Skip to content

Instantly share code, notes, and snippets.

@vmayoral

vmayoral/alurity.yml

Created September 5, 2020 16:25
Show Gist options
  • Save vmayoral/3835af4917d2e38afbfdd84c30ebdeda to your computer and use it in GitHub Desktop.
Save vmayoral/3835af4917d2e38afbfdd84c30ebdeda to your computer and use it in GitHub Desktop.
Download ZIP
Alurity YAML file to launch and reproduce the general use case of the "Red teaming ROS-Industrial" article
Raw
alurity.yml
############
# Networks
############
networks:
# Level 1: Control Networks, connect controllers and control stations
# for each controller, we expect a dedicated control-network
- network:
- name: control-network_c1_s1
- driver: overlay
- internal: true
- encryption: false
- subnet: 12.0.0.0/24
- network:
- name: control-network_c2_s2
- driver: overlay
- internal: true
- encryption: false
- subnet: 12.0.2.0/24
- network:
- name: control-network_c4_s4
- driver: overlay
- internal: true
- encryption: false
- subnet: 12.0.4.0/24
- network:
- name: control-network_c5_s5
- driver: overlay
- internal: true
- encryption: false
- subnet: 12.0.5.0/24
# Level 2: Process Network
- network:
- name: process-network
- driver: overlay
- internal: true
- encryption: false
- subnet: 13.0.0.0/24
# Level 3: DMZ 2 sub-network
# NOTE: used to interface Process Network with machines in DMZ 2
# (e.g. a historian, additional servers and related)
- network:
- name: dmz2
- driver: overlay
- internal: true
- encryption: false
- subnet: 14.0.0.0/24
# Level 4: IT Network
- network:
- name: it-network
- driver: overlay
- encryption: false
- internal: true
- subnet: 15.0.0.0/24
# Level 3: DMZ 1 sub-network
# NOTE: used used to interface IT Network with central control station
- network:
- name: dmz1
- driver: overlay
- encryption: false
- internal: true
- subnet: 16.0.0.0/24
# Beyond lvl4: Cloud
- network:
- name: cloud-network
- driver: overlay
- encryption: false
- internal: false
- subnet: 17.0.0.0/24
#################################
# Firewalls and network elements
#################################
firewalls:
- container:
- name: firewall-it-dmz1
- ingress: it-network
- egress: dmz1
- rules:
- iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
- iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
- iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
- iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
- iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE
- iptables -A FORWARD -i eth2 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
- iptables -A FORWARD -i eth0 -o eth2 -j ACCEPT
- route add 13.0.0.20 gw 16.0.0.254 eth2
- container:
- name: firewall-process-dmz2
- ingress: process-network
- egress: dmz2
- rules:
- iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
- iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
- iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
- iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
############
# Containers
############
containers:
#
# Controllers
#
# C1
- container:
- name: "c1"
- modules:
- base: registry.gitlab.com/aliasrobotics/offensive/alurity/robo_ur_cb3_1:3.13.0
# - base: registry.gitlab.com/aliasrobotics/offensive/alurity/robo_ur_cb3_1:3.12.1
# - base: registry.gitlab.com/aliasrobotics/offensive/projects/rosin-redros-i:3.12.1-controller
- network:
- control-network_c1_s1
# - field-network_r1_c1
- ip: 12.0.0.20 # assign manually an ip address
- cpus: 4
- memory: 2048
- mount: Controller:/root/.urcaps/
# C^2
- container:
- name: "c2"
- modules:
- base: registry.gitlab.com/aliasrobotics/offensive/alurity/robo_ur_cb3_1:3.13.0
# - base: registry.gitlab.com/aliasrobotics/offensive/projects/rosin-redros-i:3.12.1-controller
- network:
- control-network_c2_s2
# - field-network_r2_c2
- cpus: 4
- memory: 2048
- mount: /tmp/ris_install:/tmp/ris_install
- extra-options: SYS_PTRACE
# C3
- container:
- name: "c3"
- modules:
- base: registry.gitlab.com/aliasrobotics/offensive/alurity/robo_ur_cb3_1:3.13.0
- network:
- process-network
# - field-network_r3_c3
- ip: 13.0.0.30 # manually assign an ip address
- cpus: 4
- memory: 2048
- extra-options: SYS_PTRACE
# C4
- container:
- name: "c4"
- modules:
- base: registry.gitlab.com/aliasrobotics/offensive/alurity/robo_ur_cb3_1:3.13.0
- network:
- control-network_c4_s4
# - field-network_r4_c4
- cpus: 4
- memory: 2048
# C^5
- container:
- name: "c5"
- modules:
- base: registry.gitlab.com/aliasrobotics/offensive/alurity/robo_ur_cb3_1:3.13.0
- network:
- control-network_c5_s5
# - field-network_r5_c5
- cpus: 4
- memory: 2048
- mount: /tmp/ris_install:/tmp/ris_install
- extra-options: SYS_PTRACE
# C^6
- container:
- name: "c6"
- modules:
