git: a7058a34e044 - main - security/caldera: Update to 5.0.0
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 17 Feb 2024 21:30:20 UTC
The branch main has been updated by acm:
URL: https://cgit.FreeBSD.org/ports/commit/?id=a7058a34e04498acc384664fbb5a5ee9188f69eb
commit a7058a34e04498acc384664fbb5a5ee9188f69eb
Author: Jose Alonso Cardenas Marquez <acm@FreeBSD.org>
AuthorDate: 2024-02-17 21:29:08 +0000
Commit: Jose Alonso Cardenas Marquez <acm@FreeBSD.org>
CommitDate: 2024-02-17 21:29:08 +0000
security/caldera: Update to 5.0.0
ChangeLog at: https://github.com/mitre/caldera/releases/tag/5.0.0
---
security/caldera/Makefile | 98 ++++++++++++++----
security/caldera/distinfo | 70 +++++++------
.../files/patch-plugins_human_gui_views_human.vue | 59 +++++++++++
.../files/patch-plugins_human_templates_human.html | 113 ++++++++++++++-------
...src_components_abilities_AbilityChartStatus.vue | 16 +++
...gma_src_components_adversaries_DetailsTable.vue | 10 ++
...ins_magma_src_components_agents_DeployModal.vue | 30 ++++++
.../caldera/files/patch-plugins_magma_src_main.js | 15 +++
.../files/patch-plugins_sandcat_update-agents.sh | 7 +-
.../patch-plugins_stockpile_payloads_ragdoll.py | 11 --
security/caldera/files/pkg-message.in | 39 +++++--
11 files changed, 353 insertions(+), 115 deletions(-)
diff --git a/security/caldera/Makefile b/security/caldera/Makefile
index c874359a5f63..91015e2c905e 100644
--- a/security/caldera/Makefile
+++ b/security/caldera/Makefile
@@ -1,12 +1,13 @@
PORTNAME= caldera
-DISTVERSION= 4.2.0
-PORTREVISION= 4
+DISTVERSION= 5.0.0
CATEGORIES= security python
MAINTAINER= acm@FreeBSD.org
COMMENT= Automated Adversary Emulation Platform
WWW= https://github.com/mitre/caldera
+CONFLICTS= caldera4
+
LICENSE= APACHE20
LICENSE_FILE= ${WRKSRC}/LICENSE
@@ -35,6 +36,7 @@ RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}aiohttp>0:www/py-aiohttp@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}dnspython>0:dns/py-dnspython@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}asyncssh>0:security/py-asyncssh@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}aioftp>0:ftp/py-aioftp@${PY_FLAVOR} \
+ ${PYTHON_PKGNAMEPREFIX}packaging>0:devel/py-packaging@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}pyautogui>0:x11/py-pyautogui@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}selenium>0:www/py-selenium@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}webdriver_manager>0:www/py-webdriver_manager@${PY_FLAVOR} \
@@ -49,27 +51,27 @@ RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}aiohttp>0:www/py-aiohttp@${PY_FLAVOR} \
USE_GITHUB= yes
GH_ACCOUNT= mitre
GH_PROJECT= ${PORTNAME}
-GH_TUPLE= mitre:access:0e67776:access/plugins/access \
- mitre:atomic:9e2c958:atomic/plugins/atomic \
- mitre:builder:f2ce67c:builder/plugins/builder \
- mitre:compass:fb88e02:compass/plugins/compass \
- mitre:debrief:e4d4f9e:debrief/plugins/debrief \
- mitre:emu:02a0f3e:emu/plugins/emu \
