DigitalFIRE Virtual Cloud Environment

The Digital Forensic Investigation Research Laboratory conducts a lot of research on Cloud environments. However, Cloud environments can sometimes be cumbersome to create and configure, taking time away from testing and research. In order to streamline this process, DigitalFIRE has created a virtualised Cloud environment for Cloud security and investigation researchers. By virtualising Cloud components, this allows researchers to delete, change, prod and generally abuse the Cloud as much as they like while allowing the system to be easily reset. A description of the system as well as information about downloading and using the environment can be found below.

“OpenStack is an Infrastructure as a Service (IaaS) cloud computing project that is free open source software released under the terms of the Apache License” – Wikipedia

The Openstack project provides us with a cloud computing system. It’s an open source project, which is perfect for the more under-the-hood inclined user. If you are looking to work with Openstack, ready your hardware (you’ll need a few spare machines), head over to openstack.org, download and install it.

139 pages of install documentation later, if you managed to follow the instructions precisely, you’ll have an Openstack system.

This is where our research might help you. We’ve created a minimal Openstack system as an OVA (VirtualBox) virtual appliance. Currently, our appliance has two virtual machines “node1” and “node2”, a very minimal Openstack system, but it provides the required Openstack functionality for testing and research purposes.

What is provided in this Openstack installation?

Swift runs on node2 (100.10.10.111) and the rest of the Openstack services are running on node1 (100.10.10.110). To get you up and running quicker, we’ve added a CirrOS tiny cloud guest image so you can spin up VMs immediately after you install our appliance.

How do I use it?

1. Download the DigitalFire Openstack OVA appliance. (1GB OVA file)
2. Install Virtualbox on your OS. http://www.virtualbox.org/manual/ch01.html#intro-installing
3. Make sure a host only network (ip: 100.10.10.1, DHCP off) exists. More info at http://www.virtualbox.org/manual/ch06.html#network_hostonly
4. Import the appliance into your hypervisor. (Using Virtualbox, File->Import Appliance). Visit http://www.virtualbox.org/manual/ch01.html for more detailed instructions.
5. Start the VMs node1 and node2.
6. Wait about 30 seconds for the nodes to come up.

You now have a working Openstack system. Access the dashboard via your browser at http://100.10.10.110/horizon to begin using your cloud.

Installing Openstack from scratch is quite informative and gives you a good overview of the inner workings, however our appliance will allow you to get started with Openstack very quickly.

Installing a new image for use in Openstack

We’ve added a CirrOS image (very small linux) to our virtual Openstack system. However, If you want to add a new VM image to your Openstack you can. Just follow the steps below:

1. Download an image (quantal-server-cloudimg-i386-disk1.img from http://uec-images.ubuntu.com/ for example).

2. SSH into node1:

Set up our credentials for keystone, on a terminal in root’s home directory:

$ source openrc

Add our new image to Glance, using the Glance CLI:

$ glance image-create –name=ubuntu –disk-format=qcow2 –container-format=bare  < /home/root/quantal-server-cloudimg-i386-disk1.img

3. On Dashboard:

Create a keypair. (Project Tab -> Access & Security -> Keypairs -> Create Keypair)

Your new instance based on the new image with keypair is ready for use.(download .pem file)

In Windows you might want to puttygen -> load .pem -> save private key -> .ppk file

SSH to the new instance (with the .ppk file as auth)

Notes:

Make sure you have a Host-Only VNIC installed on your host system with the following configuration:

IPv4 address: 100.10.10.1 (the last octet is changable, but make sure to leave 100-200 of the last octet available to the openstack system as floating ip address, node addresses etc)

The virtual machines have a NAT connection to the host system, allowing for a guest VM internet connection. You can remove these from the virtual machines if you wish.  They are adapter 2 on each virtual machine.

This Openstack installation is configured for openness and ease of use, many network ports are open, security groups are quite relaxed and all the passwords are very weak. Bottom line, the installation is geared for testing/research purposes.

You’ll need at least 4GB of RAM (more would be a lot better) and a CPU supporting VT-x  in your host system.

Credentials (username/password):

• Dashboard Admin (admin/password)
• Dashboard Demo user (lee/lee)
• Node1 login (100.10.10.110) (root/lee)
• Mysql server on Node1 (root/root)
• Node2 login (100.10.10.111) (root/lee)
• Cirros image (cirros/cubswin:))

UPDATE: The latest version of Virtualbox has broken OVA importing. A (horrible) workaround is to import the OVA in an older version of Virtualbox and then upgrade!