Clarify VMWare Server setup procedure

I succeeded at getting Agent and Manager installed, but now I need the Configuration section of the UserGuide updated. I just included this list to help point out the areas I think are probably most needing in clarification based on my attempted configuration.

Step 3 didn't seem relevant to the .92 code.

In general the instructions are confusing because it doesn't tell you where you should be starting out. I.e. should I be editing the Manager.pm in /usr/lib/perl/site_perl/5.8.8/HoneyClient/ or the one in my ~/Desktop/HoneyClient-Manager-0.9.2? I assume the former here. But then when it says to edit the etc/honeyclient.xml is it in the latter dir? Because all stuff in this section is given as relative path names but doesn't state where they should start from (I know that's probably partially because you don't want to assume a location that they've downloaded them to, but it would probably just be better to tell where they should be put for now and then the paths are explicit)

In step 5, the line numbers of course need updating, but the line 10 change doesn't seem to be relevant anymore.

In step 7, I'm not entirely sure what I'm supposed to replace <enter DNS domain here> with…is it supposed to be a DNS hostname? If so, of what? Can the default "localdomain" not be used?

In step 9 you make reference to ~/honeyclient/sandbox but we never make mention of how ~honeyclient is created. Is it supposed to be made by a make install or was I supposed to make it and then copy stuff out of the HoneyClient-Agent-0.9.2/ folder myself? (I seem to remember having to make it and then dumping the contents in via svn, but since I am not doing an svn install, what is the correct proceedure?)

I didn't actually get past step 7 tho

Replying to xkovah:

I didn't actually get past step 7 tho

Are you talking about Installation step 7 or Configuration step 7?

Most of the other comments make sense. We'll try to include some sort of notice at the top of this page, letting readers know that this page is a work-in-progress.

After the install is completed, the Manager emits an error complaining that the directory /vm/snapshots does not exists. We should document the creation of this directory or make sure it gets created during install.

Replying to Brad Stephenson:

After the install is completed, the Manager emits an error complaining that the directory /vm/snapshots does not exists. We should document the creation of this directory or make sure it gets created during install.

Understood. Will be updating documentation shortly.

After the install is completed, the Manager emits an error complaining that the directory /vm/snapshots does not exists. We should document the creation of this directory or make sure it gets created during install.

here are some of my suggested revisions for the .tar.gz install

'''!HoneyClient Configuration:'''[[BR]]
1. If you have installed from the .tar.gz file:[[BR]]

  Create a directory "honeyclient" in C:\cygwin\home\Administrator\[[BR]]

  Copy the "bin" directory from the expanded !HoneyClient-Agent-<version> directory into "C:\cygwin\home\Administrator\honeyclient\". [[BR]]

  Copy the "etc" directory from the expanded !HoneyClient-Agent-<version> directory into "C:\cygwin\home\Administrator\honeyclient\". 

If you have installed from svn: ?

2. On the Agent side (in your Windows XP VM), make sure you download and install [http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx TweakUI]. Now run TweakUI, and expand the "Logon" item in the left side tree. Select "Autologon" and click the "Log on automatically at system startup" checkbox, set the Username to Administrator, and then hit the "Set Password" button and enter the Administrator password twice and hit OK. You can now press "Apply" and "OK" to exit TweakUI.

3. Go to the Windows Control Panels, and open "Scheduled Tasks". Open "Add Scheduled Task". Press "Next", and then "Browse" and select the Cygwin shell program (C:\cygwin\cygwin.bat) and then press "Next". From this screen you should select the frequency with which the event occurs. Select "When I log on" and press "Next". If you are logged in as Administrator as you should be, you can leave the "user name" field as default, and then enter the password twice and press "Next" and then "Finish".

4. Create the following shell script and name it C:\cygwin\home\Administrator\run.sh

{{{
#!/bin/bash
echo "Starting up Agent - (Hit CTRL-C multiple times to exit.)"
while true ; do
   sleep 5 && \
   cd ~/honeyclient/ && \
   perl bin/StartAgent.pl
done
}}}

Then execute the command "chmod u+x run.sh".

5. Modify your .bashrc file to add './run.sh' so that your Cygwin environment will execute run.sh when invoked.

6. Make sure you disable Windows Update. You can do this by going to 'Start', 'Settings', 'Control Panel'. Select 'Automatic Updates', and click on 'Turn off Automatic Updates'. If you do not do this, the !HoneyClient integrity checks will result in false positives


== Host System Configuration ==

0. Set up honeyclient/bin and /etc to some fixed location or just run from the HoneyClient-Manager-<version> dir (as far as I can tell (based on it's output and a full HD search), make install on !HoneyClient-Manager doesn't install those anywhere).

1. If your network configurations are different than what we used, you will need to edit etc/honeyclient.xml file to reflect your network information.

2. Make sure etc/honeyclient.xml is modified to reflect valid DNS servers

3. Edit the bin/StartManager.pl code in HoneyClient-Manager-<version> with the following changes:

{{{
Line 23: Make sure that the 'driver' key is set to 'IE' or 'FF'
Line 24: Set the 'master_vm_config' key to the absolute path of the master VM configuration file (e.g., /vm/your_agentvm_name/your_agentvm_name.vmx or /vm/your_agentvm_name/your_agentvm_name.cfg) 
}}}

5. Check and make sure the permission settings for /var/log/messages is 644, if your syslog messages are being written to this file. If not, you will need to edit etc/honeyclient.xml to reflect where your syslog messages are being written to.

6. You will need to modify yout /etc/vmware/vmnet1/dhcpd/dhcpd.conf file, and update the following configuration block:

{{{
  subnet 10.0.0.0 netmask 255.255.255.0 {
      range 10.0.0.128 10.0.0.253;
      option broadcast-address 10.0.0.255;
      option domain-name-servers 192.168.0.2;
      option domain-name "<enter DNS domain here>";
      option routers 10.0.0.254;
  }
}}}

If your domain name server has no hostname, you may put anything in for the <enter DNS domain here>.

(troubleshooting: make sure you say that the master should not be in the inventory when you start StartManager.pl, that seems to cause my console to crash (since I think the StartManager tries to register the master vm first thing without checking if it's already registered))

The UserGuide has been updated to resolve these issues. Please let me know if there are any other issues that have not been addressed in the documentation.

where is /vm/master-vms/Agent.Master-23/winXPPro.cfg ? or template file.cfg ?

Replying to anonymous:

where is /vm/master-vms/Agent.Master-23/winXPPro.cfg ? or template file.cfg ?

Check out this section of the UserGuide: http://www.honeyclient.org/trac/wiki/UserGuide#ConfigureHoneyClient::Manager

Specifically, this .cfg file is something that you provide, when you create a new Honeyclient "master" VM. If you're unsure how to do this, see this section: http://www.honeyclient.org/trac/wiki/UserGuide#HoneyclientVM

We can't provide a pre-loaded master VM, since the VM must have Windows XP installed on it, which is not free software. That is why we provide instructions on how you can create your own master VM.

Hope this helps,

— Darien