git: 1be69b56c4b4 - main - security/caldera: Improve port
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 26 Mar 2024 06:10:59 UTC
The branch main has been updated by acm:
URL: https://cgit.FreeBSD.org/ports/commit/?id=1be69b56c4b45d3f3cfcded2c6dfe695080226c4
commit 1be69b56c4b45d3f3cfcded2c6dfe695080226c4
Author: Jose Alonso Cardenas Marquez <acm@FreeBSD.org>
AuthorDate: 2024-03-26 05:57:33 +0000
Commit: Jose Alonso Cardenas Marquez <acm@FreeBSD.org>
CommitDate: 2024-03-26 05:57:33 +0000
security/caldera: Improve port
- Improve rc script. Now it kills some child processes
- Use my new atomic-red-team repository. It include a new entry run_as into yaml
files for identify FreeBSD tests easily because oficial
redcanaryco/atomic-red-team project included new changes and these remove
freebsd entries from yaml files because it was merged into linux tests. Now
identify what are FreeBSD tests is almost imposible.
- Some other minor modifications
- Bump PORTREVISION
---
security/caldera/Makefile | 7 ++-
security/caldera/files/caldera.in | 7 ++-
.../files/patch-plugins_atomic_app_atomic__svc.py | 60 ++++++++++++++++++++--
3 files changed, 67 insertions(+), 7 deletions(-)
diff --git a/security/caldera/Makefile b/security/caldera/Makefile
index 3544dba8e55a..dff6a25ad848 100644
--- a/security/caldera/Makefile
+++ b/security/caldera/Makefile
@@ -1,6 +1,6 @@
PORTNAME= caldera
DISTVERSION= 5.0.0
-PORTREVISION= 3
+PORTREVISION= 4
CATEGORIES= security python
MAINTAINER= acm@FreeBSD.org
@@ -111,11 +111,14 @@ post-build:
@${ECHO} "(!!!) Please upload the cache archive: ${DISTDIR}/${DIST_SUBDIR}/${PORTNAME}-cache-${DISTVERSION}${EXTRACT_SUFX}"
.else
MASTER_SITES+= LOCAL/acm/caldera/:npm_cache
-DISTFILES+= ${PORTNAME}-cache-${DISTVERSION}${EXTRACT_SUFX}:npm_cache
+DISTFILES+= ${PORTNAME}-cache-${DISTVERSION}${EXTRACT_SUFX}:npm_cache \
+ ${PORTNAME}-freebsd-logos.tar.gz:npm_cache
NPM_ARGS= run build
post-extract:
@${MV} ${WRKDIR}/node_modules ${WRKSRC}/plugins/magma/
+ @${MV} ${WRKDIR}/freebsd.red.svg ${WRKSRC}/plugins/magma/src/assets/img/graph/freebsd-icon-privileged.svg
+ @${MV} ${WRKDIR}/freebsd.black.svg ${WRKSRC}/plugins/magma/src/assets/img/graph/freebsd-icon.svg
${RM} -R ${WRKSRC}/.github
cd ${WRKSRC} && ${RM} .coveragerc .dockerignore .eslintrc.js .flake8 \
.git* .pre* .stylelintrc.json Dockerfile
diff --git a/security/caldera/files/caldera.in b/security/caldera/files/caldera.in
index d08e4fae7d5c..7b57c2e33777 100644
--- a/security/caldera/files/caldera.in
+++ b/security/caldera/files/caldera.in
@@ -66,8 +66,13 @@ caldera_stop()
{
if [ -f ${pidfile} ]
then
- kill `cat ${pidfile}`
+ kill -TERM `cat ${pidfile}`
rm ${pidfile}
+
+ pid_child=$(pgrep -U ${caldera_user})
+ if [ ! -z "${pid_child}" ]; then
+ kill -TERM ${pid_child}
+ fi
echo "Stopping ${name}"
else
echo "${name} not running? (check ${pidfile})."
