Unattended or Automated Setup


#1

Hi, all.

I’m experimenting with MIAB for use in a capture the flag (CTF) event I’m putting together. It will be installed in AWS, and I’m using Terraform and Ansible to provision everything. What I’m trying to figure out is if there is a way to have the MIAB setup run completely headless. There are references in the documentation that make me thing it’s doable, but I haven’t been able to figure out a way to do that.

There are a few things I can modify in questions.sh and start.sh, but it doesn’t get me to where I want to go. I’d like to automate the setup for a few different users and passwords.

Any ideas?

Where this is all for a CTF, the environment will regularly be shut down and brought up to in its original state, so I’m not concerned about sending/receiving outside of the CTF environment. Actually, I’m working towards import canned emails (that will be my next question :slight_smile:) as hints for the CTF will be in certain emails, so I need to make sure that the mailbox contents are static.

Thanks in advance.


#2

Here’s what I ended up doing, should anyone else need to do something similar. Please keep in mind that I’m doing this for a CTF, so I have a closed environment and I’m not looking to use the full functionality. My primary goal is to stand up MIAB and create the administrative user and mailbox.

The following files were modified, stored in an S3 bucket, then copied to the MIAB instance created by Ansible:

setup/questions.sh - This was the main file that I modified as it passes values to start.sh. I removed all input and message boxes and set the EMAIL_ADDR and PRIMARY_HOSTNAME to the values I knew I wanted.

setup/start.sh - The two things that I changed here were to explicitly set the hostname and set the external IP to be the same as the internal IP. I don’t want this thing talking to the Internet. This means it throws DNS errors, but in my use case, I don’t care.

setup/system.sh - I removed the function to set the time zone as I already set this in the Ansible script. Despite the fact that Ansible sets this for the instance, the MIAB will still open an input box on the first setup. This, of course, prevents a silent install from running, so that’s why this port of the script has been removed.

tools/firstuser.sh - Here is where I set the EMAIL_PW to the password I want for my first user. Note that this is done just before the section where the first user is created. For non-interactive installs, the script sets this value, so I set it again after that part of the script just to be on the safe side.

Once Ansible copies all of these updated versions from the S3 bucket to their appropriate locations on the MIAB instance, Ansible then runs the updates setup/start.sh script and it works swimmingly.

The next step in Ansible is to then run tools/mail.py to create a regular user. Right now, I only want one user, so this is pretty straightforward. If I get to the point where I want to add more, there are ways to loop in Ansible, but I’ll cross that bridge when I get to it.

I hope this will be of use.


#3

In theory you could just build a VM, install MIAB, and then image it. Deploy this image to X servers and then re-run the setup as needed. (It wont need to download, just re-init the default email and server name.)

Good work with this though! Specific situations will require different approaches! :+1:


#4

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.