commit e100d7b13ec1b740700fc808e74a53c208779dc8 Author: James Barnett Date: Tue Aug 30 10:53:02 2016 -0500 Initial commit. diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c868ea0 --- /dev/null +++ b/.gitignore @@ -0,0 +1,5 @@ +.vagrant/ +packer_cache/ +*.exe +*.msi +*.msu \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..da9b547 --- /dev/null +++ b/README.md @@ -0,0 +1,3 @@ +# Metasploitable3 + +Welcome to the repo for the latest version of Metaploitable. \ No newline at end of file diff --git a/Vagrantfile b/Vagrantfile new file mode 100644 index 0000000..8ef66f5 --- /dev/null +++ b/Vagrantfile @@ -0,0 +1,122 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +# All Vagrant configuration is done below. The "2" in Vagrant.configure +# configures the configuration version (we support older styles for +# backwards compatibility). Please don't change it unless you know what +# you're doing. +Vagrant.configure("2") do |config| + # The most common configuration options are documented and commented below. + # For a complete reference, please see the online documentation at + # https://docs.vagrantup.com. + + # Every Vagrant development environment requires a box. You can search for + # boxes at https://atlas.hashicorp.com/search. + config.vm.box = "metasploitable3" + config.vm.hostname = "metasploitable3" + config.vm.communicator = "winrm" + + # Install Chocolatey + config.vm.provision :shell, path: "scripts/installs/chocolatey.cmd" + config.vm.provision :reload # Hack to reset environment variables + + # Install BoxStarter + config.vm.provision :shell, path: "scripts/installs/install_boxstarter.bat" + config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614 + + # Install 7zip + config.vm.provision :shell, path: "scripts/chocolatey_installs/7zip.bat" + config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614 + + # Adjust password policy + config.vm.provision :shell, path: "scripts/configs/apply_password_settings.bat" + config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614 + + # Add users and add to groups + config.vm.provision :shell, path: "scripts/configs/create_users.bat" + config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614 + + # Vulnerability - Unpatched IIS + config.vm.provision :shell, path: "scripts/installs/setup_iis.bat" + config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614 + + # Vulnerability - Chinese caidao.asp backdoor + config.vm.provision :shell, path: "scripts/installs/setup_caidao.bat" + config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614 + + # Vulnerability - Setup for Apache Struts + config.vm.provision :shell, path: "scripts/chocolatey_installs/java.bat" + config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614 + config.vm.provision :shell, path: "scripts/chocolatey_installs/tomcat.bat" + config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614 + config.vm.provision :reload # Hack to reset environment variables + config.vm.provision :shell, path: "scripts/installs/setup_apache_struts.bat" + config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614 + + # Vulnerability - Setup for Glassfish + config.vm.provision :shell, path: "scripts/installs/setup_glassfish.bat" + config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614 + + # Vulnerability - Jenkins (1.8) + config.vm.provision :shell, path: "scripts/installs/setup_jenkins.bat" + config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614 + + # Configure Firewall to open up vulnerable services + config.vm.provision :shell, path: "scripts/configs/configure_firewall.bat" + config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614 + + # Disable automatic box update checking. If you disable this, then + # boxes will only be checked for updates when the user runs + # `vagrant box outdated`. This is not recommended. + # config.vm.box_check_update = false + + # Create a forwarded port mapping which allows access to a specific port + # within the machine from a port on the host machine. In the example below, + # accessing "localhost:8080" will access port 80 on the guest machine. + # config.vm.network "forwarded_port", guest: 80, host: 8080 + + # Create a private network, which allows host-only access to the machine + # using a specific IP. + # config.vm.network "private_network", ip: "192.168.33.10" + + # Create a public network, which generally matched to bridged network. + # Bridged networks make the machine appear as another physical device on + # your network. + # config.vm.network "public_network" + + # Share an additional folder to the guest VM. The first argument is + # the path on the host to the actual folder. The second argument is + # the path on the guest to mount the folder. And the optional third + # argument is a set of non-required options. + # config.vm.synced_folder "../data", "/vagrant_data" + + # Provider-specific configuration so you can fine-tune various + # backing providers for Vagrant. These expose provider-specific options. + # Example for VirtualBox: + # + # config.vm.provider "virtualbox" do |vb| + # # Display the VirtualBox GUI when booting the machine + # vb.gui = true + # + # # Customize the amount of memory on the VM: + # vb.memory = "1024" + # end + # + # View the documentation for the provider you are using for more + # information on available options. + + # Define a Vagrant Push strategy for pushing to Atlas. Other push strategies + # such as FTP and Heroku are also available. See the documentation at + # https://docs.vagrantup.com/v2/push/atlas.html for more information. + # config.push.define "atlas" do |push| + # push.app = "YOUR_ATLAS_USERNAME/YOUR_APPLICATION_NAME" + # end + + # Enable provisioning with a shell script. Additional provisioners such as + # Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the + # documentation for more information about their specific syntax and use. + # config.vm.provision "shell", inline: <<-SHELL + # apt-get update + # apt-get install -y apache2 + # SHELL +end \ No newline at end of file diff --git a/answer_files/2008_r2/Autounattend.xml b/answer_files/2008_r2/Autounattend.xml new file mode 100644 index 0000000..0fdf25b --- /dev/null +++ b/answer_files/2008_r2/Autounattend.xml @@ -0,0 +1,303 @@ + + + + + + + + + + 1 + Primary + true + + + + + false + NTFS + C + 1 + 1 + + + + 0 + true + + OnError + + + true + Vagrant Administrator + Vagrant Inc. + + + + + + Never + + + + + + 0 + 1 + + OnError + false + + + /IMAGE/NAME + Windows Server 2008 R2 SERVERSTANDARD + + + + + + + + en-US + + en-US + en-US + en-US + en-US + en-US + + + + + false + + + + + + + vagrant + true</PlainText> + </AdministratorPassword> + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Password> + <Value>vagrant</Value> + <PlainText>true</PlainText> + </Password> + <Description>Vagrant User</Description> + <DisplayName>vagrant</DisplayName> + <Group>administrators</Group> + <Name>vagrant</Name> + </LocalAccount> + </LocalAccounts> + </UserAccounts> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> + <NetworkLocation>Home</NetworkLocation> + </OOBE> + <AutoLogon> + <Password> + <Value>vagrant</Value> + <PlainText>true</PlainText> + </Password> + <Username>vagrant</Username> + <Enabled>true</Enabled> + </AutoLogon> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <CommandLine>cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine> + <Description>Set Execution Policy 64 Bit</Description> + <Order>1</Order> + <RequiresUserInput>true</RequiresUserInput> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <CommandLine>C:\Windows\SysWOW64\cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine> + <Description>Set Execution Policy 32 Bit</Description> + <Order>2</Order> + <RequiresUserInput>true</RequiresUserInput> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <CommandLine>cmd.exe /c winrm quickconfig -q</CommandLine> + <Description>winrm quickconfig -q</Description> + <Order>3</Order> + <RequiresUserInput>true</RequiresUserInput> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <CommandLine>cmd.exe /c winrm quickconfig -transport:http</CommandLine> + <Description>winrm quickconfig -transport:http</Description> + <Order>4</Order> + <RequiresUserInput>true</RequiresUserInput> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <CommandLine>cmd.exe /c winrm set winrm/config @{MaxTimeoutms="1800000"}</CommandLine> + <Description>Win RM MaxTimoutms</Description> + <Order>5</Order> + <RequiresUserInput>true</RequiresUserInput> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <CommandLine>cmd.exe /c winrm set winrm/config/winrs @{MaxMemoryPerShellMB="800"}</CommandLine> + <Description>Win RM MaxMemoryPerShellMB</Description> + <Order>6</Order> + <RequiresUserInput>true</RequiresUserInput> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <CommandLine>cmd.exe /c winrm set winrm/config/winrs @{MaxShellsPerUser="50"}</CommandLine> + <Description>Win RM MaxShellsPerUser</Description> + <Order>7</Order> + <RequiresUserInput>true</RequiresUserInput> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <CommandLine>cmd.exe /c winrm set winrm/config/winrs @{MaxProcessesPerShell="50"}</CommandLine> + <Description>Win RM MaxProcessesPerShell</Description> + <Order>8</Order> + <RequiresUserInput>true</RequiresUserInput> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <CommandLine>cmd.exe /c winrm set winrm/config/service @{MaxConcurrentOperationsPerUser="50"}</CommandLine> + <Description>Win RM ConcurrentOperationsPerUser</Description> + <Order>9</Order> + <RequiresUserInput>true</RequiresUserInput> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <CommandLine>cmd.exe /c winrm set winrm/config/service @{AllowUnencrypted="true"}</CommandLine> + <Description>Win RM AllowUnencrypted</Description> + <Order>10</Order> + <RequiresUserInput>true</RequiresUserInput> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <CommandLine>cmd.exe /c winrm set winrm/config/service/auth @{Basic="true"}</CommandLine> + <Description>Win RM auth Basic</Description> + <Order>11</Order> + <RequiresUserInput>true</RequiresUserInput> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <CommandLine>cmd.exe /c winrm set winrm/config/client/auth @{Basic="true"}</CommandLine> + <Description>Win RM client auth Basic</Description> + <Order>12</Order> + <RequiresUserInput>true</RequiresUserInput> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <CommandLine>cmd.exe /c winrm set winrm/config/listener?Address=*+Transport=HTTP @{Port="5985"} </CommandLine> + <Description>Win RM listener Address/Port</Description> + <Order>13</Order> + <RequiresUserInput>true</RequiresUserInput> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <CommandLine>cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes </CommandLine> + <Description>Win RM adv firewall enable</Description> + <Order>14</Order> + <RequiresUserInput>true</RequiresUserInput> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <CommandLine>cmd.exe /c netsh firewall add portopening TCP 5985 "Port 5985" </CommandLine> + <Description>Win RM port open</Description> + <Order>15</Order> + <RequiresUserInput>true</RequiresUserInput> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <CommandLine>cmd.exe /c net stop winrm </CommandLine> + <Description>Stop Win RM Service </Description> + <Order>16</Order> + <RequiresUserInput>true</RequiresUserInput> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <CommandLine>cmd.exe /c sc config winrm start= auto</CommandLine> + <Description>Win RM Autostart</Description> + <Order>17</Order> + <RequiresUserInput>true</RequiresUserInput> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <CommandLine>cmd.exe /c net start winrm</CommandLine> + <Description>Start Win RM Service</Description> + <Order>18</Order> + <RequiresUserInput>true</RequiresUserInput> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v HideFileExt /t REG_DWORD /d 0 /f</CommandLine> + <Order>19</Order> + <Description>Show file extensions in Explorer</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\Console /v QuickEdit /t REG_DWORD /d 1 /f</CommandLine> + <Order>20</Order> + <Description>Enable QuickEdit mode</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v Start_ShowRun /t REG_DWORD /d 1 /f</CommandLine> + <Order>21</Order> + <Description>Show Run command in Start Menu</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v StartMenuAdminTools /t REG_DWORD /d 1 /f</CommandLine> + <Order>22</Order> + <Description>Show Administrative Tools in Start Menu</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <CommandLine>%SystemRoot%\System32\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Control\Power\ /v HibernateFileSizePercent /t REG_DWORD /d 0 /f</CommandLine> + <Order>23</Order> + <Description>Zero Hibernation File</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <CommandLine>%SystemRoot%\System32\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Control\Power\ /v HibernateEnabled /t REG_DWORD /d 0 /f</CommandLine> + <Order>24</Order> + <Description>Disable Hibernation Mode</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <CommandLine>cmd.exe /c wmic useraccount where "name='vagrant'" set PasswordExpires=FALSE</CommandLine> + <Order>25</Order> + <Description>Disable password expiration for vagrant user</Description> + </SynchronousCommand> + <!