https://github.com/aau-network-security/haaukins-agent

The Haaukins agent, is the element in Haaukins 2.0 which will be distributed among available servers. It will commu

https://github.com/aau-network-security/haaukins-agent

Science Score: 13.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
  • DOI references
  • Academic publication links
  • Academic email domains
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (12.5%) to scientific vocabulary
Last synced: 10 months ago · JSON representation

Repository

The Haaukins agent, is the element in Haaukins 2.0 which will be distributed among available servers. It will commu

Basic Info
  • Host: GitHub
  • Owner: aau-network-security
  • License: apache-2.0
  • Language: Go
  • Default Branch: main
  • Size: 374 KB
Statistics
  • Stars: 0
  • Watchers: 4
  • Forks: 2
  • Open Issues: 0
  • Releases: 4
Created almost 4 years ago · Last pushed about 2 years ago
Metadata Files
Readme License

README.md

Haaukins-agent

The Haaukins agent is a key component in Haaukins 2.0. It takes care of spinning up and managing virtual labs (VPN or browser based) using VirtualBox, Wireguard and docker.

In a full Haaukins 2.0 setup you can have several agents. The Haaukins Daemon will connect to each agent with gRPC and distribute labs based on weighted round robin but will also take care of not over provisioning the agent by taking the available memory into account.

Setting up an agent

This setup guide is based on running the Agent on Ubuntu 22.04
The Agent uses several dependencies which must be installed before setting up the actual Agent.

Installing dependencies

  • Wireguard
  • Nginx and Certbot
  • VirtualBox including the accompanying expansion package
  • Docker
  • The Gwireguard service
    It is important that the bugfix/fix-delpeer-function branch is used.

Gwireguard has to be set up according to it's github page.

The rest of the dependencies can be installed using the installDeps script placed in this repo. The script will also set a bunch of kernel parameters optimized for running an Agent. The script can be edited if another version of VirtualBox is desired

Setting up a haaukins user

For the actual set up of the Agent we recommend creating a haaukins user. This is because that the user running the Agent should have access to run wg, wg-quick and iptables as sudo with no password. It is therefore also important that the server used for running the agent should not be used for any sensitive tasks. We also recommend running the agent in an isolated network as this should be seen as an untrusted environment with high risk of compromise if used by the general public. The haaukins user also needs to become the owner of the /etc/wireguard folder in order to write interface configurations etc.

You can use the setupHaaukinsUser script to do everything for you. This will also allow you to ssh into the haaukins user which could come in handy when having to upload virtual machines for browser labs.

Configuring the Agent

If you download and unpack the latest tarball (as the haaukins user in it's home folder), the folder structure should be aligned. Everything needed to run the Agent, except for a VirtualBox VM image, is contained in the haaukins-agent folder after being unpacked. Nginx example configs has been included if you wish to setup proxying with SSL. Here Certbot can be used to supply the SSL certificates. There is also a systemd service file, that if you have unpacked the tarball in the haaukins user's home folder, should be directly usable. Configuration of these things will not be covered as there are plenty of examples elsewhere.

You will need to know the hostname of the agent. Let's use agent1.example.com for this example config. DNS wise you will need two A records, one for agent1.example.com and one for *.agent1.example.com.

Here is an example of what the config will look like ```yaml host: agent1.example.com listening-ip: "127.0.0.1" # "0.0.0.0" if you just want to access the agent without a proxy grpcPort: 8081 proxyPort: 8082 # This is the port that the agent's built in guacamole proxy will listen on

auth-key: a9c4fee7-a6ae-4611-a451-87971e0f7e71 # use uuidgen on linux to generate sign-key: c7729d85-2e95-4d9a-8ab3-b03d374a5875 # use uuidgen on linux to generate max-workers: 5 # We recommend 5 workers, tests have shown that there is no gain in increasing it further. file-transfer-root: /home/haaukins/haaukins-agent/filetransfer ova-dir: /home/haaukins/haaukins-agent/vms # Place your vm's for browser labs here, make sure the name without .ova matches what has been configured on the Haaukins Daemon state-path: /home/haaukins/haaukins-agent

vpn-service: # Config to connect to the Gwireguard service endpoint: localhost port: 5353 auth-key: 08ddecbc-5c1a-46fb-b0f3-835deef62024 # Make sure it matches what is inside the Gwireguard config which you configured according to it's github repo sign-key: 4c0208b6-241e-4605-b3b2-ec1e0a173ed1 # Make sure it matches what is inside the Gwireguard config which you configured according to it's github repo wg-conf-dir: /etc/wireguard tls-enabled: false

docker-repositories: - serveraddress: some-docker-registry.com username: some-username-for-said-registry password: some-password-for-said-registry - serveraddress: ghcr.io # This registry has to be included, it is needed to get db docker image for the Apache Guacamole containers. A username and password can be added if used for challenge docker registry. `` Remember the config should be placed at/$HOME/haaukins-agent/config/config.yml`

Ports

Wireguard uses UDP for it's connections.
Haaukins specifically uses UDP port 5000-6000 when creating wireguard interfaces for it's events. So make sure that these are opened in any firewalls etc.

Owner

  • Name: Network Security
  • Login: aau-network-security
  • Kind: organization
  • Email: cyber@es.aau.dk
  • Location: Aalborg

Network Security Group, Wireless Communication Systems at Aalborg University

GitHub Events

Total
Last Year

Issues and Pull Requests

Last synced: over 2 years ago

All Time
  • Total issues: 0
  • Total pull requests: 15
  • Average time to close issues: N/A
  • Average time to close pull requests: 13 days
  • Total issue authors: 0
  • Total pull request authors: 1
  • Average comments per issue: 0
  • Average comments per pull request: 0.13
  • Merged pull requests: 14
  • Bot issues: 0
  • Bot pull requests: 0
Past Year
  • Issues: 0
  • Pull requests: 7
  • Average time to close issues: N/A
  • Average time to close pull requests: 4 days
  • Issue authors: 0
  • Pull request authors: 1
  • Average comments per issue: 0
  • Average comments per pull request: 0.0
  • Merged pull requests: 7
  • Bot issues: 0
  • Bot pull requests: 0
Top Authors
Issue Authors
Pull Request Authors
  • Mikkelhost (17)
Top Labels
Issue Labels
Pull Request Labels
hacktoberfest-accepted (2)

Dependencies

go.mod go
  • github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1
  • github.com/Microsoft/go-winio v0.5.2
  • github.com/Microsoft/hcsshim v0.9.3
  • github.com/aau-network-security/haaukins v0.0.0-20220729180422-488893bf4fdc
  • github.com/aau-network-security/haaukins-exercises v1.2.2
  • github.com/aws/aws-sdk-go v1.34.28
  • github.com/containerd/cgroups v1.0.3
  • github.com/containerd/containerd v1.6.6
  • github.com/docker/docker v20.10.17+incompatible
  • github.com/docker/go-connections v0.4.0
  • github.com/docker/go-units v0.4.0
  • github.com/fsouza/go-dockerclient v1.8.3
  • github.com/go-redis/redis v6.15.9+incompatible
  • github.com/go-stack/stack v1.8.0
  • github.com/gogo/protobuf v1.3.2
  • github.com/golang-jwt/jwt/v4 v4.0.0
  • github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da
  • github.com/golang/protobuf v1.5.2
  • github.com/golang/snappy v0.0.1
  • github.com/google/uuid v1.3.0
  • github.com/jmespath/go-jmespath v0.4.0
  • github.com/klauspost/compress v1.11.13
  • github.com/mattn/go-colorable v0.1.12
  • github.com/mattn/go-isatty v0.0.14
  • github.com/moby/sys/mount v0.3.3
  • github.com/moby/sys/mountinfo v0.6.2
  • github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6
  • github.com/morikuni/aec v1.0.0
  • github.com/opencontainers/go-digest v1.0.0
  • github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799
  • github.com/opencontainers/runc v1.1.2
  • github.com/pkg/errors v0.9.1
  • github.com/rs/zerolog v1.27.0
  • github.com/sirupsen/logrus v1.8.1
  • github.com/xdg/scram v0.0.0-20180814205039-7eeb5667e42c
  • github.com/xdg/stringprep v0.0.0-20180714160509-73f8eece6fdc
  • go.mongodb.org/mongo-driver v1.4.3
  • go.opencensus.io v0.23.0
  • golang.org/x/crypto v0.0.0-20210817164053-32db794688a5
  • golang.org/x/net v0.0.0-20211216030914-fe4d6282115f
  • golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
  • golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a
  • golang.org/x/text v0.3.7
  • google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa
  • google.golang.org/grpc v1.43.0
  • google.golang.org/protobuf v1.27.1
  • gopkg.in/yaml.v2 v2.4.0
go.sum go
  • 1171 dependencies