attack_range icon indicating copy to clipboard operation
attack_range copied to clipboard
verified publisher icon splunk

Error on attack_range.py build

Open wild0104 opened this issue 7 months ago • 1 comments

Just pulled the latest image earlier today, when trying to run an attack range build I get this:

Error: Reference to undeclared input variable │ │ on modules/windows/resources.tf line 108, in resource "azurerm_virtual_machine" "windows": │ 108: "caldera_server": ${jsonencode(var.caldera_server)}, │ │ An input variable with the name "caldera_server" has not been declared. This variable can be declared with a variable "caldera_server" {} block.

This is my attack_range.yml file: general: cloud_provider: azure attack_range_password: key_name: root-46081 ip_whitelist: attack_range_name: VR-AttackRange azure: subscription_id: private_key_path: /attack_range/root-46081.key public_key_path: /attack_range/root-46081.pub location: North Central US windows_servers:

  • hostname: ar-win-dc windows_image: windows-server-2022 create_domain: '1' install_red_team_tools: '1' bad_blood: '1' linux_servers:
  • hostname: ar-linux

wild0104 avatar May 30 '25 23:05 wild0104

This should be fixed. Can you try it again with the latest develop branch?

P4T12ICK avatar Jun 16 '25 07:06 P4T12ICK

The error still persists with the latest update.

rew822 avatar Jun 17 '25 15:06 rew822

@P4T12ICK - I still get the same error, should the variable caldera_server be defined in /terraform/azure/modules/windows/variable.tf instead of where you added it to terraform/azure/variable.tf?

wild0104 avatar Jun 17 '25 18:06 wild0104

I have added variable "caldera_server" { } to /terraform/azure/modules/windows/variable.tf and now got this error. But no idea what I'm doing never worked with terraform.

│ Error: Missing required argument │ │ on ressources.tf line 34, in module "windows-server": │ 34: module "windows-server" { │ │ The argument "caldera_server" is required, but no definition was found.

When I removed line 105 of /terraform/azure/modules/windows/resources.tf "caldera_server": ${jsonencode(var.caldera_server)}, the deployment went further but did not deploy all my VMs (I think some other error).

I switched to AWS and saw that a lot more stuff is available (like caldera, nginx, snort and zeek), it should be in the manual that the full stack is only available with AWS. Also it was a lot quicker and worker directy on the first try.

I think it was no intended to have caldera in Azure at the moment because there is no module in https://github.com/splunk/attack_range/tree/develop/terraform/azure/modules.

rew822 avatar Jun 17 '25 18:06 rew822

@rew822 - interesting observation, thanks for the insight. Guess I might just have to wait till they get the Azure stuff all sorted. Disappointing since they removed the ability to deploy on-prem and only support public cloud providers which is why our security team was asking to get this spun up in Azure.

wild0104 avatar Jun 17 '25 18:06 wild0104

I will take a look into this issue.

As this is an open source project, it's hard to always keep all features on all cloud platforms. The on-prem option is Ludus Attack Range. https://docs.ludus.cloud/docs/environment-guides/splunk-attack-range/

P4T12ICK avatar Jul 14 '25 08:07 P4T12ICK