First Commit

Ansible/filebeat-play.yml

@@ -0,0 +1,30 @@
+---
+- name: Installing and Launch Filebeat
+  hosts: webservers
+  become: yes
+  tasks:
+    # Use command module
+  - name: Download filebeat .deb file
+    command: curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.4.0-amd64.deb
+
+    # Use command module
+  - name: Install filebeat .deb
+    command: dpkg -i filebeat-7.4.0-amd64.deb
+
+    # Use copy module
+  - name: Drop in filebeat.yml
+    copy:
+      src: /etc/ansible/files/filebeat-config.yml
+      dest: /etc/filebeat/filebeat.yml
+
+    # Use command module
+  - name: Enable and Configure System Module
+    command: filebeat modules enable system
+
+    # Use command module
+  - name: Setup filebeat
+    command: filebeat setup
+
+    # Use command module
+  - name: Start filebeat service
+    command: service filebeat start

Ansible/hosts

@@ -0,0 +1,52 @@
+#
+# This is the default ansible 'hosts' file.
+#
+# It should live in /etc/ansible/hosts
+#
+#   - Comments begin with the '#' character
+#   - Blank lines are ignored
+#   - Groups of hosts are delimited by [header] elements
+#   - You can enter hostnames or ip addresses
+#   - A hostname/ip can be a member of multiple groups
+
+# Ex 1: Ungrouped hosts, specify before any group headers.
+
+## green.example.com
+## blue.example.com
+## 192.168.100.1
+## 192.168.100.10
+
+# Ex 2: A collection of hosts belonging to the 'webservers' group
+
+[webservers]
+## alpha.example.org
+## beta.example.org
+## 192.168.1.100
+## 192.168.1.110
+10.0.0.11 ansible_python_interpreter=/usr/bin/python3
+10.0.0.12 ansible_python_interpreter=/usr/bin/python3
+10.0.0.5 ansible_python_interpreter=/usr/bin/python3
+
+[elkservers]
+#10.1.0.4 ansible_python_interpreter=/usr/bin/python3
+10.2.0.4 ansible_python_interpreter=/usr/bin/python3
+
+# If you have multiple hosts following a pattern you can specify
+# them like this:
+
+## www[001:006].example.com
+
+# Ex 3: A collection of database servers in the 'dbservers' group
+
+## [dbservers]
+## 
+## db01.intranet.mydomain.net
+## db02.intranet.mydomain.net
+## 10.25.1.56
+## 10.25.1.57
+
+# Here's another example of host ranges, this time there are no
+# leading 0s:
+
+## db-[99:101]-node.example.com
+

Ansible/install-ELK.yml

@@ -0,0 +1,45 @@
+---
+- name: Configure Elk VM with Docker
+  hosts: elkservers
+  remote_user: elk
+  become: true
+  tasks:
+    # Use apt module
+    - name: Install docker.io
+      apt:
+        update_cache: yes
+        name: docker.io
+        state: present
+
+      # Use apt module
+    - name: Install pip3
+      apt:
+        force_apt_get: yes
+        name: python3-pip
+        state: present
+
+      # Use pip module
+    - name: Install Docker python module
+      pip:
+        name: docker
+        state: present
+
+      # Use sysctl module
+    - name: Use more memory
+      sysctl:
+        name: vm.max_map_count
+        value: "262144"
+        state: present
+        reload: yes
+
+      # Use docker_container module
+    - name: download and launch a docker elk container
+      docker_container:
+        name: elk
+        image: sebp/elk:761
+        state: started
+        restart_policy: always
+        published_ports:
+          - 5601:5601
+          - 9200:9200
+          - 5044:5044

Ansible/metricbeat-config.yml

@@ -0,0 +1,163 @@
+###################### Metricbeat Configuration Example #######################
+
+# This file is an example configuration file highlighting only the most common
+# options. The metricbeat.reference.yml file from the same directory contains all the
+# supported options with more comments. You can use it as a reference.
+#
+# You can find the full configuration reference here:
+# https://www.elastic.co/guide/en/beats/metricbeat/index.html
+
+#==========================  Modules configuration ============================
+
+metricbeat.config.modules:
+  # Glob pattern for configuration loading
+  path: ${path.config}/modules.d/*.yml
+
+  # Set to true to enable config reloading
+  reload.enabled: false
+
+  # Period on which files under path should be checked for changes
+  #reload.period: 10s
+
+#==================== Elasticsearch template setting ==========================
+
+setup.template.settings:
+  index.number_of_shards: 1
+  index.codec: best_compression
+  #_source.enabled: false
+
+#================================ General =====================================
+
+# The name of the shipper that publishes the network data. It can be used to group
+# all the transactions sent by a single shipper in the web interface.
+#name:
+
+# The tags of the shipper are included in their own field with each
+# transaction published.
+#tags: ["service-X", "web-tier"]
+
+# Optional fields that you can specify to add additional information to the
+# output.
+#fields:
+#  env: staging
+
+
+#============================== Dashboards =====================================
+# These settings control loading the sample dashboards to the Kibana index. Loading
+# the dashboards is disabled by default and can be enabled either by setting the
+# options here or by using the `setup` command.
+#setup.dashboards.enabled: false
+
+# The URL from where to download the dashboards archive. By default this URL
+# has a value which is computed based on the Beat name and version. For released
+# versions, this URL points to the dashboard archive on the artifacts.elastic.co
+# website.
+#setup.dashboards.url:
+
+#============================== Kibana =====================================
+
+# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.
+# This requires a Kibana endpoint configuration.
+setup.kibana:
+  host: "10.2.0.4:5601"
+
+  # Kibana Host
+  # Scheme and port can be left out and will be set to the default (http and 5601)
+  # In case you specify and additional path, the scheme is required: http://localhost:5601/path
+  # IPv6 addresses should always be defined as: https://[2001:db8::1]:5601
+  #host: "localhost:5601"
+
+  # Kibana Space ID
+  # ID of the Kibana Space into which the dashboards should be loaded. By default,
+  # the Default Space will be used.
+  #space.id:
+
+#============================= Elastic Cloud ==================================
+
+# These settings simplify using Metricbeat with the Elastic Cloud (https://cloud.elastic.co/).
+
+# The cloud.id setting overwrites the `output.elasticsearch.hosts` and
+# `setup.kibana.host` options.
+# You can find the `cloud.id` in the Elastic Cloud web UI.
+#cloud.id:
+
+# The cloud.auth setting overwrites the `output.elasticsearch.username` and
+# `output.elasticsearch.password` settings. The format is `<user>:<pass>`.
+#cloud.auth:
+
+#================================ Outputs =====================================
+
+# Configure what output to use when sending the data collected by the beat.
+
+#-------------------------- Elasticsearch output ------------------------------
+output.elasticsearch:
+  # Array of hosts to connect to.
+  hosts: ["10.2.0.4:9200"]
+  username: "elastic"
+  password: "changeme"
+
+  # Optional protocol and basic auth credentials.
+  #protocol: "https"
+  #username: "elastic"
+  #password: "changeme"
+
+#----------------------------- Logstash output --------------------------------
+#output.logstash:
+  # The Logstash hosts
+  #hosts: ["localhost:5044"]
+
+  # Optional SSL. By default is off.
+  # List of root certificates for HTTPS server verifications
+  #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
+
+  # Certificate for SSL client authentication
+  #ssl.certificate: "/etc/pki/client/cert.pem"
+
+  # Client Certificate Key
+  #ssl.key: "/etc/pki/client/cert.key"
+
+#================================ Processors =====================================
+
+# Configure processors to enhance or manipulate events generated by the beat.
+
+processors:
+  - add_host_metadata: ~
+  - add_cloud_metadata: ~
+
+#================================ Logging =====================================
+
+# Sets log level. The default log level is info.
+# Available log levels are: error, warning, info, debug
+#logging.level: debug
+
+# At debug level, you can selectively enable logging only for some components.
+# To enable all selectors use ["*"]. Examples of other selectors are "beat",
+# "publish", "service".
+#logging.selectors: ["*"]
+
+#============================== X-Pack Monitoring ===============================
+# metricbeat can export internal metrics to a central Elasticsearch monitoring
+# cluster.  This requires xpack monitoring to be enabled in Elasticsearch.  The
+# reporting is disabled by default.
+
+# Set to true to enable the monitoring reporter.
+#monitoring.enabled: false
+
+# Sets the UUID of the Elasticsearch cluster under which monitoring data for this
+# Metricbeat instance will appear in the Stack Monitoring UI. If output.elasticsearch
+# is enabled, the UUID is derived from the Elasticsearch cluster referenced by output.elasticsearch.
+#monitoring.cluster_uuid:
+
+# Uncomment to send the metrics to Elasticsearch. Most settings from the
+# Elasticsearch output are accepted here as well.
+# Note that the settings should point to your Elasticsearch *monitoring* cluster.
+# Any setting that is not set is automatically inherited from the Elasticsearch
+# output configuration, so if you have the Elasticsearch output configured such
+# that it is pointing to your Elasticsearch monitoring cluster, you can simply
+# uncomment the following line.
+#monitoring.elasticsearch:
+
+#================================= Migration ==================================
+
+# This allows to enable 6.7 migration aliases
+#migration.6_to_7.enabled: true