-- WITHOUT WINDOWS UPDATES --> + <SynchronousCommand wcm:action="add"> + <CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\openssh.ps1 -AutoStart</CommandLine> + <Description>Install OpenSSH</Description> + <Order>99</Order> + <RequiresUserInput>true</RequiresUserInput> + </SynchronousCommand> + <!-- END WITHOUT WINDOWS UPDATES --> + <!-- WITH WINDOWS UPDATES --> + <!--<SynchronousCommand wcm:action="add">--> + <!--<CommandLine>cmd.exe /c a:\microsoft-updates.bat</CommandLine>--> + <!--<Order>98</Order>--> + <!--<Description>Enable Microsoft Updates</Description>--> + <!--</SynchronousCommand>--> + <!--<SynchronousCommand wcm:action="add">--> + <!--<CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\win-updates.ps1 -MaxUpdatesPerCycle 30</CommandLine>--> + <!--<Description>Install Windows Updates</Description>--> + <!--<Order>100</Order>--> + <!--<RequiresUserInput>true</RequiresUserInput>--> + <!--</SynchronousCommand>--> + <!-- END WITH WINDOWS UPDATES --> + </FirstLogonCommands> + <ShowWindowsLive>false</ShowWindowsLive> + </component> + </settings> + <settings pass="specialize"> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <OEMInformation> + <HelpCustomized>false</HelpCustomized> + </OEMInformation> + <!-- Rename computer here. --> + <ComputerName>vagrant-2008R2</ComputerName> + <TimeZone>Pacific Standard Time</TimeZone> + <RegisteredOwner/> + </component> + <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-ServerManager-SvrMgrNc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DoNotOpenServerManagerAtLogon>true</DoNotOpenServerManagerAtLogon> + </component> + <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-IE-ESC" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <!-- Disable IE ESC. --> + <IEHardenAdmin>false</IEHardenAdmin> + <IEHardenUser>false</IEHardenUser> + </component> + <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-OutOfBoxExperience" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DoNotOpenInitialConfigurationTasksAtLogon>true</DoNotOpenInitialConfigurationTasksAtLogon> + </component> + <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipAutoActivation>true</SkipAutoActivation> + </component> + </settings> + <cpi:offlineImage xmlns:cpi="urn:schemas-microsoft-com:cpi" cpi:source="catalog:d:/sources/install_windows server 2008 r2 serverdatacenter.clg"/> +</unattend> diff --git a/iso/README.md b/iso/README.md new file mode 100644 index 0000000..477044b --- /dev/null +++ b/iso/README.md @@ -0,0 +1,22 @@ +### What Is This Directory For? + +You should download your Windows Server ISO images from TechNet/MSDN and place them in this folder. We need to do this because MSDN / TechNet are protected by Microsoft (Live) ID, which does not support HTTP basic authentication or the OAuth2 username / password flow. + +For example, you might want to start with one of the following: + +* Windows Server 2008 R2 + SP1: + * File Name: en_windows_server_2008_r2_with_sp1_x64_dvd_617601.iso + * SHA1 Hash: D3FD7BF85EE1D5BDD72DE5B2C69A7B470733CD0A + * Direct Download: http://msdn.microsoft.com/subscriptions/json/GetDownloadRequest?brand=MSDN&locale=en-us&fileId=44782&activexDisabled=true&akamaiDL=false +* Windows Server 2008 R2 + SP1 (Volume License): + * File Name: en_windows_server_2008_r2_with_sp1_vl_build_x64_dvd_617403.iso + * SHA1 Hash: 7E7E9425041B3328CCF723A0855C2BC4F462EC57 + * Direct Download: http://msdn.microsoft.com/subscriptions/json/GetDownloadRequest?brand=MSDN&locale=en-us&fileId=44783&activexDisabled=true&akamaiDL=false +* Windows Server 2012: + * File Name: en_windows_server_2012_x64_dvd_915478.iso + * SHA1 Hash: D09E752B1EE480BC7E93DFA7D5C3A9B8AAC477BA + * Direct Download: http://msdn.microsoft.com/subscriptions/json/GetDownloadRequest?brand=MSDN&locale=en-us&fileId=50539&activexDisabled=true&akamaiDL=false +* Windows Server 2012 (Volume License): + * File Name: en_windows_server_2012_vl_x64_dvd_917758.iso + * SHA1 Hash: 063BC26ED45C50D3745CCAD52DD7B3F3CE13F36D + * Direct Download: http://msdn.microsoft.com/subscriptions/json/GetDownloadRequest?brand=MSDN&locale=en-us&fileId=50573&activexDisabled=true&akamaiDL=false \ No newline at end of file diff --git a/resources/apache_struts/server.xml b/resources/apache_struts/server.xml new file mode 100644 index 0000000..d10ec07 --- /dev/null +++ b/resources/apache_struts/server.xml @@ -0,0 +1,142 @@ +<?xml version='1.0' encoding='utf-8'?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<!-- Note: A "Server" is not itself a "Container", so you may not + define subcomponents such as "Valves" at this level. + Documentation at /docs/config/server.html + --> +<Server port="8005" shutdown="SHUTDOWN"> + <Listener className="org.apache.catalina.startup.VersionLoggerListener" /> + <!-- Security listener. Documentation at /docs/config/listeners.html + <Listener className="org.apache.catalina.security.SecurityListener" /> + --> + <!--APR library loader. Documentation at /docs/apr.html --> + <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> + <!-- Prevent memory leaks due to use of particular java/javax APIs--> + <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /> + <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> + <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" /> + + <!-- Global JNDI resources + Documentation at /docs/jndi-resources-howto.html + --> + <GlobalNamingResources> + <!-- Editable user database that can also be used by + UserDatabaseRealm to authenticate users + --> + <Resource name="UserDatabase" auth="Container" + type="org.apache.catalina.UserDatabase" + description="User database that can be updated and saved" + factory="org.apache.catalina.users.MemoryUserDatabaseFactory" + pathname="conf/tomcat-users.xml" /> + </GlobalNamingResources> + + <!-- A "Service" is a collection of one or more "Connectors" that share + a single "Container" Note: A "Service" is not itself a "Container", + so you may not define subcomponents such as "Valves" at this level. + Documentation at /docs/config/service.html + --> + <Service name="Catalina"> + + <!--The connectors can use a shared executor, you can define one or more named thread pools--> + <!-- + <Executor name="tomcatThreadPool" namePrefix="catalina-exec-" + maxThreads="150" minSpareThreads="4"/> + --> + + + <!-- A "Connector" represents an endpoint by which requests are received + and responses are returned. Documentation at : + Java HTTP Connector: /docs/config/http.html (blocking & non-blocking) + Java AJP Connector: /docs/config/ajp.html + APR (HTTP/AJP) Connector: /docs/apr.html + Define a non-SSL/TLS HTTP/1.1 Connector on port 8080 + --> + <Connector port="8282" protocol="HTTP/1.1" + connectionTimeout="20000" + redirectPort="8443" /> + <!-- A "Connector" using the shared thread pool--> + <!-- + <Connector executor="tomcatThreadPool" + port="8080" protocol="HTTP/1.1" + connectionTimeout="20000" + redirectPort="8443" /> + --> + <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 + This connector uses the NIO implementation that requires the JSSE + style configuration. When using the APR/native implementation, the + OpenSSL style configuration is required as described in the APR/native + documentation --> + <!-- + <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" + maxThreads="150" SSLEnabled="true" scheme="https" secure="true" + clientAuth="false" sslProtocol="TLS" /> + --> + + <!-- Define an AJP 1.3 Connector on port 8009 --> + <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> + + + <!-- An Engine represents the entry point (within Catalina) that processes + every request. The Engine implementation for Tomcat stand alone + analyzes the HTTP headers included with the request, and passes them + on to the appropriate Host (virtual host). + Documentation at /docs/config/engine.html --> + + <!-- You should set jvmRoute to support load-balancing via AJP ie : + <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1"> + --> + <Engine name="Catalina" defaultHost="localhost"> + + <!--For clustering, please take a look at documentation at: + /docs/cluster-howto.html (simple how to) + /docs/config/cluster.html (reference documentation) --> + <!-- + <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/> + --> + + <!-- Use the LockOutRealm to prevent attempts to guess user passwords + via a brute-force attack --> + <Realm className="org.apache.catalina.realm.LockOutRealm"> + <!-- This Realm uses the UserDatabase configured in the global JNDI + resources under the key "UserDatabase". Any edits + that are performed against this UserDatabase are immediately + available for use by the Realm. --> + <Realm className="org.apache.catalina.realm.UserDatabaseRealm" + resourceName="UserDatabase"/> + </Realm> + + <Host name="localhost" appBase="webapps" + unpackWARs="true" autoDeploy="true"> + + <!-- SingleSignOn valve, share authentication between web applications + Documentation at: /docs/config/valve.html --> + <!-- + <Valve className="org.apache.catalina.authenticator.SingleSignOn" /> + --> + + <!-- Access log processes all example. + Documentation at: /docs/config/valve.html + Note: The pattern used is equivalent to using pattern="common" --> + <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" + prefix="localhost_access_log" suffix=".txt" + pattern="%h %l %u %t &quot;%r&quot; %s %b" /> + + </Host> + </Engine> + </Service> +</Server> \ No newline at end of file diff --git a/resources/apache_struts/struts.xml b/resources/apache_struts/struts.xml new file mode 100644 index 0000000..0e556d5 --- /dev/null +++ b/resources/apache_struts/struts.xml @@ -0,0 +1,38 @@ +<?xml version="1.0" encoding="UTF-8" ?> +<!-- +/* + * $Id: struts-plugin.xml 722219 2008-12-01 20:41:26Z musachy $ + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +--> + +<!DOCTYPE struts PUBLIC + "-//Apache Software Foundation//DTD Struts Configuration 2.3//EN" + "http://struts.apache.org/dtds/struts-2.3.dtd"> + +<struts> + <constant name="struts.enable.DynamicMethodInvocation" value="true" /> + <constant name="struts.devMode" value="false" /> + <!-- Overwrite Convention --> + <constant name="struts.convention.action.suffix" value="Controller"/> + <constant name="struts.convention.action.mapAllMatches" value="true"/> + <constant name="struts.convention.default.parent.package" value="rest-default"/> + + <constant name="struts.convention.package.locators" value="example"/> +</struts> diff --git a/resources/apache_struts/struts2-rest-showcase.war b/resources/apache_struts/struts2-rest-showcase.war new file mode 100644 index 0000000..2a96ef5 Binary files /dev/null and b/resources/apache_struts/struts2-rest-showcase.war differ diff --git a/resources/apache_struts/tomcat-users.xml b/resources/apache_struts/tomcat-users.xml new file mode 100644 index 0000000..269cdad --- /dev/null +++ b/resources/apache_struts/tomcat-users.xml @@ -0,0 +1,46 @@ +<?xml version='1.0' encoding='utf-8'?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<tomcat-users xmlns="http://tomcat.apache.org/xml" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd" + version="1.0"> +<!-- + NOTE: By default, no user is included in the "manager-gui" role required + to operate the "/manager/html" web application. If you wish to use this app, + you must define such a user - the username and password are arbitrary. It is + strongly recommended that you do NOT use one of the users in the commented out + section below since they are intended for use with the examples web + application. +--> +<!-- + NOTE: The sample user and role entries below are intended for use with the + examples web application. They are wrapped in a comment and thus are ignored + when reading this file. If you wish to configure these users for use with the + examples web application, do not forget to remove the <!.. ..> that surrounds + them. You will also need to set the passwords to something appropriate. +--> +<!-- + <role rolename="tomcat"/> + <role rolename="role1"/> + <user username="tomcat" password="<must-be-changed>" roles="tomcat"/> + <user username="both" password="<must-be-changed>" roles="tomcat,role1"/> + <user username="role1" password="<must-be-changed>" roles="role1"/> +--> + <role rolename="manager-gui"/> + <user username="sploit" password="sploit" roles="manager-gui"/> +</tomcat-users> diff --git a/resources/caidao/caidao.asp b/resources/caidao/caidao.asp new file mode 100644 index 0000000..e1b6fba --- /dev/null +++ b/resources/caidao/caidao.asp @@ -0,0 +1 @@ +<%eval request("password")%> \ No newline at end of file diff --git a/resources/certs/COMODORSAAddTrustCA.crt b/resources/certs/COMODORSAAddTrustCA.crt new file mode 100644 index 0000000..ad75f0f Binary files /dev/null and b/resources/certs/COMODORSAAddTrustCA.crt differ diff --git a/resources/certs/COMODORSAExtendedValidationSecureServerCA.crt b/resources/certs/COMODORSAExtendedValidationSecureServerCA.crt new file mode 100644 index 0000000..9dbe81f Binary files /dev/null and b/resources/certs/COMODORSAExtendedValidationSecureServerCA.crt differ diff --git a/resources/certs/addtrust_external_ca.cer b/resources/certs/addtrust_external_ca.cer new file mode 100755 index 0000000..8a99c54 Binary files /dev/null and b/resources/certs/addtrust_external_ca.cer differ diff --git a/resources/certs/baltimore_ca.cer b/resources/certs/baltimore_ca.cer new file mode 100755 index 0000000..da96dbb Binary files /dev/null and b/resources/certs/baltimore_ca.cer differ diff --git a/resources/certs/comodorsacertificationauthority.crt b/resources/certs/comodorsacertificationauthority.crt new file mode 100644 index 0000000..6508d1e --- /dev/null +++ b/resources/certs/comodorsacertificationauthority.crt @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCB +hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G +A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV +BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMTE5 +MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgT +EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR +Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNh +dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR +6FSS0gpWsawNJN3Fz0RndJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8X +pz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZFGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC +9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+5eNu/Nio5JIk2kNrYrhV +/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pGx8cgoLEf +Zd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z ++pUX2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7w +qP/0uK3pN/u6uPQLOvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZah +SL0896+1DSJMwBGB7FY79tOi4lu3sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVIC +u9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+CGCe01a60y1Dma/RMhnEw6abf +Fobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5WdYgGq/yapiq +crxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E +FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB +/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvl +wFTPoCWOAvn9sKIN9SCYPBMtrFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM +4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+nq6PK7o9mfjYcwlYRm6mnPTXJ9OV +2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSgtZx8jb8uk2Intzna +FxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwWsRqZ +CuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiK +boHGhfKppC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmcke +jkk9u+UJueBPSZI9FoJAzMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yL +S0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHqZJx64SIDqZxubw5lT2yHh17zbqD5daWb +QOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk527RH89elWsn2/x20Kk4yl +0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7ILaZRfyHB +NVOFBkpdn627G190 +-----END CERTIFICATE----- diff --git a/resources/certs/comodorsadomainvalidationsecureserverca.crt b/resources/certs/comodorsadomainvalidationsecureserverca.crt new file mode 100644 index 0000000..d81d72a --- /dev/null +++ b/resources/certs/comodorsadomainvalidationsecureserverca.crt @@ -0,0 +1,35 @@ +-----BEGIN CERTIFICATE----- +MIIGCDCCA/CgAwIBAgIQKy5u6tl1NmwUim7bo3yMBzANBgkqhkiG9w0BAQwFADCB +hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G +A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV +BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQwMjEy +MDAwMDAwWhcNMjkwMjExMjM1OTU5WjCBkDELMAkGA1UEBhMCR0IxGzAZBgNVBAgT +EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR +Q09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZh +bGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAI7CAhnhoFmk6zg1jSz9AdDTScBkxwtiBUUWOqigwAwCfx3M28Sh +bXcDow+G+eMGnD4LgYqbSRutA776S9uMIO3Vzl5ljj4Nr0zCsLdFXlIvNN5IJGS0 +Qa4Al/e+Z96e0HqnU4A7fK31llVvl0cKfIWLIpeNs4TgllfQcBhglo/uLQeTnaG6 +ytHNe+nEKpooIZFNb5JPJaXyejXdJtxGpdCsWTWM/06RQ1A/WZMebFEh7lgUq/51 +UHg+TLAchhP6a5i84DuUHoVS3AOTJBhuyydRReZw3iVDpA3hSqXttn7IzW3uLh0n +c13cRTCAquOyQQuvvUSH2rnlG51/ruWFgqUCAwEAAaOCAWUwggFhMB8GA1UdIwQY +MBaAFLuvfgI9+qbxPISOre44mOzZMjLUMB0GA1UdDgQWBBSQr2o6lFoL2JDqElZz +30O0Oija5zAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNV +HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGwYDVR0gBBQwEjAGBgRVHSAAMAgG +BmeBDAECATBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLmNvbW9kb2NhLmNv +bS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBxBggrBgEFBQcB +AQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9E +T1JTQUFkZFRydXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21v +ZG9jYS5jb20wDQYJKoZIhvcNAQEMBQADggIBAE4rdk+SHGI2ibp3wScF9BzWRJ2p +mj6q1WZmAT7qSeaiNbz69t2Vjpk1mA42GHWx3d1Qcnyu3HeIzg/3kCDKo2cuH1Z/ +e+FE6kKVxF0NAVBGFfKBiVlsit2M8RKhjTpCipj4SzR7JzsItG8kO3KdY3RYPBps +P0/HEZrIqPW1N+8QRcZs2eBelSaz662jue5/DJpmNXMyYE7l3YphLG5SEXdoltMY +dVEVABt0iN3hxzgEQyjpFv3ZBdRdRydg1vs4O2xyopT4Qhrf7W8GjEXCBgCq5Ojc +2bXhc3js9iPc0d1sjhqPpepUfJa3w/5Vjo1JXvxku88+vZbrac2/4EjxYoIQ5QxG +V/Iz2tDIY+3GH5QFlkoakdH368+PUq4NCNk+qKBR6cGHdNXJ93SrLlP7u3r7l+L4 +HyaPs9Kg4DdbKDsx5Q5XLVq4rXmsXiBmGqW5prU5wfWYQ//u+aen/e7KJD2AFsQX +j4rBYKEMrltDR5FL1ZoXX/nUh8HCjLfn4g8wGTeGrODcQgPmlKidrv0PJFGUzpII +0fxQ8ANAe4hZ7Q7drNJ3gjTcBpUC2JD5Leo31Rpg0Gcg19hCC0Wvgmje3WYkN5Ap +lBlGGSW4gNfL1IYoakRwJiNiqZ+Gb7+6kHDSVneFeO/qJakXzlByjAA6quPbYzSf ++AZxAeKCINT+b72x +-----END CERTIFICATE----- diff --git a/resources/certs/digicert.cer b/resources/certs/digicert.cer new file mode 100755 index 0000000..391ffc1 Binary files /dev/null and b/resources/certs/digicert.cer differ diff --git a/resources/certs/equifax.cer b/resources/certs/equifax.cer new file mode 100755 index 0000000..c44db27 Binary files /dev/null and b/resources/certs/equifax.cer differ diff --git a/resources/certs/gdig2.crt b/resources/certs/gdig2.crt new file mode 100644 index 0000000..615a74b --- /dev/null +++ b/resources/certs/gdig2.crt @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIE0DCCA7igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx +EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT +EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp +ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTExMDUwMzA3MDAwMFoXDTMxMDUwMzA3 +MDAwMFowgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH +EwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UE +CxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQD +EypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC54MsQ1K92vdSTYuswZLiBCGzD +BNliF44v/z5lz4/OYuY8UhzaFkVLVat4a2ODYpDOD2lsmcgaFItMzEUz6ojcnqOv +K/6AYZ15V8TPLvQ/MDxdR/yaFrzDN5ZBUY4RS1T4KL7QjL7wMDge87Am+GZHY23e +cSZHjzhHU9FGHbTj3ADqRay9vHHZqm8A29vNMDp5T19MR/gd71vCxJ1gO7GyQ5HY +pDNO6rPWJ0+tJYqlxvTV0KaudAVkV4i1RFXULSo6Pvi4vekyCgKUZMQWOlDxSq7n +eTOvDCAHf+jfBDnCaQJsY1L6d8EbyHSHyLmTGFBUNUtpTrw700kuH9zB0lL7AgMB +AAGjggEaMIIBFjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV +HQ4EFgQUQMK9J47MNIMwojPX+2yz8LQsgM4wHwYDVR0jBBgwFoAUOpqFBxBnKLbv +9r0FQW4gwZTaD94wNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v +b2NzcC5nb2RhZGR5LmNvbS8wNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2NybC5n +b2RhZGR5LmNvbS9nZHJvb3QtZzIuY3JsMEYGA1UdIAQ/MD0wOwYEVR0gADAzMDEG +CCsGAQUFBwIBFiVodHRwczovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkv +MA0GCSqGSIb3DQEBCwUAA4IBAQAIfmyTEMg4uJapkEv/oV9PBO9sPpyIBslQj6Zz +91cxG7685C/b+LrTW+C05+Z5Yg4MotdqY3MxtfWoSKQ7CC2iXZDXtHwlTxFWMMS2 +RJ17LJ3lXubvDGGqv+QqG+6EnriDfcFDzkSnE3ANkR/0yBOtg2DZ2HKocyQetawi +DsoXiWJYRBuriSUBAA/NxBti21G00w9RKpv0vHP8ds42pM3Z2Czqrpv1KrKQ0U11 +GIo/ikGQI31bS/6kA1ibRrLDYGCD+H1QQc7CoZDDu+8CL9IVVO5EFdkKrqeKM+2x +LXY2JtwE65/3YR8V3Idv7kaWKK2hJn0KCacuBKONvPi8BDAB +-----END CERTIFICATE----- \ No newline at end of file diff --git a/resources/certs/globalsign.cer b/resources/certs/globalsign.cer new file mode 100755 index 0000000..1e6967f Binary files /dev/null and b/resources/certs/globalsign.cer differ diff --git a/resources/certs/gte_cybertrust.cer b/resources/certs/gte_cybertrust.cer new file mode 100755 index 0000000..e37fa29 Binary files /dev/null and b/resources/certs/gte_cybertrust.cer differ diff --git a/resources/certs/microsoft_root_2011.cer b/resources/certs/microsoft_root_2011.cer new file mode 100755 index 0000000..1ae4740 Binary files /dev/null and b/resources/certs/microsoft_root_2011.cer differ diff --git a/resources/certs/oracle-cert.cer b/resources/certs/oracle-cert.cer new file mode 100644 index 0000000..abb6ee6 Binary files /dev/null and b/resources/certs/oracle-cert.cer differ diff --git a/resources/certs/thawte_primary_root.cer b/resources/certs/thawte_primary_root.cer new file mode 100755 index 0000000..fddd126 Binary files /dev/null and b/resources/certs/thawte_primary_root.cer differ diff --git a/resources/certs/utn-userfirst.cer b/resources/certs/utn-userfirst.cer new file mode 100755 index 0000000..3fa0907 Binary files /dev/null and b/resources/certs/utn-userfirst.cer differ diff --git a/resources/glassfish/admin-keyfile b/resources/glassfish/admin-keyfile new file mode 100644 index 0000000..9cd9ce0 --- /dev/null +++ b/resources/glassfish/admin-keyfile @@ -0,0 +1 @@ +admin;{SSHA256}lmXQf85PwyYmoHqS5TpPzBiN9Rse3GlMI2LNJtY9+pswty71AOxo0Q==;asadmin