tectonic-cyberrange


Nametectonic-cyberrange JSON
Version 1.0.1 PyPI version JSON
download
home_pagehttps://www.fing.edu.uy/inco/proyectos/tectonic
SummaryA Python package for the Tectonic Cyber Range project.
upload_time2024-12-18 01:56:38
maintainerNone
docs_urlNone
authorGSI-Fing-Udelar
requires_python<4.0,>=3.10
licenseGPL-3.0-or-later
keywords cyberrange tectonic ansible terraform aws cloud security automation
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage
            # Tectonic - An Academic Cyber Range
[![Regression Tests](https://github.com/GSI-Fing-Udelar/tectonic/actions/workflows/test.yml/badge.svg)](https://github.com/GSI-Fing-Udelar/tectonic/actions/workflows/test.yml)

## Overview
Tectonic is a cyber range designed to provide realistic cybersecurity
scenarios for education and training through the deployment of
networks, systems and applications that can be used to train users on
cybersecurity topics. Key functionalities include customizable network
configurations, real-time monitoring and automated attack simulations.

It incorporates existing tools from the infrastructure as code (IaC)
approach, which allows for the specification of all the components of
a cybersecurity scenario in a declarative manner. This specification
is made in a high-level language that can be interpreted and allows
for the automatic generation of scenarios on the laboratory underlying
platform. Declarative descriptions of the scenarios make them easily
versioned, maintained, and shared, facilitating collaboration with
other institutions and laboratories of this type.

The following figure illustrates various components of the cyber range
solution, the technologies used in the implementation, and the
different use cases carried out by student users and instructors. The
components are organized in five layers, each fulfilling a particular
function in the platform's operation.

<p align="center">
    <img src="https://raw.githubusercontent.com/GSI-Fing-Udelar/tectonic/refs/heads/main/docs/architecture.png" width="500">
</p>

The underlying infrastructure constitutes the real-world
infrastructure on which the systems and networks that form the basis
of a particular scenario are deployed. Currently deployments on the
AWS cloud or on-premises using Libvirt are supported, with more
planned.

To achieve the deployment of the infrastructure in an automated
manner, \textit{Infrastructrue as Code} (IaC) tools are used, such as
Packer, Terraform and Ansible. These tools manage the resources to be
deployed and the configurations to be applied to them. Ansible
playbooks, in particular, are extensively used for configuration.

A Python component orchestrates these tools and manages the life cycle
of the scenarios, including their deployment, elimination, powering
on, powering off, and listing information. The scenarios themselves
are described by a specification that allows users to declare various
aspects, such as the machines to be deployed, the networks used to
connect them, and the configurations to be applied to the machines,
among others.

## Installation Instructions
The following are the requirements to run Tectonic:

- SO: Linux or Mac OS
- Python and pip: version 3.10 or newer.
- IaC Tools: Terraform and Packer
- Base platforms: Libvirt or Docker
- AWS credentials and AWS CLI (for AWS deployment)


Please see the [detailed instructions](https://github.com/GSI-Fing-Udelar/tectonic/blob/main/docs/installation.md) for more
information.

### Tectonic python module

You can install this module using the following command (preferably inside a [virtual environment](https://packaging.python.org/en/latest/guides/installing-using-pip-and-virtual-environments/#create-and-use-virtual-environments)):

```bash
python3 -m pip install tectonic-cyberrange
```


## Tectonic Configuration File
Tectonic behavior can be configured using an ini file with a
`config` section. You can find an example configuration file with the
default values [here](https://github.com/GSI-Fing-Udelar/tectonic/blob/main/tectonic.ini). Please see the [ini
file documentation](https://github.com/GSI-Fing-Udelar/tectonic/blob/main/docs/ini_config.md) for details on the available
options.


## Lab Configuration
The lab configuration is divided in two: a **scenario specification**
that holds a static description of the lab that can be shared and
reused, and information specific to a particular **lab edition** that
defines things such as number of instances to deploy, public SSH keys
for the teachers, etc.

