https://github.com/aau-network-security/haaukins-agent
The Haaukins agent, is the element in Haaukins 2.0 which will be distributed among available servers. It will commu
Science Score: 13.0%
This score indicates how likely this project is to be science-related based on various indicators:
-
○CITATION.cff file
-
✓codemeta.json file
Found codemeta.json file -
○.zenodo.json file
-
○DOI references
-
○Academic publication links
-
○Academic email domains
-
○Institutional organization owner
-
○JOSS paper metadata
-
○Scientific vocabulary similarity
Low similarity (12.5%) to scientific vocabulary
Repository
The Haaukins agent, is the element in Haaukins 2.0 which will be distributed among available servers. It will commu
Basic Info
- Host: GitHub
- Owner: aau-network-security
- License: apache-2.0
- Language: Go
- Default Branch: main
- Size: 374 KB
Statistics
- Stars: 0
- Watchers: 4
- Forks: 2
- Open Issues: 0
- Releases: 4
Metadata Files
README.md
Haaukins-agent
The Haaukins agent is a key component in Haaukins 2.0. It takes care of spinning up and managing virtual labs (VPN or browser based) using VirtualBox, Wireguard and docker.
In a full Haaukins 2.0 setup you can have several agents. The Haaukins Daemon will connect to each agent with gRPC and distribute labs based on weighted round robin but will also take care of not over provisioning the agent by taking the available memory into account.
Setting up an agent
This setup guide is based on running the Agent on Ubuntu 22.04
The Agent uses several dependencies which must be installed before setting up the actual Agent.
Installing dependencies
- Wireguard
- Nginx and Certbot
- VirtualBox including the accompanying expansion package
- Docker
- The Gwireguard service
It is important that thebugfix/fix-delpeer-functionbranch is used.
Gwireguard has to be set up according to it's github page.
The rest of the dependencies can be installed using the installDeps script placed in this repo. The script will also set a bunch of kernel parameters optimized for running an Agent. The script can be edited if another version of VirtualBox is desired
Setting up a haaukins user
For the actual set up of the Agent we recommend creating a haaukins user.
This is because that the user running the Agent should have access to run wg, wg-quick and iptables as sudo with no password. It is therefore also important that the server used for running the agent should not be used for any sensitive tasks. We also recommend running the agent in an isolated network as this should be seen as an untrusted environment with high risk of compromise if used by the general public.
The haaukins user also needs to become the owner of the /etc/wireguard folder in order to write interface configurations etc.
You can use the setupHaaukinsUser script to do everything for you. This will also allow you to ssh into the haaukins user which could come in handy when having to upload virtual machines for browser labs.
Configuring the Agent
If you download and unpack the latest tarball (as the haaukins user in it's home folder), the folder structure should be aligned.
Everything needed to run the Agent, except for a VirtualBox VM image, is contained in the haaukins-agent folder after being unpacked. Nginx example configs has been included if you wish to setup proxying with SSL. Here Certbot can be used to supply the SSL certificates. There is also a systemd service file, that if you have unpacked the tarball in the haaukins user's home folder, should be directly usable.
Configuration of these things will not be covered as there are plenty of examples elsewhere.
You will need to know the hostname of the agent. Let's use agent1.example.com for this example config. DNS wise you will need two A records, one for agent1.example.com and one for *.agent1.example.com.
Here is an example of what the config will look like ```yaml host: agent1.example.com listening-ip: "127.0.0.1" # "0.0.0.0" if you just want to access the agent without a proxy grpcPort: 8081 proxyPort: 8082 # This is the port that the agent's built in guacamole proxy will listen on
auth-key: a9c4fee7-a6ae-4611-a451-87971e0f7e71 # use uuidgen on linux to generate sign-key: c7729d85-2e95-4d9a-8ab3-b03d374a5875 # use uuidgen on linux to generate max-workers: 5 # We recommend 5 workers, tests have shown that there is no gain in increasing it further. file-transfer-root: /home/haaukins/haaukins-agent/filetransfer ova-dir: /home/haaukins/haaukins-agent/vms # Place your vm's for browser labs here, make sure the name without .ova matches what has been configured on the Haaukins Daemon state-path: /home/haaukins/haaukins-agent
vpn-service: # Config to connect to the Gwireguard service endpoint: localhost port: 5353 auth-key: 08ddecbc-5c1a-46fb-b0f3-835deef62024 # Make sure it matches what is inside the Gwireguard config which you configured according to it's github repo sign-key: 4c0208b6-241e-4605-b3b2-ec1e0a173ed1 # Make sure it matches what is inside the Gwireguard config which you configured according to it's github repo wg-conf-dir: /etc/wireguard tls-enabled: false
docker-repositories:
- serveraddress: some-docker-registry.com
username: some-username-for-said-registry
password: some-password-for-said-registry
- serveraddress: ghcr.io # This registry has to be included, it is needed to get db docker image for the Apache Guacamole containers. A username and password can be added if used for challenge docker registry.
