Merge pull request #1007 from splunk/ar_local_improvements_2

Splunk SOAR local bug fix

Author: P4T12ICK

configs/attack_range_default.yml

@@ -173,8 +173,8 @@ phantom_server:
 
   phantom_app: "splunk_soar-unpriv-6.3.1.178-d86bf7c2-el7-x86_64.tgz"
   # name of the Splunk SOAR package located in apps folder. 
-  # aws: Make sure you use the RHEL 8 version which contains ....el8... in the file name
-  # azure, local: Make sure you use the RHEL 7 version which contains ....el7... in the file name
+  # aws, local: Make sure you use the RHEL 8 version which contains ....el8... in the file name
+  # azure: Make sure you use the RHEL 7 version which contains ....el7... in the file name
 
   phantom_byo: "0"
   # Enable/Disable Bring your own Phantom

terraform/ansible/roles/phantom/tasks/install_phantom_local.yml

@@ -1,4 +1,5 @@
 ---
+
 - name: Change mirror to vault.centos.org
   shell: sed -i s/mirror.centos.org/vault.centos.org/g /etc/yum.repos.d/*.repo
   become: yes
@@ -12,40 +13,85 @@
   become: yes
 
 - name: Update all packages
+  become: yes
   yum:
     name: "*"
     state: latest
     update_cache: yes
-  become: yes
 
-- name: Creates directory
-  file:
-    path: /opt/soar
-    state: directory
+# - name: Enable PowerTools repository
+#   become: yes
+#   command: dnf config-manager --set-enabled powertools
+#   ignore_errors: yes  # Some systems might call it 'CodeReady'
+
+# - name: Enable CodeReady Builder repository (alternative to PowerTools)
+#   become: yes
+#   command: dnf config-manager --set-enabled codeready-builder-for-rhel-8-x86_64-rpms
+#   ignore_errors: yes
+
+# - name: Install EPEL repository
+#   become: yes
+#   yum:
+#     name: epel-release
+#     state: present
+#     disable_gpg_check: yes
+
+# - name: Clean yum cache
+#   become: yes
+#   command: yum clean all
+
+# - name: Make yum cache
+#   become: yes
+#   command: yum makecache
+
+# - name: Install required dependencies
+#   become: yes
+#   yum:
+#     name:
+#       - fontconfig
+#       - libicu
+#       - libxslt
+#       - mailcap
+#       - xmlsec1
+#       - xmlsec1-openssl
+#       - zip
+#       - jq
+#     state: present
+#     update_cache: yes
 
 - name: Copy Splunk SOAR to server
+  become: yes
+  become_user: vagrant
   unarchive:
     src: "../../apps/{{ phantom_server.phantom_app }}"
     dest: /home/vagrant
+
+- name: Creates directory
   become: yes
-  become_user: vagrant
+  become_user: root
+  file:
+    path: /opt/soar
+    state: directory
+    owner: vagrant
+    group: vagrant
 
 - name: prepare phantom install script without apps
-  shell: /home/vagrant/splunk-soar/soar-prepare-system --splunk-soar-home /opt/soar --no-prompt
   become: yes
-  environment:
-    http_proxy: ""
-    https_proxy: ""
+  command: /home/vagrant/splunk-soar/soar-prepare-system --splunk-soar-home /opt/soar --no-prompt 
 
 - name: copy splunk soar folder
-  shell: cp -r /home/vagrant/splunk-soar /home/phantom/splunk-soar
+  become: yes
+  become_user: root
+  command: cp -r /home/vagrant/splunk-soar /home/phantom/splunk-soar
 
 - name: chown splunk soar folder
-  shell: chown -R phantom. /home/phantom/splunk-soar
+  become: yes
+  become_user: root
+  command: chown -R phantom:phantom /home/phantom/splunk-soar
 
-- name: run the phantom install script
+- name: run the phantom install script 
   become: yes
   become_user: phantom
-  shell: ./soar-install --splunk-soar-home /opt/soar --no-prompt --ignore-warnings
+  command: ./soar-install --splunk-soar-home /opt/soar --no-prompt --ignore-warnings
   args:
-    chdir: /home/phantom/splunk-soar
+    chdir: /home/phantom/splunk-soar

vagrant/phantom_server/Vagrantfile

@@ -3,7 +3,7 @@ require 'fileutils'
 
 config.vm.define "ar-phantom-{{ config.general.key_name }}-{{ config.general.attack_range_name }}" do |config|
     VM_NAME_P= "ar-phantom"
-    config.vm.box = "bento/centos-7"
+    config.vm.box = "bento/centos-8"
     config.vm.hostname = "#{VM_NAME_P}"
     config.vm.boot_timeout = 600
     config.vm.network "forwarded_port", guest: 443, host: 8443, protocol: "tcp"