The scenario specification consists of the following resources:

* A scenario description file in YAML syntax (required).
* Ansible playbooks for *base image* installation and *after-clone*
  configurations, and optional files in the `ansible` directory.
* Elastic and Kibana policies and resources, in the `elastic`
  directory, if using elastic for evaluation.
* SSH public keys for admin access to the machines in the `ssh`
  directory.

The lab edition file 

Please check the [description documentation](https://github.com/GSI-Fing-Udelar/tectonic/blob/main/docs/description.md) for
more details. The [examples](https://github.com/GSI-Fing-Udelar/tectonic/blob/main/examples/) directory contains some
example scenarios.

## Running Tectonic

To deploy a scenario run:
```
tectonic -c <ini_conf_file> <lab_edition_file> deploy --images
```

To destroy a scenario use the `destroy` command. 

See `tectonic --help` for a full list of options, and `tectonic
<command> -h` for help on individual commands.

### Terraform state syncronization
Terraform states are stored locally by default. It is possible to
store them in a Gitlab repo (see `gitlab_backend_url` option in the
[ini file configuration](https://github.com/GSI-Fing-Udelar/tectonic/blob/main/docs/ini_config.md)). It is necessary to have
Maintainer privileges on this repo and a GitLab access token. There
are two types of access token: personal or project-based. If the
latter is used, it must be associated with the project where the
states are stored.

## Disclaimer About Platforms

Tectonic provides support for scenario deployments using Docker as the base platform. However, it is important to note that using Docker as base platform in production environments is not recommended since Tectonic deploys containers in privileged mode. This means that when a user has root access within a container, they can also gain root access to the host system, which can create significant security issues. Therefore, caution is crucial when using Docker as a base platform, especially in scenarios involving attacks. It is advisable to utilize Docker primarily for the generation and testing of new scenarios. For production environments, we recommend to utilize Libvirt or AWS as base platform, both of which are fully supported by Tectonic.

## Authors

Tectonic was created by [Grupo de Seguridad
Informática](https://www.fing.edu.uy/inco/grupos/gsi) of [Universidad
de la República Uruguay](https://udelar.edu.uy/).

Please contact us at <tectonic@fing.edu.uy>.

See more of our project at [Tectonic: An Academic Cyber Range](https://www.fing.edu.uy/inco/proyectos/tectonic).

## License

Tectonic is licensed under the GNU General Public License v3.0 or
later. See LICENSE to see the full text.

            

