1 files changed, 56 insertions, 11 deletions

diff --git a/content/posts/alpine-hak5-cloudc2/index.org b/content/posts/alpine-hak5-cloudc2/index.org
index f59baf2..b0bddd6 100644
--- a/content/posts/alpine-hak5-cloudc2/index.org
+++ b/content/posts/alpine-hak5-cloudc2/index.org
@@ -9,22 +9,67 @@
 
 I recently purchased some products from [[https://hak5.org][Hak5]], some of which integrate
 with their self-hosted service for monitoring your equipment called
-the [[https://shop.hak5.org/products/c2][Cloud C2]]. The binaries for it are distributed as (mostly)
-statically linked go binaries for several platforms all bundled
-together in a zip folder. I decided to run it on one of my servers
-which runs one of my favourite Linux distributions, Alpine Linux.
-
-Their website provides a small tutorial for installing C2 on a
-systemd-based system, unfortunately it doesn't help me since Alpine
-uses the OpenRC init system.
+the [[https://shop.hak5.org/products/c2][Cloud C2]]. I decided to run it on one of my servers which runs one
+of my favourite Linux distributions, Alpine Linux.
 
 You have the option to purchase the community edition for free from
 their shop, after which you'll receive a product registration code via
-email. This email will also contain a link to the aforementioned zip
-file containing the binaries.
+email. This email will also contain a link to download the Cloud C2
+software, which are distributed as (mostly) statically linked go
+binaries for several platforms all bundled together in a zip folder.
 
 One of the interesting thing I found was that despite my server being
 64-bit x86, =c2_community-linux-64= wouldn't work on Alpine
 Linux. It's dynamically linked to =/lib64/ld-linux-x86-64.so.2=, which
 doesn't exist on musl libc machines. The =c2_community-linux-32=
-binary is completely statically linked however.
+binary is completely statically linked however, so it runs fine.
+
+Their website provides a small tutorial for installing C2 on a
+systemd-based system, unfortunately it doesn't help me since Alpine
+uses the OpenRC init system.
+
+It's possible to run cloudc2 in something like a =tmux= session, which
+would work, except it provides no way to reliably restart the service
+should it go down, and no way to integrate it with the rest of the
+init system.
+
+To remedy this I wrote an OpenRC script and config file, which I've
+put on github [[https://github.com/dantecatalfamo/Hak5-CloudC2-OpenRC][here]]. I've decided to place the cloudc2 binary in
+=/opt/cloudc2= because it's not controlled by the package manager,
+with the logs at =/var/log/cloudc2.log=, and the database at
+=/var/opt/cloudc2.db=.
+
+The repository contains a [[https://github.com/dantecatalfamo/Hak5-CloudC2-OpenRC/blob/master/README.md][readme]] which goes over how to install the
+files and configure your instance. Here's the gist:
+
+- Download and extract the Cloud C2 zip file
+- Create a new folder called =/opt/cloudc2=
+- Copy =c2_community-linux-32= into =/opt/cloudc2=
+- Copy =<repo>/init.d/cloudc2= into your system's =/etc/init.d/=
+- Copy =<repo>/conf.d/cloudc2= into your system's =/etc/conf.d/=
+- Edit =/etc/conf.d/cloudc2= and fill out the variables as desired
+  - NOTE: You must fill out =C2_HOSTNAME= or the service will fail to launch
+  - If you want to place Cloud C2 behind a reverse proxy, you'll have
+    to fill out the =C2_OPT= variable with the correct options
+
+    #+BEGIN_SRC shell
+    C2_OPTS="-reverseProxy -reverseProxyPort XXX"
+    #+END_SRC
+
+    Where =XXX= is the port that the reverse proxy will be serving on.
+- Start the daemon using
+  #+BEGIN_SRC shell
+  rc-service cloudc2 start
+  #+END_SRC
+- Enable it at boot
+  #+BEGIN_SRC shell
+  rc-update add cloudc2
+  #+END_SRC
+- Check =/var/log/cloud2c.log= for your installation token (it may
+  take a minute for it to appear)
+- Open the web UI and fill out the installation token from the
+  previous step, and your registration code from the email
+- Done!
+
+After that Cloud 2C should restart if it crashed, courtesy of
+=supervise-daemon=, and launch at boot.