- mitre:fieldmanual:c286e77:fieldmanual/plugins/fieldmanual \
- mitre:gameboard:3d98c32:gameboard/plugins/gameboard \
- mitre:human:4368dea:human/plugins/human \
- mitre:manx:e7205ea:manx/plugins/manx \
- mitre:response:889213a:response/plugins/response \
- mitre:sandcat:7c326bd:sandcat/plugins/sandcat \
- mitre:ssl:ac5bfcb:ssl/plugins/ssl \
- mitre:stockpile:960f9ad:stockpile/plugins/stockpile \
- mitre:training:b058b67:training/plugins/training
-
-USES= dos2unix go:run python
+GH_TUPLE= mitre:access:775181b:access/plugins/access \
+ mitre:atomic:4f489bb:atomic/plugins/atomic \
+ mitre:builder:de24b68:builder/plugins/builder \
+ mitre:compass:85e2ebf:compass/plugins/compass \
+ mitre:debrief:eba44d5:debrief/plugins/debrief \
+ mitre:emu:7215768:emu/plugins/emu \
+ mitre:fieldmanual:cb53f2b:fieldmanual/plugins/fieldmanual \
+ mitre:gameboard:dacb6ce:gameboard/plugins/gameboard \
+ mitre:human:0e344ea:human/plugins/human \
+ mitre:magma:99f0056:magma/plugins/magma \
+ mitre:manx:a7e83a6:manx/plugins/manx \
+ mitre:response:8ea6ab5:response/plugins/response \
+ mitre:sandcat:b408f3f:sandcat/plugins/sandcat \
+ mitre:ssl:1ae8431:ssl/plugins/ssl \
+ mitre:stockpile:fe0c5b7:stockpile/plugins/stockpile \
+ mitre:training:37f998f:training/plugins/training
+
+USES= dos2unix go:run nodejs:18,build python
USE_PYTHON= cryptography
NO_ARCH= yes
-NO_BUILD= yes
DOS2UNIX_REGEX= .*\.([yml])
CALDERA_USER= caldera
@@ -77,6 +79,7 @@ CALDERA_GROUP= caldera
USERS= ${CALDERA_USER}
GROUPS= ${CALDERA_GROUP}
+PLIST= ${WRKDIR}/pkg-plist
USE_RC_SUBR= ${PORTNAME:S/-/_/}
SUB_FILES= pkg-message
SUB_LIST= PYTHON_CMD=${PYTHON_CMD} \
@@ -85,16 +88,69 @@ SUB_LIST= PYTHON_CMD=${PYTHON_CMD} \
OPTIONS_DEFINE= HAPROXY
OPTIONS_DEFAULT=HAPROXY
HAPROXY_DESC= Support for HTTPS
-HAPROXY_RUN_DEPENDS=haproxy20>0:net/haproxy20
+HAPROXY_RUN_DEPENDS=haproxy24>0:net/haproxy24
+
+NPM_BIN= ${LOCALBASE}/bin/npm
+
+# to rebuild the deps archive:
+# 1. set DEV_UPDATE_MODE=yes
+# 2. make makesum build
+# 3. upload the *-cache archive
+# 4. set DEV_UPDATE_MODE=no
+# 5. make clean makesum
+
+DEV_UPDATE_MODE= no
+DEPS_CACHE_DIR= ${WRKSRC}/plugins/magma
+
+.if (${DEV_UPDATE_MODE} == "yes")
+NPM_ARGS= install
+post-build:
+ @cd ${DEPS_CACHE_DIR} && ${TAR} czf ${DISTDIR}/${DIST_SUBDIR}/${PORTNAME}-cache-${DISTVERSION}${EXTRACT_SUFX} node_modules
+ @${ECHO} "(!!!) Please upload the cache archive: ${DISTDIR}/${DIST_SUBDIR}/${PORTNAME}-cache-${DISTVERSION}${EXTRACT_SUFX}"
+.else
+MASTER_SITES+= LOCAL/acm/caldera/:npm_cache
+DISTFILES+= ${PORTNAME}-cache-${DISTVERSION}${EXTRACT_SUFX}:npm_cache
+NPM_ARGS= run build
post-extract:
+ @${MV} ${WRKDIR}/node_modules ${WRKSRC}/plugins/magma/
${RM} -R ${WRKSRC}/.github
cd ${WRKSRC} && ${RM} .coveragerc .dockerignore .eslintrc.js .flake8 \
.git* .pre* .stylelintrc.json Dockerfile
+.endif
post-patch:
cd ${WRKSRC} && \
${FIND} . -type f -name "*.orig" -exec ${RM} "{}" \;
