Configure iptables for other services.

2024-06-25 22:35:48 +02:00 · 2017-07-06 17:08:33 -05:00 · 2017-07-06 17:08:33 -05:00 · 6fd0a57fdf
commit 6fd0a57fdf
parent fc336a5f1b
2 changed files with 16 additions and 13 deletions
--- a/chef/cookbooks/metasploitable/attributes/default.rb
+++ b/chef/cookbooks/metasploitable/attributes/default.rb
@ -9,12 +9,13 @@ default[:metasploitable][:docker_users] = ['boba_fett',

 default[:metasploitable][:files_path] = '/vagrant/chef/cookbooks/metasploitable/files/'

-default[:metasploitable][:ports][:cups] = 631
-default[:metasploitable][:ports][:apache] = 80
-default[:metasploitable][:ports][:unrealircd] = 6697
-default[:metasploitable][:ports][:proftpd] = 21
-default[:metasploitable][:ports][:mysql] = 3306
-default[:metasploitable][:ports][:chatbot][:ui] = default[:metasploitable][:ports][:apache]
-default[:metasploitable][:ports][:chatbot][:nodejs] = 3000
-default[:metasploitable][:ports][:chatbot][:ruby] = 8181
-default[:metasploitable][:ports][:samba] = 445
+default[:metasploitable][:ports] = { :cups => 631,
+                                     :apache => 80,
+                                     :unrealircd => 6697,
+                                     :proftpd => 21,
+                                     :mysql => 3306,
+                                     :chatbot_ui => 80,
+                                     :chatbot_nodejs => 3000,
+                                     :ruby => 8181,
+                                     :samba => 445
+}
--- a/chef/cookbooks/metasploitable/recipes/iptables.rb
+++ b/chef/cookbooks/metasploitable/recipes/iptables.rb
@ -9,12 +9,14 @@ execute "apt-get update" do
 end

 bash 'setup for knockd, used for flag' do
-  code 'iptables -A FORWARD 1 -p tcp -m tcp --dport 8989 -j DROP'
-  code 'iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT'
+  code_to_execute = ""
+  code_to_execute << "iptables -A FORWARD 1 -p tcp -m tcp --dport 8989 -j DROP\n"
+  code_to_execute << "iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT\n"
  node[:metasploitable][:ports].keys.each do |service|
-    code "iptables -A INPUT -p tcp --dport #{node[:metasploitable][:ports][service]} -j ACCEPT"
+    code_to_execute << "iptables -A INPUT -p tcp --dport #{node[:metasploitable][:ports][service.to_sym]} -j ACCEPT\n"
  end
-  code 'iptables -A INPUT -j DROP'
+  code_to_execute << "iptables -A INPUT -j DROP\n"
+  code code_to_execute
 end

 package 'iptables-persistent' do