Friday, March 30, 2018

Discovering Clusters of Vulnerabilities

tldr

Came across an interesting project while skimming through n0where.net.  Apparently, someone (i.e., Faith See, Wong Chi Seng, and Timothy Liu) came up with the brilliant idea of using a cluster for discovering vulnerabilities on network endpoints.  The project is called Prowler, and it is freely available on Github. They have a good running start of how to set it up, but there were a few gaps, which I'll attempt to fill in.

 What peaked my interest is the use of Raspberry Pi (RPi) and a hat descriptively named Clusterhat is turned into an affordable testbed to explore. Who knows, this might be something that I can use for my day job.  Or something that I will use to make sure my network is up to date by turning it into some robotic process automation.  (A current project I'm working on.)

 The first identifiable problem has nothing to do with Prowler, but the RPis architecture. More specifically the onboard ethernet port. Due to the way Clusterhat and the RPis speak to one another, the RPi designated as the Controller is the bridge router (br0.) The Zeros, which are the worker nodes via the Clusterhat communicated their network traffic through USB0.  Both the Zero's and the Controller are assigned its IP Address from the network via DHCP. There are undoubtedly other ways this can be set up such as statically assigning the IP Addresses, etc.  And this is something I'll want to resolve given that out of the box, its a severe bottleneck.  How bad is it? Talking strictly about download via the Internet, the best I get is .98 Mbps (up is at 4.61 Mbps) from the RPi Controller.  The RPi is connected via a 10' Cat 6 to a 1 Gbps managed switch through a 1 Gbps router over a cable modem where I get a consistent 269 Mbps download on any other device.  I understand that the RPi ethernet port is based on USB 2.0 and the maximum I can ever hope for is 300 Mbps.  Let's just leave it at that, and acknowledge there is room for improvement.

 For now, I'm focused on getting this working.  Optimization comes later.

Recon 

Looking over what is documented, (via the Github site), the author's recognize there are gaps (instructions wise) of how this is put together.  For example, based on the images of the cluster, which is a picture of a Custerhat with four Zeroes and three RPi 3b's.  One is for sure is the controller and the other two isn't called out in the description.  But I assume it's for running the dashboard via Eel, and the status updates are handled via RabbitMQ.
But according to the contents of the Ansible playbook, they also had it set up with RPi 3b's running as part of the cluster.  I'll have to look into that later.  For now, I wanted to get a working version up and running.  So here is how to put one together.

Prerequisites 

  • Working understanding of networking - cables, switches, Internet, etc. 
  • 5V 2A power source and cables to power the RPis 
  • Clusterhat from 8086 - x1 
  • RPi Zero W - x4 (Or the non-wireless version) 
  • RPi 3b (REM: The following instruction are not for the Raspberry RPi 3 b+. See Clusterhat website for the description of the problem.) 
  • 16 GB Class 10 micro SD - x4 (Larger, smaller, your choice) 
  • 128 GB Class 10 micro SD - x1 (Larger, smaller, your choice) 
  • You will need to use an image writing tool to install the downloaded images onto the SD cards
  • You're a DIY type of person, and you've burned a few RPi in your day 

Rules for 1st Time Setup

  • Keep all of the defaults "As Is" until after everything is working
  • Don't modify any of the scripts, playbooks, etc. unless necessary to fix a setup/install problem
  • Whenever working in a terminal just run as sudo

Prep 

Go to Clusterhat and download the following images:
  1. Desktop Controller - Desktop Stretch image for the controller 
  2. P1 - Stretch Lite image for Zero P1 
  3. P2 - Stretch Lite image for Zero P2 
  4. P3 - Stretch Lite image for Zero P3 
  5. P4 - Stretch Lite image for Zero P4 
Decompress each of the files so that the .img is accessible to the image writing tool.  I suggest installing the images as follows:
  • 128 GB - RPi 3b - Desktop Controller 
  • 16 GB - RPi Zero
After piecing everything together, its time to boot up.
REM: Piecing the entire RPis and Clusterhat together with the network, keyboard/mouse, HDMI and power is beyond the scope of this document.  

 Make sure you put the Zeroes in the correct order. Version 2.0 of the Clusterhat, P1 is nearest to the GPIO and P4 is closed to the micro USB power port.

RPi Controller 

The RPi Controller will boot up, except possibly the Zeros (until they are turned on.)  There's a GUI for this, but I like CLI, so open a terminal on the RPi Controller.
REM: Make sure you have access to the Internet. If you don't, then you'll need to correct that issue before you can move on to the rest of the guide.
The following appears to be redundant, but the error rate is significantly reduced:  

 apt-get update && apt-get upgrade -y && apt-get dist-upgrade -y

 Find something to do; this might take a while.  (REM: crippling download speed)
Once it's finished, issue your favorite reboot sequence. (i.e., reboot, shutdown -r now, etc.)
Now lets git Prowler. From the terminal do the following (REM: Be sure you are in the /home/pi directory when you clone the repository):

 git clone https://github.com/tlkh/prowler

 Now, cd into the directory of Prowler and execute:

 cd prowler (i.e., pwd = /home/pi/prowler)
./setup_node.sh

 REM: You might need to do a chmod +x *.sh
The update/upgrade will run all over again, but it will take care of the rest of the requirements as far as libraries, and additional packages such as NMap.
Now let's install Ansible

 pip3 install ansible

Clusterhat 

Once everything is installed, now its time to get the Zeros up and running.
Turn on the Zeroes via CLI in a terminal: 

 clusterhat on

 From the terminal type the following: 

 minicom p1

 REM: If challenged, remember its U: pi, P: clusterhat 
Let's see what IP address we have, at the terminal enter: 

 ifconfig usb0

 It should return an IP Address that is within the same range as the RPi Controller. 
If not, the "fix", try:

 dhclient -4 usb0

 Now, set up SSH and expand the SD to the max

 raspi-config
  1. Select - 5. Interfacing Options 
  2. Navigate to and select SSH
  3. Choose Yes
  4. Select Ok
  5. Select - 7. Advanced Options
  6. Select - A1 Expand Filesystem
  7. Select Ok
  8. Select Finish
  9. Select Yes - Would you like to reboot now?
Repeat the above steps for each of the remaining Zero images. 
REM: Be sure write down what the IP Address is for each of the Zeros

Passwordless SSH 

Open a terminal on the RPi Controller

 ssh-keygen

 Click on Enter whenever prompted

 Enter file in which to save the key (/home/pi/.ssh/id_rsa): [Press Enter key]
Enter passphrase (empty for no passphrase): [Press Enter key]
Enter same passphrase again: [Press Enter key]

 Now we need to copy the public key to each of the Zeroes. In a terminal on the RPi Controller:

 ssh-copy-id -i ~/.ssh/id_rsa.pub pii@<Zero's pX IP Address>

 When prompted for the password enter: clusterhat 
Now, test if we are now able to connect to the Zero from the RPi Controller. In a terminal:

 ssh RPi@<Zero's pX IP Address>

 It should result in the following prompt:

 pi@pX:~ $

 If you see this prompt, it means success!
Now repeat these steps for the remaining Zeroes. (i.e., p2 to p4)

Ansible

The setup doesn't do this part for you, so you're going to have to do it yourself.
On the RPi Controller, in terminal create a directory called ansible in /etc 

 mkdir /etc/ansible

 Now create a file called hosts in the new ansible directory

 vim /etc/ansible/hosts

 REM: Hope you wrote down the IP Addresses for each of the Zeroes
Add the following to the hosts' file:

 [all:vars]
ansible_connection=ssh
ansible_ssh_user=pi

 [pi-cluster]
p1.local
p2.local
p3.local
p4.local

 Now save (<ESC>:wq!)

Slight Mod 

Discovered during the setup process for the Zeroes that one of the actions in the playbook assumed Prowler was installed.  Not sure if this is how its meant to work, but the fix is to install it on each node. To do that, we're going to modify the setup_node.yml playbook by inserting an action to git and clone Prowler on each Zero.
In a terminal on the RPi Controller:

 cd /home/pi/prowler/playbooks
cp setup_node.yml setup_node.org

 Now edit setup_node.yml with your favorite editor add the following lines before the line with "Configure Python packages"

 - name: Git a Clone of Prowler 
  become: yes 
  git: 
    repo: https://github.com/tlkh/prowler 
    dest: /home/pi/prowler 
    clone: yes
- name: Git a Clone of dispy
  become: yes 
  git: 
    repo: https://github.com/pgiri/dispy
    dest: /home/pi/dispy
    clone: yes

 REM: Follow the formatting of the playbook

Ansible Playbooks 

Let's see if all of the previous steps paid off.
On the RPi Controller, open a terminal and run the following: 

 ansible-playbook /home/pi/prowler/playbooks/setup_node.yml 

 This will take a while... 

When the setup is finished, execute the following:

 ansible-playbook /home/pi/prowler/playbooks/clone_repos.yml

[To be continued]

The next step will be to set up the Eel dashboard.  Once I work out those details, I will post the DIY.

Reference

https://www.jeffgeerling.com/blogs/jeff-geerling/getting-gigabit-networking
https://clusterhat.com/setup-software
https://www.raspberrypi.org/documentation/installation/installing-images/README.md
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)