git: 42df5a346683 - main - security/caldera: Use caldera user and group into port files

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Jose Alonso Cardenas Marquez <acm_at_FreeBSD.org>
Date: Thu, 11 May 2023 04:33:19 UTC
The branch main has been updated by acm:

URL: https://cgit.FreeBSD.org/ports/commit/?id=42df5a346683e4c0134eae1cf74058c05b5f5e47

commit 42df5a346683e4c0134eae1cf74058c05b5f5e47
Author:     Jose Alonso Cardenas Marquez <acm@FreeBSD.org>
AuthorDate: 2023-05-11 04:26:09 +0000
Commit:     Jose Alonso Cardenas Marquez <acm@FreeBSD.org>
CommitDate: 2023-05-11 04:33:09 +0000

    security/caldera: Use caldera user and group into port files
    
    - Update caldera rc file
    - Update pkg-plist file
    - Atomic plugin was patched for download yaml from alonsobsd/atomic-red-team
      instead of redcanaryco/atomic-red-team github repository until my pull
      request will be approved
    - Add/modify entries into pkg-message file
    - Bump PORTREVISION
---
 security/caldera/Makefile                          |  8 ++++-
 security/caldera/files/caldera.in                  |  8 ++---
 .../files/patch-plugins_atomic_app_atomic__svc.py  |  9 ++++++
 security/caldera/files/pkg-message.in              | 36 ++++++++++++++++------
 security/caldera/pkg-plist                         |  8 ++---
 5 files changed, 51 insertions(+), 18 deletions(-)

diff --git a/security/caldera/Makefile b/security/caldera/Makefile
index 8648038da272..2646d77b1a21 100644
--- a/security/caldera/Makefile
+++ b/security/caldera/Makefile
@@ -1,5 +1,6 @@
 PORTNAME=	caldera
 DISTVERSION=	4.1.0
+PORTREVISION=	1
 CATEGORIES=	security python
 
 MAINTAINER=	acm@FreeBSD.org
@@ -70,6 +71,11 @@ USES=		go:run python:3.8+
 NO_ARCH=	yes
 NO_BUILD=	yes
 
+CALDERA_USER=	caldera
+CALDERA_GROUP=	caldera
+USERS=		${CALDERA_USER}
+GROUPS=		${CALDERA_GROUP}
+
 USE_RC_SUBR=	${PORTNAME:S/-/_/}
 SUB_FILES=	pkg-message
 SUB_LIST=	PYTHON_CMD=${PYTHON_CMD} \
@@ -78,7 +84,7 @@ SUB_LIST=	PYTHON_CMD=${PYTHON_CMD} \
 OPTIONS_DEFINE=	HAPROXY
 OPTIONS_DEFAULT=HAPROXY
 HAPROXY_DESC=	Support for HTTPS
-HAPROXY_RUN_DEPENDS=haproxy18>0:net/haproxy18
+HAPROXY_RUN_DEPENDS=haproxy20>0:net/haproxy20
 
 post-extract:
 	${RM} -R ${WRKSRC}/.github
diff --git a/security/caldera/files/caldera.in b/security/caldera/files/caldera.in
index aaedbb017d79..081a14c8318e 100644
--- a/security/caldera/files/caldera.in
+++ b/security/caldera/files/caldera.in
@@ -22,11 +22,11 @@ export PATH="${PATH}:/usr/local/bin:/usr/local/sbin"
 : ${caldera_enable:=NO}
 : ${caldera_flags="--insecure"}
 
-caldera_user="www"
+caldera_user="caldera"
+caldera_wwwdir="%%WWWDIR%%"
+caldera_logfile="/var/log/caldera.log"
 
 pidfile="/var/run/${name}.pid"
-
-caldera_wwwdir="%%WWWDIR%%"
 python_command="%%PYTHON_CMD%%"
 python_script="${caldera_wwwdir}/server.py"
 start_cmd=${name}_start
@@ -40,7 +40,7 @@ caldera_start()
 	if [ ! -f ${pidfile} ]
 	then
 		cd ${caldera_wwwdir} && \
-			daemon -u ${caldera_user} -p ${pidfile} -t ${name} -o /var/log/caldera.log \
+			daemon -u ${caldera_user} -p ${pidfile} -t ${name} -o ${caldera_logfile} \
 				${python_command} ${python_script}  \
 				${caldera_flags}
 