+ ${REINPLACE_CMD} -i "" -e 's|4.2.0|${PORTVERSION}|g' ${WRKSRC}/app/version.py
+
+do-build:
+ @cd ${WRKSRC}/plugins/magma && \
+ ${NPM_BIN} ${NPM_ARGS}
+
+post-build:
+ ${RM} -r ${WRKSRC}/plugins/magma/node_modules
+
+pre-install:
+ @${RM} -f ${PLIST}
+
+ @${ECHO_CMD} "@mode 640" > ${PLIST}
+ @${ECHO_CMD} "@owner caldera" >> ${PLIST}
+ @${ECHO_CMD} "@group caldera" >> ${PLIST}
+
+ @cd ${WRKSRC} && \
+ ${FIND} * -type f | ${SORT} | ${SED} -e 's|^|%%WWWDIR%%/|' >> ${PLIST}
+
+ @${ECHO_CMD} "@mode 750" >> ${PLIST}
+ @${ECHO_CMD} "@owner caldera" >> ${PLIST}
+ @${ECHO_CMD} "@group caldera" >> ${PLIST}
+
+ @cd ${WRKSRC} && \
+ ${FIND} * -type d | ${SORT} -r | ${SED} -e 's|^|@dir %%WWWDIR%%/|' >> ${PLIST}
+
+ @${ECHO_CMD} "@mode" >> ${PLIST}
+ @${ECHO_CMD} "@owner" >> ${PLIST}
+ @${ECHO_CMD} "@group" >> ${PLIST}
do-install:
@cd ${WRKSRC} && ${COPYTREE_SHARE} . ${STAGEDIR}/${WWWDIR}
diff --git a/security/caldera/distinfo b/security/caldera/distinfo
index 7542fc288b4e..05683bff9379 100644
--- a/security/caldera/distinfo
+++ b/security/caldera/distinfo
@@ -1,33 +1,37 @@
-TIMESTAMP = 1687320760
-SHA256 (mitre-caldera-4.2.0_GH0.tar.gz) = 2c93501ca05fe89cd18a038376c278e50d371881dfe84824a0f98dc3d9023fd9
-SIZE (mitre-caldera-4.2.0_GH0.tar.gz) = 3777586
-SHA256 (mitre-access-0e67776_GH0.tar.gz) = dc80b9c5cb92f75fa6d18f618f64a4d3c5ddd1b08b020d86feb70fbaa0f4c43d
-SIZE (mitre-access-0e67776_GH0.tar.gz) = 8494
-SHA256 (mitre-atomic-9e2c958_GH0.tar.gz) = 0fbd0c3bb2c3c621afcb8f271b76df0f6ac2bacd72a7f8d9771c94b9a3f5d085
-SIZE (mitre-atomic-9e2c958_GH0.tar.gz) = 15142
-SHA256 (mitre-builder-f2ce67c_GH0.tar.gz) = da9d987a2a656bb9eb5d1c0d36115c8fb8fe740503fa1a43a1bfcce1018f461b
-SIZE (mitre-builder-f2ce67c_GH0.tar.gz) = 7944
-SHA256 (mitre-compass-fb88e02_GH0.tar.gz) = 6187446551f4041ac0a0c33689b4a62a39a02b285d988bd6f17647d89d98ce16
-SIZE (mitre-compass-fb88e02_GH0.tar.gz) = 5907
-SHA256 (mitre-debrief-e4d4f9e_GH0.tar.gz) = 721b262744118b91b812ec0e098fa0c75f845a7814d8fa58fa52a2ace04432ee
-SIZE (mitre-debrief-e4d4f9e_GH0.tar.gz) = 998929
-SHA256 (mitre-emu-02a0f3e_GH0.tar.gz) = 9dd6b46fe93ba12467612e4bf4a45df5513dad1709a72addc3898c430b8ec1ad
-SIZE (mitre-emu-02a0f3e_GH0.tar.gz) = 17467
-SHA256 (mitre-fieldmanual-c286e77_GH0.tar.gz) = 6f086d0d4f519d0dcf49fbded87ee8095622c3028461d745d2e7eea422d68d57
-SIZE (mitre-fieldmanual-c286e77_GH0.tar.gz) = 7828491
-SHA256 (mitre-gameboard-3d98c32_GH0.tar.gz) = 8415bbbc64fe78836afea2e364fe655cc364a5d70dcf3fbcb748617fc9b9ad0a
-SIZE (mitre-gameboard-3d98c32_GH0.tar.gz) = 14753
-SHA256 (mitre-human-4368dea_GH0.tar.gz) = 4710f3d6c7b3f728274187c36cda53232b3609d8177ccad6b1968ae99d83724a
-SIZE (mitre-human-4368dea_GH0.tar.gz) = 22846
-SHA256 (mitre-manx-e7205ea_GH0.tar.gz) = 5b39a00ff8bbe7b20d4cfcab6161edbbafd94fa9bd62af4741975f7759f7a470
-SIZE (mitre-manx-e7205ea_GH0.tar.gz) = 7352820
-SHA256 (mitre-response-889213a_GH0.tar.gz) = 4067efd0c4bddeed799255838a80316d96ba0c4cac84625d7d0257e44c00c4ee
