定制版裸机安装EVE-NG

定制版裸机安装EVE-NG

1、安装前准备

1
2
3
4
5
6
7
8
9
10
11
12
13
1、裸机一台,建议组“洋垃圾”,内存64g以上,CPU 16线程以上,500g以上固态盘
2、U盘:8G以上
3、准备一个引导系统的windows系统
4、Rufus软件(ubuntu启动盘制作工具,百度下载)
5、准备ubuntu16.04.7的安装镜像
6、eve—ng材料包
7、良好的internet环境
8、定制linux镜像(包含ubuntu、SUSE,centos-stream)
9、EVE-NG官方文档

材料包链接:
链接:https://pan.baidu.com/s/14QbWkX8C7-iy-NwbVzUNRg 
提取码:dos6

2、制作U盘启动盘

使用Rufus软件制作一个ubuntu16的启动盘

3、安装ubuntu16操作系统

安装ubuntu16操作系统为EVE-NG的底层系统,参考 官方文档的3.3章节

4、修改ubuntu系统配置

1、修改SSH-Server配置

1
2
3
4
5
6
7
8
9
10
先使用普通用户登录
#切换到root用户
sudo -i 
#设置root密码为1
echo 1 | passwd --stdin root 
#修改配置文件,允许root远程登录
vim /etc/ssh/sshd_config
PermitRootLogin yes
#重启sshd服务
systemctl restart sshd

2、修改主机名和解析文件

1
2
3
4
5
6
7
8
9
10
#ip根据自己的ip来改
root@eve-ng:~# cat /etc/hosts
127.0.0.1	localhost
192.168.31.54 eve-ng.eve-ng.net eve-ng
# The following lines are desirable for IPv6 capable hosts
127.0.0.127 xml.cisco.com

#修改主机名
root@eve-ng:~# cat /etc/hostname 
eve-ng

3、取消ubuntu系统网卡命名规则

1
root@eve-ng:~# vim /etc/default/grub

image-20210813120720763

1
root@eve-ng:~# update-grub

4、修改网卡配置文件

由于重启之后网卡的名字会发生变化,所以我们要在重启之前修改网卡配置文件,以免重启之后,网卡配置文件错误而导致断网。

1
2
3
4
5
root@eve-ng:~# cat /etc/network/interfaces
auto eth0
iface eth0 inet dhcp

#重启系统

5、EVE-NG的安装

1、先更新ubuntu系统

1
2
3
4
5
#将ubuntu的软件仓库更改为163的
sed -i 's/cn.archive.ubuntu.com/mirrors.163.com/' /etc/apt/sources.list
sed -i 's/security.ubuntu.com/mirrors.163.com/' /etc/apt/sources.list
apt update
apt upgrade

2、把材料包拷贝到ubuntu上

1
2
3
4
5
root@eve-ng:~# ls | grep eve-ng裸机材料.zip 
eve-ng裸机材料.zip

root@eve-ng:~# apt install unzip 
root@eve-ng:~# unzip eve-ng裸机材料.zip

3、使用官方脚本安装eve-ng

1
2
3
4
chmod u+x install-eve.sh
./install-eve.sh
#WARNING: neither Intel VT-x or AMD-V found
#出现这个错误为cpu虚拟化未开

接下来就是长久的等待了,安装下载的文件基本都在国外,一般1个多小时,可以配置科学上网来提升网速,具体请百度。

安装过程中别重启,Ctrl+c!!!!别!!!别!!!

等安装完成后重启机器

4、eve-ng的初始化配置

当重启结束后,ssh连接到机器会出现eve-ng的初始化配置界面

image-20210813122842629

image-20210813122900691

image-20210813122932352

image-20210813122947612

image-20210813123004078

image-20210813123018734

image-20210813123107698

image-20210813123123771

image-20210813123220011

image-20210813123232253

后面就是一路回车,结束之后,eve-ng会自动重启,重启之后在web浏览器上输入eve-ng的IP地址就可以登陆到eve-ng 的web界面了。

默认的eve-ng的用户名是admin,密码是eve

image-20210813123448222

6、EVE-NG定制内容

1、图标定制

1
2
3
4
#针对的cpu类型是intel
root@eve-ng:~# mv *png /opt/unetlab/html/images/icons/
Switch.png Server.png Router.png Desktop4.png
#加了4个图标,交换机、路由器、PC、服务器

2、取消不可用模板

1
2
#当某个设备没有镜像的时候,就不显示模板
root@eve-ng:~# mv config.php /opt/unetlab/html/include

image-20210813124000563

3、模板定制

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
root@eve-ng:~# mv custom_templates.yml /opt/unetlab/html/includes/
root@eve-ng:~# cat  /opt/unetlab/html/includes/custom_templates.yml
---
custom_templates:
  - name: h3cvsr
    listname: H3CVSR
  - name: centos
    listname: CentOS
  - name: ubuntu
    listname: Ubuntu
  - name: suse
    listname: Suse
  - name: fedora
    listname: Fedora
  - name: rhel
    listname: RHEL
...

