Hugging Face's logo

Spaces:
abrown31
/
open-range
Runtime error

App Files Community
open-range / src /open_range /builder /templates /docker-compose.yml.j2
Lars Talian
fix(runtime): stabilize live admission boot path (#102)
5b99233 unverified
raw
history blame contribute delete
6.16 kB
# OpenRange docker-compose -- generated from SnapshotSpec
# Snapshot: {{ snapshot_id | default('unknown') }}
networks:
 external:
 driver: bridge
 ipam:
 config:
 - subnet: 10.0.0.0/24
 dmz:
 driver: bridge
 ipam:
 config:
 - subnet: 10.0.1.0/24
 internal:
 driver: bridge
 ipam:
 config:
 - subnet: 10.0.2.0/24
 management:
 driver: bridge
 ipam:
 config:
 - subnet: 10.0.3.0/24
volumes:
 shared_logs:
 driver: local
 db_data:
 driver: local
services:
 attacker:
 image: kalilinux/kali-rolling:latest
 cap_add:
 - NET_ADMIN
 command:
 - bash
 - -c
 - |
 apt-get update -qq && apt-get install -y -qq \
 libblas3 nmap sqlmap hydra nikto smbclient curl wget netcat-openbsd \
 ssh dnsutils tcpdump python3 python3-pip iproute2 sshpass \
 default-mysql-client ldap-utils \
 > /dev/null 2>&1
 ip route add 10.0.1.0/24 via 10.0.0.2 2>/dev/null || true
 ip route add 10.0.2.0/24 via 10.0.0.2 2>/dev/null || true
 ip route add 10.0.3.0/24 via 10.0.0.2 2>/dev/null || true
 tail -f /dev/null
 extra_hosts:
 - "firewall:10.0.0.2"
 - "web:10.0.1.10"
 - "mail:10.0.1.11"
 - "db:10.0.2.20"
 - "files:10.0.2.21"
 - "ldap:10.0.3.20"
 - "siem:10.0.3.21"
 networks:
 external:
 ipv4_address: 10.0.0.10
 healthcheck:
 test:
 - "CMD-SHELL"
 - "nmap --version >/dev/null 2>&1 && ip route | grep -q '10.0.1.0/24 via 10.0.0.2' && getent hosts web db files ldap siem >/dev/null 2>&1"
 interval: 10s
 timeout: 5s
 retries: 12
 restart: unless-stopped
firewall:
 image: ubuntu:22.04
 cap_add:
 - NET_ADMIN
 command:
 - bash
 - -c
 - |
 apt-get update -qq && apt-get install -y -qq iptables iproute2 > /dev/null 2>&1
 echo 1 > /proc/sys/net/ipv4/ip_forward
 iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -d 10.0.1.0/24 -j MASQUERADE
 iptables -t nat -A POSTROUTING -s 10.0.1.0/24 -d 10.0.2.0/24 -j MASQUERADE
 iptables -t nat -A POSTROUTING -s 10.0.1.0/24 -d 10.0.3.0/24 -j MASQUERADE
 iptables -t nat -A POSTROUTING -s 10.0.2.0/24 -d 10.0.3.0/24 -j MASQUERADE
 iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
 iptables -A FORWARD -s 10.0.0.0/24 -d 10.0.1.0/24 -j ACCEPT
 iptables -A FORWARD -s 10.0.1.0/24 -d 10.0.2.0/24 -j ACCEPT
 iptables -A FORWARD -s 10.0.1.0/24 -d 10.0.3.0/24 -j ACCEPT
 iptables -A FORWARD -s 10.0.2.0/24 -d 10.0.3.0/24 -j ACCEPT
 iptables -A FORWARD -j DROP
 tail -f /dev/null
 networks:
 external:
 ipv4_address: 10.0.0.2
 dmz:
 ipv4_address: 10.0.1.2
 internal:
 ipv4_address: 10.0.2.2
 management:
 ipv4_address: 10.0.3.2
 healthcheck:
 test:
 - "CMD-SHELL"
 - "grep -qx '1' /proc/sys/net/ipv4/ip_forward && iptables -C FORWARD -s 10.0.0.0/24 -d 10.0.1.0/24 -j ACCEPT >/dev/null 2>&1 && iptables -t nat -C POSTROUTING -s 10.0.0.0/24 -d 10.0.1.0/24 -j MASQUERADE >/dev/null 2>&1"
 interval: 10s
 timeout: 5s
 retries: 12
 restart: unless-stopped
web:
 build:
 context: .
