1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
#+TITLE: Installing Hak5's Cloud C2 on Alpine Linux
#+DATE: 2020-09-06T19:08:56-04:00
#+DRAFT: true
#+DESCRIPTION:
#+TAGS[]: alpine linux hak5
#+KEYWORDS[]: alpine linux hak5
#+SLUG:
#+SUMMARY:
#+ATTR_HTML: :title Cloud C2 on Alpine Linux
#+ATTR_HTML: :alt Cloud C2 on Alpine Linux
[[file:cover.png]]
I recently purchased some products from [[https://hak5.org][Hak5]], some of which integrate
with their self-hosted service for monitoring your equipment called
the [[https://shop.hak5.org/products/c2][Cloud C2]]. I decided to run it on one of my servers which runs one
of my favourite Linux distributions, Alpine Linux.
You have the option to purchase the community edition for free from
their shop, after which you'll receive a product registration code via
email. This email will also contain a link to download the Cloud C2
software, which are distributed as (mostly) statically linked go
binaries for several platforms all bundled together in a zip folder.
One of the interesting thing I found was that despite my server being
64-bit x86, =c2_community-linux-64= wouldn't work on Alpine
Linux. It's dynamically linked to =/lib64/ld-linux-x86-64.so.2=, which
doesn't exist on musl libc machines. The =c2_community-linux-32=
binary is completely statically linked however, so it runs fine.
Their website provides a small tutorial for installing C2 on a
systemd-based system, unfortunately it doesn't help me since Alpine
uses the OpenRC init system.
It's possible to run cloudc2 in something like a =tmux= session, which
would work, except it provides no way to reliably restart the service
should it go down, and no way to integrate it with the rest of the
init system.
To remedy this I wrote an OpenRC script and config file, which I've
put on github [[https://github.com/dantecatalfamo/Hak5-CloudC2-OpenRC][here]]. I've decided to place the cloudc2 binary in
=/opt/cloudc2= because it's not controlled by the package manager,
with the logs at =/var/log/cloudc2.log=, and the database at
=/var/opt/cloudc2.db=.
The repository contains a [[https://github.com/dantecatalfamo/Hak5-CloudC2-OpenRC/blob/master/README.md][readme]] which goes over how to install the
files and configure your instance. Here's the gist:
- Download and extract the Cloud C2 zip file
- Create a new folder called =/opt/cloudc2=
- Copy =c2_community-linux-32= into =/opt/cloudc2=
- Copy =<repo>/init.d/cloudc2= into your system's =/etc/init.d/=
- Copy =<repo>/conf.d/cloudc2= into your system's =/etc/conf.d/=
- Edit =/etc/conf.d/cloudc2= and fill out the variables as desired
- NOTE: You must fill out =C2_HOSTNAME= or the service will fail to launch
- If you want to place Cloud C2 behind a reverse proxy, you'll have
to fill out the =C2_OPT= variable with the correct options
#+BEGIN_SRC shell
C2_OPTS="-reverseProxy -reverseProxyPort XXX"
#+END_SRC
Where =XXX= is the port that the reverse proxy will be serving on.
- Start the daemon using
#+BEGIN_SRC shell
rc-service cloudc2 start
#+END_SRC
- Enable it at boot
#+BEGIN_SRC shell
rc-update add cloudc2
#+END_SRC
- Check =/var/log/cloud2c.log= for your installation token (it may
take a minute for it to appear)
- Open the web UI and fill out the installation token from the
previous step, and your registration code from the email
- Done!
After that Cloud 2C should restart if it crashed, courtesy of
=supervise-daemon=, and launch at boot.
|
