Hugging Face's logo

Spaces:
abrown31
/
open-range
Runtime error

App Files Community
open-range
File size: 6,164 Bytes
8c486a8
 
 
 
3d5d7e9
 
 
 
 
 
 
 
 
 
 
8c486a8
 
 
3d5d7e9
 
8c486a8
3d5d7e9
 
 
8c486a8
 
 
 
3d5d7e9
8c486a8
 
 
3d5d7e9
 
 
 
 
 
 
 
 
5b99233
3d5d7e9
307d729
3d5d7e9
 
 
 
 
5b99233
 
 
 
 
 
 
 
3d5d7e9
 
 
5b99233
 
 
 
 
 
 
3d5d7e9
 
 
 
 
 
 
 
 
 
 
 
5b99233
 
 
 
3d5d7e9
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
5b99233
 
 
 
 
 
 
3d5d7e9
 
 
8c486a8
 
 
 
 
 
 
 
 
3d5d7e9
 
 
 
 
 
 
 
5b99233
 
 
3d5d7e9
 
 
 
 
 
 
 
f016eb7
3d5d7e9
 
 
 
 
 
 
 
8c486a8
 
 
3d5d7e9
8c486a8
 
dabed55
 
 
8c486a8
3d5d7e9
8c486a8
3d5d7e9
 
 
 
 
 
 
 
 
 
 
8c486a8
 
f016eb7
 
 
 
8c486a8
 
3d5d7e9
 
 
 
 
 
8c486a8
 
f016eb7
 
8c486a8
 
 
 
3d5d7e9
 
8c486a8
 
3d5d7e9
 
 
 
 
 
 
 
 
 
8c486a8
3d5d7e9
8c486a8
3d5d7e9
 
8c486a8
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
# OpenRange docker-compose -- generated from SnapshotSpec
# Snapshot: {{ snapshot_id | default('unknown') }}

networks:
  external:
    driver: bridge
    ipam:
      config:
        - subnet: 10.0.0.0/24
  dmz:
    driver: bridge
    ipam:
      config:
        - subnet: 10.0.1.0/24
  internal:
    driver: bridge
    ipam:
      config:
        - subnet: 10.0.2.0/24
  management:
    driver: bridge
    ipam:
      config:
        - subnet: 10.0.3.0/24

volumes:
  shared_logs:
    driver: local
  db_data:
    driver: local

services:
  attacker:
    image: kalilinux/kali-rolling:latest
    cap_add:
      - NET_ADMIN
    command:
      - bash
      - -c
      - |
        apt-get update -qq && apt-get install -y -qq \
          libblas3 nmap sqlmap hydra nikto smbclient curl wget netcat-openbsd \
          ssh dnsutils tcpdump python3 python3-pip iproute2 sshpass \
          default-mysql-client ldap-utils \
          > /dev/null 2>&1
        ip route add 10.0.1.0/24 via 10.0.0.2 2>/dev/null || true
        ip route add 10.0.2.0/24 via 10.0.0.2 2>/dev/null || true
        ip route add 10.0.3.0/24 via 10.0.0.2 2>/dev/null || true
        tail -f /dev/null
    extra_hosts:
      - "firewall:10.0.0.2"
      - "web:10.0.1.10"
      - "mail:10.0.1.11"
      - "db:10.0.2.20"
      - "files:10.0.2.21"
      - "ldap:10.0.3.20"
      - "siem:10.0.3.21"
    networks:
      external:
        ipv4_address: 10.0.0.10
    healthcheck:
      test:
        - "CMD-SHELL"
        - "nmap --version >/dev/null 2>&1 && ip route | grep -q '10.0.1.0/24 via 10.0.0.2' && getent hosts web db files ldap siem >/dev/null 2>&1"
      interval: 10s
      timeout: 5s
      retries: 12
    restart: unless-stopped