- base: registry.gitlab.com/aliasrobotics/offensive/alurity/robo_ur_cb3_1:3.13.0
- network:
- process-network
# - field-network_r6_c6
- cpus: 4
- memory: 2048
- mount: /tmp/ris_install:/tmp/ris_install
- extra-options: SYS_PTRACE
#
# Control stations
#
# S1
- container:
- name: "s1"
- modules:
- base: registry.gitlab.com/aliasrobotics/offensive/alurity/comp_ros:melodic-scenario
- volume: registry.gitlab.com/aliasrobotics/offensive/alurity/comp_ros_ur:melodic-official-scenario
- network:
- control-network_c1_s1
- process-network
- ip:
- 12.0.0.50 # ip for control-network_c1_s1
- 13.0.0.5 # ip in process-network
- cpus: 4
- memory: 4096
- extra-options: NET_ADMIN
# S^2
- container:
- name: "s2"
- modules:
- base: registry.gitlab.com/aliasrobotics/offensive/alurity/comp_ros:melodic-scenario-hardened
- volume: registry.gitlab.com/aliasrobotics/offensive/alurity/comp_ros_ur:melodic-official-scenario
- network:
- control-network_c2_s2
- process-network
- ip:
- 12.0.2.50 # ip for control-network_c2_s2
# - 13.0.0.6 # ip for process-network
- cpus: 4
- memory: 4096
- extra-options: NET_ADMIN
# S^4
- container:
- name: "s4"
- modules:
- base: registry.gitlab.com/aliasrobotics/offensive/alurity/comp_ros:melodic-scenario-hardened
- volume: registry.gitlab.com/aliasrobotics/offensive/alurity/comp_ros_ur:melodic-official-scenario
- network:
- control-network_c4_s4
- process-network
- ip: 12.0.4.50 # ip for control-network_c4_s4
- cpus: 4
- memory: 4096
- extra-options: NET_ADMIN
# S5
- container:
- name: "s5"
- modules:
- base: registry.gitlab.com/aliasrobotics/offensive/alurity/comp_ros:melodic-scenario
- volume: registry.gitlab.com/aliasrobotics/offensive/alurity/comp_ros_ur:melodic-official-scenario
- network:
- control-network_c5_s5
- process-network
- ip: 12.0.5.50 # ip for control-network_c5_s5
- cpus: 4
- memory: 4096
# S7
- container:
- name: "s7"
- modules:
- base: registry.gitlab.com/aliasrobotics/offensive/alurity/comp_ros:melodic-scenario
- volume: registry.gitlab.com/aliasrobotics/offensive/alurity/comp_ros_ur:melodic-official-scenario
- network:
- dmz1
- process-network
- ip:
- 16.0.0.20 # ip in dmz1
- 13.0.0.20 # ip in process-network
- cpus: 4
- memory: 4096
- extra-options: NET_ADMIN
#
# Development stations
#
# D1
- container:
- name: "d1"
- modules:
- base: registry.gitlab.com/aliasrobotics/offensive/alurity/comp_ros:melodic-scenario
- volume: registry.gitlab.com/aliasrobotics/offensive/alurity/comp_ros_ur:melodic-official-scenario
- network:
- it-network
- dmz1
- cloud-network
# - process-network # bypass firewall restrictions by connecting directly
- ip:
- 15.0.0.30 # ip in IT
- 16.0.0.30 # ip in dmz1
- 17.0.0.30 # ip in cloud
# - 13.0.0.9
- cpus: 4
- memory: 4096
- extra-options: NET_ADMIN
#
# Attackers
#
- container:
- name: attacker_cloud
- modules:
- base: registry.gitlab.com/aliasrobotics/offensive/alurity/alurity:latest
- volume: registry.gitlab.com/aliasrobotics/offensive/alurity/expl_robosploit/expl_robosploit:latest
- volume: registry.gitlab.com/aliasrobotics/offensive/alurity/reco_nmap:latest
- volume: registry.gitlab.com/aliasrobotics/offensive/alurity/reco_binwalk:latest
- volume: registry.gitlab.com/aliasrobotics/offensive/alurity/expl_icssploit:latest
- volume: registry.gitlab.com/aliasrobotics/offensive/alurity/expl_rospento:latest
- volume: registry.gitlab.com/aliasrobotics/offensive/alurity/expl_rosploit:latest
- volume: registry.gitlab.com/aliasrobotics/offensive/alurity/expl_metasploit:latest
- network:
# - it-network
- cloud-network
- extra-options: ALL
- container:
- name: attacker_dmz1
- modules:
# - base: registry.gitlab.com/aliasrobotics/offensive/alurity/alurity:latest
- base: registry.gitlab.com/aliasrobotics/offensive/alurity/comp_ros:melodic-scenario
- volume: registry.gitlab.com/aliasrobotics/offensive/alurity/reco_nmap:latest
- network:
- dmz1
- process-network
- extra-options: ALL
#
# extra elements
#
# connector of
# - it-network
# - dmz2
# - dmz1
- container:
- name: firewall-it-dmz1
- modules:
- base: registry.gitlab.com/aliasrobotics/offensive/projects/rosin-redros-i:firewall-three-net
- network:
- it-network
- dmz2
- dmz1
- extra-options: NET_ADMIN
- ip:
- 15.0.0.254
- 14.0.0.254
- 16.0.0.254
# DMZ machine
- container:
- name: dmz-server
- modules:
- base: registry.gitlab.com/aliasrobotics/offensive/projects/rosin-redros-i:dmz
- network: dmz2
- extra-options: NET_ADMIN
- ip: 14.0.0.20
# Connector of process-network and dmz2
- container:
- name: firewall-process-dmz2
- modules:
- base: registry.gitlab.com/aliasrobotics/offensive/projects/rosin-redros-i:firewall-two
- network:
- dmz2
- process-network
- extra-options: NET_ADMIN
- ip:
- 14.0.0.253
- 13.0.0.254
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment