Marown/metasploitable3
1
0
Fork 0
mirror of https://github.com/rapid7/metasploitable3.git synced 2024-06-28 15:55:47 +02:00
Code Issues Packages Projects Releases Wiki Activity

Configure iptables for other services.

Browse Source
This commit is contained in:
James Barnett 2017-07-06 17:08:33 -05:00
parent fc336a5f1b
commit 6fd0a57fdf
2 changed files with 16 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
chef/cookbooks/metasploitable/attributes/default.rb
View File

@ -9,12 +9,13 @@ default[:metasploitable][:docker_users] = ['boba_fett',
default[:metasploitable][:files_path] = '/vagrant/chef/cookbooks/metasploitable/files/' default[:metasploitable][:files_path] = '/vagrant/chef/cookbooks/metasploitable/files/'
default[:metasploitable][:ports][:cups] = 631 default[:metasploitable][:ports] = { :cups => 631,
default[:metasploitable][:ports][:apache] = 80 :apache => 80,
default[:metasploitable][:ports][:unrealircd] = 6697 :unrealircd => 6697,
default[:metasploitable][:ports][:proftpd] = 21 :proftpd => 21,
default[:metasploitable][:ports][:mysql] = 3306 :mysql => 3306,
default[:metasploitable][:ports][:chatbot][:ui] = default[:metasploitable][:ports][:apache] :chatbot_ui => 80,
default[:metasploitable][:ports][:chatbot][:nodejs] = 3000 :chatbot_nodejs => 3000,
default[:metasploitable][:ports][:chatbot][:ruby] = 8181 :ruby => 8181,
default[:metasploitable][:ports][:samba] = 445 :samba => 445
}

10
chef/cookbooks/metasploitable/recipes/iptables.rb
View File

@ -9,12 +9,14 @@ execute "apt-get update" do
end end
bash 'setup for knockd, used for flag' do bash 'setup for knockd, used for flag' do
code 'iptables -A FORWARD 1 -p tcp -m tcp --dport 8989 -j DROP' code_to_execute = ""
code 'iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT' code_to_execute << "iptables -A FORWARD 1 -p tcp -m tcp --dport 8989 -j DROP\n"
code_to_execute << "iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT\n"
node[:metasploitable][:ports].keys.each do |service| node[:metasploitable][:ports].keys.each do |service|
code "iptables -A INPUT -p tcp --dport #{node[:metasploitable][:ports][service]} -j ACCEPT" code_to_execute << "iptables -A INPUT -p tcp --dport #{node[:metasploitable][:ports][service.to_sym]} -j ACCEPT\n"
end end
code 'iptables -A INPUT -j DROP' code_to_execute << "iptables -A INPUT -j DROP\n"
code code_to_execute
end end
package 'iptables-persistent' do package 'iptables-persistent' do