diff --git a/security/caldera/files/patch-plugins_atomic_app_atomic__svc.py b/security/caldera/files/patch-plugins_atomic_app_atomic__svc.py
index 04e18806665b..7f5883b80a9f 100644
--- a/security/caldera/files/patch-plugins_atomic_app_atomic__svc.py
+++ b/security/caldera/files/patch-plugins_atomic_app_atomic__svc.py
@@ -1,6 +1,14 @@
---- plugins/atomic/app/atomic_svc.py.orig 2022-08-11 15:59:49 UTC
+--- plugins/atomic/app/atomic_svc.py.orig 2024-02-13 20:49:23 UTC
+++ plugins/atomic/app/atomic_svc.py
-@@ -13,7 +13,7 @@ from app.utility.base_world import BaseWorld
+@@ -5,6 +5,7 @@ import os
+ import re
+ import shutil
+ import yaml
++import platform
+
+ from collections import defaultdict
+ from subprocess import DEVNULL, STDOUT, check_call
+@@ -13,7 +14,7 @@ from app.utility.base_world import BaseWorld
from app.utility.base_service import BaseService
from app.objects.c_agent import Agent
@@ -9,12 +17,56 @@
EXECUTORS = dict(command_prompt='cmd', sh='sh', powershell='psh', bash='sh')
RE_VARIABLE = re.compile('(#{(.*?)})', re.DOTALL)
PREFIX_HASH_LEN = 6
-@@ -45,7 +45,7 @@ class AtomicService(BaseService):
+@@ -45,11 +46,17 @@ class AtomicService(BaseService):
the `repo_url` parameter (eg. if you want to use a fork).
"""
if not repo_url:
- repo_url = 'https://github.com/redcanaryco/atomic-red-team.git'
-+ repo_url = 'https://github.com/alonsobsd/atomic-red-team.git'
++ if platform.system() == "FreeBSD":
++ repo_url = 'https://github.com/alonsobsd/atomic-red-team.git'
++ else:
++ repo_url = 'https://github.com/redcanaryco/atomic-red-team.git'
if not os.path.exists(self.repo_dir) or not os.listdir(self.repo_dir):
self.log.debug('cloning repo %s' % repo_url)
+- check_call(['git', 'clone', '--depth', '1', repo_url, self.repo_dir], stdout=DEVNULL, stderr=STDOUT)
++ if platform.system() == "FreeBSD":
++ check_call(['git', 'clone', '-b', 'atomic', '--depth', '1', repo_url, self.repo_dir], stdout=DEVNULL, stderr=STDOUT)
++ else:
++ check_call(['git', 'clone', '--depth', '1', repo_url, self.repo_dir], stdout=DEVNULL, stderr=STDOUT)
+ self.log.debug('clone complete')
+
+ async def populate_data_directory(self, path_yaml=None):
+@@ -132,6 +139,11 @@ class AtomicService(BaseService):
+ return path.replace('\\', '/')
+ return path
+
++ @staticmethod
++ def _platform_system():
++ _platform = platform.system()
++ return _platform
++
+ def _catch_path_to_atomics_folder(self, string_to_analyse, platform):
+ """
+ Catch a path to the atomics/ folder in the `string_to_analyse` variable,
+@@ -302,6 +314,10 @@ class AtomicService(BaseService):
+ Return True if an ability was saved.
+ """
+ ability_id = hashlib.md5(json.dumps(test).encode()).hexdigest()
++ list_name = 'supported_platforms'
++
++ if self._platform_system() == 'FreeBSD':
++ list_name = 'run_on'
+
+ tactics_li = self.technique_to_tactics.get(entries['attack_technique'], ['redcanary-unknown'])
+ tactic = 'multiple' if len(tactics_li) > 1 else tactics_li[0]
+@@ -317,7 +333,8 @@ class AtomicService(BaseService):
+ ),
+ platforms=dict()
+ )
+- for p in test['supported_platforms']:
++
++ for p in test[list_name]:
+ if test['executor']['name'] != 'manual':
+ # manual tests are expected to be run manually by a human, no automation is provided
+ executor = EXECUTORS.get(test['executor']['name'], 'unknown')