EMCL-Research-ITSecLab/heiST

# heiST ## 安装设置 要设置服务，请按照以下步骤操作： 1. 禁用 Proxmox VE 软件源以防止 apt update 输出错误 2. 将此仓库克隆到 `/root/` 3. `cd /root/heiST/setup/` 4. 编辑 `/root/heiST/setup/.env` 变量以适应 Proxmox 安装环境和所需值 5. 通过运行 `bash /root/heiST/setup/install_requirements.sh` 安装先决条件 6. 运行 `python3 /root/heiST/setup/setup.py` 执行设置 7. 等待设置完成，这可能需要一些时间（约 10 分钟） 8. 设置完成后，您可以通过 `http://localhost/` 或 `http:///` 访问服务 ## 示例 .env 文件 ``` PROXMOX_HOST='10.0.0.1' PROXMOX_USER='root@pam' PROXMOX_PASSWORD='admin123' PROXMOX_PORT='8006' BACKEND_PORT='8000' PROXMOX_INTERNAL_IP='10.0.3.4' PROXMOX_EXTERNAL_IP='10.0.3.4' PROXMOX_HOSTNAME='pve' PROXMOX_LVM_STORAGE='local-lvm' PROXMOX_SSH_KEYFILE='/root/.ssh/id_rsa' UBUNTU_BASE_SERVER_URL='ChangeMeToYourMirror' SSL_TLS_CERTS_DIR='/root/heiST/setup/certs' DNSMASQ_BACKEND_DIR='/etc/dnsmasq-backend' DATABASE_FILES_DIR='/root/heiST/database' DATABASE_NAME='heist' DATABASE_USER='postgres' DATABASE_PASSWORD='ChangeMe123!' DATABASE_PORT='5432' DATABASE_HOST='10.0.0.102' WEBSERVER_FILES_DIR='/root/heiST/webserver' WEBSERVER_USER='www-data' WEBSERVER_GROUP='www-data' WEBSERVER_ROOT='/var/www/html' WEBSERVER_HOST='10.0.0.101' WEBSERVER_HTTP_PORT='80' WEBSERVER_HTTPS_PORT='443' WEBSERVER_DATABASE_USER='api_user' WEBSERVER_DATABASE_PASSWORD='ChangeMe123!' BACKEND_FILES_DIR='/root/heiST/backend' BACKEND_LOGGING_DIR='/var/log/backend' OPENVPN_SUBNET='10.64.0.0/16' OPENVPN_SERVER_IP='10.64.0.1' BACKEND_NETWORK_SUBNET='10.0.0.1/24' BACKEND_NETWORK_ROUTER='10.0.0.1' BACKEND_NETWORK_DEVICE='backend' BACKEND_NETWORK_HOST_MIN='10.0.0.2' BACKEND_NETWORK_HOST_MAX='10.0.0.254' DATABASE_MAC_ADDRESS='0E:00:00:00:00:01' WEBSERVER_MAC_ADDRESS='0E:00:00:00:00:02' WEBSITE_ADMIN_USER='admin' WEBSITE_ADMIN_PASSWORD='ChangeMe123!' BACKEND_AUTHENTICATION_TOKEN='api-token' CHALLENGES_ROOT_SUBNET='10.128.0.0' CHALLENGES_ROOT_SUBNET_MASK='255.128.0.0' MONITORING_VPN_INTERFACE='ctf_monitoring' MONITORING_DMZ_INTERFACE='dmz_monitoring' MONITORING_VM_MAC_ADDRESS='0E:00:00:00:00:03' MONITORING_HOST='10.0.0.103' MONITORING_VM_USER='ubuntu' MONITORING_VM_PASSWORD='ChangeMe123!' BANNER_SERVER_PORT='80' MONITORING_VM_ID='9000' MONITORING_VM_NAME='monitoring-vm' MONITORING_VM_MEMORY='10240' MONITORING_VM_CORES='