#将模板文件拷贝到指定位置
root@eve-ng:~#mv h3cvsr.yml win.yml suse.yml ubuntu.yml centos.yml /opt/unetlab/html/templates/intel

4、dhcp hub定制

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
#eve-ng安装之后会有10个pnet网卡
root@eve-ng:~# ip link show 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master pnet0 state UP mode DEFAULT group default qlen 1000
    link/ether 00:e0:9a:68:00:94 brd ff:ff:ff:ff:ff:ff
3: pnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 00:e0:9a:68:00:94 brd ff:ff:ff:ff:ff:ff
4: pnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether ae:c1:9e:e2:d8:49 brd ff:ff:ff:ff:ff:ff
5: pnet2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether 1a:da:24:6d:5a:ac brd ff:ff:ff:ff:ff:ff
6: pnet3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether b6:a2:23:14:3b:7f brd ff:ff:ff:ff:ff:ff
7: pnet4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether fa:16:1d:6b:22:92 brd ff:ff:ff:ff:ff:ff
8: pnet5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether 4a:be:2f:38:0c:d1 brd ff:ff:ff:ff:ff:ff
9: pnet6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether 9a:99:4c:bf:9c:82 brd ff:ff:ff:ff:ff:ff
10: pnet7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether be:30:8a:29:97:da brd ff:ff:ff:ff:ff:ff
11: pnet8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether d6:50:cf:90:58:3d brd ff:ff:ff:ff:ff:ff
12: pnet9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether ea:51:67:30:80:52 brd ff:ff:ff:ff:ff:ff
    
#每个pnet其实就是一个网桥
root@eve-ng:~# brctl show
bridge name	bridge id		STP enabled	interfaces
pnet0		8000.00e09a680094	no		eth0
pnet1		8000.000000000000	no		
pnet2		8000.000000000000	no		
pnet3		8000.000000000000	no		
pnet4		8000.000000000000	no		
pnet5		8000.000000000000	no		
pnet6		8000.000000000000	no		
pnet7		8000.000000000000	no		
pnet8		8000.000000000000	no		
pnet9		8000.000000000000	no

#其实每个pnet在eve-ng的lab里面对应的都是一个cloub

image-20210813124600464

image-20210813124624316

当一个eve-ng里的设备连接到了cloudx就相当于在Ubuntu桥接到了pnetx

给pnet1到pnet9的配置地址,pnet0是你物理网卡的地址,不要修改。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
#注意pnet0修改成自己的ip地址与网关
root@eve-ng:~# cat > /etc/network/interfaces << END
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
iface eth0 inet manual
auto pnet0
iface pnet0 inet static
    address 192.168.2.137
    netmask 255.255.255.0
    gateway 192.168.2.1
    dns-nameservers 114.114.114.114 
    bridge_ports eth0
    bridge_stp off

# Cloud devices
iface eth1 inet manual
auto pnet1
iface pnet1 inet static
    address 10.163.1.200
    netmask 255.255.255.0
    bridge_ports eth1
    bridge_stp off

iface eth2 inet manual
auto pnet2
iface pnet2 inet static
    address 10.163.2.200
    netmask 255.255.255.0
    bridge_ports eth2
    bridge_stp off

iface eth3 inet manual
auto pnet3
iface pnet3 inet static
    address 10.163.3.200
    netmask 255.255.255.0
    bridge_ports eth3
    bridge_stp off

iface eth4 inet manual
auto pnet4
iface pnet4 inet static
    address 10.163.4.200
    netmask 255.255.255.0
    bridge_ports eth4
    bridge_stp off

iface eth5 inet manual
auto pnet5
iface pnet5 inet static
    address 10.163.5.200
    netmask 255.255.255.0
    bridge_ports eth5
    bridge_stp off

iface eth6 inet manual
auto pnet6
iface pnet6 inet static
    address 101.163.6.200
    netmask 255.255.255.0
    bridge_ports eth6
    bridge_stp off

iface eth7 inet manual
auto pnet7
iface pnet7 inet static
    address 101.163.7.200
    netmask 255.255.255.0
    bridge_ports eth7
    bridge_stp off

iface eth8 inet manual
auto pnet8
iface pnet8 inet manual
    address 101.163.8.200
    netmask 255.255.255.0
    bridge_ports eth8
    bridge_stp off

iface eth9 inet manual
auto pnet9
iface pnet9 inet static
    address 101.163.9.200
    netmask 255.255.255.0
    bridge_ports eth9
    bridge_stp off
END