-SIZE (mitre-response-889213a_GH0.tar.gz) = 24463
-SHA256 (mitre-sandcat-7c326bd_GH0.tar.gz) = 60049cf759e8b31b29e84832a112c87be8101e303d088e0f2b9da4647f79855f
-SIZE (mitre-sandcat-7c326bd_GH0.tar.gz) = 7816391
-SHA256 (mitre-ssl-ac5bfcb_GH0.tar.gz) = 01067db5fe9a32d07d13bbea4ffb6f3bd2907a57f2d50a7c7e9c5f2bdc823a12
-SIZE (mitre-ssl-ac5bfcb_GH0.tar.gz) = 6395
-SHA256 (mitre-stockpile-960f9ad_GH0.tar.gz) = 516d28ae26d66049e2273f60bbae0254b071152b613f259a7ff596ad2d92461f
-SIZE (mitre-stockpile-960f9ad_GH0.tar.gz) = 4781396
-SHA256 (mitre-training-b058b67_GH0.tar.gz) = 44c5ee5f682918f1f8ace4ff4ea3b8e16d24795ff8b8fb5896d68c585d33b8c0
-SIZE (mitre-training-b058b67_GH0.tar.gz) = 491615
+TIMESTAMP = 1708127632
+SHA256 (caldera-cache-5.0.0.tar.gz) = c0f160ec5431b0096a9ce8e2adde062de97be96e66e9e8756b4646e4d8c2a9a9
+SIZE (caldera-cache-5.0.0.tar.gz) = 41756498
+SHA256 (mitre-caldera-5.0.0_GH0.tar.gz) = a4e122f6862ea3cb7e856889a4a2b68ce297f74189fd845b0a51c02e1fa8c716
+SIZE (mitre-caldera-5.0.0_GH0.tar.gz) = 3820616
+SHA256 (mitre-access-775181b_GH0.tar.gz) = 2ae6e4cbd9e6c143cc76b65c0be3dd332228ab59161422291050eb6f4c4b1d17
+SIZE (mitre-access-775181b_GH0.tar.gz) = 11646
+SHA256 (mitre-atomic-4f489bb_GH0.tar.gz) = 340c7931fbee16ce1bf788044018fcf75fe403bf641665bb4aec53d3b1479b2d
+SIZE (mitre-atomic-4f489bb_GH0.tar.gz) = 15041
+SHA256 (mitre-builder-de24b68_GH0.tar.gz) = bca2a28b23d72cf987878aa519d0f108b2153156391821bfb137c79ac5c5bcc2
+SIZE (mitre-builder-de24b68_GH0.tar.gz) = 8349
+SHA256 (mitre-compass-85e2ebf_GH0.tar.gz) = 4760171cf05a7fccfd4300815f358d9d42affb2c741e6e555515f07eb50c9f34
+SIZE (mitre-compass-85e2ebf_GH0.tar.gz) = 7055
+SHA256 (mitre-debrief-eba44d5_GH0.tar.gz) = 62cbfd77cbf3573675bc79426171f136628f26a1ee3f931c02f36d53bda8012e
+SIZE (mitre-debrief-eba44d5_GH0.tar.gz) = 1006448
+SHA256 (mitre-emu-7215768_GH0.tar.gz) = 13dedefc0c3e9a443221886d2030effdc5b741a62a5a4ebd830ca613d183025f
+SIZE (mitre-emu-7215768_GH0.tar.gz) = 19410
+SHA256 (mitre-fieldmanual-cb53f2b_GH0.tar.gz) = 8dbac757e4d70bb415c38684997969ceda3a886ddf6aa3028ee8720d7a44e01a
+SIZE (mitre-fieldmanual-cb53f2b_GH0.tar.gz) = 9659796
+SHA256 (mitre-gameboard-dacb6ce_GH0.tar.gz) = 55e521c4dfc6acc9b8ed37b7622d1c20248cd1fe43a9410e339b8c24729d22ac
+SIZE (mitre-gameboard-dacb6ce_GH0.tar.gz) = 20333
+SHA256 (mitre-human-0e344ea_GH0.tar.gz) = 83ae25ee09a9a7c463cc94e673cb572bef78fdd91b7b019fd845f73e18d5e610
+SIZE (mitre-human-0e344ea_GH0.tar.gz) = 25937
+SHA256 (mitre-magma-99f0056_GH0.tar.gz) = a1ab40360288d4818abfb3e73cf7361686f6e7072de9dd8a7633da3f55a18558
+SIZE (mitre-magma-99f0056_GH0.tar.gz) = 10138171
+SHA256 (mitre-manx-a7e83a6_GH0.tar.gz) = ec144af8d794c11e68c7bacb6da4b84e81c3278fd90045e8f5660408652799c7
+SIZE (mitre-manx-a7e83a6_GH0.tar.gz) = 7359477
+SHA256 (mitre-response-8ea6ab5_GH0.tar.gz) = f2275a11ebb631b84da2921e370bf5e5957c304265621c78d27f212269fdc9b5
+SIZE (mitre-response-8ea6ab5_GH0.tar.gz) = 25334
