diff options
| author | Jose Alonso Cardenas Marquez <acm@FreeBSD.org> | 2024-02-17 21:29:08 +0000 |
|---|---|---|
| committer | Jose Alonso Cardenas Marquez <acm@FreeBSD.org> | 2024-02-17 21:29:08 +0000 |
| commit | a7058a34e04498acc384664fbb5a5ee9188f69eb (patch) | |
| tree | 08b43b65d3dce55ed0d96813aeca231098cc2e75 | |
| parent | 68d46afaba53ce4b7ba2de0342e1a6b94e9e5622 (diff) | |
| download | ports-a7058a34e04498acc384664fbb5a5ee9188f69eb.tar.gz ports-a7058a34e04498acc384664fbb5a5ee9188f69eb.zip | |
security/caldera: Update to 5.0.0
ChangeLog at: https://github.com/mitre/caldera/releases/tag/5.0.0
11 files changed, 353 insertions, 115 deletions
diff --git a/security/caldera/Makefile b/security/caldera/Makefile index c874359a5f63..91015e2c905e 100644 --- a/security/caldera/Makefile +++ b/security/caldera/Makefile @@ -1,12 +1,13 @@ PORTNAME= caldera -DISTVERSION= 4.2.0 -PORTREVISION= 4 +DISTVERSION= 5.0.0 CATEGORIES= security python MAINTAINER= acm@FreeBSD.org COMMENT= Automated Adversary Emulation Platform WWW= https://github.com/mitre/caldera +CONFLICTS= caldera4 + LICENSE= APACHE20 LICENSE_FILE= ${WRKSRC}/LICENSE @@ -35,6 +36,7 @@ RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}aiohttp>0:www/py-aiohttp@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}dnspython>0:dns/py-dnspython@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}asyncssh>0:security/py-asyncssh@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}aioftp>0:ftp/py-aioftp@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}packaging>0:devel/py-packaging@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}pyautogui>0:x11/py-pyautogui@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}selenium>0:www/py-selenium@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}webdriver_manager>0:www/py-webdriver_manager@${PY_FLAVOR} \ @@ -49,27 +51,27 @@ RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}aiohttp>0:www/py-aiohttp@${PY_FLAVOR} \ USE_GITHUB= yes GH_ACCOUNT= mitre GH_PROJECT= ${PORTNAME} -GH_TUPLE= mitre:access:0e67776:access/plugins/access \ - mitre:atomic:9e2c958:atomic/plugins/atomic \ - mitre:builder:f2ce67c:builder/plugins/builder \ - mitre:compass:fb88e02:compass/plugins/compass \ - mitre:debrief:e4d4f9e:debrief/plugins/debrief \ - mitre:emu:02a0f3e:emu/plugins/emu \ - mitre:fieldmanual:c286e77:fieldmanual/plugins/fieldmanual \ - mitre:gameboard:3d98c32:gameboard/plugins/gameboard \ - mitre:human:4368dea:human/plugins/human \ - mitre:manx:e7205ea:manx/plugins/manx \ - mitre:response:889213a:response/plugins/response \ - mitre:sandcat:7c326bd:sandcat/plugins/sandcat \ - mitre:ssl:ac5bfcb:ssl/plugins/ssl \ - mitre:stockpile:960f9ad:stockpile/plugins/stockpile \ - mitre:training:b058b67:training/plugins/training - -USES= dos2unix go:run python +GH_TUPLE= mitre:access:775181b:access/plugins/access \ + mitre:atomic:4f489bb:atomic/plugins/atomic \ + mitre:builder:de24b68:builder/plugins/builder \ + mitre:compass:85e2ebf:compass/plugins/compass \ + mitre:debrief:eba44d5:debrief/plugins/debrief \ + mitre:emu:7215768:emu/plugins/emu \ + mitre:fieldmanual:cb53f2b:fieldmanual/plugins/fieldmanual \ + mitre:gameboard:dacb6ce:gameboard/plugins/gameboard \ + mitre:human:0e344ea:human/plugins/human \ + mitre:magma:99f0056:magma/plugins/magma \ + mitre:manx:a7e83a6:manx/plugins/manx \ + mitre:response:8ea6ab5:response/plugins/response \ + mitre:sandcat:b408f3f:sandcat/plugins/sandcat \ + mitre:ssl:1ae8431:ssl/plugins/ssl \ + mitre:stockpile:fe0c5b7:stockpile/plugins/stockpile \ + mitre:training:37f998f:training/plugins/training + +USES= dos2unix go:run nodejs:18,build python USE_PYTHON= cryptography NO_ARCH= yes -NO_BUILD= yes DOS2UNIX_REGEX= .*\.([yml]) CALDERA_USER= caldera @@ -77,6 +79,7 @@ CALDERA_GROUP= caldera USERS= ${CALDERA_USER} GROUPS= ${CALDERA_GROUP} +PLIST= ${WRKDIR}/pkg-plist USE_RC_SUBR= ${PORTNAME:S/-/_/} SUB_FILES= pkg-message SUB_LIST= PYTHON_CMD=${PYTHON_CMD} \ @@ -85,16 +88,69 @@ SUB_LIST= PYTHON_CMD=${PYTHON_CMD} \ OPTIONS_DEFINE= HAPROXY OPTIONS_DEFAULT=HAPROXY HAPROXY_DESC= Support for HTTPS -HAPROXY_RUN_DEPENDS=haproxy20>0:net/haproxy20 +HAPROXY_RUN_DEPENDS=haproxy24>0:net/haproxy24 + +NPM_BIN= ${LOCALBASE}/bin/npm + +# to rebuild the deps archive: +# 1. set DEV_UPDATE_MODE=yes +# 2. make makesum build +# 3. upload the *-cache archive +# 4. set DEV_UPDATE_MODE=no +# 5. make clean makesum + +DEV_UPDATE_MODE= no +DEPS_CACHE_DIR= ${WRKSRC}/plugins/magma + +.if (${DEV_UPDATE_MODE} == "yes") +NPM_ARGS= install +post-build: + @cd ${DEPS_CACHE_DIR} && ${TAR} czf ${DISTDIR}/${DIST_SUBDIR}/${PORTNAME}-cache-${DISTVERSION}${EXTRACT_SUFX} node_modules + @${ECHO} "(!!!) Please upload the cache archive: ${DISTDIR}/${DIST_SUBDIR}/${PORTNAME}-cache-${DISTVERSION}${EXTRACT_SUFX}" +.else +MASTER_SITES+= LOCAL/acm/caldera/:npm_cache +DISTFILES+= ${PORTNAME}-cache-${DISTVERSION}${EXTRACT_SUFX}:npm_cache +NPM_ARGS= run build post-extract: + @${MV} ${WRKDIR}/node_modules ${WRKSRC}/plugins/magma/ ${RM} -R ${WRKSRC}/.github cd ${WRKSRC} && ${RM} .coveragerc .dockerignore .eslintrc.js .flake8 \ .git* .pre* .stylelintrc.json Dockerfile +.endif post-patch: cd ${WRKSRC} && \ ${FIND} . -type f -name "*.orig" -exec ${RM} "{}" \; + ${REINPLACE_CMD} -i "" -e 's|4.2.0|${PORTVERSION}|g' ${WRKSRC}/app/version.py + +do-build: + @cd ${WRKSRC}/plugins/magma && \ + ${NPM_BIN} ${NPM_ARGS} + +post-build: + ${RM} -r ${WRKSRC}/plugins/magma/node_modules + +pre-install: + @${RM} -f ${PLIST} + + @${ECHO_CMD} "@mode 640" > ${PLIST} + @${ECHO_CMD} "@owner caldera" >> ${PLIST} + @${ECHO_CMD} "@group caldera" >> ${PLIST} + + @cd ${WRKSRC} && \ + ${FIND} * -type f | ${SORT} | ${SED} -e 's|^|%%WWWDIR%%/|' >> ${PLIST} + + @${ECHO_CMD} "@mode 750" >> ${PLIST} + @${ECHO_CMD} "@owner caldera" >> ${PLIST} + @${ECHO_CMD} "@group caldera" >> ${PLIST} + + @cd ${WRKSRC} && \ + ${FIND} * -type d | ${SORT} -r | ${SED} -e 's|^|@dir %%WWWDIR%%/|' >> ${PLIST} + + @${ECHO_CMD} "@mode" >> ${PLIST} + @${ECHO_CMD} "@owner" >> ${PLIST} + @${ECHO_CMD} "@group" >> ${PLIST} do-install: @cd ${WRKSRC} && ${COPYTREE_SHARE} . ${STAGEDIR}/${WWWDIR} diff --git a/security/caldera/distinfo b/security/caldera/distinfo index 7542fc288b4e..05683bff9379 100644 --- a/security/caldera/distinfo +++ b/security/caldera/distinfo @@ -1,33 +1,37 @@ -TIMESTAMP = 1687320760 -SHA256 (mitre-caldera-4.2.0_GH0.tar.gz) = 2c93501ca05fe89cd18a038376c278e50d371881dfe84824a0f98dc3d9023fd9 -SIZE (mitre-caldera-4.2.0_GH0.tar.gz) = 3777586 -SHA256 (mitre-access-0e67776_GH0.tar.gz) = dc80b9c5cb92f75fa6d18f618f64a4d3c5ddd1b08b020d86feb70fbaa0f4c43d -SIZE (mitre-access-0e67776_GH0.tar.gz) = 8494 -SHA256 (mitre-atomic-9e2c958_GH0.tar.gz) = 0fbd0c3bb2c3c621afcb8f271b76df0f6ac2bacd72a7f8d9771c94b9a3f5d085 -SIZE (mitre-atomic-9e2c958_GH0.tar.gz) = 15142 -SHA256 (mitre-builder-f2ce67c_GH0.tar.gz) = da9d987a2a656bb9eb5d1c0d36115c8fb8fe740503fa1a43a1bfcce1018f461b -SIZE (mitre-builder-f2ce67c_GH0.tar.gz) = 7944 -SHA256 (mitre-compass-fb88e02_GH0.tar.gz) = 6187446551f4041ac0a0c33689b4a62a39a02b285d988bd6f17647d89d98ce16 -SIZE (mitre-compass-fb88e02_GH0.tar.gz) = 5907 -SHA256 (mitre-debrief-e4d4f9e_GH0.tar.gz) = 721b262744118b91b812ec0e098fa0c75f845a7814d8fa58fa52a2ace04432ee -SIZE (mitre-debrief-e4d4f9e_GH0.tar.gz) = 998929 -SHA256 (mitre-emu-02a0f3e_GH0.tar.gz) = 9dd6b46fe93ba12467612e4bf4a45df5513dad1709a72addc3898c430b8ec1ad -SIZE (mitre-emu-02a0f3e_GH0.tar.gz) = 17467 -SHA256 (mitre-fieldmanual-c286e77_GH0.tar.gz) = 6f086d0d4f519d0dcf49fbded87ee8095622c3028461d745d2e7eea422d68d57 -SIZE (mitre-fieldmanual-c286e77_GH0.tar.gz) = 7828491 -SHA256 (mitre-gameboard-3d98c32_GH0.tar.gz) = 8415bbbc64fe78836afea2e364fe655cc364a5d70dcf3fbcb748617fc9b9ad0a -SIZE (mitre-gameboard-3d98c32_GH0.tar.gz) = 14753 -SHA256 (mitre-human-4368dea_GH0.tar.gz) = 4710f3d6c7b3f728274187c36cda53232b3609d8177ccad6b1968ae99d83724a -SIZE (mitre-human-4368dea_GH0.tar.gz) = 22846 -SHA256 (mitre-manx-e7205ea_GH0.tar.gz) = 5b39a00ff8bbe7b20d4cfcab6161edbbafd94fa9bd62af4741975f7759f7a470 -SIZE (mitre-manx-e7205ea_GH0.tar.gz) = 7352820 -SHA256 (mitre-response-889213a_GH0.tar.gz) = 4067efd0c4bddeed799255838a80316d96ba0c4cac84625d7d0257e44c00c4ee -SIZE (mitre-response-889213a_GH0.tar.gz) = 24463 -SHA256 (mitre-sandcat-7c326bd_GH0.tar.gz) = 60049cf759e8b31b29e84832a112c87be8101e303d088e0f2b9da4647f79855f -SIZE (mitre-sandcat-7c326bd_GH0.tar.gz) = 7816391 -SHA256 (mitre-ssl-ac5bfcb_GH0.tar.gz) = 01067db5fe9a32d07d13bbea4ffb6f3bd2907a57f2d50a7c7e9c5f2bdc823a12 -SIZE (mitre-ssl-ac5bfcb_GH0.tar.gz) = 6395 -SHA256 (mitre-stockpile-960f9ad_GH0.tar.gz) = 516d28ae26d66049e2273f60bbae0254b071152b613f259a7ff596ad2d92461f -SIZE (mitre-stockpile-960f9ad_GH0.tar.gz) = 4781396 -SHA256 (mitre-training-b058b67_GH0.tar.gz) = 44c5ee5f682918f1f8ace4ff4ea3b8e16d24795ff8b8fb5896d68c585d33b8c0 -SIZE (mitre-training-b058b67_GH0.tar.gz) = 491615 +TIMESTAMP = 1708127632 +SHA256 (caldera-cache-5.0.0.tar.gz) = c0f160ec5431b0096a9ce8e2adde062de97be96e66e9e8756b4646e4d8c2a9a9 +SIZE (caldera-cache-5.0.0.tar.gz) = 41756498 +SHA256 (mitre-caldera-5.0.0_GH0.tar.gz) = a4e122f6862ea3cb7e856889a4a2b68ce297f74189fd845b0a51c02e1fa8c716 +SIZE (mitre-caldera-5.0.0_GH0.tar.gz) = 3820616 +SHA256 (mitre-access-775181b_GH0.tar.gz) = 2ae6e4cbd9e6c143cc76b65c0be3dd332228ab59161422291050eb6f4c4b1d17 +SIZE (mitre-access-775181b_GH0.tar.gz) = 11646 +SHA256 (mitre-atomic-4f489bb_GH0.tar.gz) = 340c7931fbee16ce1bf788044018fcf75fe403bf641665bb4aec53d3b1479b2d +SIZE (mitre-atomic-4f489bb_GH0.tar.gz) = 15041 +SHA256 (mitre-builder-de24b68_GH0.tar.gz) = bca2a28b23d72cf987878aa519d0f108b2153156391821bfb137c79ac5c5bcc2 +SIZE (mitre-builder-de24b68_GH0.tar.gz) = 8349 +SHA256 (mitre-compass-85e2ebf_GH0.tar.gz) = 4760171cf05a7fccfd4300815f358d9d42affb2c741e6e555515f07eb50c9f34 +SIZE (mitre-compass-85e2ebf_GH0.tar.gz) = 7055 +SHA256 (mitre-debrief-eba44d5_GH0.tar.gz) = 62cbfd77cbf3573675bc79426171f136628f26a1ee3f931c02f36d53bda8012e +SIZE (mitre-debrief-eba44d5_GH0.tar.gz) = 1006448 +SHA256 (mitre-emu-7215768_GH0.tar.gz) = 13dedefc0c3e9a443221886d2030effdc5b741a62a5a4ebd830ca613d183025f +SIZE (mitre-emu-7215768_GH0.tar.gz) = 19410 +SHA256 (mitre-fieldmanual-cb53f2b_GH0.tar.gz) = 8dbac757e4d70bb415c38684997969ceda3a886ddf6aa3028ee8720d7a44e01a +SIZE (mitre-fieldmanual-cb53f2b_GH0.tar.gz) = 9659796 +SHA256 (mitre-gameboard-dacb6ce_GH0.tar.gz) = 55e521c4dfc6acc9b8ed37b7622d1c20248cd1fe43a9410e339b8c24729d22ac +SIZE (mitre-gameboard-dacb6ce_GH0.tar.gz) = 20333 +SHA256 (mitre-human-0e344ea_GH0.tar.gz) = 83ae25ee09a9a7c463cc94e673cb572bef78fdd91b7b019fd845f73e18d5e610 +SIZE (mitre-human-0e344ea_GH0.tar.gz) = 25937 +SHA256 (mitre-magma-99f0056_GH0.tar.gz) = a1ab40360288d4818abfb3e73cf7361686f6e7072de9dd8a7633da3f55a18558 +SIZE (mitre-magma-99f0056_GH0.tar.gz) = 10138171 +SHA256 (mitre-manx-a7e83a6_GH0.tar.gz) = ec144af8d794c11e68c7bacb6da4b84e81c3278fd90045e8f5660408652799c7 +SIZE (mitre-manx-a7e83a6_GH0.tar.gz) = 7359477 +SHA256 (mitre-response-8ea6ab5_GH0.tar.gz) = f2275a11ebb631b84da2921e370bf5e5957c304265621c78d27f212269fdc9b5 +SIZE (mitre-response-8ea6ab5_GH0.tar.gz) = 25334 +SHA256 (mitre-sandcat-b408f3f_GH0.tar.gz) = 15bee4622b0ce40ad66b99804ee87e7eb4074ec564fc719b72c397e74a63f0f5 +SIZE (mitre-sandcat-b408f3f_GH0.tar.gz) = 8294185 +SHA256 (mitre-ssl-1ae8431_GH0.tar.gz) = 608596a05a3c833ac10c230cf4bf0863f0e31540414a66b382ff159f97d7629f +SIZE (mitre-ssl-1ae8431_GH0.tar.gz) = 6806 +SHA256 (mitre-stockpile-fe0c5b7_GH0.tar.gz) = dea568de5067cc20cc54ca57d270d01ef092b329dad61c2e53369fd1524512a3 +SIZE (mitre-stockpile-fe0c5b7_GH0.tar.gz) = 4780570 +SHA256 (mitre-training-37f998f_GH0.tar.gz) = 41fe37233c02d77435e747e6d34017eeba6c592805382176afaf6f2d1f8f6a46 +SIZE (mitre-training-37f998f_GH0.tar.gz) = 496302 diff --git a/security/caldera/files/patch-plugins_human_gui_views_human.vue b/security/caldera/files/patch-plugins_human_gui_views_human.vue new file mode 100644 index 000000000000..97b7d95f2c24 --- /dev/null +++ b/security/caldera/files/patch-plugins_human_gui_views_human.vue @@ -0,0 +1,59 @@ +--- plugins/human/gui/views/human.vue 2024-02-16 18:15:08.873254000 -0500 ++++ plugins/human/gui/views/human.vue 2024-02-16 18:16:20.156979000 -0500 +@@ -232,7 +232,7 @@ + return; + } + +- const validPlatforms = ["linux", "windows-psh", "darwin"]; ++ const validPlatforms = ["linux", "windows-psh", "darwin", "freebsd"]; + if (!validPlatforms.includes(this.selectedPlatform)) { + toast({ + message: "Please select a valid platform", +@@ -346,6 +346,31 @@ + this.humans[this.selectedHuman].task_cluster_interval + } --extra ${extra}`; + break; ++ case "freebsd": ++ this.commandBlock = `curl -sk -o '${ ++ this.humans[this.selectedHuman].name ++ }.tar.gz' -X POST -H 'file:${ ++ this.humans[this.selectedHuman].name ++ }.tar.gz' ${this.serverIp}/file/download 2>&1 && mkdir '${ ++ this.humans[this.selectedHuman].name ++ }' && tar -C '${this.humans[this.selectedHuman].name}' -zxvf '${ ++ this.humans[this.selectedHuman].name ++ }.tar.gz' && virtualenv -p python3 '${ ++ this.humans[this.selectedHuman].name ++ }' && '${this.humans[this.selectedHuman].name}/bin/pip' install -r '${ ++ this.humans[this.selectedHuman].name ++ }/requirements.txt' && '${ ++ this.humans[this.selectedHuman].name ++ }/bin/python3.9' '${ ++ this.humans[this.selectedHuman].name ++ }/human.py' --clustersize ${ ++ this.humans[this.selectedHuman].tasks_per_cluster ++ } --taskinterval ${ ++ this.humans[this.selectedHuman].task_interval ++ } --taskgroupinterval ${ ++ this.humans[this.selectedHuman].task_cluster_interval ++ } --extra ${extra}`; ++ break; + case "windows-psh": + this.commandBlock = `$server='${ + this.serverIp +@@ -382,6 +407,7 @@ + extra.forEach((command) => { + switch (platform) { + case "darwin": ++ case "freebsd": + case "linux": + command = command.replace(/\\/g, "\\\\"); + command = command.replace(/"/g, '\\"'); +@@ -444,6 +470,7 @@ + select(v-model="selectedPlatform", id="base-platform") + option(value="", disabled) Select target OS + option(value="darwin") MacOS ++ option(value="freebsd") FreeBSD + option(value="linux") Linux + option(value="windows-psh") Windows (PowerShell) + hr diff --git a/security/caldera/files/patch-plugins_human_templates_human.html b/security/caldera/files/patch-plugins_human_templates_human.html index 9bc604e58123..8c233fdb6245 100644 --- a/security/caldera/files/patch-plugins_human_templates_human.html +++ b/security/caldera/files/patch-plugins_human_templates_human.html @@ -1,40 +1,75 @@ ---- plugins/human/templates/human.html.orig 2022-09-06 17:33:12 UTC -+++ plugins/human/templates/human.html -@@ -60,6 +60,7 @@ - <select id="base-platform"> - <option disabled="disabled" selected="">Select target OS</option> - <option value="darwin">MacOS</option> -+ <option value="freebsd">FreeBSD</option> - <option value="linux">Linux</option> - <option value="windows-psh">Windows (PowerShell)</option> - </select> -@@ -257,6 +258,11 @@ - ' && virtualenv -p python3 \''+humanName+'\' && \''+humanName+'/bin/pip\' install -r \''+humanName+'/requirements.txt\' && \''+humanName+'/bin/python\' \''+humanName+'/human.py\' --clustersize '+taskCount+' ' + - '--taskinterval '+taskInterval+' --taskgroupinterval '+taskClusterInterval+' --extra '+extra; - break; +--- plugins/human/templates/human.html 2024-02-16 15:54:12.707381000 -0500 ++++ plugins/human/templates/human.html 2024-02-16 16:00:05.903013000 -0500 +@@ -106,6 +106,7 @@ + <select x-model="selectedPlatform" id="base-platform"> + <option value="" disabled>Select target OS</option> + <option value="darwin">MacOS</option> ++ <option value="freebsd">FreeBSD</option> + <option value="linux">Linux</option> + <option value="windows-psh">Windows (PowerShell)</option> + </select> +@@ -349,7 +350,8 @@ + if ( + this.selectedPlatform != "linux" && + this.selectedPlatform != "windows-psh" && +- this.selectedPlatform != "darwin" ++ this.selectedPlatform != "darwin" && ++ this.selectedPlatform != "freebsd" + ) { + toast("Please select a platform", false); + return; +@@ -435,8 +437,42 @@ + this.humans[this.selectedHuman].task_cluster_interval + + " --extra " + + extra; +- + break; ++ case "freebsd": ++ this.commandBlock = ++ "curl -sk -o '" + ++ this.humans[this.selectedHuman].name + ++ ".tar.gz' -X POST -H 'file:" + ++ this.humans[this.selectedHuman].name + ++ ".tar.gz' " + ++ this.serverIp + ++ "/file/download 2>&1 && mkdir '" + ++ this.humans[this.selectedHuman].name + ++ "' && tar -C '" + ++ this.humans[this.selectedHuman].name + ++ "' -zxvf '" + ++ this.humans[this.selectedHuman].name + ++ ".tar.gz' " + ++ " && virtualenv -p python3.9 '" + ++ this.humans[this.selectedHuman].name + ++ "' && '" + ++ this.humans[this.selectedHuman].name + ++ "/bin/pip' install -r '" + ++ this.humans[this.selectedHuman].name + ++ "/requirements.txt' && '" + ++ this.humans[this.selectedHuman].name + ++ "/bin/python' '" + ++ this.humans[this.selectedHuman].name + ++ "/human.py' --clustersize " + ++ this.humans[this.selectedHuman].tasks_per_cluster + ++ " " + ++ "--taskinterval " + ++ this.humans[this.selectedHuman].task_interval + ++ " --taskgroupinterval " + ++ this.humans[this.selectedHuman].task_cluster_interval + ++ " --extra " + ++ extra; ++ break; + case "linux": + this.commandBlock = + "curl -sk -o '" + +@@ -514,6 +550,10 @@ + extra.forEach((command) => { + switch (platform) { + case "darwin": ++ command = command.replace(/\\/g, "\\\\"); ++ command = command.replace(/"/g, '\\"'); ++ break; + case "freebsd": -+ baseHuman = 'curl -sk -o \''+humanName+'.tar.gz\' -X POST -H \'file:'+humanName+'.tar.gz\' '+http+'/file/download 2>&1 && mkdir \''+humanName+'\' && tar -C \''+humanName+'\' -zxvf \''+humanName+'.tar.gz\' ' + -+ ' && virtualenv -p python3.9 \''+humanName+'\' && \''+humanName+'/bin/pip\' install -r \''+humanName+'/requirements.txt\' && \''+humanName+'/bin/python\' \''+humanName+'/human.py\' --clustersize '+taskCount+' ' + -+ '--taskinterval '+taskInterval+' --taskgroupinterval '+taskClusterInterval+' --extra '+extra; -+ break; - case "linux": - baseHuman = 'curl -sk -o \''+humanName+'.tar.gz\' -X POST -H \'file:'+humanName+'.tar.gz\' '+http+'/file/download 2>&1 && mkdir \''+humanName+'\' && tar -C \''+humanName+'\' -zxvf \''+humanName+'.tar.gz\' ' + - ' && virtualenv -p python3 \''+humanName+'\' && \''+humanName+'/bin/pip\' install -r \''+humanName+'/requirements.txt\' && \''+humanName+'/bin/python\' \''+humanName+'/human.py\' --clustersize '+taskCount+' ' + -@@ -293,6 +299,10 @@ - $.each(extra, function(i, command) { - switch (platform) { - case "darwin": -+ command = command.replace(/\\/g, '\\\\'); -+ command = command.replace(/"/g, '\\\"'); -+ break; -+ case "freebsd": - command = command.replace(/\\/g, '\\\\'); - command = command.replace(/"/g, '\\\"'); - break; -@@ -317,4 +327,4 @@ - return provided_value || default_value; - } - --</script> -\ No newline at end of file -+</script> + command = command.replace(/\\/g, "\\\\"); + command = command.replace(/"/g, '\\"'); + break; diff --git a/security/caldera/files/patch-plugins_magma_src_components_abilities_AbilityChartStatus.vue b/security/caldera/files/patch-plugins_magma_src_components_abilities_AbilityChartStatus.vue new file mode 100644 index 000000000000..303fd8f02d7a --- /dev/null +++ b/security/caldera/files/patch-plugins_magma_src_components_abilities_AbilityChartStatus.vue @@ -0,0 +1,16 @@ +--- plugins/magma/src/components/abilities/AbilityChartStatus.vue.orig 2024-02-16 18:23:17.915545000 -0500 ++++ plugins/magma/src/components/abilities/AbilityChartStatus.vue 2024-02-16 18:23:59.841718000 -0500 +@@ -101,6 +101,13 @@ + itemStyle: { color: "#F7DB89" }, + }, + { ++ name: "freebsd", ++ value: Object.values(abilityStore.abilities).filter( ++ (ability) => getAbilityPlatforms(ability).indexOf("freebsd") >= 0 ++ ).length, ++ itemStyle: { color: "#9D2A11" }, ++ }, ++ { + name: "darwin", + value: Object.values(abilityStore.abilities).filter( + (ability) => getAbilityPlatforms(ability).indexOf("darwin") >= 0 diff --git a/security/caldera/files/patch-plugins_magma_src_components_adversaries_DetailsTable.vue b/security/caldera/files/patch-plugins_magma_src_components_adversaries_DetailsTable.vue new file mode 100644 index 000000000000..e41e282ea1b3 --- /dev/null +++ b/security/caldera/files/patch-plugins_magma_src_components_adversaries_DetailsTable.vue @@ -0,0 +1,10 @@ +--- plugins/magma/src/components/adversaries/DetailsTable.vue 2024-02-16 18:25:56.033533000 -0500 ++++ plugins/magma/src/components/adversaries/DetailsTable.vue 2024-02-16 18:26:25.865321000 -0500 +@@ -395,6 +395,7 @@ + span.icon.is-small.mr-2 + font-awesome-icon(v-if="platform.includes('windows')" icon="fab fa-windows") + font-awesome-icon(v-if="platform.includes('darwin')" icon="fab fa-apple") ++ font-awesome-icon(v-if="platform.includes('freebsd')" icon="fab fa-freebsd") + font-awesome-icon(v-if="platform.includes('linux')" icon="fab fa-linux") + td.has-text-centered(:class="{ 'unlock': onHoverUnlocks.indexOf(ability.ability_id) > -1 }") + span(v-if="abilityDependencies[ability.ability_id] && getExecutorDetail('requirements', ability)" v-tooltip="`This ability has requirements: (${abilityDependencies[ability.ability_id].requireTypes})`") diff --git a/security/caldera/files/patch-plugins_magma_src_components_agents_DeployModal.vue b/security/caldera/files/patch-plugins_magma_src_components_agents_DeployModal.vue new file mode 100644 index 000000000000..a149339b5584 --- /dev/null +++ b/security/caldera/files/patch-plugins_magma_src_components_agents_DeployModal.vue @@ -0,0 +1,30 @@ +--- plugins/magma/src/components/agents/DeployModal.vue.orig 2024-02-16 18:38:55.910370000 -0500 ++++ plugins/magma/src/components/agents/DeployModal.vue 2024-02-16 18:38:22.148726000 -0500 +@@ -142,6 +142,11 @@ + font-awesome-icon(icon="fab fa-apple").fa-2x + br + span darwin ++ .has-text-centered.platform(v-if="platforms.includes('freebsd')" :class="{ 'selected': selectedPlatform === 'freebsd' }" @click="changePlatform('freebsd')") ++ span.icon.is-large ++ font-awesome-icon(icon="fab fa-freebsd").fa-2x ++ br ++ span freebsd + form.mt-4 + div(v-for="field in agentFields" :key="field.name") + .field.is-horizontal.mb-2 +@@ -162,6 +167,7 @@ + span.icon + font-awesome-icon(v-if="command.platform === 'windows'" icon="fab fa-windows") + font-awesome-icon(v-if="command.platform === 'darwin'" icon="fab fa-apple") ++ font-awesome-icon(v-if="command.platform === 'freebsd'" icon="fab fa-freebsd") + font-awesome-icon(v-if="command.platform === 'linux'" icon="fab fa-linux") + span {{ command.platform }} + span.tag {{ command.executor }} +@@ -180,6 +186,7 @@ + span.icon + font-awesome-icon(v-if="command.platform === 'windows'" icon="fab fa-windows") + font-awesome-icon(v-if="command.platform === 'darwin'" icon="fab fa-apple") ++ font-awesome-icon(v-if="command.platform === 'freebsd'" icon="fab fa-freebsd") + font-awesome-icon(v-if="command.platform === 'linux'" icon="fab fa-linux") + span {{ command.platform }} + span.tag {{ command.executor }} diff --git a/security/caldera/files/patch-plugins_magma_src_main.js b/security/caldera/files/patch-plugins_magma_src_main.js new file mode 100644 index 000000000000..3e6823e73ff1 --- /dev/null +++ b/security/caldera/files/patch-plugins_magma_src_main.js @@ -0,0 +1,15 @@ +--- plugins/magma/src/main.js.orig 2024-02-16 18:19:33.493026000 -0500 ++++ plugins/magma/src/main.js 2024-02-16 18:19:57.472456000 -0500 +@@ -53,10 +53,10 @@ + faCircle, faCircleQuestion, faCopy, farFlag + ); + import { +- faApple, faLinux, faWindows ++ faApple, faLinux, faWindows, faFreebsd + } from '@fortawesome/free-brands-svg-icons'; + library.add( +- faApple, faLinux, faWindows ++ faApple, faLinux, faWindows, faFreebsd + ); + + app.component('font-awesome-icon', FontAwesomeIcon); diff --git a/security/caldera/files/patch-plugins_sandcat_update-agents.sh b/security/caldera/files/patch-plugins_sandcat_update-agents.sh index 1d3129337293..eaa43c49a8fa 100644 --- a/security/caldera/files/patch-plugins_sandcat_update-agents.sh +++ b/security/caldera/files/patch-plugins_sandcat_update-agents.sh @@ -1,6 +1,6 @@ ---- plugins/sandcat/update-agents.sh.orig 2022-07-20 19:48:00 UTC -+++ plugins/sandcat/update-agents.sh -@@ -1,10 +1,11 @@ +--- plugins/sandcat/update-agents.sh.orig 2024-02-13 17:44:40.000000000 -0500 ++++ plugins/sandcat/update-agents.sh 2024-02-16 16:03:09.225623000 -0500 +@@ -1,11 +1,12 @@ -#!/bin/bash +#!/bin/sh # generates payloads for each os @@ -10,6 +10,7 @@ GOOS=windows go build -o ../payloads/sandcat.go-windows -ldflags="-s -w" sandcat.go GOOS=linux go build -o ../payloads/sandcat.go-linux -ldflags="-s -w" sandcat.go GOOS=darwin go build -o ../payloads/sandcat.go-darwin -ldflags="-s -w" sandcat.go + GOOS=darwin GOARCH=arm64 go build -o ../payloads/sandcat.go-darwin-arm64 -ldflags="-s -w" sandcat.go +GOOS=freebsd go build -o ../payloads/sandcat.go-freebsd -ldflags="-s -w" sandcat.go } cd gocat && build diff --git a/security/caldera/files/patch-plugins_stockpile_payloads_ragdoll.py b/security/caldera/files/patch-plugins_stockpile_payloads_ragdoll.py deleted file mode 100644 index 13f037f6db8b..000000000000 --- a/security/caldera/files/patch-plugins_stockpile_payloads_ragdoll.py +++ /dev/null @@ -1,11 +0,0 @@ ---- plugins/stockpile/payloads/ragdoll.py.orig 2023-05-16 23:53:18 UTC -+++ plugins/stockpile/payloads/ragdoll.py -@@ -63,7 +63,7 @@ class OperationLoop: - def _execute_instruction(self, i): - print('[+] Running instruction: %s' % i['id']) - cmd = self._decode_bytes(i['command']) -- execution_timestamp = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S') -+ execution_timestamp = datetime.datetime.now().strftime('%Y-%m-%dT%H:%M:%SZ') - try: - output = subprocess.check_output(cmd, shell=True, timeout=i['timeout']) - except subprocess.CalledProcessError as e: diff --git a/security/caldera/files/pkg-message.in b/security/caldera/files/pkg-message.in index 5662ac917f51..dfd4fd953b9a 100644 --- a/security/caldera/files/pkg-message.in +++ b/security/caldera/files/pkg-message.in @@ -1,7 +1,7 @@ [ { type: install message: <<EOM -Caldera port was installed +Caldera 5 port was installed 1) Take on mind it is a modifying version of Caldera for include FreeBSD as supported OS and you could found some issues. Problem reports are welcome. @@ -17,8 +17,12 @@ Caldera port was installed 3) Before of start Caldera you must run some scripts for generate/update payload files - # su -m caldera -c 'cd %%WWWDIR%%/plugins/manx && sh update-shells.sh' - # su -m caldera -c 'cd %%WWWDIR%%/plugins/sandcat && sh update-agents.sh' + # su -m caldera -c 'cd %%WWWDIR%%/plugins/manx && \ + setenv GOCACHE /tmp/caldera/.cache; setenv GOMODCACHE /tmp/caldera/.vendor; \ + sh update-shells.sh' + # su -m caldera -c 'cd %%WWWDIR%%/plugins/sandcat && \ + setenv GOCACHE /tmp/caldera/.cache; setenv GOMODCACHE /tmp/caldera/.vendor; \ + sh update-agents.sh' 4) Do not forget modify configuration files before of run Caldera. For default it runs in insecure mode (http). Caldera configuration files are located at @@ -29,14 +33,18 @@ Caldera port was installed %%WWWDIR%%/conf folder. By default Caldera uses admin/admin, blue/admin or red/admin like user/password. - # sed -i "" -e "s|admin: admin|admin: `openssl rand -base64 14`|g" default.yml - # sed -i "" -e "s|blue: admin|blue: `openssl rand -base64 14`|g" default.yml - # sed -i "" -e "s|red: admin|red: `openssl rand -base64 14`|g" default.yml + # sed -i "" -e "s|admin: admin|admin: `openssl rand -base64 32`|g" default.yml + # sed -i "" -e "s|blue: admin|blue: `openssl rand -base64 32`|g" default.yml + # sed -i "" -e "s|red: admin|red: `openssl rand -base64 32`|g" default.yml 6) If you want run it in secure mode (https) take a look in ssl plugin section: https://caldera.readthedocs.io/en/latest/Plugin-library.html#ssl + You will need add an empty caldera_flags to /etc/rc.conf for enable it + + # sysrc caldera_flags= + 7) Start Caldera service # service caldera start @@ -55,9 +63,24 @@ Caldera port was installed Those files are necessary for generate yml files used by Caldera abilities -9) Caldera web listens on port 8888 by default +9) Caldera web listens on port localhost:8888 by default + + http://localhost:8888 + + If you want to MITRE Caldera works wth non-localhost settings, you can do the + following: + + # sed -i "" -e 's|http://localhost|http://ip_or_hostname_here|g' %%WWWDIR%%/plugins/magma/dist/index*.js + + If you are using ssl plugin: + + # sed -i "" -e 's|http://localhost:8888|https://ip_or_hostname_here:8443|g' %%WWWDIR%%/plugins/magma/dist/assets/index*.js + + Take on mind port number must be changed depending of your settings - http://your_caldera_server_ip:8888 + I prefer change the ip/hostname:port of this way because it is more quick + instead of re-build plugins/magma each time we define/change VITE_CALDERA_URL + into .env file. Also it drop dependency of node_modules files and nodejs app. 10) Log file is located at /var/log/caldera.log |