Carbon Black On Prem EDR – Auto Install on VMware Workstation using Hashicorp Vagrant

Carbon Black On Prem EDR – Auto Install on VMware Workstation using Hashicorp Vagrant

Carbon Black On Prem EDR is a comprehensive endpoint security solution designed to detect, respond to, and prevent a wide range of cyber threats. EDR solutions focus on monitoring and analyzing endpoint activities to identify and mitigate potential security incidents.

This HashiCorp Vagrant script will automatically setup supported CentOS and then download and install Carbon Black On Prem EDR within 5 mins. (Word.)

This script is also a demonstration of how to automate installation using HashiCorp. I’ll work on this and use Terraform to deploy onto Azure.

This is also a good example script to use for installation on to Linux for your lab environments. Vagrant and Terraform have terrible documentation, so its good to have a working example script that works. You can use Ansible for configuration management, but that’s for another day.

Note: The Carbon Black EDR, RPM file and License is not included in the Git Repo, you need to request this via your SE.

Demo Vagrant Install

Increase youtube playback quality to see textI

If you are like me, I love spending hours installing Operating Systems. So, I decided to build my labs using Automation, it takes a lot of effort upfront, but saves a lot of effort down the track and opens up a lot of possibilities in the future.

So, this is a journey and takes a lot of effort, if anyone else wants to participate, I have some grand plans we can build.

Automation Options


There are a lot of ways to skin this cat, but, I am restricting my self to using HashiCorp Vagrant and Terraform, possibly convert to OpenTofu to support open source.

Vagrant and Terraform are ‘same same but different’, Vagrant is more for local labs and Terraform for Public Clouds (AWS, Azure, GCP.) thou, its possible to use Vagrant for Public Cloud as well, but has limited functionality compared to Terraform, Terraform has ‘provisioners’ that supports Cloud native ‘stuff’. I’ll convert this script to Terraform later.

Carbon Black On Prem EDR – Auto Install on VMware Workstation using Hashicorp Vagrant
Here is a Vagrant script to auto install Carbon Black On Prem EDR onto VMware Workstation.

You will need to make sure you install VMware Workstation Vagrant Utility and VMware Workstation Plugin, all free, from – Installation – VMware Provider | Vagrant | HashiCorp Developer

The following Vagrant Script, is a good base to 1) Copy a file from local to VM 2) execute shell commands within the VM.

Setup Instructions

  1. Create a folder for VM
  2. Put the carbonblack RPM file in the same directory as Vagrantfile
  3. Put the cbcinit.ini in the same directory – cbinit.ini from https://github.com/rstar13as/EDR_Install/blob/main/cbinit.ini
  4. Create the Vagrantfile from https://github.com/rstar13as/EDR_Install/blob/main/Vagrantfile
  5. run vagrant init
  6. run vagrant up
  7. run vagrant destroy
  8. Login to Carbon Black EDR – https://192.168.193.141:443

App Control Auto Install

https://github.com/rstar13as/AppControl_install
# Carbon Black App Control Install
# Example Microsoft Vagrantfile - https://github.com/microsoft/azure_arc/blob/main/azure_arc_servers_jumpstart/local/vagrant/windows/Vagrantfile
# Carbon Black App Control Pre-requesits script - https://github.com/rstar13as/AppControl_install/blob/main/AppControl_Preres.ps1
# Operating System Architecture Service Pack Additional Notes/Requirements
# Windows Server 2012 R2 x64 Use Latest If virtual, HVM only
# Windows Server 2016 x64 Use Latest If virtual, HVM only
# Windows Server 2019 x64 Use Latest If virtual, HVM only
# Windows Server 2022 x64 Use Latest If virtual, HVM only
# Vagrant - Window Server - https://app.vagrantup.com/StefanScherer

Vagrant.configure("2") do |config|
  config.vm.box = "StefanScherer/windows_2022" # This image bluescreens on first boot, but, I don't care.
  config.vm.provider "vmware_desktop" do |v|
    v.gui = true
  end

