If you have both Virtualbox and VMware installed, consider disabling the network adapters for the provider that you are not using. For example, if you want to build DetectionLab using Virtualbox, disable the VMware network adatpers (or vice-versa) to avoid a conflict.
git clone https://github.com/clong/DetectionLab.git
At this point in time, we can bring up DetectionLab using the
vagrant up --provider=<provider> command. The provider options are
You shouldn’t need to sudo any of the vagrant commands. Doing so can cause permission issues down the road.
When we run Vagrant up, here’s what happens:
vagrant up --provider=vmware_desktop or
vagrant up --provider=virtualbox, you should see something like this:
$ vagrant up --provider=vmware_desktop Bringing machine 'logger' up with 'vmware_desktop' provider... Bringing machine 'dc' up with 'vmware_desktop' provider... Bringing machine 'wef' up with 'vmware_desktop' provider... Bringing machine 'win10' up with 'vmware_desktop' provider... ==> logger: Cloning VMware VM: 'bento/ubuntu-18.04'. This can take some time... ==> logger: Checking if box 'bento/ubuntu-18.04' version '202005.21.0' is up to date... ==> logger: Verifying vmnet devices are healthy... ==> logger: Preparing network adapters... ==> logger: Fixed port collision for 22 => 2222. Now on port 2206. ==> logger: Starting the VMware VM... ==> logger: Waiting for the VM to receive an address... ==> logger: Forwarding ports... logger: -- 22 => 2206 ==> logger: Waiting for machine to boot. This may take a few minutes... logger: SSH address: 127.0.0.1:2206 logger: SSH username: vagrant logger: SSH auth method: private key logger: Warning: Connection reset. Retrying... logger: Warning: Remote connection disconnect. Retrying... logger: logger: Vagrant insecure key detected. Vagrant will automatically replace logger: this with a newly generated keypair for better security. logger: logger: Inserting generated public key within guest... logger: Removing insecure key from the guest if it's present... logger: Key inserted! Disconnecting and reconnecting using new SSH key... ==> logger: Machine booted and ready! ==> logger: Setting hostname... ==> logger: Configuring network adapters within the VM... ==> logger: Waiting for HGFS to become available... ==> logger: Enabling and configuring shared folders... logger: -- /DetectionLab/Vagrant: /vagrant ==> logger: Running provisioner: shell... logger: Running: /var/folders/7h/3s_x3_p500z48z381k82ffgh0000gn/T/vagrant-shell20200813-58692-1fm4ylc.sh logger: [05:14:29]: Adding apt repositories... logger: Get:1 http://security.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB] logger: Hit:2 http://archive.ubuntu.com/ubuntu bionic InRelease ... ...
If all goes well, this process should continue for 1-2 hours depending on your computer and network speed. The boxes are very large, but only need to be downloaded once.
After the provisioning finishes, you can run
.\post_build_checks.sh to verify that services are running:
[*] Verifying that Splunk is running and reachable... [✓] Fleet is running and reachable. [*] Verifying that Fleet is running and reachable... [✓] Fleet is running and reachable. [*] Verifying that Microsoft ATA is running and reachable... [✓] Microsoft ATA is running and reachable. [*] Verifying that the Velociraptor service is running and reachable... [✓] Velociraptor is running and reachable. [*] Verifying that Guacamole is running and reachable... [✓] Guacamole is running and reachable.
If for some reason you encounter an error or any issues, checkout the troubleshooting page linked below. If you can’t find an answer to your question, please open an issue on the DetectionLab GitHub!
Visit the troubleshooting page.