  firewall:
    image: ubuntu:22.04
    cap_add:
      - NET_ADMIN
    command:
      - bash
      - -c
      - |
        apt-get update -qq && apt-get install -y -qq iptables iproute2 > /dev/null 2>&1
        echo 1 > /proc/sys/net/ipv4/ip_forward
        iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -d 10.0.1.0/24 -j MASQUERADE
        iptables -t nat -A POSTROUTING -s 10.0.1.0/24 -d 10.0.2.0/24 -j MASQUERADE
        iptables -t nat -A POSTROUTING -s 10.0.1.0/24 -d 10.0.3.0/24 -j MASQUERADE
        iptables -t nat -A POSTROUTING -s 10.0.2.0/24 -d 10.0.3.0/24 -j MASQUERADE
        iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
        iptables -A FORWARD -s 10.0.0.0/24 -d 10.0.1.0/24 -j ACCEPT
        iptables -A FORWARD -s 10.0.1.0/24 -d 10.0.2.0/24 -j ACCEPT
        iptables -A FORWARD -s 10.0.1.0/24 -d 10.0.3.0/24 -j ACCEPT
        iptables -A FORWARD -s 10.0.2.0/24 -d 10.0.3.0/24 -j ACCEPT
        iptables -A FORWARD -j DROP
        tail -f /dev/null
    networks:
      external:
        ipv4_address: 10.0.0.2
      dmz:
        ipv4_address: 10.0.1.2
      internal:
        ipv4_address: 10.0.2.2
      management:
        ipv4_address: 10.0.3.2
    healthcheck:
      test:
        - "CMD-SHELL"
        - "grep -qx '1' /proc/sys/net/ipv4/ip_forward && iptables -C FORWARD -s 10.0.0.0/24 -d 10.0.1.0/24 -j ACCEPT >/dev/null 2>&1 && iptables -t nat -C POSTROUTING -s 10.0.0.0/24 -d 10.0.1.0/24 -j MASQUERADE >/dev/null 2>&1"
      interval: 10s
      timeout: 5s
      retries: 12
    restart: unless-stopped

  web:
    build:
      context: .
      dockerfile: Dockerfile.web
    ports:
      - "80:80"
    volumes:
      - shared_logs:/var/log/app
    depends_on:
      - db
    networks:
      dmz:
        ipv4_address: 10.0.1.10
      internal:
        ipv4_address: 10.0.2.10
      management:
        ipv4_address: 10.0.3.10
    healthcheck:
      test:
        - "CMD-SHELL"
        - "status=$(curl -s -o /dev/null -w '%{http_code}' http://localhost/ || true); case \"$$status\" in 2*|3*|4*) exit 0;; *) exit 1;; esac"
      interval: 10s
      timeout: 5s
      retries: 3
    restart: unless-stopped

  mail:
    image: namshi/smtp:latest
    environment:
      - MAILNAME={{ domain | default('corp.local') }}
    volumes:
      - shared_logs:/var/log/mail
    networks:
      dmz:
        ipv4_address: 10.0.1.11
    restart: unless-stopped

  db:
    build:
      context: .
      dockerfile: Dockerfile.db
    command: --default-authentication-plugin=mysql_native_password
    environment:
      - MYSQL_ROOT_PASSWORD={{ mysql_root_password | default('r00tP@ss!') }}
      - MYSQL_DATABASE={{ db_name | default('referral_db') }}
      - MYSQL_USER={{ db_user | default('svc_db') }}
      - MYSQL_PASSWORD={{ db_password | default('SvcDb!401') }}
    volumes:
      - db_data:/var/lib/mysql
      - shared_logs:/var/log/mysql
    networks:
      internal:
        ipv4_address: 10.0.2.20
    healthcheck:
      test: ["CMD", "mysqladmin", "ping", "-h", "localhost"]
      interval: 10s
      timeout: 5s
      retries: 5
    restart: unless-stopped

  files:
    image: dperson/samba:latest
    environment:
      - USER={{ smb_user | default('smbuser') }};{{ smb_password | default('smbP@ss!') }}
{%- for share in smb_shares | default(['general', 'hr', 'compliance', 'contracts']) %}
      - SHARE{{ loop.index if loop.index > 1 else '' }}={{ share }};/srv/shares/{{ share }};yes;no;no;{{ smb_user | default('smbuser') }}
{%- endfor %}
    volumes:
      - shared_logs:/var/log/samba
    networks:
      internal:
        ipv4_address: 10.0.2.21
    restart: unless-stopped

  ldap:
    image: osixia/openldap:latest
    environment:
      - LDAP_ORGANISATION={{ org_name | default('Corp') }}
      - LDAP_DOMAIN={{ domain | default('corp.local') }}
      - LDAP_ADMIN_PASSWORD={{ ldap_admin_pass | default('LdapAdm1n!') }}
    volumes:
      - shared_logs:/var/log/ldap
    networks:
      management:
        ipv4_address: 10.0.3.20
    restart: unless-stopped

  siem:
    image: ubuntu:22.04
    command:
      - bash
      - -c
      - |
        apt-get update -qq && apt-get install -y -qq rsyslog jq curl grep gawk > /dev/null 2>&1
        mkdir -p /var/log/siem/consolidated
        touch /var/log/siem/consolidated/all.log
        tail -f /dev/null
    volumes:
      - shared_logs:/var/log/siem
    networks:
      management:
        ipv4_address: 10.0.3.21
    restart: unless-stopped