+SHA256 (mitre-sandcat-b408f3f_GH0.tar.gz) = 15bee4622b0ce40ad66b99804ee87e7eb4074ec564fc719b72c397e74a63f0f5
+SIZE (mitre-sandcat-b408f3f_GH0.tar.gz) = 8294185
+SHA256 (mitre-ssl-1ae8431_GH0.tar.gz) = 608596a05a3c833ac10c230cf4bf0863f0e31540414a66b382ff159f97d7629f
+SIZE (mitre-ssl-1ae8431_GH0.tar.gz) = 6806
+SHA256 (mitre-stockpile-fe0c5b7_GH0.tar.gz) = dea568de5067cc20cc54ca57d270d01ef092b329dad61c2e53369fd1524512a3
+SIZE (mitre-stockpile-fe0c5b7_GH0.tar.gz) = 4780570
+SHA256 (mitre-training-37f998f_GH0.tar.gz) = 41fe37233c02d77435e747e6d34017eeba6c592805382176afaf6f2d1f8f6a46
+SIZE (mitre-training-37f998f_GH0.tar.gz) = 496302
diff --git a/security/caldera/files/patch-plugins_human_gui_views_human.vue b/security/caldera/files/patch-plugins_human_gui_views_human.vue
new file mode 100644
index 000000000000..97b7d95f2c24
--- /dev/null
+++ b/security/caldera/files/patch-plugins_human_gui_views_human.vue
@@ -0,0 +1,59 @@
+--- plugins/human/gui/views/human.vue 2024-02-16 18:15:08.873254000 -0500
++++ plugins/human/gui/views/human.vue 2024-02-16 18:16:20.156979000 -0500
+@@ -232,7 +232,7 @@
+ return;
+ }
+
+- const validPlatforms = ["linux", "windows-psh", "darwin"];
++ const validPlatforms = ["linux", "windows-psh", "darwin", "freebsd"];
+ if (!validPlatforms.includes(this.selectedPlatform)) {
+ toast({
+ message: "Please select a valid platform",
+@@ -346,6 +346,31 @@
+ this.humans[this.selectedHuman].task_cluster_interval
+ } --extra ${extra}`;
+ break;
++ case "freebsd":
++ this.commandBlock = `curl -sk -o '${
++ this.humans[this.selectedHuman].name
++ }.tar.gz' -X POST -H 'file:${
++ this.humans[this.selectedHuman].name
++ }.tar.gz' ${this.serverIp}/file/download 2>&1 && mkdir '${
++ this.humans[this.selectedHuman].name
++ }' && tar -C '${this.humans[this.selectedHuman].name}' -zxvf '${
++ this.humans[this.selectedHuman].name
++ }.tar.gz' && virtualenv -p python3 '${
++ this.humans[this.selectedHuman].name
++ }' && '${this.humans[this.selectedHuman].name}/bin/pip' install -r '${
++ this.humans[this.selectedHuman].name
++ }/requirements.txt' && '${
++ this.humans[this.selectedHuman].name
++ }/bin/python3.9' '${
++ this.humans[this.selectedHuman].name
++ }/human.py' --clustersize ${
++ this.humans[this.selectedHuman].tasks_per_cluster
++ } --taskinterval ${
++ this.humans[this.selectedHuman].task_interval
++ } --taskgroupinterval ${
++ this.humans[this.selectedHuman].task_cluster_interval
++ } --extra ${extra}`;
++ break;
+ case "windows-psh":
+ this.commandBlock = `$server='${
+ this.serverIp
+@@ -382,6 +407,7 @@
+ extra.forEach((command) => {
+ switch (platform) {
+ case "darwin":
++ case "freebsd":
+ case "linux":
+ command = command.replace(/\\/g, "\\\\");
+ command = command.replace(/"/g, '\\"');
+@@ -444,6 +470,7 @@
+ select(v-model="selectedPlatform", id="base-platform")
+ option(value="", disabled) Select target OS
+ option(value="darwin") MacOS
++ option(value="freebsd") FreeBSD
