diff --git a/Vagrantfile b/Vagrantfile
index 1174f08..a909d4c 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -169,6 +169,7 @@ Vagrant.configure("2") do |config|
chef.add_recipe "metasploitable::docker"
chef.add_recipe "metasploitable::samba"
chef.add_recipe "metasploitable::unrealircd"
+ chef.add_recipe "metasploitable::cups"
end
end
end
diff --git a/chef/cookbooks/metasploitable/files/cups/cupsd.conf b/chef/cookbooks/metasploitable/files/cups/cupsd.conf
new file mode 100644
index 0000000..affb3ac
--- /dev/null
+++ b/chef/cookbooks/metasploitable/files/cups/cupsd.conf
@@ -0,0 +1,140 @@
+#
+#
+# Sample configuration file for the CUPS scheduler. See "man cupsd.conf" for a
+# complete description of this file.
+#
+
+# Log general information in error_log - change "warn" to "debug"
+# for troubleshooting...
+LogLevel warn
+
+# Deactivate CUPS' internal logrotating, as we provide a better one, especially
+# LogLevel debug2 gets usable now
+MaxLogSize 0
+
+# Only listen for connections from the local machine.
+Listen *:631
+Listen /var/run/cups/cups.sock
+
+# Show shared printers on the local network.
+Browsing Off
+BrowseLocalProtocols dnssd
+
+# Default authentication type, when authentication is required...
+DefaultAuthType Basic
+
+# Web interface setting...
+WebInterface Yes
+
+# Restrict access to the server...
+
+ Order allow,deny
+ Allow from all
+
+
+# Restrict access to the admin pages...
+
+ Order allow,deny
+ Allow from all
+
+
+# Restrict access to configuration files...
+
+ AuthType Default
+ Require user @SYSTEM
+ Order allow,deny
+ Allow from all
+
+
+# Set the default printer/job policies...
+
+ # Job/subscription privacy...
+ JobPrivateAccess default
+ JobPrivateValues default
+ SubscriptionPrivateAccess default
+ SubscriptionPrivateValues default
+
+ # Job-related operations must be done by the owner or an administrator...
+
+ Order deny,allow
+
+
+
+ Require user @OWNER @SYSTEM
+ Order deny,allow
+
+
+ # All administration operations require an administrator to authenticate...
+
+ AuthType Default
+ Require user @SYSTEM
+ Order deny,allow
+
+
+ # All printer operations require a printer operator to authenticate...
+
+ AuthType Default
+ Require user @SYSTEM
+ Order deny,allow
+
+
+ # Only the owner or an administrator can cancel or authenticate a job...
+
+ Require user @OWNER @SYSTEM
+ Order deny,allow
+
+
+
+ Order deny,allow
+
+
+
+# Set the authenticated printer/job policies...
+
+ # Job/subscription privacy...
+ JobPrivateAccess default
+ JobPrivateValues default
+ SubscriptionPrivateAccess default
+ SubscriptionPrivateValues default
+
+ # Job-related operations must be done by the owner or an administrator...
+
+ AuthType Default
+ Order deny,allow
+
+
+
+ AuthType Default
+ Require user @OWNER @SYSTEM
+ Order deny,allow
+
+
+ # All administration operations require an administrator to authenticate...
+
+ AuthType Default
+ Require user @SYSTEM
+ Order deny,allow
+
+
+ # All printer operations require a printer operator to authenticate...
+
+ AuthType Default
+ Require user @SYSTEM
+ Order deny,allow
+
+
+ # Only the owner or an administrator can cancel or authenticate a job...
+
+ AuthType Default
+ Require user @OWNER @SYSTEM
+ Order deny,allow
+
+
+
+ Order deny,allow
+ Allow from all
+
+
+
+#
+#
diff --git a/chef/cookbooks/metasploitable/recipes/cups.rb b/chef/cookbooks/metasploitable/recipes/cups.rb
new file mode 100644
index 0000000..dd0abcb
--- /dev/null
+++ b/chef/cookbooks/metasploitable/recipes/cups.rb
@@ -0,0 +1,22 @@
+#
+# Cookbook:: metasploitable
+# Recipe:: cups
+#
+# Copyright:: 2017, Rapid7, All Rights Reserved.
+
+execute 'apt-get update' do
+ command 'apt-get update'
+end
+
+package 'cups' do
+ action :install
+end
+
+cookbook_file '/etc/cups/cupsd.conf' do
+ source 'cups/cupsd.conf'
+ mode '0644'
+end
+
+service 'cups' do
+ action [:enable, :start]
+end