From 130a7d4997fc13f874d66e313d34b0bc335623d0 Mon Sep 17 00:00:00 2001 From: wchen-r7 Date: Tue, 25 Oct 2016 09:59:10 -0500 Subject: [PATCH 1/2] Correct firewall rule name --- Vagrantfile | 4 ++++ scripts/configs/configure_firewall.bat | 1 + 2 files changed, 5 insertions(+) diff --git a/Vagrantfile b/Vagrantfile index 3cc95eb..66ae91c 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -100,6 +100,10 @@ Vagrant.configure("2") do |config| config.vm.provision :shell, path: "scripts/installs/setup_axis2.bat" config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614 + # Vulnerability - SNMP + config.vm.provision :shell, path: "scripts/installs/setup_snmp.bat" + config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614 + # Configure Firewall to open up vulnerable services config.vm.provision :shell, path: "scripts/configs/configure_firewall.bat" config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614 diff --git a/scripts/configs/configure_firewall.bat b/scripts/configs/configure_firewall.bat index 9cf8715..e54faaa 100644 --- a/scripts/configs/configure_firewall.bat +++ b/scripts/configs/configure_firewall.bat @@ -12,3 +12,4 @@ netsh advfirewall firewall add rule name="Open Port 3306 for MySQL" dir=in actio netsh advfirewall firewall add rule name="Open Port 8020 for ManageEngine Desktop Central" dir=in action=allow protocol=TCP localport=8020 netsh advfirewall firewall add rule name="Open Port 8383 for ManageEngine Desktop Central" dir=in action=allow protocol=TCP localport=8383 netsh advfirewall firewall add rule name="Open Port 8022 for ManageEngine Desktop Central" dir=in action=allow protocol=TCP localport=8022 +netsh advfirewall firewall add rule name="Open Port 161 for SNMP" dir=in action=allow protocol=UDP localport=161 From f922e97b2b4cd65e2c4cb2609d310d01813be4dc Mon Sep 17 00:00:00 2001 From: wchen-r7 Date: Tue, 25 Oct 2016 10:00:30 -0500 Subject: [PATCH 2/2] Add SNMP setup script --- scripts/installs/setup_snmp.bat | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 scripts/installs/setup_snmp.bat diff --git a/scripts/installs/setup_snmp.bat b/scripts/installs/setup_snmp.bat new file mode 100644 index 0000000..748e88a --- /dev/null +++ b/scripts/installs/setup_snmp.bat @@ -0,0 +1,4 @@ +start /w PKGMGR.EXE /iu:SNMP +reg delete HKLM\SYSTEM\ControlSet001\services\SNMP\Parameters\PermittedManagers /va /f +reg add HKLM\SYSTEM\ControlSet001\services\SNMP\Parameters /v EnableAuthenticationTraps /t REG_DWORD /d 0 /f +reg add HKLM\SYSTEM\ControlSet001\services\SNMP\Parameters\ValidCommunities /v public /t REG_DWORD /d 4 /f