Ansible/metricbeat-play.yml

@@ -0,0 +1,30 @@
+---
+- name: Install metric beat
+  hosts: webservers
+  become: true
+  tasks:
+    # Use command module
+  - name: Download metricbeat
+    command: curl -L -O https://artifacts.elastic.co/downloads/beats/metricbeat/metricbeat-7.4.0-amd64.deb
+
+    # Use command module
+  - name: install metricbeat
+    command: dpkg -i metricbeat-7.4.0-amd64.deb
+
+    # Use copy module
+  - name: drop in metricbeat config
+    copy:
+      src: /etc/ansible/files/metricbeat-config.yml
+      dest: /etc/metricbeat/metricbeat.yml
+
+    # Use command module
+  - name: enable and configure docker module for metric beat
+    command: metricbeat modules enable docker
+
+    # Use command module
+  - name: setup metric beat
+    command: metricbeat setup
+
+    # Use command module
+  - name: start metric beat
+    command: service metricbeat start

Ansible/pentest.yml

@@ -0,0 +1,36 @@
+---
+- name: Config Web VM with Docker
+  hosts: webservers
+  become: true
+  tasks:
+  - name: docker.io
+    apt:
+      force_apt_get: yes
+      update_cache: yes
+      name: docker.io
+      state: present
+
+  - name: Install pip3
+    apt:
+      force_apt_get: yes
+      name: python3-pip
+      state: present
+
+  - name: Install Docker python module
+    pip:
+      name: docker
+      state: present
+
+  - name: download and launch a docker web container
+    docker_container:
+      name: dvwa
+      image: cyberxsecurity/dvwa
+      state: started
+      restart_policy: always
+      published_ports: 80:80
+
+  - name: Enable docker service
+    systemd:
+      name: docker
+      enabled: yes
+