``
Remember the config should be placed at/$HOME/haaukins-agent/config/config.yml`
Ports
Wireguard uses UDP for it's connections.
Haaukins specifically uses UDP port 5000-6000 when creating wireguard interfaces for it's events. So make sure that these are opened in any firewalls etc.
Owner
- Name: Network Security
- Login: aau-network-security
- Kind: organization
- Email: cyber@es.aau.dk
- Location: Aalborg
- Website: http://es.aau.dk
- Repositories: 43
- Profile: https://github.com/aau-network-security
Network Security Group, Wireless Communication Systems at Aalborg University
GitHub Events
Total
Last Year
Issues and Pull Requests
Last synced: over 2 years ago
All Time
- Total issues: 0
- Total pull requests: 15
- Average time to close issues: N/A
- Average time to close pull requests: 13 days
- Total issue authors: 0
- Total pull request authors: 1
- Average comments per issue: 0
- Average comments per pull request: 0.13
- Merged pull requests: 14
- Bot issues: 0
- Bot pull requests: 0
Past Year
- Issues: 0
- Pull requests: 7
- Average time to close issues: N/A
- Average time to close pull requests: 4 days
- Issue authors: 0
- Pull request authors: 1
- Average comments per issue: 0
- Average comments per pull request: 0.0
- Merged pull requests: 7
- Bot issues: 0
- Bot pull requests: 0
Top Authors
Issue Authors
Pull Request Authors
- Mikkelhost (17)
Top Labels
Issue Labels
Pull Request Labels
Dependencies
- github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1
- github.com/Microsoft/go-winio v0.5.2
- github.com/Microsoft/hcsshim v0.9.3
- github.com/aau-network-security/haaukins v0.0.0-20220729180422-488893bf4fdc
- github.com/aau-network-security/haaukins-exercises v1.2.2
- github.com/aws/aws-sdk-go v1.34.28
- github.com/containerd/cgroups v1.0.3
- github.com/containerd/containerd v1.6.6
- github.com/docker/docker v20.10.17+incompatible
- github.com/docker/go-connections v0.4.0
- github.com/docker/go-units v0.4.0
- github.com/fsouza/go-dockerclient v1.8.3
- github.com/go-redis/redis v6.15.9+incompatible
- github.com/go-stack/stack v1.8.0
- github.com/gogo/protobuf v1.3.2
- github.com/golang-jwt/jwt/v4 v4.0.0
- github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da
- github.com/golang/protobuf v1.5.2
- github.com/golang/snappy v0.0.1
- github.com/google/uuid v1.3.0
- github.com/jmespath/go-jmespath v0.4.0
- github.com/klauspost/compress v1.11.13
- github.com/mattn/go-colorable v0.1.12
- github.com/mattn/go-isatty v0.0.14
- github.com/moby/sys/mount v0.3.3
- github.com/moby/sys/mountinfo v0.6.2
- github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6
- github.com/morikuni/aec v1.0.0
- github.com/opencontainers/go-digest v1.0.0
- github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799
- github.com/opencontainers/runc v1.1.2
- github.com/pkg/errors v0.9.1
- github.com/rs/zerolog v1.27.0
- github.com/sirupsen/logrus v1.8.1
- github.com/xdg/scram v0.0.0-20180814205039-7eeb5667e42c
- github.com/xdg/stringprep v0.0.0-20180714160509-73f8eece6fdc
- go.mongodb.org/mongo-driver v1.4.3
- go.opencensus.io v0.23.0
- golang.org/x/crypto v0.0.0-20210817164053-32db794688a5
- golang.org/x/net v0.0.0-20211216030914-fe4d6282115f
- golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
- golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a
- golang.org/x/text v0.3.7
- google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa
- google.golang.org/grpc v1.43.0
- google.golang.org/protobuf v1.27.1
- gopkg.in/yaml.v2 v2.4.0
- 1171 dependencies