===============
Windows Vagrant boxes need a special setup. They have to be created from a running windows machine.
Windows Box
-----------
If you use Vagrant you need a vagrant box first. It is a base image the vm will be based on.
The base vm must be running in VirtualBox !
Bash::
vagrant package --base 'Windows 10 x64'
In this example the running Virtual Box VM named 'Windows 10 x64'
Adding the box in bash::
vagrant box add --name windows10_64 "file:///home/ts/vagrantboxes/win10_64/package.box"
After that it can be used under this name in a Vagrantfile.
Setting up Windows for Purple Dome
----------------------------------
* Mount the vagrant share to X: (at least my scripts expect it) *net use x:\\vboxsvr\share*
* Create a batch file in C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup to automatically start *caldera_agent.bat* in the vagrant share for this machine. This ensures that the caldera agent can be started in reboot
* Install OpenSSH on the windows target (https://docs.microsoft.com/de-de/windows-server/administration/openssh/openssh_install_firstuse and https://docs.microsoft.com/de-de/windows-server/administration/openssh/openssh_keymanagement)
Some SSH hints (powershell):
Powershell::
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
Start-Service sshd
Set-Service -Name sshd -StartupType 'Automatic'
Install-Module -Force OpenSSHUtils -Scope AllUsers
To create a user key in a private user folder call (as user) Powershell::
ssh-keygen
This can be used for remote login
To be able to log into the Windows box, *c:\users\PurpleDome\.ssh\authorized_keys* needs to be created. Add the public key there.
For admin users, the file is *C:\ProgramData\ssh\administrators_authorized_keys*
Copy your public key into that (open file in administrator notepad, copy&paste)
The file needs special permissions. Powershell::
$acl = Get-Acl C:\ProgramData\ssh\administrators_authorized_keys
$acl.SetAccessRuleProtection($true, $false)
$administratorsRule = New-Object system.security.accesscontrol.filesystemaccessrule("Administrators","FullControl","Allow")
$systemRule = New-Object system.security.accesscontrol.filesystemaccessrule("SYSTEM","FullControl","Allow")
$acl.SetAccessRule($administratorsRule)
$acl.SetAccessRule($systemRule)
$acl | Set-Acl
See: https://www.concurrency.com/blog/may-2019/key-based-authentication-for-openssh-on-windows
https://github.com/PowerShell/Win32-OpenSSH/wiki/Troubleshooting-Steps
To connect from linux call bash::
ssh -o "IdentitiesOnly=yes" -i ~/.ssh/id_rsa.3 -v PURPLEDOME@192.168.178.189
(Capital letters for user name !)
* The parameters enforce the use of a specific key. You can also drop that into the ssh config
Footnote: WinRM failed. I tried. The python code does not support ssh-style "disown". Vagrant files needed a special configuration-and sometimes failed connecting to the windows host properly. Base problem was that it does not properly support empty passwords (not on python, anyway) - and I used them for auto-login. Because some windows versions are a bit tricky with auto-login settings as they should be. Windows 10 is mutating here like hell.
SCP from and to Windows
-----------------------
Just use the user's home folder as entry and do::
scp win10:my_logs.zip .
Reduces the hassle with slashes.