Diagrams/Unit 13 - Network Diagram w_ ELK Server.drawio

@@ -0,0 +1 @@
+<mxfile host="app.diagrams.net" modified="2020-10-30T01:44:05.789Z" agent="5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36" etag="6KMsCsbosjdaXUJzocPu" version="13.8.7" type="google"><diagram id="KtVIxZeeNOH0w865O7Vl" name="RedTeam">5Vtbd6I6GP01Puoi3H1srbad6enpqZ3riytCxEyBUIijzq8/QRMFklI746VT1upFPkKAvb97YsvoRYvLFCbTf4iPwpau+YuWcdHSdaCZOvuXS5ZriWUba0GQYp8P2gqG+BcSV3LpDPsoKw2khIQUJ2WhR+IYebQkg2lK5uVhExKW75rAAEmCoQdDWfoF+3S6lrqWtpVfIRxMxZ2Bxs9EUAzmgmwKfTIviIx+y+ilhND1p2jRQ2EOnsDlw/XDnfNt2fvoDEdkklyPv39D7fVkg9dcsnmFFMX0t6d2Zv9d9ga/RvPb7NN3eBc8Pl1nbc7lTxjOOF4t3Q7ZTc4nhN2LvTRdciTtpxkRJ9rZiuczNgC4yWJ7kn0K8v/D4ZWYiD3Req71GY7lZlod+YwvfkhSOiUBiWHY30rPUzKLfZS/hsaOtmNuCEmYEDDhD0TpkisfnFHCRFMahfwsgy1dfs2v75iGIQTf+ISrg4tF6WhZPLpDKY4QRSkX7kgHpy0js9RDNeO4gVGYBojWcMXH5XgVVJuTfYkIe8R0yQZw022zl3Vsc31RikJI8c+yTUBuWsHmWj7dWZrCZWFAQnBMs8Ld7nLB9lbAstYzch9hgooqvm48+7B+gsrV4nHIZJIxpMpXFCDYilYm8ApzME+hnSdSJ21HddpZdUpk1CBf99QFR9QLycyX+QhDFjly3Jk7TnKhtxpnnM+nmKJhAlfgzFkwK6MMQxzE+XCGcm7J5xMchj0SktyqYxKjVzPxE6UULXYxRRFBhLob/Hi+DUi6CEjTYjBytQPBbSr8fgXpl/DMknW4nuBFrv1HxdMp+w9dkwEFwFYhupHuHVJLgvQe+Q8IRkx4j7jZ6tol8xeJBDZ7cVrGN6MpeUQVQBUYS3qdw4hZ/nPGT0TY91eOSkVo2Xkdii/LLhsAcBQG0FXQpR+KLPuv1n+j4lB0V8bTVam/ezDtdyRA+zcf259vRRY4TkUCCLSO3tE67EEGwG6YIXStiiGomAOGgjnrUMSJOq3OFHC0KrKKrHDRBY4CdtsQj9lfj4XmEUxp/pFEyYzRwJLGwRClDKHRPfQeR+yFF+y3k8TBcU3GrZgMUPkgV2UyBwNerr1ykxn27z8/azSmfCZ/CIXwlUWcririgOF2uqADLGN7Y6maGzTMhF29nHsAZtSSIjl7UJok8vyLL1fB5Mevp7ukN9S0q5u23pXgftMVytm9MfEvlv/ezvXAc358vY18TVQexQpF/bK7Vrx7L1HqHvudO0qzW3aUTlcRoZSptbEHpVcCDyTgt5n1h1mUjMlCdoG60enaHeB2QF4s7OQ1mZPVnnOysoT9aGdxhsdhntb3mFOEOEap8mLuWJGXUaao3uiRvfVq6MbjNsqHVnWsayp0TFkQ76MgUHZDVAXB+2uE/r4jr2shFR15nec8vh9XhhXgvE/o1S8LToV93WPvN4bGiM5J+ojj/OwAp2gOw/CEEbRS5CnbfabKu+0jbaxbOjhc6nIDE0qS02FeCSjKhqAyoIA9QD4ZjUez0ZM7v2s71/RyRNrhQqHpoiGiDWfjOF+/qOmM6PJKxPtOCTYpgCirDLAjhfvojCgZlNNOUZ+34yxoGD+2VuFHt7syP46Cn32kbMrQ1ox6rFsB3tJluzhU30qdUTQDdlCG3bBPDHvd8tIXNAbPlrMiA2yMq6pazCYfK1B3qMUmJXVybVmiTn+eOtm0mkWdrcjjjkpdt54641nqrMYxV26LO4qFraMy15B1rWqcshXt2uOmBzLMR93h1yru7mNmWL+/73W0FLsytd2Wl9syrTfVEfvL9r39Gfb228JejhTH3RGraWbZZmxTf8Fq9rwr9g9N6Y11l3eoj8iMhjhmkV9sec/x82E23VAqIvwNHKPwjmSYYpJH+jGhlESKFIDmxMuZQjHb4Pslo0WQ7/TvwHlmdLwQZhn2RiGB/mgMQxh70ubIlm4MLNcycjVhl/qYTX6k6OYINDfFrylFN9GHKEY3Rz8Uu+7L7JaN84VtZEdMFSyn0sIBiprWUiULm3bq/vczyFnaNsGWk+sbpqbsxLlQ1Gbl2E4lxzZPnWPrsq/j7LU/3/Yfni2OxN6/l5fZy9PVdc61pnbOqz5SVyw3AUvhJA9WAigo+PvSSeHYi/lH7QbKN5J/iOd+10usdsUTKkOZcpdS92BKL++A/jTMu0T94UPDPJJV3eVs7Lq/53CRSs7bVuz0zxrHTvXLAwAoVpQ234L9Q3bY4fYLsutv6W2/Zmz0/wc=</diagram></mxfile>