2' MONITORING_VM_DISK='32G' MONITORING_FILES_DIR='/root/heiST/monitoring' GRAFANA_PORT='3000' GRAFANA_USER='admin' GRAFANA_PASSWORD='ChangeMe123!' GRAFANA_FILES_SETUP_DIR='/root/heiST/monitoring/grafana' GRAFANA_FILES_DIR='/etc/grafana' PROMETHEUS_PORT='9090' POSTGRES_EXPORTER_PORT='9187' POSTGRES_EXPORTER_PASSWORD='ChangeMe123!' PROXMOX_EXPORTER_PORT='9221' MONITORING_VM_EXPORTER_PORT='9100' DATABASE_VM_EXPORTER_PORT='9100' WEBSERVER_VM_EXPORTER_PORT='9100' WEBSERVER_APACHE_EXPORTER_PORT='9117' PROXMOX_EXPORTER_TOKEN_NAME='pve_exporter_token' PVE_EXPORTER_DIR='/etc/pve-exporter' PROXMOX_NODE_EXPORTER_PORT='9101' WAZUH_MANAGER_PORT='9200' WAZUH_API_USER='wazuh-wui' WAZUH_API_PASSWORD='ChangeMe123!' WAZUH_DASHBOARD_USER='kibanaserver' WAZUH_DASHBOARD_PASSWORD='ChangeMe123!' WAZUH_INDEXER_USER='admin' WAZUH_INDEXER_PASSWORD='ChangeMe123!' WAZUH_ENROLLMENT_PASSWORD='ChangeMe123!' WAZUH_API_PORT='55000' WAZUH_NETWORK_DEVICE='vrtmon' WAZUH_NETWORK_DEVICE_IPV6='fd12:3456:789a:1::1' WAZUH_NETWORK_DEVICE_CIDR='64' WAZUH_NETWORK_SUBNET='fd12:3456:789a:1::/64' WAZUH_MANAGER_IPV6='fd12:3456:789a:1::101/64' WAZUH_FILE_DIR='/root/heiST/monitoring/wazuh' WAZUH_REGISTRATION_PORT='1515' WAZUH_COMMUNICATION_PORT='1514' CLICKHOUSE_HTTPS_PORT='8443' CLICKHOUSE_NATIVE_PORT='9440' CLICKHOUSE_USER='default' CLICKHOUSE_PASSWORD='ChangeMe123!' CLICKHOUSE_SQL_DIR='/root/heiST/monitoring/clickhouse/sql' MONITORING_DNS='clickhouse.local' VECTOR_FILES_DIR='/root/heiST/monitoring/vector' VECTOR_DIR='/etc/vector' SURICATA_LOG_DIR='/var/log/suricata' SURICATA_FILES_DIR='/etc/suricata' SURICATA_RULES_DIR='/var/lib/suricata/rules' ZEEK_SITE_DIR='/opt/zeek/share/zeek/site' CLOUD_INIT_NETWORK_DEVICE='vmbr-cloud' CLOUD_INIT_NETWORK_DEVICE_IP='10.32.0.1' CLOUD_INIT_NETWORK_DEVICE_CIDR='20' CLOUD_INIT_NETWORK_SUBNET='10.32.0.0/20' ROTATE_DAYS='90' LOGROTATE_CONFIG_DIR='/etc/logrotate.d' PCAP_ROTATION_INTERVAL='*/15' IPTABLES_FILE='/etc/iptables-backend/iptables.sh' ```

标签：CTF平台, DNSMASQ, DNS解析, Docker, .env, HTTPS, KVM, MAC地址, NIDS, OpenVPN, PostgreSQL, Proxmox VE, Python, SSL证书, Web服务, 后端开发, 夺旗赛, 子网划分, 安全学习, 安全竞赛, 安全防御评估, 容器化, 应用安全, 开源项目, 挑战平台, 数据库, 无后门, 漏洞演练, 特权提升, 环境配置, 网络安全, 网络配置, 自动化部署, 虚拟化, 请求拦截, 逆向工具, 部署脚本, 隐私保护