#重启

#安装dhcp-server软件
root@eve-ng:~# apt update
root@eve-ng:~# apt install isc-dhcp-server

cat > /etc/dhcp/dhcpd.conf <<END
#subnet 10.163.1.0 netmask 255.255.255.0 {
subnet 10.163.1.0 netmask 255.255.255.0 {
   range 10.163.1.100 10.163.1.199;
   option domain-name-servers 114.114.114.114;
   option subnet-mask 255.255.255.0;
   option routers 10.163.1.200;
   default-lease-time 600;
   max-lease-time 7200;
}

subnet 10.163.2.0 netmask 255.255.255.0 {
   range 10.163.2.100 10.163.2.199;
   option domain-name-servers 114.114.114.114;
   option subnet-mask 255.255.255.0;
   option routers 10.163.2.200;
   default-lease-time 600;
   max-lease-time 7200;
}

subnet 10.163.3.0 netmask 255.255.255.0 {
   range 10.163.3.100 10.163.3.199;
   option domain-name-servers 114.114.114.114;
   option subnet-mask 255.255.255.0;
   option routers 10.163.3.200;
   default-lease-time 600;
   max-lease-time 7200;
}

subnet 10.163.4.0 netmask 255.255.255.0 {
   range 10.163.4.100 10.163.4.199;
   option domain-name-servers 114.114.114.114;
   option subnet-mask 255.255.255.0;
   option routers 10.163.4.200;
   default-lease-time 600;
   max-lease-time 7200;
}

subnet 10.163.5.0 netmask 255.255.255.0 {
   range 10.163.5.100 10.163.5.199;
   option domain-name-servers 114.114.114.114;
   option subnet-mask 255.255.255.0;
   option routers 10.163.5.200;
   default-lease-time 600;
   max-lease-time 7200;
}

subnet 101.163.6.0 netmask 255.255.255.0 {
   range 101.163.6.100 101.163.6.199;
   option domain-name-servers 114.114.114.114;
   option subnet-mask 255.255.255.0;
   option routers 101.163.6.200;
   default-lease-time 600;
   max-lease-time 7200;
}

subnet 101.163.7.0 netmask 255.255.255.0 {
   range 101.163.7.100 101.163.7.199;
   option domain-name-servers 114.114.114.114;
   option subnet-mask 255.255.255.0;
   option routers 101.163.7.200;
   default-lease-time 600;
   max-lease-time 7200;
}

subnet 101.163.8.0 netmask 255.255.255.0 {
   range 101.163.8.100 101.163.8.199;
   option domain-name-servers 114.114.114.114;
   option subnet-mask 255.255.255.0;
   option routers 101.163.8.200;
   default-lease-time 600;
   max-lease-time 7200;
}

subnet 101.163.9.0 netmask 255.255.255.0 {
   range 101.163.9.100 101.163.9.199;
   option domain-name-servers 114.114.114.114;
   option subnet-mask 255.255.255.0;
   option routers 101.163.9.200;
   default-lease-time 600;
   max-lease-time 7200;
}
END

#重启服务
root@eve-ng:~# systemctl restart isc-dhcp-server
#!/bin/bash
for i in {1..9}
do
cat >>/etc/network/interfaces<<end
iface pnet$i inet manual
auto pnet$i
iface pnet$i inet static
    address 192.168.10$i.2
    netmask 255.255.255.0
    bridge_ports eth0
    bridge_stp off
end
done

#!/bin/bash
for i in {1..9}
do
cat >>/etc/dhcp/dhcpd.conf<<end

subnet 192.168.10$i.0 netmask 255.255.255.0 {
  range 192.168.10$i.10 192.168.10$i.100;
  option domain-name-servers 114.114.114.114;
  option subnet-mask 255.255.255.0;
  option routers 192.168.10$i.2;
  option broadcast-address 192.168.10$i.255;
  default-lease-time 600;
  max-lease-time 7200;
}

end
done

此时任何网络设备连接到任何一个cloud上,都会获得这个cloud对应的pnet网段上的地址,并且能拿到对应的网关和dns。

5、互联网定制访问

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
#让eve-ng里面的设备都能访问互联网
cat > /etc/rc.local <<END
#!/bin/bash
snat=`ifconfig pnet0 | grep "inet addr" | cut -d":" -f 2 | cut -d " " -f1`
iptables -t nat -A POSTROUTING -s 10.163.0.0/16 -o pnet0 -j SNAT --to $snat
iptables -t nat -A POSTROUTING -s 101.163.0.0/16 -o pnet0 -j SNAT --to $snat
exit 0
END

chmod u+x /etc/rc.local

root@eve-ng:~# iptables -L -t nat -n
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
SNAT       all  --  10.163.0.0/16        0.0.0.0/0            to:192.168.31.54
SNAT       all  --  101.163.0.0/16       0.0.0.0/0            to:192.168.31.54

6、shell定制

1
2
3
4
5
#在.bashrc文件最后加上
vim .bashrc
alias fix='/opt/unetlab/wrappers/unl_wrapper -a fixpermissions'

source .bashrc

7、镜像定制

1
2
3
4
5
6
7
#把百度云的文件放到指定位置
bin目录下文件拷贝到/opt/unetlab/addons/iol/bin/

其他所有文件都放到/opt/unetlab/addons/qemu/

然后输入fix
root@eve-ng:~# fix

image-20210813131030299

8、思科镜像激活

1
2
3
4
mv bin/* /opt/unetlab/addons/iol/bin/
cd /opt/unetlab/addons/iol/bin/

vim creck.py

image-20210813131440872

1
root@eve-ng:/opt/unetlab/addons/iol/bin# python crack.py | grep license -A1 >iourc

9、镜像密码

image-20210813131524846