Skip to content

AWS: MacOS Installation

P4T12ICK edited this page Feb 2, 2021 · 8 revisions

Automated installation

This will build a range automatically in MacOS. You will need also to sign up for an AWS account here as a prerequisite

  1. Install all the project dependencies with this 1 liner: source <(curl -s 'https://raw.githubusercontent.com/splunk/attack_range/develop/scripts/macos_deploy_aws.sh')
  2. Run aws configure to configure your AWS credentials on the local machine. If you are not sure how to create AWS credentials for the attack_range follow these instructions.
  3. Finally configure your attack_range by running python attack_range.py configure
  4. Build Attack Range python attack_range.py build

Manual installation

Prerequisite

  1. Obtain a copy of the Attack Range on your local computer. For example, this can be done by copying or cloning Attack Range from GitHub: git clone https://github.com/splunk/attack_range
  2. Go to the install directory of the Attack Range: cd attack_range
  3. Install virtual environment and all default packages required for the Attack Range project: pip install virtualenv && virtualenv -p python3 venv && source venv/bin/activate && pip install -r requirements.txt
  4. If you don't have one, sign up for an AWS account here

Rest of Configuration

  1. Install Terraform: Brew-install via brew install terraform, or download from this link
  2. Initialize Terraform: cd terraform/aws && terraform init && cd ../..
  3. Install AWS CLI: brew install awscli, otherwise see the guide on installing AWS CLI
  4. Enable use of Ubuntu images/virtual machines in your AWS account; go to this link and press "Continue to Subscribe" and then "Accept Terms".
  5. Also enable use of Kali Linux from the AWS Marketplace if needed, by going to this link and again pressing "Continue to Subscribe" and "Accept Terms".
  6. Prepare public-private SSH keys for access to AWS - at your local machine, use existing default keys (id_rsa and id_rsa.pub stored at ACCOUNT_HOME_FOLDER/.ssh), or generate a new SSH key pair via ssh-keygen with no passphrase
  7. Configure the public key and preferred region into AWS (see Configuring a public key into AWS and selecting a preferred AWS region)
  8. Create a user account for programmatic access to Attack Range instances in AWS (see Configuring a public key into AWS and selecting a preferred AWS region)
  9. Configure access to AWS by running aws configure at the install directory of the Attack Range; in this configuration, you'd need to provide Access key ID, Secret access key, and ** name of the preferred region** - the parameters obtained while configuring AWS account for programmatic access to AWS.
  10. On your local machine, instantiate an Attack Range config file: cp attack_range.conf.template attack_range.conf && vim attack_range.conf.
  11. Modify these parameters in the local config file:
  • attack_range_password, any password you chose
  • key_name, the exact AWS name of the public key you imported earlier into AWS
  • ip_whitelist, to improve security, allow only AWS access from your public IP addresses, i.e., replace default permissions from 0.0.0.0/0 to your exact public IP addresses and masks.
  • private_key_path, the path on your local machine to the private key corresponding to the public key you imported into AWS
  • region, name of the preferred region you used/logged in when importing the public key to AWS

Finally, verify that access to AWS is configured successfully; make sure this command returns a populated JSON listing:

aws ec2 describe-instances

Running and turning off Attack Range instances

After configurations are complete, run Attack Range:

python attack_range.py build

Verify that the instance is present in AWS:

python attack_range.py show

Once done, shoot down Attack Range to save on AWS costs:

python attack_range.py destroy