diff --git a/resources/glassfish/domain.xml b/resources/glassfish/domain.xml new file mode 100644 index 0000000..1610852 --- /dev/null +++ b/resources/glassfish/domain.xml @@ -0,0 +1,464 @@ +<domain application-root="${com.sun.aas.instanceRoot}/applications" version="89" log-root="${com.sun.aas.instanceRoot}/logs"> + <security-configurations> + <authentication-service default="true" name="adminAuth" use-password-credential="true"> + <security-provider provider-name="adminSpc" name="spcrealm" type="LoginModule"> + <login-module-config module-class="com.sun.enterprise.admin.util.AdminLoginModule" control-flag="sufficient" name="adminSpecialLM"> + <property name="config" value="server-config"></property> + <property name="auth-realm" value="admin-realm"></property> + </login-module-config> + </security-provider> + <security-provider provider-name="adminFile" name="filerealm" type="LoginModule"> + <login-module-config module-class="com.sun.enterprise.security.auth.login.FileLoginModule" control-flag="sufficient" name="adminFileLM"> + <property name="config" value="server-config"></property> + <property name="auth-realm" value="admin-realm"></property> + </login-module-config> + </security-provider> + </authentication-service> + <authorization-service default="true" name="authorizationService"> + <security-provider provider-name="simpleAuthorizationProvider" name="simpleAuthorization" type="Simple"> + <authorization-provider-config name="simpleAuthorizationProviderConfig" support-policy-deploy="false"></authorization-provider-config> + </security-provider> + </authorization-service> + </security-configurations> + <managed-job-config></managed-job-config> + <system-applications> + <application context-root="" object-type="system-admin" name="__admingui" directory-deployed="true" location="${com.sun.aas.installRootURI}/lib/install/applications/__admingui"> + <module name="__admingui"> + <engine sniffer="web"></engine> + <engine sniffer="security"></engine> + </module> + </application> + </system-applications> + <resources> + <jdbc-resource pool-name="__TimerPool" object-type="system-admin" jndi-name="jdbc/__TimerPool"></jdbc-resource> + <jdbc-resource pool-name="DerbyPool" object-type="system-all" jndi-name="jdbc/__default"></jdbc-resource> + <jdbc-connection-pool datasource-classname="org.apache.derby.jdbc.EmbeddedXADataSource" name="__TimerPool" res-type="javax.sql.XADataSource"> + <property name="databaseName" value="${com.sun.aas.instanceRoot}/lib/databases/ejbtimer"></property> + <property name="connectionAttributes" value=";create=true"></property> + </jdbc-connection-pool> + <jdbc-connection-pool is-isolation-level-guaranteed="false" datasource-classname="org.apache.derby.jdbc.ClientDataSource" name="DerbyPool" res-type="javax.sql.DataSource"> + <property name="PortNumber" value="1527"></property> + <property name="Password" value="APP"></property> + <property name="User" value="APP"></property> + <property name="serverName" value="localhost"></property> + <property name="DatabaseName" value="sun-appserv-samples"></property> + <property name="connectionAttributes" value=";create=true"></property> + </jdbc-connection-pool> + <connector-connection-pool resource-adapter-name="jmsra" max-pool-size="250" steady-pool-size="1" name="jms/__defaultConnectionFactory-Connection-Pool" connection-definition-name="javax.jms.ConnectionFactory"></connector-connection-pool> + <connector-resource pool-name="jms/__defaultConnectionFactory-Connection-Pool" object-type="system-all-req" jndi-name="jms/__defaultConnectionFactory"></connector-resource> + <managed-scheduled-executor-service object-type="system-all" jndi-name="concurrent/__defaultManagedScheduledExecutorService"></managed-scheduled-executor-service> + <managed-executor-service object-type="system-all" jndi-name="concurrent/__defaultManagedExecutorService"></managed-executor-service> + <context-service object-type="system-all" jndi-name="concurrent/__defaultContextService"></context-service> + <managed-thread-factory object-type="system-all" jndi-name="concurrent/__defaultManagedThreadFactory"></managed-thread-factory> + </resources> + <servers> + <server config-ref="server-config" name="server"> + <application-ref ref="__admingui" virtual-servers="__asadmin"></application-ref> + <resource-ref ref="jdbc/__TimerPool"></resource-ref> + <resource-ref ref="jdbc/__default"></resource-ref> + <resource-ref ref="jms/__defaultConnectionFactory"></resource-ref> + <resource-ref ref="concurrent/__defaultManagedScheduledExecutorService"></resource-ref> + <resource-ref ref="concurrent/__defaultManagedExecutorService"></resource-ref> + <resource-ref ref="concurrent/__defaultContextService"></resource-ref> + <resource-ref ref="concurrent/__defaultManagedThreadFactory"></resource-ref> + </server> + </servers> + <nodes> + <node name="localhost-domain1" install-dir="${com.sun.aas.productRoot}" type="CONFIG" node-host="localhost"></node> + </nodes> + <configs> + <config name="server-config"> + <system-property name="JMS_PROVIDER_PORT" description="Port Number that JMS Service will listen for remote clients connection." value="7676"></system-property> + <http-service> + <access-log></access-log> + <virtual-server network-listeners="http-listener-1,http-listener-2" id="server"></virtual-server> + <virtual-server network-listeners="admin-listener" id="__asadmin"></virtual-server> + </http-service> + <iiop-service> + <orb use-thread-pool-ids="thread-pool-1"></orb> + <iiop-listener address="0.0.0.0" port="3700" lazy-init="true" id="orb-listener-1"></iiop-listener> + <iiop-listener address="0.0.0.0" port="3820" id="SSL" security-enabled="true"> + <ssl classname="com.sun.enterprise.security.ssl.GlassfishSSLImpl" cert-nickname="s1as"></ssl> + </iiop-listener> + <iiop-listener address="0.0.0.0" port="3920" id="SSL_MUTUALAUTH" security-enabled="true"> + <ssl classname="com.sun.enterprise.security.ssl.GlassfishSSLImpl" cert-nickname="s1as" client-auth-enabled="true"></ssl> + </iiop-listener> + </iiop-service> + <admin-service system-jmx-connector-name="system" type="das-and-server"> + <jmx-connector address="0.0.0.0" port="8686" name="system" auth-realm-name="admin-realm" security-enabled="false"></jmx-connector> + <property name="adminConsoleContextRoot" value="/admin"></property> + <property name="adminConsoleDownloadLocation" value="${com.sun.aas.installRoot}/lib/install/applications/admingui.war"></property> + <property name="ipsRoot" value="${com.sun.aas.installRoot}/.."></property> + <das-config></das-config> + </admin-service> + <connector-service></connector-service> + <transaction-service tx-log-dir="${com.sun.aas.instanceRoot}/logs"></transaction-service> + <batch-runtime-configuration></batch-runtime-configuration> + <jms-service default-jms-host="default_JMS_host" type="EMBEDDED"> + <jms-host port="${JMS_PROVIDER_PORT}" name="default_JMS_host" host="localhost"></jms-host> + </jms-service> + <web-container> + <session-config> + <session-manager> + <store-properties></store-properties> + <manager-properties></manager-properties> + </session-manager> + <session-properties></session-properties> + </session-config> + </web-container> + <ejb-container> + <ejb-timer-service></ejb-timer-service> + </ejb-container> + <rest-config></rest-config> + <diagnostic-service></diagnostic-service> + <security-service> + <auth-realm classname="com.sun.enterprise.security.auth.realm.file.FileRealm" name="admin-realm"> + <property name="file" value="${com.sun.aas.instanceRoot}/config/admin-keyfile"></property> + <property name="jaas-context" value="fileRealm"></property> + </auth-realm> + <auth-realm classname="com.sun.enterprise.security.auth.realm.file.FileRealm" name="file"> + <property name="file" value="${com.sun.aas.instanceRoot}/config/keyfile"></property> + <property name="jaas-context" value="fileRealm"></property> + </auth-realm> + <auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate"></auth-realm> + <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl"> + <property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy"></property> + </jacc-provider> + <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory"></jacc-provider> + <audit-module classname="com.sun.enterprise.security.ee.Audit" name="default"> + <property name="auditOn" value="false"></property> + </audit-module> + <message-security-config auth-layer="SOAP"> + <provider-config provider-type="client" provider-id="XWS_ClientProvider" class-name="com.sun.xml.wss.provider.ClientSecurityAuthModule"> + <request-policy auth-source="content"></request-policy> + <response-policy auth-source="content"></response-policy> + <property name="encryption.key.alias" value="s1as"></property> + <property name="signature.key.alias" value="s1as"></property> + <property name="dynamic.username.password" value="false"></property> + <property name="debug" value="false"></property> + </provider-config> + <provider-config provider-type="client" provider-id="ClientProvider" class-name="com.sun.xml.wss.provider.ClientSecurityAuthModule"> + <request-policy auth-source="content"></request-policy> + <response-policy auth-source="content"></response-policy> + <property name="encryption.key.alias" value="s1as"></property> + <property name="signature.key.alias" value="s1as"></property> + <property name="dynamic.username.password" value="false"></property> + <property name="debug" value="false"></property> + <property name="security.config" value="${com.sun.aas.instanceRoot}/config/wss-server-config-1.0.xml"></property> + </provider-config> + <provider-config provider-type="server" provider-id="XWS_ServerProvider" class-name="com.sun.xml.wss.provider.ServerSecurityAuthModule"> + <request-policy auth-source="content"></request-policy> + <response-policy auth-source="content"></response-policy> + <property name="encryption.key.alias" value="s1as"></property> + <property name="signature.key.alias" value="s1as"></property> + <property name="debug" value="false"></property> + </provider-config> + <provider-config provider-type="server" provider-id="ServerProvider" class-name="com.sun.xml.wss.provider.ServerSecurityAuthModule"> + <request-policy auth-source="content"></request-policy> + <response-policy auth-source="content"></response-policy> + <property name="encryption.key.alias" value="s1as"></property> + <property name="signature.key.alias" value="s1as"></property> + <property name="debug" value="false"></property> + <property name="security.config" value="${com.sun.aas.instanceRoot}/config/wss-server-config-1.0.xml"></property> + </provider-config> + </message-security-config> + <message-security-config auth-layer="HttpServlet"> + <provider-config provider-type="server" provider-id="GFConsoleAuthModule" class-name="org.glassfish.admingui.common.security.AdminConsoleAuthModule"> + <request-policy auth-source="sender"></request-policy> + <response-policy></response-policy> + <property name="loginPage" value="/login.jsf"></property> + <property name="loginErrorPage" value="/loginError.jsf"></property> + </provider-config> + </message-security-config> + <property name="default-digest-algorithm" value="SHA-256"></property> + </security-service> + <java-config classpath-suffix="" debug-options="-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=9009" system-classpath=""> + <jvm-options>-XX:MaxPermSize=192m</jvm-options> + <jvm-options>-client</jvm-options> + <jvm-options>-Djava.awt.headless=true</jvm-options> + <jvm-options>-Djavax.management.builder.initial=com.sun.enterprise.v3.admin.AppServerMBeanServerBuilder</jvm-options> + <jvm-options>-XX:+UnlockDiagnosticVMOptions</jvm-options> + <jvm-options>-Djava.endorsed.dirs=${com.sun.aas.installRoot}/modules/endorsed${path.separator}${com.sun.aas.installRoot}/lib/endorsed</jvm-options> + <jvm-options>-Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy</jvm-options> + <jvm-options>-Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf</jvm-options> + <jvm-options>-Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as</jvm-options> + <jvm-options>-Xmx512m</jvm-options> + <jvm-options>-Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.jks</jvm-options> + <jvm-options>-Djavax.net.ssl.trustStore=${com.sun.aas.instanceRoot}/config/cacerts.jks</jvm-options> + <jvm-options>-Djava.ext.dirs=${com.sun.aas.javaRoot}/lib/ext${path.separator}${com.sun.aas.javaRoot}/jre/lib/ext${path.separator}${com.sun.aas.instanceRoot}/lib/ext</jvm-options> + <jvm-options>-Djdbc.drivers=org.apache.derby.jdbc.ClientDriver</jvm-options> + <jvm-options>-DANTLR_USE_DIRECT_CLASS_LOADING=true</jvm-options> + <jvm-options>-Dcom.sun.enterprise.config.config_environment_factory_class=com.sun.enterprise.config.serverbeans.AppserverConfigEnvironmentFactory</jvm-options> + <jvm-options>-Dorg.glassfish.additionalOSGiBundlesToStart=org.apache.felix.shell,org.apache.felix.gogo.runtime,org.apache.felix.gogo.shell,org.apache.felix.gogo.command,org.apache.felix.shell.remote,org.apache.felix.fileinstall</jvm-options> + <jvm-options>-Dosgi.shell.telnet.port=6666</jvm-options> + <jvm-options>-Dosgi.shell.telnet.maxconn=1</jvm-options> + <jvm-options>-Dosgi.shell.telnet.ip=127.0.0.1</jvm-options> + <jvm-options>-Dgosh.args=--nointeractive</jvm-options> + <jvm-options>-Dfelix.fileinstall.dir=${com.sun.aas.installRoot}/modules/autostart/</jvm-options> + <jvm-options>-Dfelix.fileinstall.poll=5000</jvm-options> + <jvm-options>-Dfelix.fileinstall.log.level=2</jvm-options> + <jvm-options>-Dfelix.fileinstall.bundles.new.start=true</jvm-options> + <jvm-options>-Dfelix.fileinstall.bundles.startTransient=true</jvm-options> + <jvm-options>-Dfelix.fileinstall.disableConfigSave=false</jvm-options> + <jvm-options>-XX:NewRatio=2</jvm-options> + </java-config> + <network-config> + <protocols> + <protocol name="http-listener-1"> + <http max-connections="250" default-virtual-server="server"> + <file-cache></file-cache> + </http> + </protocol> + <protocol name="http-listener-2" security-enabled="true"> + <http max-connections="250" default-virtual-server="server"> + <file-cache></file-cache> + </http> + <ssl ssl3-enabled="false" classname="com.sun.enterprise.security.ssl.GlassfishSSLImpl" cert-nickname="s1as"></ssl> + </protocol> + <protocol name="admin-listener"> + <http encoded-slash-enabled="true" max-connections="250" default-virtual-server="__asadmin"> + <file-cache></file-cache> + </http> + </protocol> + <protocol name="sec-admin-listener" security-enabled="true"> + <http encoded-slash-enabled="true" default-virtual-server="__asadmin"> + <file-cache></file-cache> + </http> + <ssl ssl3-enabled="false" classname="com.sun.enterprise.security.ssl.GlassfishSSLImpl" client-auth="want" cert-nickname="s1as" renegotiate-on-client-auth-want="false"></ssl> + </protocol> + <protocol name="admin-http-redirect"> + <http-redirect secure="true"></http-redirect> + </protocol> + <protocol name="pu-protocol"> + <port-unification> + <protocol-finder protocol="sec-admin-listener" classname="org.glassfish.grizzly.config.portunif.HttpProtocolFinder" name="http-finder"></protocol-finder> + <protocol-finder protocol="admin-http-redirect" classname="org.glassfish.grizzly.config.portunif.HttpProtocolFinder" name="admin-http-redirect"></protocol-finder> + </port-unification> + </protocol> + </protocols> + <network-listeners> + <network-listener protocol="http-listener-1" port="8080" name="http-listener-1" thread-pool="http-thread-pool" transport="tcp"></network-listener> + <network-listener protocol="http-listener-2" port="8181" name="http-listener-2" thread-pool="http-thread-pool" transport="tcp"></network-listener> + <network-listener protocol="pu-protocol" port="4848" name="admin-listener" thread-pool="admin-thread-pool" transport="tcp"></network-listener> + </network-listeners> + <transports> + <transport name="tcp"></transport> + </transports> + </network-config> + <thread-pools> + <thread-pool name="admin-thread-pool" max-queue-size="256" max-thread-pool-size="50"></thread-pool> + <thread-pool name="http-thread-pool"></thread-pool> + <thread-pool name="thread-pool-1" max-thread-pool-size="200"></thread-pool> + </thread-pools> + <group-management-service> + <failure-detection></failure-detection> + </group-management-service> + <monitoring-service> + <module-monitoring-levels></module-monitoring-levels> + </monitoring-service> + <availability-service></availability-service> + </config> + <config name="default-config"> + <http-service> + <access-log></access-log> + <virtual-server network-listeners="http-listener-1, http-listener-2" id="server"> + <property name="default-web-xml" value="${com.sun.aas.instanceRoot}/config/default-web.xml"></property> + </virtual-server> + <virtual-server network-listeners="admin-listener" id="__asadmin"></virtual-server> + </http-service> + <iiop-service> + <orb use-thread-pool-ids="thread-pool-1"></orb> + <iiop-listener address="0.0.0.0" port="${IIOP_LISTENER_PORT}" id="orb-listener-1"></iiop-listener> + <iiop-listener address="0.0.0.0" port="${IIOP_SSL_LISTENER_PORT}" id="SSL" security-enabled="true"> + <ssl classname="com.sun.enterprise.security.ssl.GlassfishSSLImpl" cert-nickname="s1as"></ssl> + </iiop-listener> + <iiop-listener address="0.0.0.0" port="${IIOP_SSL_MUTUALAUTH_PORT}" id="SSL_MUTUALAUTH" security-enabled="true"> + <ssl classname="com.sun.enterprise.security.ssl.GlassfishSSLImpl" cert-nickname="s1as" client-auth-enabled="true"></ssl> + </iiop-listener> + </iiop-service> + <admin-service system-jmx-connector-name="system"> + <jmx-connector address="0.0.0.0" port="${JMX_SYSTEM_CONNECTOR_PORT}" name="system" auth-realm-name="admin-realm" security-enabled="false"></jmx-connector> + <property name="adminConsoleDownloadLocation" value="${com.sun.aas.installRoot}/lib/install/applications/admingui.war"></property> + <das-config></das-config> + </admin-service> + <web-container> + <session-config> + <session-manager> + <manager-properties></manager-properties> + <store-properties></store-properties> + </session-manager> + <session-properties></session-properties> + </session-config> + </web-container> + <ejb-container> + <ejb-timer-service></ejb-timer-service> + </ejb-container> + <mdb-container></mdb-container> + <jms-service addresslist-behavior="priority" default-jms-host="default_JMS_host" type="EMBEDDED"> + <jms-host port="${JMS_PROVIDER_PORT}" host="localhost" name="default_JMS_host"></jms-host> + </jms-service> + <log-service file="${com.sun.aas.instanceRoot}/logs/server.log" log-rotation-limit-in-bytes="2000000"> + <module-log-levels></module-log-levels> + </log-service> + <security-service> + <auth-realm classname="com.sun.enterprise.security.auth.realm.file.FileRealm" name="admin-realm"> + <property name="file" value="${com.sun.aas.instanceRoot}/config/admin-keyfile"></property> + <property name="jaas-context" value="fileRealm"></property> + </auth-realm> + <auth-realm classname="com.sun.enterprise.security.auth.realm.file.FileRealm" name="file"> + <property name="file" value="${com.sun.aas.instanceRoot}/config/keyfile"></property> + <property name="jaas-context" value="fileRealm"></property> + </auth-realm> + <auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate"></auth-realm> + <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl"> + <property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy"></property> + </jacc-provider> + <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory"></jacc-provider> + <audit-module classname="com.sun.enterprise.security.ee.Audit" name="default"> + <property name="auditOn" value="false"></property> + </audit-module> + <message-security-config auth-layer="SOAP"> + <provider-config provider-type="client" provider-id="XWS_ClientProvider" class-name="com.sun.xml.wss.provider.ClientSecurityAuthModule"> + <request-policy auth-source="content"></request-policy> + <response-policy auth-source="content"></response-policy> + <property name="encryption.key.alias" value="s1as"></property> + <property name="signature.key.alias" value="s1as"></property> + <property name="dynamic.username.password" value="false"></property> + <property name="debug" value="false"></property> + </provider-config> + <provider-config provider-type="client" provider-id="ClientProvider" class-name="com.sun.xml.wss.provider.ClientSecurityAuthModule"> + <request-policy auth-source="content"></request-policy> + <response-policy auth-source="content"></response-policy> + <property name="encryption.key.alias" value="s1as"></property> + <property name="signature.key.alias" value="s1as"></property> + <property name="dynamic.username.password" value="false"></property> + <property name="debug" value="false"></property> + <property name="security.config" value="${com.sun.aas.instanceRoot}/config/wss-server-config-1.0.xml"></property> + </provider-config> + <provider-config provider-type="server" provider-id="XWS_ServerProvider" class-name="com.sun.xml.wss.provider.ServerSecurityAuthModule"> + <request-policy auth-source="content"></request-policy> + <response-policy auth-source="content"></response-policy> + <property name="encryption.key.alias" value="s1as"></property> + <property name="signature.key.alias" value="s1as"></property> + <property name="debug" value="false"></property> + </provider-config> + <provider-config provider-type="server" provider-id="ServerProvider" class-name="com.sun.xml.wss.provider.ServerSecurityAuthModule"> + <request-policy auth-source="content"></request-policy> + <response-policy auth-source="content"></response-policy> + <property name="encryption.key.alias" value="s1as"></property> + <property name="signature.key.alias" value="s1as"></property> + <property name="debug" value="false"></property> + <property name="security.config" value="${com.sun.aas.instanceRoot}/config/wss-server-config-1.0.xml"></property> + </provider-config> + </message-security-config> + </security-service> + <transaction-service automatic-recovery="true" tx-log-dir="${com.sun.aas.instanceRoot}/logs"></transaction-service> + <diagnostic-service></diagnostic-service> + <java-config classpath-suffix="" debug-options="-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=${JAVA_DEBUGGER_PORT}" system-classpath=""> + <jvm-options>-XX:MaxPermSize=192m</jvm-options> + <jvm-options>-server</jvm-options> + <jvm-options>-Djava.awt.headless=true</jvm-options> + <jvm-options>-XX:+UnlockDiagnosticVMOptions</jvm-options> + <jvm-options>-Djava.endorsed.dirs=${com.sun.aas.installRoot}/modules/endorsed${path.separator}${com.sun.aas.installRoot}/lib/endorsed</jvm-options> + <jvm-options>-Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy</jvm-options> + <jvm-options>-Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf</jvm-options> + <jvm-options>-Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as</jvm-options> + <jvm-options>-Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.jks</jvm-options> + <jvm-options>-Djavax.net.ssl.trustStore=${com.sun.aas.instanceRoot}/config/cacerts.jks</jvm-options> + <jvm-options>-Djava.ext.dirs=${com.sun.aas.javaRoot}/lib/ext${path.separator}${com.sun.aas.javaRoot}/jre/lib/ext${path.separator}${com.sun.aas.instanceRoot}/lib/ext</jvm-options> + <jvm-options>-Djdbc.drivers=org.apache.derby.jdbc.ClientDriver</jvm-options> + <jvm-options>-DANTLR_USE_DIRECT_CLASS_LOADING=true</jvm-options> + <jvm-options>-Dcom.sun.enterprise.config.config_environment_factory_class=com.sun.enterprise.config.serverbeans.AppserverConfigEnvironmentFactory</jvm-options> + <jvm-options>-XX:NewRatio=2</jvm-options> + <jvm-options>-Xmx512m</jvm-options> + <jvm-options>-Dorg.glassfish.additionalOSGiBundlesToStart=org.apache.felix.shell,org.apache.felix.gogo.runtime,org.apache.felix.gogo.shell,org.apache.felix.gogo.command,org.apache.felix.fileinstall</jvm-options> + <jvm-options>-Dosgi.shell.telnet.port=${OSGI_SHELL_TELNET_PORT}</jvm-options> + <jvm-options>-Dosgi.shell.telnet.maxconn=1</jvm-options> + <jvm-options>-Dosgi.shell.telnet.ip=127.0.0.1</jvm-options> + <jvm-options>-Dgosh.args=--noshutdown -c noop=true</jvm-options> + <jvm-options>-Dfelix.fileinstall.dir=${com.sun.aas.installRoot}/modules/autostart/</jvm-options> + <jvm-options>-Dfelix.fileinstall.poll=5000</jvm-options> + <jvm-options>-Dfelix.fileinstall.log.level=3</jvm-options> + <jvm-options>-Dfelix.fileinstall.bundles.new.start=true</jvm-options> + <jvm-options>-Dfelix.fileinstall.bundles.startTransient=true</jvm-options> + <jvm-options>-Dfelix.fileinstall.disableConfigSave=false</jvm-options> + </java-config> + <availability-service> + <web-container-availability></web-container-availability> + <ejb-container-availability sfsb-store-pool-name="jdbc/hastore"></ejb-container-availability> + <jms-availability></jms-availability> + </availability-service> + <network-config> + <protocols> + <protocol name="http-listener-1"> + <http default-virtual-server="server"> + <file-cache></file-cache> + </http> + </protocol> + <protocol name="http-listener-2" security-enabled="true"> + <http default-virtual-server="server"> + <file-cache></file-cache> + </http> + <ssl ssl3-enabled="false" classname="com.sun.enterprise.security.ssl.GlassfishSSLImpl" cert-nickname="s1as"></ssl> + </protocol> + <protocol name="admin-listener"> + <http max-connections="250" default-virtual-server="__asadmin"> + <file-cache></file-cache> + </http> + </protocol> + <protocol name="sec-admin-listener" security-enabled="true"> + <http encoded-slash-enabled="true" default-virtual-server="__asadmin"> + <file-cache></file-cache> + </http> + <ssl ssl3-enabled="false" classname="com.sun.enterprise.security.ssl.GlassfishSSLImpl" client-auth="want" cert-nickname="glassfish-instance" renegotiate-on-client-auth-want="false"></ssl> + </protocol> + <protocol name="admin-http-redirect"> + <http-redirect secure="true"></http-redirect> + </protocol> + <protocol name="pu-protocol"> + <port-unification> + <protocol-finder protocol="sec-admin-listener" classname="org.glassfish.grizzly.config.portunif.HttpProtocolFinder" name="http-finder"></protocol-finder> + <protocol-finder protocol="admin-http-redirect" classname="org.glassfish.grizzly.config.portunif.HttpProtocolFinder" name="admin-http-redirect"></protocol-finder> + </port-unification> + </protocol> + </protocols> + <network-listeners> + <network-listener protocol="http-listener-1" port="${HTTP_LISTENER_PORT}" name="http-listener-1" thread-pool="http-thread-pool" transport="tcp"></network-listener> + <network-listener protocol="http-listener-2" port="${HTTP_SSL_LISTENER_PORT}" name="http-listener-2" thread-pool="http-thread-pool" transport="tcp"></network-listener> + <network-listener protocol="pu-protocol" port="${ASADMIN_LISTENER_PORT}" name="admin-listener" thread-pool="http-thread-pool" transport="tcp"></network-listener> + </network-listeners> + <transports> + <transport name="tcp"></transport> + </transports> + </network-config> + <thread-pools> + <thread-pool name="http-thread-pool"></thread-pool> + <thread-pool name="thread-pool-1" max-thread-pool-size="200"></thread-pool> + <thread-pool name="admin-thread-pool" max-thread-pool-size="50" max-queue-size="256"></thread-pool> + </thread-pools> + <group-management-service> + <failure-detection></failure-detection> + </group-management-service> + <system-property name="JMS_PROVIDER_PORT" description="Port Number that JMS Service will listen for remote clients connection." value="27676"></system-property> + <system-property name="ASADMIN_LISTENER_PORT" value="24848"></system-property> + <system-property name="HTTP_LISTENER_PORT" value="28080"></system-property> + <system-property name="HTTP_SSL_LISTENER_PORT" value="28181"></system-property> + <system-property name="IIOP_LISTENER_PORT" value="23700"></system-property> + <system-property name="IIOP_SSL_LISTENER_PORT" value="23820"></system-property> + <system-property name="IIOP_SSL_MUTUALAUTH_PORT" value="23920"></system-property> + <system-property name="JMX_SYSTEM_CONNECTOR_PORT" value="28686"></system-property> + <system-property name="OSGI_SHELL_TELNET_PORT" value="26666"></system-property> + <system-property name="JAVA_DEBUGGER_PORT" value="29009"></system-property> + <monitoring-service> + <module-monitoring-levels></module-monitoring-levels> + </monitoring-service> + </config> + </configs> + <property name="administrative.domain.name" value="domain1"></property> + <secure-admin special-admin-indicator="4de31578-ac8c-49cf-884e-77faada83599" enabled="true"> + <secure-admin-principal dn="CN=localhost,OU=GlassFish,O=Oracle Corporation,L=Santa Clara,ST=California,C=US"></secure-admin-principal> + <secure-admin-principal dn="CN=localhost-instance,OU=GlassFish,O=Oracle Corporation,L=Santa Clara,ST=California,C=US"></secure-admin-principal> + </secure-admin> + <clusters></clusters> + <applications></applications> +</domain> \ No newline at end of file diff --git a/resources/glassfish/start_glassfish.bat b/resources/glassfish/start_glassfish.bat new file mode 100644 index 0000000..40b361f --- /dev/null +++ b/resources/glassfish/start_glassfish.bat @@ -0,0 +1,3 @@ +C:\glassfish\bin\asadmin.bat start-domain domain1 + +C:\glassfish\bin\asadmin.bat --host localhost --port 4848 enable-secure-admin \ No newline at end of file diff --git a/resources/jenkins/jenkins.war b/resources/jenkins/jenkins.war new file mode 100644 index 0000000..905672b Binary files /dev/null and b/resources/jenkins/jenkins.war differ diff --git a/resources/jenkins/start_jenkins.bat b/resources/jenkins/start_jenkins.bat new file mode 100644 index 0000000..a2caa22 --- /dev/null +++ b/resources/jenkins/start_jenkins.bat @@ -0,0 +1 @@ +java -jar "%ProgramFiles%\jenkins\jenkins.war" --httpPort=8383 \ No newline at end of file diff --git a/resources/security_settings/secconfig.cfg b/resources/security_settings/secconfig.cfg new file mode 100644 index 0000000..a513cb5 Binary files /dev/null and b/resources/security_settings/secconfig.cfg differ diff --git a/scripts/chocolatey_installs/7zip.bat b/scripts/chocolatey_installs/7zip.bat new file mode 100644 index 0000000..c28afc4 --- /dev/null +++ b/scripts/chocolatey_installs/7zip.bat @@ -0,0 +1,4 @@ +chocolatey feature enable -n=allowGlobalConfirmation +choco install 7zip +chocolatey feature disable -n=allowGlobalConfirmation +exit \ No newline at end of file diff --git a/scripts/chocolatey_installs/java.bat b/scripts/chocolatey_installs/java.bat new file mode 100644 index 0000000..6eccfd5 --- /dev/null +++ b/scripts/chocolatey_installs/java.bat @@ -0,0 +1,4 @@ +chocolatey feature enable -n=allowGlobalConfirmation +choco install javaruntime-platformspecific +chocolatey feature disable -n=allowGlobalConfirmation +exit \ No newline at end of file diff --git a/scripts/chocolatey_installs/tomcat.bat b/scripts/chocolatey_installs/tomcat.bat new file mode 100644 index 0000000..1f321c4 --- /dev/null +++ b/scripts/chocolatey_installs/tomcat.bat @@ -0,0 +1,4 @@ +chocolatey feature enable -n=allowGlobalConfirmation +choco install tomcat +chocolatey feature disable -n=allowGlobalConfirmation +exit \ No newline at end of file diff --git a/scripts/configs/apply_password_settings.bat b/scripts/configs/apply_password_settings.bat new file mode 100644 index 0000000..e0d0809 --- /dev/null +++ b/scripts/configs/apply_password_settings.bat @@ -0,0 +1 @@ +secedit.exe /configure /db %windir%\securitynew.sdb /cfg C:\vagrant\resources\security_settings\secconfig.cfg /areas SECURITYPOLICY \ No newline at end of file diff --git a/scripts/configs/configure_firewall.bat b/scripts/configs/configure_firewall.bat new file mode 100644 index 0000000..d0e4c8f --- /dev/null +++ b/scripts/configs/configure_firewall.bat @@ -0,0 +1,8 @@ +netsh advfirewall firewall add rule name="Open Port 8383 for Jenkins" dir=in action=allow protocol=TCP localport=8383 +netsh advfirewall firewall add rule name="Open Port 5985 for WinRM" dir=in action=allow protocol=TCP localport=5985 +netsh advfirewall firewall add rule name="Open Port 8282 for Apache Struts" dir=in action=allow protocol=TCP localport=8282 +netsh advfirewall firewall add rule name="Open Port 80 for IIS" dir=in action=allow protocol=TCP localport=80 +netsh advfirewall firewall add rule name="Open Port 4848 for GlassFish" dir=in action=allow protocol=TCP localport=4848 +netsh advfirewall firewall add rule name="Open Port 8080 for GlassFish" dir=in action=allow protocol=TCP localport=8080 +netsh advfirewall firewall add rule name="Open Port 3389 for Remote Desktop" dir=in action=allow protocol=TCP localport=3389 + diff --git a/scripts/configs/create_users.bat b/scripts/configs/create_users.bat new file mode 100644 index 0000000..4bdd4ae --- /dev/null +++ b/scripts/configs/create_users.bat @@ -0,0 +1,30 @@ +net user leah_organa help_me_obiw@n /ADD +net user luke_skywalker use_the_f0rce /ADD +net user han_solo sh00t-first /ADD +net user artoo_detoo beep_b00p /ADD +net user c_three_pio pr0t0c0l /ADD +net user ben_kenobi thats_no_moon /ADD +net user darth_vader d@rk_sid3 /ADD +net user anakin_skywalker yipp33!! /ADD +net user jarjar_binks mesah_p@ssw0rd /ADD +net user lando_calrissian b@ckstab /ADD +net user boba_fett mandalorian1 /ADD +net user jabba_hutt not-a-slug12 /ADD +net user greedo hanShotFirst! /ADD +net user chewbacca rwaaaaawr5 /ADD +net user kylo_ren daddy_issues1 /ADD + +net localgroup "Backup Operators" leah_organa /ADD +net localgroup "Certificate Service DCOM Access" luke_skywalker /ADD +net localgroup "Cryptographic Operators" han_solo /ADD +net localgroup "Distributed COM Users" artoo_detoo /ADD +net localgroup "Event Log Readers" c_three_pio /ADD +net localgroup "Guests" ben_kenobi /ADD +net localgroup "IIS_IUSRS" darth_vader /ADD +net localgroup "Network Configuration Operators" anakin_skywalker /ADD +net localgroup "Performance Log Users" jarjar_binks /ADD +net localgroup "Performance Monitor Users" lando_calrissian /ADD +net localgroup "Power Users" boba_fett /ADD +net localgroup "Print Operators" jabba_hutt /ADD +net localgroup "Remote Desktop Users" greedo /ADD +net localgroup "Replicator" chewbacca /ADD \ No newline at end of file diff --git a/scripts/configs/disable-auto-logon.bat b/scripts/configs/disable-auto-logon.bat new file mode 100644 index 0000000..b3e8c04 --- /dev/null +++ b/scripts/configs/disable-auto-logon.bat @@ -0,0 +1 @@ +reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /d 0 /f \ No newline at end of file diff --git a/scripts/configs/enable-rdp.bat b/scripts/configs/enable-rdp.bat new file mode 100644 index 0000000..f7dcaab --- /dev/null +++ b/scripts/configs/enable-rdp.bat @@ -0,0 +1,2 @@ +netsh advfirewall firewall add rule name="Open Port 3389" dir=in action=allow protocol=TCP localport=3389 +reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f diff --git a/scripts/configs/microsoft-updates.bat b/scripts/configs/microsoft-updates.bat new file mode 100644 index 0000000..2cb8fa0 --- /dev/null +++ b/scripts/configs/microsoft-updates.bat @@ -0,0 +1,12 @@ +net stop wuauserv + +reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v EnableFeaturedSoftware /t REG_DWORD /d 1 /f + +reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v IncludeRecommendedUpdates /t REG_DWORD /d 1 /f + +echo Set ServiceManager = CreateObject("Microsoft.Update.ServiceManager") > A:\temp.vbs +echo Set NewUpdateService = ServiceManager.AddService2("7971f918-a847-4430-9279-4a52d1efe18d",7,"") >> A:\temp.vbs + +cscript A:\temp.vbs + +net start wuauserv \ No newline at end of file diff --git a/scripts/configs/update_root_certs.bat b/scripts/configs/update_root_certs.bat new file mode 100644 index 0000000..2a29091 --- /dev/null +++ b/scripts/configs/update_root_certs.bat @@ -0,0 +1,9 @@ +cmd /c certutil -addstore -f "Root" A:\addtrust_external_ca.cer +cmd /c certutil -addstore -f "Root" A:\baltimore_ca.cer +cmd /c certutil -addstore -f "Root" A:\digicert.cer +cmd /c certutil -addstore -f "Root" A:\equifax.cer +cmd /c certutil -addstore -f "Root" A:\globalsign.cer +cmd /c certutil -addstore -f "Root" A:\gte_cybertrust.cer +cmd /c certutil -addstore -f "Root" A:\microsoft_root_2011.cer +cmd /c certutil -addstore -f "Root" A:\thawte_primary_root.cer +cmd /c certutil -addstore -f "Root" A:\utn-userfirst.cer \ No newline at end of file diff --git a/scripts/configs/vagrant-ssh.bat b/scripts/configs/vagrant-ssh.bat new file mode 100644 index 0000000..9f61deb --- /dev/null +++ b/scripts/configs/vagrant-ssh.bat @@ -0,0 +1,6 @@ +:: vagrant public key +if exist a:\vagrant.pub ( + copy a:\vagrant.pub C:\Users\vagrant\.ssh\authorized_keys +) else ( + powershell -Command "(New-Object System.Net.WebClient).DownloadFile('https://raw.githubusercontent.com/mitchellh/vagrant/master/keys/vagrant.pub', 'C:\Users\vagrant\.ssh\authorized_keys')" <NUL +) diff --git a/scripts/configs/win-updates.ps1 b/scripts/configs/win-updates.ps1 new file mode 100644 index 0000000..59a88d7 --- /dev/null +++ b/scripts/configs/win-updates.ps1 @@ -0,0 +1,233 @@ +param($global:RestartRequired=0, + $global:MoreUpdates=0, + $global:MaxCycles=5, + $MaxUpdatesPerCycle=500) + +$Logfile = "C:\Windows\Temp\win-updates.log" + +function LogWrite { + Param ([string]$logstring) + $now = Get-Date -format s + Add-Content $Logfile -value "$now $logstring" + Write-Host $logstring +} + +function Check-ContinueRestartOrEnd() { + $RegistryKey = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" + $RegistryEntry = "InstallWindowsUpdates" + switch ($global:RestartRequired) { + 0 { + $prop = (Get-ItemProperty $RegistryKey).$RegistryEntry + if ($prop) { + LogWrite "Restart Registry Entry Exists - Removing It" + Remove-ItemProperty -Path $RegistryKey -Name $RegistryEntry -ErrorAction SilentlyContinue + } + + LogWrite "No Restart Required" + Check-WindowsUpdates + + if (($global:MoreUpdates -eq 1) -and ($script:Cycles -le $global:MaxCycles)) { + Install-WindowsUpdates + } elseif ($script:Cycles -gt $global:MaxCycles) { + LogWrite "Exceeded Cycle Count - Stopping" + Invoke-Expression "a:\openssh.ps1 -AutoStart" + } else { + LogWrite "Done Installing Windows Updates" + Invoke-Expression "a:\openssh.ps1 -AutoStart" + } + } + 1 { + $prop = (Get-ItemProperty $RegistryKey).$RegistryEntry + if (-not $prop) { + LogWrite "Restart Registry Entry Does Not Exist - Creating It" + Set-ItemProperty -Path $RegistryKey -Name $RegistryEntry -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File $($script:ScriptPath) -MaxUpdatesPerCycle $($MaxUpdatesPerCycle)" + } else { + LogWrite "Restart Registry Entry Exists Already" + } + + LogWrite "Restart Required - Restarting..." + Restart-Computer + } + default { + LogWrite "Unsure If A Restart Is Required" + break + } + } +} + +function Install-WindowsUpdates() { + $script:Cycles++ + LogWrite "Evaluating Available Updates with limit of $($MaxUpdatesPerCycle):" + $UpdatesToDownload = New-Object -ComObject 'Microsoft.Update.UpdateColl' + $script:i = 0; + $CurrentUpdates = $SearchResult.Updates + while($script:i -lt $CurrentUpdates.Count -and $script:CycleUpdateCount -lt $MaxUpdatesPerCycle) { + $Update = $CurrentUpdates.Item($script:i) + if (($Update -ne $null) -and (!$Update.IsDownloaded)) { + [bool]$addThisUpdate = $false + if ($Update.InstallationBehavior.CanRequestUserInput) { + LogWrite "> Skipping: $($Update.Title) because it requires user input" + } else { + if (!($Update.EulaAccepted)) { + LogWrite "> Note: $($Update.Title) has a license agreement that must be accepted. Accepting the license." + $Update.AcceptEula() + [bool]$addThisUpdate = $true + $script:CycleUpdateCount++ + } else { + [bool]$addThisUpdate = $true + $script:CycleUpdateCount++ + } + } + + if ([bool]$addThisUpdate) { + LogWrite "Adding: $($Update.Title)" + $UpdatesToDownload.Add($Update) |Out-Null + } + } + $script:i++ + } + + if ($UpdatesToDownload.Count -eq 0) { + LogWrite "No Updates To Download..." + } else { + LogWrite 'Downloading Updates...' + $ok = 0; + while (! $ok) { + try { + $Downloader = $UpdateSession.CreateUpdateDownloader() + $Downloader.Updates = $UpdatesToDownload + $Downloader.Download() + $ok = 1; + } catch { + LogWrite $_.Exception | Format-List -force + LogWrite "Error downloading updates. Retrying in 30s." + $script:attempts = $script:attempts + 1 + Start-Sleep -s 30 + } + } + } + + $UpdatesToInstall = New-Object -ComObject 'Microsoft.Update.UpdateColl' + [bool]$rebootMayBeRequired = $false + LogWrite 'The following updates are downloaded and ready to be installed:' + foreach ($Update in $SearchResult.Updates) { + if (($Update.IsDownloaded)) { + LogWrite "> $($Update.Title)" + $UpdatesToInstall.Add($Update) |Out-Null + + if ($Update.InstallationBehavior.RebootBehavior -gt 0){ + [bool]$rebootMayBeRequired = $true + } + } + } + + if ($UpdatesToInstall.Count -eq 0) { + LogWrite 'No updates available to install...' + $global:MoreUpdates=0 + $global:RestartRequired=0 + Invoke-Expression "a:\openssh.ps1 -AutoStart" + break + } + + if ($rebootMayBeRequired) { + LogWrite 'These updates may require a reboot' + $global:RestartRequired=1 + } + + LogWrite 'Installing updates...' + + $Installer = $script:UpdateSession.CreateUpdateInstaller() + $Installer.Updates = $UpdatesToInstall + $InstallationResult = $Installer.Install() + + LogWrite "Installation Result: $($InstallationResult.ResultCode)" + LogWrite "Reboot Required: $($InstallationResult.RebootRequired)" + LogWrite 'Listing of updates installed and individual installation results:' + if ($InstallationResult.RebootRequired) { + $global:RestartRequired=1 + } else { + $global:RestartRequired=0 + } + + for($i=0; $i -lt $UpdatesToInstall.Count; $i++) { + New-Object -TypeName PSObject -Property @{ + Title = $UpdatesToInstall.Item($i).Title + Result = $InstallationResult.GetUpdateResult($i).ResultCode + } + LogWrite "Item: " $UpdatesToInstall.Item($i).Title + LogWrite "Result: " $InstallationResult.GetUpdateResult($i).ResultCode; + } + + Check-ContinueRestartOrEnd +} + +function Check-WindowsUpdates() { + LogWrite "Checking For Windows Updates" + $Username = $env:USERDOMAIN + "\" + $env:USERNAME + + New-EventLog -Source $ScriptName -LogName 'Windows Powershell' -ErrorAction SilentlyContinue + + $Message = "Script: " + $ScriptPath + "`nScript User: " + $Username + "`nStarted: " + (Get-Date).toString() + + Write-EventLog -LogName 'Windows Powershell' -Source $ScriptName -EventID "104" -EntryType "Information" -Message $Message + LogWrite $Message + + $script:UpdateSearcher = $script:UpdateSession.CreateUpdateSearcher() + $script:successful = $FALSE + $script:attempts = 0 + $script:maxAttempts = 12 + while(-not $script:successful -and $script:attempts -lt $script:maxAttempts) { + try { + $script:SearchResult = $script:UpdateSearcher.Search("IsInstalled=0 and Type='Software' and IsHidden=0") + $script:successful = $TRUE + } catch { + LogWrite $_.Exception | Format-List -force + LogWrite "Search call to UpdateSearcher was unsuccessful. Retrying in 10s." + $script:attempts = $script:attempts + 1 + Start-Sleep -s 10 + } + } + + if ($SearchResult.Updates.Count -ne 0) { + $Message = "There are " + $SearchResult.Updates.Count + " more updates." + LogWrite $Message + try { + for($i=0; $i -lt $script:SearchResult.Updates.Count; $i++) { + LogWrite $script:SearchResult.Updates.Item($i).Title + LogWrite $script:SearchResult.Updates.Item($i).Description + LogWrite $script:SearchResult.Updates.Item($i).RebootRequired + LogWrite $script:SearchResult.Updates.Item($i).EulaAccepted + } + $global:MoreUpdates=1 + } catch { + LogWrite $_.Exception | Format-List -force + LogWrite "Showing SearchResult was unsuccessful. Rebooting." + $global:RestartRequired=1 + $global:MoreUpdates=0 + Check-ContinueRestartOrEnd + LogWrite "Show never happen to see this text!" + Restart-Computer + } + } else { + LogWrite 'There are no applicable updates' + $global:RestartRequired=0 + $global:MoreUpdates=0 + } +} + +$script:ScriptName = $MyInvocation.MyCommand.ToString() +$script:ScriptPath = $MyInvocation.MyCommand.Path +$script:UpdateSession = New-Object -ComObject 'Microsoft.Update.Session' +$script:UpdateSession.ClientApplicationID = 'Packer Windows Update Installer' +$script:UpdateSearcher = $script:UpdateSession.CreateUpdateSearcher() +$script:SearchResult = New-Object -ComObject 'Microsoft.Update.UpdateColl' +$script:Cycles = 0 +$script:CycleUpdateCount = 0 + +Check-WindowsUpdates +if ($global:MoreUpdates -eq 1) { + Install-WindowsUpdates +} else { + Check-ContinueRestartOrEnd +} + diff --git a/scripts/installs/chocolatey.cmd b/scripts/installs/chocolatey.cmd new file mode 100644 index 0000000..564707c --- /dev/null +++ b/scripts/installs/chocolatey.cmd @@ -0,0 +1 @@ +@powershell -NoProfile -ExecutionPolicy Bypass -File "%systemdrive%\vagrant\scripts\installs\install_chocolatey.ps1" \ No newline at end of file diff --git a/scripts/installs/install_boxstarter.bat b/scripts/installs/install_boxstarter.bat new file mode 100644 index 0000000..5c0cd4b --- /dev/null +++ b/scripts/installs/install_boxstarter.bat @@ -0,0 +1,3 @@ +chocolatey feature enable -n=allowGlobalConfirmation +choco install BoxStarter +chocolatey feature disable -n=allowGlobalConfirmation \ No newline at end of file diff --git a/scripts/installs/install_chocolatey.ps1 b/scripts/installs/install_chocolatey.ps1 new file mode 100644 index 0000000..c726122 --- /dev/null +++ b/scripts/installs/install_chocolatey.ps1 @@ -0,0 +1,5 @@ +$ChocoInstallPath = "$env:SystemDrive\ProgramData\Chocolatey\bin" + +if (!(Test-Path $ChocoInstallPath)) { + iex ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1')) +} \ No newline at end of file diff --git a/scripts/installs/openssh.ps1 b/scripts/installs/openssh.ps1 new file mode 100644 index 0000000..c4e35bb --- /dev/null +++ b/scripts/installs/openssh.ps1 @@ -0,0 +1,87 @@ +param ( + [switch]$AutoStart = $false +) + +Write-Output "AutoStart: $AutoStart" +$is_64bit = [IntPtr]::size -eq 8 + +# setup openssh +$ssh_download_url = "http://www.mls-software.com/files/setupssh-7.1p1-1.exe" + +if (!