diff --git a/security/caldera/files/patch-plugins_atomic_app_atomic__svc.py b/security/caldera/files/patch-plugins_atomic_app_atomic__svc.py
index abc3e67c6ccf..04e18806665b 100644
--- a/security/caldera/files/patch-plugins_atomic_app_atomic__svc.py
+++ b/security/caldera/files/patch-plugins_atomic_app_atomic__svc.py
@@ -9,3 +9,12 @@
  EXECUTORS = dict(command_prompt='cmd', sh='sh', powershell='psh', bash='sh')
  RE_VARIABLE = re.compile('(#{(.*?)})', re.DOTALL)
  PREFIX_HASH_LEN = 6
+@@ -45,7 +45,7 @@ class AtomicService(BaseService):
+         the `repo_url` parameter (eg. if you want to use a fork).
+         """
+         if not repo_url:
+-            repo_url = 'https://github.com/redcanaryco/atomic-red-team.git'
++            repo_url = 'https://github.com/alonsobsd/atomic-red-team.git'
+ 
+         if not os.path.exists(self.repo_dir) or not os.listdir(self.repo_dir):
+             self.log.debug('cloning repo %s' % repo_url)
diff --git a/security/caldera/files/pkg-message.in b/security/caldera/files/pkg-message.in
index f97eaf3e8be7..668b6828a2e9 100644
--- a/security/caldera/files/pkg-message.in
+++ b/security/caldera/files/pkg-message.in
@@ -1,7 +1,7 @@
 [
 { type: install
   message: <<EOM
-Caldera port were installed
+Caldera port was installed
 
 1) Take on mind it is a modifying version of Caldera for include FreeBSD as 
    supported OS and you could found some issues. Problem reports are welcome.
@@ -10,6 +10,10 @@ Caldera port were installed
 
   # sysrc caldera_enable="YES"
 
+  or enable it from service command
+
+  # service caldera enable
+
 3) Before of start Caldera you must run some scripts for generate/update payload
    files
 
@@ -21,33 +25,47 @@ Caldera port were installed
 
    %%WWWDIR%%/conf
 
-5) If you want run it in secure mode (https) take a look in ssl plugin section:
+5) You can change default user passwords modifying default.yml file into
+   %%WWWDIR%%/conf folder. By default Caldera uses admin/admin,
+   blue/admin or red/admin like user/password.
+
+   # sed -i "" -e "s|admin: admin|admin: `openssl rand -base64 14`|g" default.yml
+   # sed -i "" -e "s|blue: admin|blue: `openssl rand -base64 14`|g" default.yml
+   # sed -i "" -e "s|red: admin|red: `openssl rand -base64 14`|g" default.yml
+
+6) If you want run it in secure mode (https) take a look in ssl plugin section:
 
    https://caldera.readthedocs.io/en/latest/Plugin-library.html#ssl
 
-6) Start Caldera service
+7) Start Caldera service
 
    # service caldera start
 
-7) When Caldera is starting, atomic plugin will use git to download files from
+8) When Caldera is starting, atomic plugin will use git to download files from
    the following link:
 
    https://github.com/redcanaryco/atomic-red-team
 
+   Currently, the project does not include FreeBSD like a supported platform.
+   For this reason, Atomic plugin was patched for download atomic-red-team
+   files from the following repository until my pull request will be merge into
+   redcanaryco/atomic-red-team:
+
+   https://github.com/alonsobsd/atomic-red-team
+
    Those files are necessary for generate yml files used by Caldera abilities
 
-8) Caldera web listens on port 8888 by default and it uses red/admin or 
-   blue/admin like user/password.
+9) Caldera web listens on port 8888 by default
 
    http://your_caldera_server_ip:8888
 
-9) Log file is located at /var/log/caldera.log
+10) Log file is located at /var/log/caldera.log
 
-10) For more configure information you can look at the following link:
+11) For more configure information you can look at the following link:
 
    https://caldera.readthedocs.io/en/latest/
 
-11) Enjoy it
+12) Enjoy it
 EOM
 }
 ]
diff --git a/security/caldera/pkg-plist b/security/caldera/pkg-plist
index ab4dc204a75c..aa4cf31e6fde 100644
--- a/security/caldera/pkg-plist
+++ b/security/caldera/pkg-plist
@@ -1,6 +1,6 @@
 @mode 640
-@owner www
-@group www
+@owner caldera
+@group caldera
 %%WWWDIR%%/CONTRIBUTING.md
 %%WWWDIR%%/LICENSE
 %%WWWDIR%%/README.md
@@ -1269,8 +1269,8 @@
 %%WWWDIR%%/tests/web_server/test_core_endpoints.py
 %%WWWDIR%%/tox.ini
 @mode 750
-@owner www
-@group www
+@owner caldera
+@group caldera
 @dir %%WWWDIR%%
 @dir %%WWWDIR%%/plugins
 @dir %%WWWDIR%%/plugins/atomic/data