 dockerfile: Dockerfile.web
 ports:
 - "80:80"
 volumes:
 - shared_logs:/var/log/app
 depends_on:
 - db
 networks:
 dmz:
 ipv4_address: 10.0.1.10
 internal:
 ipv4_address: 10.0.2.10
 management:
 ipv4_address: 10.0.3.10
 healthcheck:
 test:
 - "CMD-SHELL"
 - "status=$(curl -s -o /dev/null -w '%{http_code}' http://localhost/ || true); case \"$$status\" in 2*|3*|4*) exit 0;; *) exit 1;; esac"
 interval: 10s
 timeout: 5s
 retries: 3
 restart: unless-stopped
mail:
 image: namshi/smtp:latest
 environment:
 - MAILNAME={{ domain | default('corp.local') }}
 volumes:
 - shared_logs:/var/log/mail
 networks:
 dmz:
 ipv4_address: 10.0.1.11
 restart: unless-stopped
db:
 build:
 context: .
 dockerfile: Dockerfile.db
 command: --default-authentication-plugin=mysql_native_password
 environment:
 - MYSQL_ROOT_PASSWORD={{ mysql_root_password | default('r00tP@ss!') }}
 - MYSQL_DATABASE={{ db_name | default('referral_db') }}
 - MYSQL_USER={{ db_user | default('svc_db') }}
 - MYSQL_PASSWORD={{ db_password | default('SvcDb!401') }}
 volumes:
 - db_data:/var/lib/mysql
 - shared_logs:/var/log/mysql
 networks:
 internal:
 ipv4_address: 10.0.2.20
 healthcheck:
 test: ["CMD", "mysqladmin", "ping", "-h", "localhost"]
 interval: 10s
 timeout: 5s
 retries: 5
 restart: unless-stopped
files:
 image: dperson/samba:latest
 environment:
 - USER={{ smb_user | default('smbuser') }};{{ smb_password | default('smbP@ss!') }}
{%- for share in smb_shares | default(['general', 'hr', 'compliance', 'contracts']) %}
 - SHARE{{ loop.index if loop.index > 1 else '' }}={{ share }};/srv/shares/{{ share }};yes;no;no;{{ smb_user | default('smbuser') }}
{%- endfor %}
 volumes:
 - shared_logs:/var/log/samba
 networks:
 internal:
 ipv4_address: 10.0.2.21
 restart: unless-stopped
ldap:
 image: osixia/openldap:latest
 environment:
 - LDAP_ORGANISATION={{ org_name | default('Corp') }}
 - LDAP_DOMAIN={{ domain | default('corp.local') }}
 - LDAP_ADMIN_PASSWORD={{ ldap_admin_pass | default('LdapAdm1n!') }}
 volumes:
 - shared_logs:/var/log/ldap
 networks:
 management:
 ipv4_address: 10.0.3.20
 restart: unless-stopped
siem:
 image: ubuntu:22.04
 command:
 - bash
 - -c
 - |
 apt-get update -qq && apt-get install -y -qq rsyslog jq curl grep gawk > /dev/null 2>&1
 mkdir -p /var/log/siem/consolidated
 touch /var/log/siem/consolidated/all.log
 tail -f /dev/null
 volumes:
 - shared_logs:/var/log/siem
 networks:
 management:
 ipv4_address: 10.0.3.21
 restart: unless-stopped