bitscout

bitscout 接続先サーバの準備

bitscoutは、基本的に事前設定したVPNサーバに接続し、接続先サーバから操作を行います。
まずは、接続先となるサーバを用意しましょう。
OpenVPNの主要な設定は、bitscoutを作成する際、自動生成されるので、インストールするだけです。
多分

OpenVPNの導入

OpenVPNで利用する証明書は、Easy-rsaを使って作成するのが定番らしいから、これも同時にインストールします。

user01@ubuntu-sv:~$ sudo apt -y install openvpn easy-rsa
[sudo] user01 のパスワード: 

~~~~~~~~~~~~~~~~~

Created symlink /etc/systemd/system/sockets.target.wants/pcscd.socket → /lib/systemd/system/pcscd.socket.
ureadahead (0.100.0-20) のトリガを処理しています ...
systemd (237-3ubuntu10.3) のトリガを処理しています ...
user01@ubuntu-sv:~$

git関連

githubで公開されている bitscoutを入手するため、git の準備をします。

gitをインストール

user01@ubuntu1804:~$ sudo apt -y install git

user01@ubuntu1804:~$ dpkg -l git
要望=(U)不明/(I)インストール/(R)削除/(P)完全削除/(H)保持
| 状態=(N)無/(I)インストール済/(C)設定/(U)展開/(F)設定失敗/(H)半インストール/(W)トリガ待ち/(T)トリガ保留
|/ エラー?=(空欄)無/(R)要再インストール (状態,エラーの大文字=異常)
||/ 名前           バージョン   アーキテクチ 説明
+++-==============-============-============-=================================
ii  git            1:2.17.1-1ub amd64        fast, scalable, distributed revis
user01@ubuntu1804:~$

bitscout の clone

user01@ubuntu1804:~$ git clone https://github.com/vitaly-kamluk/bitscout.git bitscout
Cloning into 'bitscout'...
remote: Enumerating objects: 24, done.
remote: Counting objects: 100% (24/24), done.
remote: Compressing objects: 100% (18/18), done.
remote: Total 355 (delta 11), reused 15 (delta 6), pack-reused 331
Receiving objects: 100% (355/355), 530.06 KiB | 976.00 KiB/s, done.
Resolving deltas: 100% (163/163), done.
user01@ubuntu1804:~$

bitscout のセットアップ

automake.sh の実行

automake.sh を実行し、bitscoutの起動イメージファイルを作成します。

user01@ubuntu1804:~$ cd bitscout/
user01@ubuntu1804:~/bitscout$ ./automake.sh 

Welcome to bitscout builder!
Host OS info:
Linux ubuntu1804 4.15.0-47-generic #50-Ubuntu SMP Wed Mar 13 10:44:52 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
No LSB modules are available.
Distributor ID:    Ubuntu
Description:    Ubuntu 18.04.2 LTS
Release:    18.04
Codename:    bionic
Using git commit aeb21db4a4c9c004c9b357f5e2d14f087749b6c9
It seems that you are at fresh build environment.
We need to populate the config with some essential data.
Please answer the following questions or put your existing build config to config/bitscout-build.conf.
Proceed to interactive settings? [Y/n]: y
bitscout may be built to be compact or normal.
Please choose option number:
 1. compact - minimal size, less tools and drivers.
 2. normal - includes most common forensic tools, drivers, etc.
 3. maximal - includes maximum of forensic tools and frameworks.
  Your choice (1|2|3): 2
If you are going to deal with badly unmounted filesystems, software RAID or LVM, it is recommended to apply kernel write-blocker patch for extra care of the evidence. However, please note that it may take 3-4 hours to rebuild the kernel on a single core CPU.
Would you like to build and use kernel with write-blocker? [Y/n]: n
To use bitscout remotely you will need a VPN server.
Please enter your designated VPN server protocol (udp/tcp), host and port. You can change it later.
Examples:
 udp://127.0.0.1:2222
 tcp://myvpnserver:8080
Your input: udp://127.0.0.1:2222

You have an option to build this image in the following architecture
1. 64-bit architecture (amd64)
2. 32-bit architecture (i386)
Please make your choice [1 or 2]: 2
Saving configuration..
Configuration saved. Continue? [Y/n]: y
Updating submodules..
Submodule 'resources/apt-fast' (https://github.com/vitaly-kamluk/apt-fast) registered for path 'resources/apt-fast'
Submodule 'resources/kernel/writeblocker' (https://github.com/vitaly-kamluk/Linux-write-blocker) registered for path 'resources/kernel/writeblocker'
Cloning into '/home/user01/bitscout/resources/apt-fast'...
Cloning into '/home/user01/bitscout/resources/kernel/writeblocker'...
Submodule path 'resources/apt-fast': checked out '3a6bd771bdbbacb21527d593f9fb54909dc1a56f'
Submodule path 'resources/kernel/writeblocker': checked out 'a5dba61a0a5f22acab1ca4796eb57a26af1bf6e9'
Checking base requirements..
dpkg-query: no packages found matching debootstrap
debootstrap was not found your system. It is required to continue.
Please authorize installing debootstrap..
[sudo] password for user01: 

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

Reading package lists...
Building dependency tree...
Reading state information...
Suggested packages:
  ubuntu-archive-keyring
The following NEW packages will be installed:
  debootstrap
0 upgraded, 1 newly installed, 0 to remove and 4 not upgraded.
Need to get 35.7 kB of archives.
After this operation, 270 kB of additional disk space will be used.
Get:1 http://jp.archive.ubuntu.com/ubuntu bionic-updates/main amd64 debootstrap all 1.0.95ubuntu0.3 [35.7 kB]
Fetched 35.7 kB in 1s (50.4 kB/s)
                                 Selecting previously unselected package debootstrap.
(Reading database ... 164650 files and directories currently installed.)
Preparing to unpack .../debootstrap_1.0.95ubuntu0.3_all.deb ...
Unpacking debootstrap (1.0.95ubuntu0.3) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
Setting up debootstrap (1.0.95ubuntu0.3) ...
Downloading bionic:i386.. 
Building base root filesystem..
Fetching the list of essential packages..

~~~~~~

'./config/ssh/scout' -> 'exports/expert/etc/ssh/scout'
'./config/ssh/scout.pub' -> 'exports/expert/etc/ssh/scout.pub'
user01@ubuntu1804:~/bitscout$

利用方法

https://github.com/vitaly-kamluk/bitscout/wiki

Comments