Create your own VM image for the Cyber Range

Apr 16, 2021 by Thibault Debatty | 3016 views

Cyrange Cyber Range

https://cylab.be/blog/141/create-your-own-vm-image-for-the-cyber-range

cyrange is a Cyber Range platform built on top of VirtualBox. It brings some some additional features to support education and training:

  • possibility to configure the guest system during deployment;
  • built-in integration with Apache Guacamole web interface;
  • possibility to perform bulk deployments, for all trainees of a class for example.

Here is how you can create your own virtual machine (OVA), to run smoothly with cyrange.

To support guest configuration:

  • the VM must have at least one network interface enabled;
  • SSH server must be listening on port 22;
  • there must be a user named vagrant with password vagrant (don’t worry, the password will be automatically modified during deployment);
  • vagrant user must be allowed to used sudo without a password.

To support the Guacamole web interface, the keyboard must be configured as qwerty.

For the best experience, we also recommend to:

  • install VirtualBox Guest Additions, so cyrange can automatically discover the IP of the VM;
  • configure the VM with a large harddisk (1TB or more);
  • disable cloud-init;
  • disable automatic updates;
  • install aptdaemon.

Here is a step-by-step guide, for a Ubuntu 20.04 server image.

VirtualBox

Create a new virtual machine. You an use the default settings, except for the harddisk. Choose to create a new virtual disk, with dynamic allocation, and a size of 1000GB (or more).

Installation of Ubuntu

Start your VM, and begin the installation of Ubuntu, as usual.

For the keyboard, select English (US), even if you have a different layout.

Create a user named vagrant with password vagrant

Select the option to install OpenSSH server.

And wait for the installation to finalize… After the VM has rebooted, you can continue with the installation.

Password-less sudo

To configure the guest VM, cyrange will use ssh to log in as user vagrant. Then it will use sudo to execute the different configuration commands. Sudo usually asks the password of the user before commands are executed. To allow user vagrant to run sudo without providing a password:

sudo visudo

and add the following line:

vagrant ALL=(ALL) NOPASSWD: ALL

VirtualBox guest additions

At the time of writing, VirtualBox guest additions are at version 6.1.18. Here is how to install the guest additions from the command line:

sudo apt-get install -y dkms build-essential linux-headers-generic linux-headers-$(uname -r)
wget http://download.virtualbox.org/virtualbox/6.1.18/VBoxGuestAdditions_6.1.18.iso
sudo mount -o loop,ro VBoxGuestAdditions_6.1.18.iso /mnt
sudo sh /mnt/VBoxLinuxAdditions.run
sudo umount /mnt
rm VBoxGuestAdditions_6.1.18.iso

Final steps

Install aptdaemon

sudo apt install aptdaemon

aptdaemon allows to install packages in the background. This means in your template, you can use the cli too aptdcon to schedule the installation of packages:

yes | aptdcon --hide-terminal --install <packages>

Moreover, this will avoid errors like “Could not get lock /var/lib/dpkg/lock” and sibblings during deployment…

Disable cloud-init

sudo touch /etc/cloud/cloud-init.disabled

This will speedup the boot process!

Disable automatic updates

sudo nano /etc/apt/apt.conf.d/20auto-upgrades
APT::Periodic::Update-Package-Lists "0";
APT::Periodic::Download-Upgradeable-Packages "0";
APT::Periodic::AutocleanInterval "0";
APT::Periodic::Unattended-Upgrade "0";

Desktop

If you are creating an image with a desktop environment, you should also:

  • disable the screensaver
  • disable power management (like suspend computer when inactive)

Cleanup

To free some disk space, you can run:

sudo apt-get clean

Export

You can now shutdown and export the VM as a .ova.

Once done, you can import the ova in cyrange, and deploy your machines…

And Windows?

You can perfectly deploy windows machines on cyrange, but be aware that we currently don’t support guest configuration. Moreover, windows images are usually quite large, so you should clean and compress your windows vm before you export.

This blog post is licensed under CC BY-SA 4.0