(Test-Path "C:\Program Files\OpenSSH\bin\ssh.exe")) { + Write-Output "Downloading $ssh_download_url" + (New-Object System.Net.WebClient).DownloadFile($ssh_download_url, "C:\Windows\Temp\openssh.exe") + + # initially set the port to 2222 so that there is not a race + # condition in which packer connects to SSH before we can disable the service + Start-Process "C:\Windows\Temp\openssh.exe" "/S /port=2222 /privsep=1 /password=D@rj33l1ng" -NoNewWindow -Wait +} + +Stop-Service "OpenSSHd" -Force + +# ensure vagrant can log in +Write-Output "Setting vagrant user file permissions" +New-Item -ItemType Directory -Force -Path "C:\Users\vagrant\.ssh" +C:\Windows\System32\icacls.exe "C:\Users\vagrant" /grant "vagrant:(OI)(CI)F" +C:\Windows\System32\icacls.exe "C:\Program Files\OpenSSH\bin" /grant "vagrant:(OI)RX" +C:\Windows\System32\icacls.exe "C:\Program Files\OpenSSH\usr\sbin" /grant "vagrant:(OI)RX" + +Write-Output "Setting SSH home directories" + (Get-Content "C:\Program Files\OpenSSH\etc\passwd") | + Foreach-Object { $_ -replace '/home/(\w+)', '/cygdrive/c/Users/$1' } | + Set-Content 'C:\Program Files\OpenSSH\etc\passwd' + +# Set shell to /bin/sh to return exit status +$passwd_file = Get-Content 'C:\Program Files\OpenSSH\etc\passwd' +$passwd_file = $passwd_file -replace '/bin/bash', '/bin/sh' +Set-Content 'C:\Program Files\OpenSSH\etc\passwd' $passwd_file + +# fix opensshd to not be strict +Write-Output "Setting OpenSSH to be non-strict" +$sshd_config = Get-Content "C:\Program Files\OpenSSH\etc\sshd_config" +$sshd_config = $sshd_config -replace 'StrictModes yes', 'StrictModes no' +$sshd_config = $sshd_config -replace '#PubkeyAuthentication yes', 'PubkeyAuthentication yes' +$sshd_config = $sshd_config -replace '#PermitUserEnvironment no', 'PermitUserEnvironment yes' +# disable the use of DNS to speed up the time it takes to establish a connection +$sshd_config = $sshd_config -replace '#UseDNS yes', 'UseDNS no' +# disable the login banner +$sshd_config = $sshd_config -replace 'Banner /etc/banner.txt', '#Banner /etc/banner.txt' +# next time OpenSSH starts have it listen on th eproper port +$sshd_config = $sshd_config -replace 'Port 2222', "Port 22" +Set-Content "C:\Program Files\OpenSSH\etc\sshd_config" $sshd_config + +Write-Output "Removing ed25519 key as Vagrant net-ssh 2.9.1 does not support it" +Remove-Item -Force -ErrorAction SilentlyContinue "C:\Program Files\OpenSSH\etc\ssh_host_ed25519_key" +Remove-Item -Force -ErrorAction SilentlyContinue "C:\Program Files\OpenSSH\etc\ssh_host_ed25519_key.pub" + +# use c:\Windows\Temp as /tmp location +Write-Output "Setting temp directory location" +Remove-Item -Recurse -Force -ErrorAction SilentlyContinue "C:\Program Files\OpenSSH\tmp" +C:\Program` Files\OpenSSH\bin\junction.exe /accepteula "C:\Program Files\OpenSSH\tmp" "C:\Windows\Temp" +C:\Windows\System32\icacls.exe "C:\Windows\Temp" /grant "vagrant:(OI)(CI)F" + +# add 64 bit environment variables missing from SSH +Write-Output "Setting SSH environment" +$sshenv = "TEMP=C:\Windows\Temp" +if ($is_64bit) { + $env_vars = "ProgramFiles(x86)=C:\Program Files (x86)", ` + "ProgramW6432=C:\Program Files", ` + "CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files", ` + "CommonProgramW6432=C:\Program Files\Common Files" + $sshenv = $sshenv + "`r`n" + ($env_vars -join "`r`n") +} +Set-Content C:\Users\vagrant\.ssh\environment $sshenv + +# record the path for provisioners (without the newline) +Write-Output "Recording PATH for provisioners" +Set-Content C:\Windows\Temp\PATH ([byte[]][char[]] $env:PATH) -Encoding Byte + +# configure firewall +Write-Output "Configuring firewall" +netsh advfirewall firewall add rule name="SSHD" dir=in action=allow service=OpenSSHd enable=yes +netsh advfirewall firewall add rule name="SSHD" dir=in action=allow program="C:\Program Files\OpenSSH\usr\sbin\sshd.exe" enable=yes +netsh advfirewall firewall add rule name="ssh" dir=in action=allow protocol=TCP localport=22 + +if ($AutoStart -eq $true) { + Start-Service "OpenSSHd" +} diff --git a/scripts/installs/setup_apache_struts.bat b/scripts/installs/setup_apache_struts.bat new file mode 100644 index 0000000..7bf6d93 --- /dev/null +++ b/scripts/installs/setup_apache_struts.bat @@ -0,0 +1,7 @@ +rm "%CATALINA_HOME%\conf\tomcat-users.xml" +copy C:\vagrant\resources\apache_struts\tomcat-users.xml "%CATALINA_HOME%\conf\tomcat-users.xml" +copy C:\vagrant\resources\apache_struts\server.xml "%CATALINA_HOME%\conf" + +net start "Apache Tomcat 8.0 Tomcat8" + +copy C:\vagrant\resources\apache_struts\struts2-rest-showcase.war "%CATALINA_HOME%\webapps" \ No newline at end of file diff --git a/scripts/installs/setup_caidao.bat b/scripts/installs/setup_caidao.bat new file mode 100644 index 0000000..daa3fb8 --- /dev/null +++ b/scripts/installs/setup_caidao.bat @@ -0,0 +1 @@ +copy C:\vagrant\resources\caidao\caidao.asp "C:\inetpub\wwwroot" \ No newline at end of file diff --git a/scripts/installs/setup_glassfish.bat b/scripts/installs/setup_glassfish.bat new file mode 100644 index 0000000..707bea4 --- /dev/null +++ b/scripts/installs/setup_glassfish.bat @@ -0,0 +1,8 @@ +mkdir C:\glassfish +powershell -Command "(New-Object System.Net.WebClient).DownloadFile('http://download.java.net/glassfish/4.0/release/glassfish-4.0.zip', 'C:\Windows\Temp\glassfish4.zip')" <NUL +cmd /c ""C:\Program Files\7-Zip\7z.exe" x "C:\Windows\Temp\glassfish4.zip" -oC:\glassfish" +copy /Y "C:\vagrant\resources\glassfish\admin-keyfile" "C:\glassfish\glassfish4\glassfish\domains\domain1\config\admin-keyfile" +copy /Y "C:\vagrant\resources\glassfish\domain.xml" "C:\glassfish\glassfish4\glassfish\domains\domain1\config\domain.xml" + +schtasks /create /tn "GlassFish" /tr "C:\glassfish\glassfish4\bin\asadmin.bat start-domain domain1" /sc onstart /np +schtasks /run /tn "GlassFish" \ No newline at end of file diff --git a/scripts/installs/setup_iis.bat b/scripts/installs/setup_iis.bat new file mode 100644 index 0000000..7bfdaab --- /dev/null +++ b/scripts/installs/setup_iis.bat @@ -0,0 +1 @@ +start /w PKGMGR.EXE /iu:IIS-WebServerRole;IIS-WebServer;IIS-CommonHttpFeatures;IIS-ApplicationDevelopment;IIS-ASPNET;IIS-NetFxExtensibility;IIS-ASP;IIS-CGI;IIS-ISAPIExtensions;IIS-ISAPIFilter;IIS-ServerSideIncludes; \ No newline at end of file diff --git a/scripts/installs/setup_jenkins.bat b/scripts/installs/setup_jenkins.bat new file mode 100644 index 0000000..d8facf5 --- /dev/null +++ b/scripts/installs/setup_jenkins.bat @@ -0,0 +1,5 @@ +mkdir "%ProgramFiles%\jenkins" +copy C:\vagrant\resources\jenkins\jenkins.war "%ProgramFiles%\jenkins" +copy C:\vagrant\resources\jenkins\start_jenkins.bat "%ProgramFiles%\jenkins" +schtasks /create /tn "Jenkins" /tr "\"%ProgramFiles%\jenkins\start_jenkins.bat\"" /sc onstart /np +schtasks /run /tn "Jenkins" \ No newline at end of file diff --git a/scripts/installs/vm-guest-tools.bat b/scripts/installs/vm-guest-tools.bat new file mode 100644 index 0000000..0be6782 --- /dev/null +++ b/scripts/installs/vm-guest-tools.bat @@ -0,0 +1,49 @@ +if not exist "C:\Windows\Temp\7z920-x64.msi" ( + powershell -Command "(New-Object System.Net.WebClient).DownloadFile('http://www.7-zip.org/a/7z920-x64.msi', 'C:\Windows\Temp\7z920-x64.msi')" <NUL +) +msiexec /qb /i C:\Windows\Temp\7z920-x64.msi + +if "%PACKER_BUILDER_TYPE%" equ "vmware-iso" goto :vmware +if "%PACKER_BUILDER_TYPE%" equ "virtualbox-iso" goto :virtualbox +if "%PACKER_BUILDER_TYPE%" equ "parallels-iso" goto :parallels +goto :done + +:vmware + +if exist "C:\Users\vagrant\windows.iso" ( + move /Y C:\Users\vagrant\windows.iso C:\Windows\Temp +) + +if not exist "C:\Windows\Temp\windows.iso" ( + powershell -Command "(New-Object System.Net.WebClient).DownloadFile('http://softwareupdate.vmware.com/cds/vmw-desktop/ws/12.0.0/2985596/windows/packages/tools-windows.tar', 'C:\Windows\Temp\vmware-tools.tar')" <NUL + cmd /c ""C:\Program Files\7-Zip\7z.exe" x C:\Windows\Temp\vmware-tools.tar -oC:\Windows\Temp" + FOR /r "C:\Windows\Temp" %%a in (VMware-tools-windows-*.iso) DO REN "%%~a" "windows.iso" + rd /S /Q "C:\Program Files (x86)\VMWare" +) + +cmd /c ""C:\Program Files\7-Zip\7z.exe" x "C:\Windows\Temp\windows.iso" -oC:\Windows\Temp\VMWare" +cmd /c C:\Windows\Temp\VMWare\setup.exe /S /v"/qn REBOOT=R\" + +goto :done + +:virtualbox + +:: There needs to be Oracle CA (Certificate Authority) certificates installed in order +:: to prevent user intervention popups which will undermine a silent installation. +cmd /c certutil -addstore -f "TrustedPublisher" A:\oracle-cert.cer + +move /Y C:\Users\vagrant\VBoxGuestAdditions.iso C:\Windows\Temp +cmd /c ""C:\Program Files\7-Zip\7z.exe" x C:\Windows\Temp\VBoxGuestAdditions.iso -oC:\Windows\Temp\virtualbox" +cmd /c C:\Windows\Temp\virtualbox\VBoxWindowsAdditions.exe /S +goto :done + +:parallels +if exist "C:\Users\vagrant\prl-tools-win.iso" ( + move /Y C:\Users\vagrant\prl-tools-win.iso C:\Windows\Temp + cmd /C "C:\Program Files\7-Zip\7z.exe" x C:\Windows\Temp\prl-tools-win.iso -oC:\Windows\Temp\parallels + cmd /C C:\Windows\Temp\parallels\PTAgent.exe /install_silent + rd /S /Q "c:\Windows\Temp\parallels" +) + +:done +msiexec /qb /x C:\Windows\Temp\7z920-x64.msi diff --git a/vagrantfile-windows_2008_r2.template b/vagrantfile-windows_2008_r2.template new file mode 100644 index 0000000..92fbe20 --- /dev/null +++ b/vagrantfile-windows_2008_r2.template @@ -0,0 +1,47 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +Vagrant.require_version ">= 1.6.2" + +Vagrant.configure("2") do |config| + config.vm.define "vagrant-windows-2008-r2" + config.vm.box = "windows_2008_r2" + config.vm.communicator = "winrm" + + # Admin user name and password + config.winrm.username = "vagrant" + config.winrm.password = "vagrant" + + config.vm.guest = :windows + config.windows.halt_timeout = 15 + + config.vm.network :forwarded_port, guest: 3389, host: 3389, id: "rdp", auto_correct: true + config.vm.network :forwarded_port, guest: 22, host: 2222, id: "ssh", auto_correct: true + + config.vm.provider :virtualbox do |v, override| + #v.gui = true + v.customize ["modifyvm", :id, "--memory", 2048] + v.customize ["modifyvm", :id, "--cpus", 2] + v.customize ["setextradata", "global", "GUI/SuppressMessages", "all" ] + end + + config.vm.provider :vmware_fusion do |v, override| + #v.gui = true + v.vmx["memsize"] = "2048" + v.vmx["numvcpus"] = "2" + v.vmx["ethernet0.virtualDev"] = "vmxnet3" + v.vmx["RemoteDisplay.vnc.enabled"] = "false" + v.vmx["RemoteDisplay.vnc.port"] = "5900" + v.vmx["scsi0.virtualDev"] = "lsisas1068" + end + + config.vm.provider :vmware_workstation do |v, override| + #v.gui = true + v.vmx["memsize"] = "2048" + v.vmx["numvcpus"] = "2" + v.vmx["ethernet0.virtualDev"] = "vmxnet3" + v.vmx["RemoteDisplay.vnc.enabled"] = "false" + v.vmx["RemoteDisplay.vnc.port"] = "5900" + v.vmx["scsi0.virtualDev"] = "lsisas1068" + end +end diff --git a/windows_2008_r2.json b/windows_2008_r2.json new file mode 100644 index 0000000..7a05aea --- /dev/null +++ b/windows_2008_r2.json @@ -0,0 +1,79 @@ +{ + "builders": [ + { + "type": "virtualbox-iso", + "iso_url": "{{user `iso_url`}}", + "iso_checksum_type": "{{user `iso_checksum_type`}}", + "iso_checksum": "{{user `iso_checksum`}}", + "headless": true, + "boot_wait": "2m", + "ssh_username": "vagrant", + "ssh_password": "vagrant", + "ssh_wait_timeout": "2h", + "shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c \"Packer Shutdown\"", + "guest_os_type": "Windows2008_64", + "disk_size": 61440, + "floppy_files": [ + "{{user `autounattend`}}", + "./scripts/configs/microsoft-updates.bat", + "./scripts/configs/win-updates.ps1", + "./scripts/installs/openssh.ps1", + "./resources/certs/oracle-cert.cer", + "./resources/certs/gdig2.crt", + "./resources/certs/comodorsadomainvalidationsecureserverca.crt", + "./resources/certs/comodorsacertificationauthority.crt", + "./resources/certs/addtrust_external_ca.cer", + "./resources/certs/baltimore_ca.cer", + "./resources/certs/digicert.cer", + "./resources/certs/equifax.cer", + "./resources/certs/globalsign.cer", + "./resources/certs/gte_cybertrust.cer", + "./resources/certs/microsoft_root_2011.cer", + "./resources/certs/thawte_primary_root.cer", + "./resources/certs/utn-userfirst.cer" + ], + "vboxmanage": [ + [ + "modifyvm", + "{{.Name}}", + "--memory", + "2048" + ], + [ + "modifyvm", + "{{.Name}}", + "--cpus", + "2" + ] + ] + } + ], + "provisioners": [ + { + "type": "shell", + "remote_path": "/tmp/script.bat", + "execute_command": "{{.Vars}} cmd /c C:/Windows/Temp/script.bat", + "scripts": [ + "./scripts/installs/vm-guest-tools.bat", + "./scripts/configs/vagrant-ssh.bat", + "./scripts/configs/disable-auto-logon.bat", + "./scripts/configs/enable-rdp.bat", + "./scripts/configs/update_root_certs.bat" + ] + } + ], + "post-processors": [ + { + "type": "vagrant", + "keep_input_artifact": false, + "output": "windows_2008_r2_{{.Provider}}.box", + "vagrantfile_template": "vagrantfile-windows_2008_r2.template" + } + ], + "variables": { + "iso_url": "http://download.microsoft.com/download/7/5/E/75EC4E54-5B02-42D6-8879-D8D3A25FBEF7/7601.17514.101119-1850_x64fre_server_eval_en-us-GRMSXEVAL_EN_DVD.iso", + "iso_checksum_type": "md5", + "iso_checksum": "4263be2cf3c59177c45085c0a7bc6ca5", + "autounattend": "./answer_files/2008_r2/Autounattend.xml" + } +}