This section will guide you through the process of setting up your own FLUFFI installation.
You need to have at least two machines to run FLUFFI: A machine that will be the central server, and another machine that runs the agents.
For performance reasons it is recommended to use more than one server machine (at least use a dedicated database server), plus as many as possible executor machines.
Furthermore, you need to have a subnet that is entirely under your control: No other DNS/DHCP server must interfere.
On Windows use the windows build file. If you compile FLUFFI for the first time call
buildAll.bat -WITH_DEPS TRUE
Please keep in mind that this will take a long time as it will compile all FLUFFI dependencies from sources.
For all future compiles you can use
buildAll.bat -WITH_DEPS FALSE
If you already set up the FUN (see next section), you can directly upload your binaries to FUN by calling
buildAll.bat -DEPLOY_TO_FTP TRUE
On Linux use the linux build file. If you compile FLUFFI for the first time call
./buildAll.sh PREPARE_ENV=TRUE WITH_DEPS=TRUE
Please keep in mind that this will take a long time as it will compile all FLUFFI dependencies from sources.
For all future compiles you can use
./buildAll.sh PREPARE_ENV=FALSE WITH_DEPS=FALSE
If you already set up the FUN (see next section), you can directly upload your binaries to FUN by calling
./buildAll.sh PREPARE_ENV=FALSE WITH_DEPS=FALSE DEPLOY_TO_FTP=TRUE
The FLUFFI Utility Network (FUN) contains all the infrastructure for fuzzing.
To set it up you firstly need to set up the central server with docker installed. Give that server the static IP address 10.66.0.1.
Copy the FLUFFI repo to that machine (or clone it there).
git clone --depth 1 --branch master https://github.com/siemens/fluffi.git ./fluffigit
Copy the server part to /srv/fluffi
rsync -ai --delete --exclude={'data/ftp/files/archive','data/ftp/files/deploy','data/ftp/files/fluffi','data/ftp/files/initial/linux/activePackages','data/ftp/files/initial/linux/inactivePackages','data/ftp/files/initial/windows/activePackages','data/ftp/files/initial/windows/inactivePackages','data/ftp/files/initial/windows/ansible/Driver','data/ftp/files/initial/windows/ansible/VCRedistributables','data/ftp/files/odroid','data/ftp/files/SUT','data/ftp/files/tftp-roots','data/ftp/files/ubuntu-mirror','data/tftp','data/smb/files/server2008','data/smb/files/server2016','data/dnsmasq/dnsmasq.leases','data/mon/grafana','data/mon/influxdb'} ./fluffigit/srv/fluffi/ /srv/fluffi/
Apply changes to the default configuration. We recommend you to:
- change /srv/fluffi/data/dnsmasq/ethers if you want to give some systems host names based on their mac addresses
- change /srv/fluffi/data/dnsmasq/hosts e.g., if you want to give some systems static ip addresses or if you want to move services to different machines
- change /srv/fluffi/data/polenext/projects/1/hosts to contain login information to your executor machines
- change /srv/fluffi/data/smb/files/initial/odroid_rootpasswd to contain the actual root password for your odroid executor machines
- change /srv/fluffi/data/smb/files/initial/odroid_username to contain the actual odroid username for your odroid executor machines
- change /srv/fluffi/data/smb/files/initial/odroid_userpasswd to contain the actual odroid password for your odroid executor machines
- change /srv/fluffi/data/smb/files/initial/MAC2Host.csv to contain the mac addresses and hosts of your executor machines (if you want to set host names according to mac addresses)
- replace the files in /srv/fluffi/data/smb/files/initial/updatesWS2008 and /srv/fluffi/data/ftp/files/initial/windows/ansible with the actual files. The files stored there in the git are just text files with links to where you can download the actual files.
Copy the GlobalManager to /srv/fluffi/data/fluffigm
Set file permissions correctly:
chown -R 1000:1000 /srv/fluffi/data/ftp/files
chown -R 1000:1000 /srv/fluffi/data/smb/files
chown -R 1000:1000 /srv/fluffi/data/tftp
find /srv/fluffi/data/smb/files -type d -exec chmod 777 {} \;
find /srv/fluffi/data/ftp/files -type d -exec chmod 777 {} \;
find /srv/fluffi/data/tftp -type d -exec chmod 777 {} \;
chmod 555 /srv/fluffi/data/ftp/files
Get FLUFFI's web dependencies:
cd srv/fluffi/data/fluffiweb/app
./get_static_dependencies.sh
Finally start all server services
cd /srv/fluffi
docker-compose up -d --force-recreate
You are now ready to use FLUFFI. See the usage section for information on how to do so.
FLUFFI was never meant to be used in hostile environments, which is why FLUFFI's internal protocol is not hardened against attacks at all. It is therefore recommended, to operate FLUFFI in an isolated environment, to which you can restrict access.
Furthermore, it is strongly recommended to change Polemarch's user credentials, which are initially admin:admin.