+ option(value="linux") Linux
+ option(value="windows-psh") Windows (PowerShell)
+ hr
diff --git a/security/caldera/files/patch-plugins_human_templates_human.html b/security/caldera/files/patch-plugins_human_templates_human.html
index 9bc604e58123..8c233fdb6245 100644
--- a/security/caldera/files/patch-plugins_human_templates_human.html
+++ b/security/caldera/files/patch-plugins_human_templates_human.html
@@ -1,40 +1,75 @@
---- plugins/human/templates/human.html.orig 2022-09-06 17:33:12 UTC
-+++ plugins/human/templates/human.html
-@@ -60,6 +60,7 @@
- <select id="base-platform">
- <option disabled="disabled" selected="">Select target OS</option>
- <option value="darwin">MacOS</option>
-+ <option value="freebsd">FreeBSD</option>
- <option value="linux">Linux</option>
- <option value="windows-psh">Windows (PowerShell)</option>
- </select>
-@@ -257,6 +258,11 @@
- ' && virtualenv -p python3 \''+humanName+'\' && \''+humanName+'/bin/pip\' install -r \''+humanName+'/requirements.txt\' && \''+humanName+'/bin/python\' \''+humanName+'/human.py\' --clustersize '+taskCount+' ' +
- '--taskinterval '+taskInterval+' --taskgroupinterval '+taskClusterInterval+' --extra '+extra;
- break;
+--- plugins/human/templates/human.html 2024-02-16 15:54:12.707381000 -0500
++++ plugins/human/templates/human.html 2024-02-16 16:00:05.903013000 -0500
+@@ -106,6 +106,7 @@
+ <select x-model="selectedPlatform" id="base-platform">
+ <option value="" disabled>Select target OS</option>
+ <option value="darwin">MacOS</option>
++ <option value="freebsd">FreeBSD</option>
+ <option value="linux">Linux</option>
+ <option value="windows-psh">Windows (PowerShell)</option>
+ </select>
+@@ -349,7 +350,8 @@
+ if (
+ this.selectedPlatform != "linux" &&
+ this.selectedPlatform != "windows-psh" &&
+- this.selectedPlatform != "darwin"
++ this.selectedPlatform != "darwin" &&
++ this.selectedPlatform != "freebsd"
+ ) {
+ toast("Please select a platform", false);
+ return;
+@@ -435,8 +437,42 @@
+ this.humans[this.selectedHuman].task_cluster_interval +
+ " --extra " +
+ extra;
+-
+ break;
++ case "freebsd":
++ this.commandBlock =
++ "curl -sk -o '" +
++ this.humans[this.selectedHuman].name +
++ ".tar.gz' -X POST -H 'file:" +
++ this.humans[this.selectedHuman].name +
++ ".tar.gz' " +
++ this.serverIp +
++ "/file/download 2>&1 && mkdir '" +
++ this.humans[this.selectedHuman].name +
++ "' && tar -C '" +
++ this.humans[this.selectedHuman].name +
++ "' -zxvf '" +
++ this.humans[this.selectedHuman].name +
++ ".tar.gz' " +
++ " && virtualenv -p python3.9 '" +
++ this.humans[this.selectedHuman].name +
++ "' && '" +
++ this.humans[this.selectedHuman].name +
++ "/bin/pip' install -r '" +
++ this.humans[this.selectedHuman].name +
++ "/requirements.txt' && '" +
++ this.humans[this.selectedHuman].name +
++ "/bin/python' '" +
++ this.humans[this.selectedHuman].name +
++ "/human.py' --clustersize " +
++ this.humans[this.selectedHuman].tasks_per_cluster +