  # https://docs.vmware.com/en/VMware-Carbon-Black-App-Control/services/cb-ac-announcements/GUID-63037C41-25EA-4BD1-A53A-EABAA2F87711.html
  # 8.10.0 Server Download Link
  # IMPORTANT: Before using the download link, make sure you have logged into the Carbon Black User Exchange (UEX).
  # Files put inside C:\Users\vagrant\Documents
  config.vm.provision "file", source: "Servers_CB App Control Server_8.10.0.485.zip", destination: "Servers_CB App Control Server_8.10.0.485.zip"

  config.vm.provision "shell", inline: <<-SHELL, privileged: true
    # Set Execution Policy, enable TLS 1.2, and install Chocolatey
    Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))
    choco feature enable -n allowGlobalConfirmation
    choco install vscode -y

    # Invoke-WebRequest -Uri https://raw.githubusercontent.com/rstar13as/AppControl_install/main/AppControl_Preres.ps1 -OutFile .\AppControl_Preres.ps1; .\AppControl_Preres.ps1

    #Open "Windows PowerShell ISE" as Administrator
    Set-ExecutionPolicy Bypass -Scope Process

    #Disable Windows Defender 
    Set-MpPreference -DisableRealtimeMonitoring $true
    #Uninstall Windows Defender
    Remove-WindowsFeature Windows-Defender

    #Install IIS
    Install-WindowsFeature -name Web-Server -IncludeManagementTools

    #Enable IIS options
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-WebServerRole
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-WebServer
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-CommonHttpFeatures
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-HttpErrors
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-HttpRedirect
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-ApplicationDevelopment
    Enable-WindowsOptionalFeature -online -FeatureName NetFx4Extended-ASPNET45
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-NetFxExtensibility45
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-HealthAndDiagnostics
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-HttpLogging
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-LoggingLibraries
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-RequestMonitor
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-HttpTracing
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-Security
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-RequestFiltering
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-WebServerManagementTools
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-ManagementConsole

    # OER: https://docs.vmware.com/en/VMware-Carbon-Black-App-Control/8.10/cb-ac-oer.pdf
    # You must disable Basic Authentication and Windows Authentication so that the App Control Server handles authentication:
    Disable-WindowsOptionalFeature -Online -FeatureName IIS-BasicAuthentication
    Disable-WindowsOptionalFeature -Online -FeatureName IIS-WindowsAuthentication

    Enable-WindowsOptionalFeature -Online -FeatureName IIS-StaticContent
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-DefaultDocument
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-ISAPIExtensions
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-ISAPIFilter
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-ASPNET45
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-CGI
    Enable-WindowsOptionalFeature -Online -FeatureName IIS-ManagementScriptingTools


    # Install SQL Server Express 2019.

    function Install-SQLServerExpress2019 {
        Write-Host "Downloading SQL Server Express 2019..."
        $Path = $env:TEMP
        $Installer = "SQL2019-SSEI-Expr.exe"
        $URL = "https://go.microsoft.com/fwlink/?linkid=866658"
        Invoke-WebRequest $URL -OutFile $Path\$Installer

        Write-Host "Installing SQL Server Express..."
        Start-Process -FilePath $Path\$Installer -Args "/ACTION=INSTALL /IACCEPTSQLSERVERLICENSETERMS /QUIET" -Verb RunAs -Wait
        Remove-Item $Path\$Installer
    }

    Install-SQLServerExpress2019


    # https://docs.vmware.com/en/VMware-Carbon-Black-App-Control/services/cb-ac-announcements/GUID-63037C41-25EA-4BD1-A53A-EABAA2F87711.html
    # 8.10.0 Server Download Link
    # IMPORTANT: Before using the download link, make sure you have logged into the Carbon Black User Exchange (UEX).
    # I just copied the link from the corresponding download link, I am not sure if this link expires, so you may need to update this link as required, or download it to local first.
    # Invoke-WebRequest -Uri "" -OutFile .\8.10.0.485.zip
  
    # Expand-Archive -Path "C:\Users\vagrant\Documents\Servers_CB App Control Server_8.10.0.485.zip" -DestinationPath "C:\Users\vagrant\Documents"
    # "C:\Users\vagrant\Documents\ParityServerSetup.exe"
    # This doesnt work yet
  
    SHELL
end