Raw data

            {
    "_id": null,
    "home_page": "https://www.fing.edu.uy/inco/proyectos/tectonic",
    "name": "tectonic-cyberrange",
    "maintainer": null,
    "docs_url": null,
    "requires_python": "<4.0,>=3.10",
    "maintainer_email": null,
    "keywords": "cyberrange, tectonic, ansible, terraform, aws, cloud, security, automation",
    "author": "GSI-Fing-Udelar",
    "author_email": null,
    "download_url": "https://files.pythonhosted.org/packages/04/6f/3a8eabfa69405b4f0d23f3e2b23bd0201e77b30c3fef7741b7e22fb870e1/tectonic_cyberrange-1.0.1.tar.gz",
    "platform": null,
    "description": "# Tectonic - An Academic Cyber Range\n[![Regression Tests](https://github.com/GSI-Fing-Udelar/tectonic/actions/workflows/test.yml/badge.svg)](https://github.com/GSI-Fing-Udelar/tectonic/actions/workflows/test.yml)\n\n## Overview\nTectonic is a cyber range designed to provide realistic cybersecurity\nscenarios for education and training through the deployment of\nnetworks, systems and applications that can be used to train users on\ncybersecurity topics. Key functionalities include customizable network\nconfigurations, real-time monitoring and automated attack simulations.\n\nIt incorporates existing tools from the infrastructure as code (IaC)\napproach, which allows for the specification of all the components of\na cybersecurity scenario in a declarative manner. This specification\nis made in a high-level language that can be interpreted and allows\nfor the automatic generation of scenarios on the laboratory underlying\nplatform. Declarative descriptions of the scenarios make them easily\nversioned, maintained, and shared, facilitating collaboration with\nother institutions and laboratories of this type.\n\nThe following figure illustrates various components of the cyber range\nsolution, the technologies used in the implementation, and the\ndifferent use cases carried out by student users and instructors. The\ncomponents are organized in five layers, each fulfilling a particular\nfunction in the platform's operation.\n\n<p align=\"center\">\n    <img src=\"https://raw.githubusercontent.com/GSI-Fing-Udelar/tectonic/refs/heads/main/docs/architecture.png\" width=\"500\">\n</p>\n\nThe underlying infrastructure constitutes the real-world\ninfrastructure on which the systems and networks that form the basis\nof a particular scenario are deployed. Currently deployments on the\nAWS cloud or on-premises using Libvirt are supported, with more\nplanned.\n\nTo achieve the deployment of the infrastructure in an automated\nmanner, \\textit{Infrastructrue as Code} (IaC) tools are used, such as\nPacker, Terraform and Ansible. These tools manage the resources to be\ndeployed and the configurations to be applied to them. Ansible\nplaybooks, in particular, are extensively used for configuration.\n\nA Python component orchestrates these tools and manages the life cycle\nof the scenarios, including their deployment, elimination, powering\non, powering off, and listing information. The scenarios themselves\nare described by a specification that allows users to declare various\naspects, such as the machines to be deployed, the networks used to\nconnect them, and the configurations to be applied to the machines,\namong others.\n\n## Installation Instructions\nThe following are the requirements to run Tectonic:\n\n- SO: Linux or Mac OS\n- Python and pip: version 3.10 or newer.\n- IaC Tools: Terraform and Packer\n- Base platforms: Libvirt or Docker\n- AWS credentials and AWS CLI (for AWS deployment)\n\n\nPlease see the [detailed instructions](https://github.com/GSI-Fing-Udelar/tectonic/blob/main/docs/installation.md) for more\ninformation.\n\n### Tectonic python module\n\nYou can install this module using the following command (preferably inside a [virtual environment](https://packaging.python.org/en/latest/guides/installing-using-pip-and-virtual-environments/#create-and-use-virtual-environments)):\n\n```bash\npython3 -m pip install tectonic-cyberrange\n```\n\n\n## Tectonic Configuration File\nTectonic behavior can be configured using an ini file with a\n`config` section. You can find an example configuration file with the\ndefault values [here](https://github.com/GSI-Fing-Udelar/tectonic/blob/main/tectonic.ini). Please see the [ini\nfile documentation](https://github.com/GSI-Fing-Udelar/tectonic/blob/main/docs/ini_config.md) for details on the available\noptions.\n\n\n## Lab Configuration\nThe lab configuration is divided in two: a **scenario specification**\nthat holds a static description of the lab that can be shared and\nreused, and information specific to a particular **lab edition** that\ndefines things such as number of instances to deploy, public SSH keys\nfor the teachers, etc.\n\nThe scenario specification consists of the following resources:\n\n* A scenario description file in YAML syntax (required).\n* Ansible playbooks for *base image* installation and *after-clone*\n  configurations, and optional files in the `ansible` directory.\n* Elastic and Kibana policies and resources, in the `elastic`\n  directory, if using elastic for evaluation.