mirror of
https://github.com/rapid7/metasploitable3.git
synced 2024-07-17 00:00:38 +02:00
Tweaks to the recipes to avoid repetition of work, and ub1404 dev, * let apt cookbook handle apt-update globally * do not download, configure, make, make install if the package is already installed * add guards for file deletion to first check whether file is present * use docker cookbook for image building and running, to only build if not alrady built and only run if not already running * drop mysql table and recreate each time Also, * bump Docker cookbook to 4.9.3 * bump mysql cookbook to 8.5.1 * add apt cookbook for better apt-update management * bump depends versions and add apt * modify readme with customization instructions * modify all chef runlists to call apt first in the runlist * add a vagrantfile for dev of ub1404
27 lines
796 B
Ruby
27 lines
796 B
Ruby
#
|
|
# Cookbook:: metasploitable
|
|
# Recipe:: iptables
|
|
#
|
|
# Copyright:: 2017, Rapid7, All Rights Reserved.
|
|
|
|
bash 'setup for knockd, used for flag' do
|
|
code_to_execute = ""
|
|
code_to_execute << "iptables -A FORWARD 1 -p tcp -m tcp --dport 8989 -j DROP\n"
|
|
code_to_execute << "iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT\n"
|
|
node[:metasploitable][:ports].keys.each do |service|
|
|
code_to_execute << "iptables -A INPUT -p tcp --dport #{node[:metasploitable][:ports][service.to_sym]} -j ACCEPT\n"
|
|
end
|
|
code_to_execute << "iptables -A INPUT -p tcp --dport 22 -j ACCEPT\n"
|
|
code_to_execute << "iptables -A INPUT -j DROP\n"
|
|
code code_to_execute
|
|
end
|
|
|
|
package 'iptables-persistent' do
|
|
action :install
|
|
end
|
|
|
|
service 'iptables-persistent' do
|
|
action [:enable, :start]
|
|
end
|
|
|