From 66581024f8f437b25d7141b809489b86847e87f6 Mon Sep 17 00:00:00 2001 From: Miguel Scapolla Date: Fri, 6 May 2016 19:17:19 -0300 Subject: [PATCH] ASA 9.6v / 8.0(2) --- qemu-asa-patch.sh | 89 +++++++++++++++++++++++++++++++++++++++++++++++ qemu-asa-shell.sh | 88 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 177 insertions(+) create mode 100644 qemu-asa-patch.sh create mode 100644 qemu-asa-shell.sh diff --git a/qemu-asa-patch.sh b/qemu-asa-patch.sh new file mode 100644 index 0000000..293576d --- /dev/null +++ b/qemu-asa-patch.sh @@ -0,0 +1,89 @@ +## +## Author: Jeremy Grossmann (2009) +## Contributor: J. Pedro Flor (28 january 2010) +## + +FIRST_START=no +if test ! -e /mnt/disk0/lina_monitor +then + cd /asa/scripts/ + echo "d" > /asa/scripts/fdisk.pf.in + echo "o" >> /asa/scripts/fdisk.pf.in + echo "n" >> /asa/scripts/fdisk.pf.in + echo "p" >> /asa/scripts/fdisk.pf.in + echo "1" >> /asa/scripts/fdisk.pf.in + echo "1" >> /asa/scripts/fdisk.pf.in + echo "" >> /asa/scripts/fdisk.pf.in + echo "t" >> /asa/scripts/fdisk.pf.in + echo "4" >> /asa/scripts/fdisk.pf.in + echo "w" >>/asa/scripts/fdisk.pf.in + + echo "" + echo -n "Initializing partition..." + /sbin/fdisk /dev/hda < /asa/scripts/fdisk.pf.in > /dev/null 2> /dev/null + echo "done" + + echo "" + echo -n "Formating and mounting partition..." + mkdosfs -F 16 /dev/hda1 > /dev/null 2> /dev/null + mount -o umask=0000,noatime,check=s,shortname=mixed /dev/hda1 /mnt/disk0 > /dev/null 2> /dev/null + echo "done" + echo "" + + cp /asa/bin/lina /mnt/disk0/lina + cp /asa/bin/lina_monitor /mnt/disk0/lina_monitor + FIRST_START=yes +fi + +# load drivers +modprobe e100 +modprobe e1000 +ifconfig eth0 up +ifconfig eth1 up +ifconfig eth2 up +ifconfig eth3 up +ifconfig eth4 up +ifconfig eth5 up + +if test $FIRST_START = yes +then + echo "" + echo " Cisco ASA with Multiple Security Contexts" + echo " ==============================================" + echo "" + echo "This is your first boot, please wait about 2 minutes for 'disk0' creation" + echo "and then execute the following commands inside the Linux prompt:" + echo "" + echo " # cd /mnt/disk0" + echo " # /mnt/disk0/lina_monitor" + echo "" + echo "" + echo "" + echo "Please note to use the following command under ASA to save your configs:" + echo "" + echo " ciscoasa(config)# boot config disk0:/.private/startup-config" + echo " ciscoasa(config)# copy running-config disk0:/.private/startup-config" + echo "" + echo "" + echo "" + echo "To get webvpn working, execute the following commands:" + echo "" + echo " ciscoasa# mkdir disk0:/var" + echo " ciscoasa# mkdir disk0:/var/log" + echo " ciscoasa# mkdir disk0:/csco_config" + echo " ciscoasa# mkdir disk0:/csco_config/97" + echo " ciscoasa# mkdir disk0:/csco_config/97/webcontent" + echo "" + echo " ( Powered by Pedro Flor )" + echo " ( pedro.flor@gmail.com )" + echo "" + exit +fi + +echo "" +echo "" +echo "Starting Cisco ASA with Multiple Security Contexts..." +echo "" + +cd /mnt/disk0 +/mnt/disk0/lina_monitor diff --git a/qemu-asa-shell.sh b/qemu-asa-shell.sh new file mode 100644 index 0000000..3140af9 --- /dev/null +++ b/qemu-asa-shell.sh @@ -0,0 +1,88 @@ +#====================================================================== +# -- ASA9v -- +#====================================================================== + +# +# Serial console: +# Start with -curses +# copy disk0:/coredumpinfo/coredump.cfg disk0:/use_ttyS0 +# Start with -display none +# + +qemu-system-x86_64 \ + -daemonize \ + -L /usr/share/qemu \ + -m 1024M \ + -smp cpus=1 \ + -enable-kvm \ + -boot order=c \ + -drive file=asav961.qcow2,if=ide,index=0,media=disk \ + -monitor none -display none -vga none \ + -serial telnet::2000,server,nowait \ + -net none \ + -net nic,vlan=1,macaddr=00:00:ab:e3:eb:01,model=e1000 -net socket,vlan=1,udp=127.0.0.1:9000,localaddr=:9001 \ + -net nic,vlan=2,macaddr=00:00:ab:e3:eb:02,model=e1000 -net socket,vlan=2,udp=127.0.0.1:9002,localaddr=:9003 \ + -net nic,vlan=3,macaddr=00:00:ab:e3:eb:03,model=e1000 -net socket,vlan=3,udp=127.0.0.1:9004,localaddr=:9005 \ + -net nic,vlan=4,macaddr=00:00:ab:e3:eb:04,model=e1000 -net socket,vlan=4,udp=127.0.0.1:9006,localaddr=:9007 + + +#====================================================================== +# -- ASA 8.0(2) -- +#====================================================================== + +# +# Create flash: +# qemu-img create -f qcow2 asa802-flash.qcow2 128M +# + +# +# Save config: +# copy running-config flash:/.private/startup-config +# + +ASAPID=/dev/shm/.asa802.pid + +qemu-system-x86_64 \ + -daemonize \ + -L /usr/share/qemu \ + -m 1024M \ + -smp cpus=1 \ + -enable-kvm \ + -boot order=c \ + -hdachs 980,16,32 \ + -hda asa802-flash.qcow2 \ + -initrd asa802-k8.initrd \ + -kernel asa802-k8.kernel \ + -append "ide_generic.probe_mask=0x01 ide_core.chs=0.0:980,16,32 auto nousb console=ttyS0,9600 bigphysarea=65536 ide1=noprobe no-hlt -net nic" \ + -monitor none -display none -vga none \ + -pidfile "${ASAPID}" \ + -serial telnet::2000,server,nowait \ + -net none \ + -device e1000,mac=00:00:00:e3:eb:00,netdev=A00 -netdev socket,id=A00,udp=127.0.0.1:9000,localaddr=:9001 \ + -device e1000,mac=00:00:00:e3:eb:01,netdev=A01 -netdev socket,id=A01,udp=127.0.0.1:9002,localaddr=:9003 \ + -device e1000,mac=00:00:00:e3:eb:02,netdev=A02 -netdev socket,id=A02,udp=127.0.0.1:9004,localaddr=:9005 \ + -device e1000,mac=00:00:00:e3:eb:03,netdev=A03 -netdev socket,id=A03,udp=127.0.0.1:9006,localaddr=:9007 \ + -device e1000,mac=00:00:00:e3:eb:04,netdev=A04 -netdev socket,id=A04,udp=127.0.0.1:9008,localaddr=:9009 \ + -device e1000,mac=00:00:00:e3:eb:05,netdev=A05 -netdev socket,id=A05,udp=127.0.0.1:9010,localaddr=:9011 + +sleep 1 +cpulimit --lazy --pid=`cat "${ASAPID}"` --limit=75 --background --quiet + +# +# Extract kernel +# https://ji8an.wordpress.com/2010/08/27/how-to-emulate-cisco-asa/ +# + +hexdump -C asa802-k8.bin > asa802-k8.hex +grep "1f 8b 08 00 1d" asa802-k8.hex #---> 001228b0 1f 8b 08 00 1d 3d ... +ls -la asa802-k8.bin #---> 14524416 +echo "14524416 ; ibase=16 ; last - 1228B0" | bc | tail -n 1 #---> 13334352 +tail -c 13334352 asa802-k8.bin > asa802-k8.gz +gzip -d asa802-k8 +mkdir tmp ; cd tmp +cpio -i --no-absolute-filenames --make-directories < ../asa802-k8 #---> as root. +cp vmlinuz ../asa802-k8.kernel +create /asa/scripts/first_start.sh +chmod 755 asa/scripts/first_start.sh +edit etc/init.d/rcS --> change /asa/bin/lina_monitor to /asa/scripts/first_start.sh +find . | cpio -o -H newc | gzip -9 > ../asa802-k8.initrd.gz #---> as root