\n* SSH public keys for admin access to the machines in the `ssh`\n  directory.\n\nThe lab edition file \n\nPlease check the [description documentation](https://github.com/GSI-Fing-Udelar/tectonic/blob/main/docs/description.md) for\nmore details. The [examples](https://github.com/GSI-Fing-Udelar/tectonic/blob/main/examples/) directory contains some\nexample scenarios.\n\n## Running Tectonic\n\nTo deploy a scenario run:\n```\ntectonic -c <ini_conf_file> <lab_edition_file> deploy --images\n```\n\nTo destroy a scenario use the `destroy` command. \n\nSee `tectonic --help` for a full list of options, and `tectonic\n<command> -h` for help on individual commands.\n\n### Terraform state syncronization\nTerraform states are stored locally by default. It is possible to\nstore them in a Gitlab repo (see `gitlab_backend_url` option in the\n[ini file configuration](https://github.com/GSI-Fing-Udelar/tectonic/blob/main/docs/ini_config.md)). It is necessary to have\nMaintainer privileges on this repo and a GitLab access token. There\nare two types of access token: personal or project-based. If the\nlatter is used, it must be associated with the project where the\nstates are stored.\n\n## Disclaimer About Platforms\n\nTectonic provides support for scenario deployments using Docker as the base platform. However, it is important to note that using Docker as base platform in production environments is not recommended since Tectonic deploys containers in privileged mode. This means that when a user has root access within a container, they can also gain root access to the host system, which can create significant security issues. Therefore, caution is crucial when using Docker as a base platform, especially in scenarios involving attacks. It is advisable to utilize Docker primarily for the generation and testing of new scenarios. For production environments, we recommend to utilize Libvirt or AWS as base platform, both of which are fully supported by Tectonic.\n\n## Authors\n\nTectonic was created by [Grupo de Seguridad\nInform\u00e1tica](https://www.fing.edu.uy/inco/grupos/gsi) of [Universidad\nde la Rep\u00fablica Uruguay](https://udelar.edu.uy/).\n\nPlease contact us at <tectonic@fing.edu.uy>.\n\nSee more of our project at [Tectonic: An Academic Cyber Range](https://www.fing.edu.uy/inco/proyectos/tectonic).\n\n## License\n\nTectonic is licensed under the GNU General Public License v3.0 or\nlater. See LICENSE to see the full text.\n",
    "bugtrack_url": null,
    "license": "GPL-3.0-or-later",
    "summary": "A Python package for the Tectonic Cyber Range project.",
    "version": "1.0.1",
    "project_urls": {
        "Bug Tracker": "https://github.com/GSI-Fing-Udelar/tectonic/issues",
        "Documentation": "https://github.com/GSI-Fing-Udelar/tectonic/tree/main/docs",
        "Homepage": "https://www.fing.edu.uy/inco/proyectos/tectonic",
        "Repository": "https://github.com/GSI-Fing-Udelar/tectonic.git"
    },
    "split_keywords": [
        "cyberrange",
        " tectonic",
        " ansible",
        " terraform",
        " aws",
        " cloud",
        " security",
        " automation"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "8fb6dacd2ec1cef09883d0ff451809380883ce75b0ddb8ffd9ee7032dacdb6fc",
                "md5": "fcf86d574084471baf0e53010fadb7eb",
                "sha256": "cb2f833cbd5d24b0327748d50640e1f1f8e2d0afc00bb4320642a9a6e54192bc"
            },
            "downloads": -1,
            "filename": "tectonic_cyberrange-1.0.1-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "fcf86d574084471baf0e53010fadb7eb",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": "<4.0,>=3.10",
            "size": 170116,
            "upload_time": "2024-12-18T01:56:34",
            "upload_time_iso_8601": "2024-12-18T01:56:34.855243Z",
            "url": "https://files.pythonhosted.org/packages/8f/b6/dacd2ec1cef09883d0ff451809380883ce75b0ddb8ffd9ee7032dacdb6fc/tectonic_cyberrange-1.0.1-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "046f3a8eabfa69405b4f0d23f3e2b23bd0201e77b30c3fef7741b7e22fb870e1",
                "md5": "b1595d6361e879fefd72e2c962478305",
                "sha256": "ea24d9aa0a9d433181bf34219fa8a27d9b805f21b4d5e01c6e35051ba1735407"
            },
            "downloads": -1,
            "filename": "tectonic_cyberrange-1.0.1.tar.gz",
            "has_sig": false,
            "md5_digest": "b1595d6361e879fefd72e2c962478305",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": "<4.0,>=3.10",
            "size": 102096,
            "upload_time": "2024-12-18T01:56:38",
            "upload_time_iso_8601": "2024-12-18T01:56:38.048952Z",
            "url": "https://files.pythonhosted.org/packages/04/6f/3a8eabfa69405b4f0d23f3e2b23bd0201e77b30c3fef7741b7e22fb870e1/tectonic_cyberrange-1.0.1.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2024-12-18 01:56:38",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "GSI-Fing-Udelar",
    "github_project": "tectonic",
    "travis_ci": false,
    "coveralls": true,
    "github_actions": true,
    "lcname": "tectonic-cyberrange"
}
        
Elapsed time: 0.39428s