++ " " +
++ "--taskinterval " +
++ this.humans[this.selectedHuman].task_interval +
++ " --taskgroupinterval " +
++ this.humans[this.selectedHuman].task_cluster_interval +
++ " --extra " +
++ extra;
++ break;
+ case "linux":
+ this.commandBlock =
+ "curl -sk -o '" +
+@@ -514,6 +550,10 @@
+ extra.forEach((command) => {
+ switch (platform) {
+ case "darwin":
++ command = command.replace(/\\/g, "\\\\");
++ command = command.replace(/"/g, '\\"');
++ break;
+ case "freebsd":
-+ baseHuman = 'curl -sk -o \''+humanName+'.tar.gz\' -X POST -H \'file:'+humanName+'.tar.gz\' '+http+'/file/download 2>&1 && mkdir \''+humanName+'\' && tar -C \''+humanName+'\' -zxvf \''+humanName+'.tar.gz\' ' +
-+ ' && virtualenv -p python3.9 \''+humanName+'\' && \''+humanName+'/bin/pip\' install -r \''+humanName+'/requirements.txt\' && \''+humanName+'/bin/python\' \''+humanName+'/human.py\' --clustersize '+taskCount+' ' +
-+ '--taskinterval '+taskInterval+' --taskgroupinterval '+taskClusterInterval+' --extra '+extra;
-+ break;
- case "linux":
- baseHuman = 'curl -sk -o \''+humanName+'.tar.gz\' -X POST -H \'file:'+humanName+'.tar.gz\' '+http+'/file/download 2>&1 && mkdir \''+humanName+'\' && tar -C \''+humanName+'\' -zxvf \''+humanName+'.tar.gz\' ' +
- ' && virtualenv -p python3 \''+humanName+'\' && \''+humanName+'/bin/pip\' install -r \''+humanName+'/requirements.txt\' && \''+humanName+'/bin/python\' \''+humanName+'/human.py\' --clustersize '+taskCount+' ' +
-@@ -293,6 +299,10 @@
- $.each(extra, function(i, command) {
- switch (platform) {
- case "darwin":
-+ command = command.replace(/\\/g, '\\\\');
-+ command = command.replace(/"/g, '\\\"');
-+ break;
-+ case "freebsd":
- command = command.replace(/\\/g, '\\\\');
- command = command.replace(/"/g, '\\\"');
- break;
-@@ -317,4 +327,4 @@
- return provided_value || default_value;
- }
-
--</script>
-\ No newline at end of file
-+</script>
+ command = command.replace(/\\/g, "\\\\");
+ command = command.replace(/"/g, '\\"');
+ break;
diff --git a/security/caldera/files/patch-plugins_magma_src_components_abilities_AbilityChartStatus.vue b/security/caldera/files/patch-plugins_magma_src_components_abilities_AbilityChartStatus.vue
new file mode 100644
index 000000000000..303fd8f02d7a
--- /dev/null
+++ b/security/caldera/files/patch-plugins_magma_src_components_abilities_AbilityChartStatus.vue
@@ -0,0 +1,16 @@
+--- plugins/magma/src/components/abilities/AbilityChartStatus.vue.orig 2024-02-16 18:23:17.915545000 -0500
++++ plugins/magma/src/components/abilities/AbilityChartStatus.vue 2024-02-16 18:23:59.841718000 -0500
+@@ -101,6 +101,13 @@
+ itemStyle: { color: "#F7DB89" },
+ },
+ {
++ name: "freebsd",
++ value: Object.values(abilityStore.abilities).filter(
++ (ability) => getAbilityPlatforms(ability).indexOf("freebsd") >= 0
++ ).length,
++ itemStyle: { color: "#9D2A11" },
++ },
++ {
+ name: "darwin",
+ value: Object.values(abilityStore.abilities).filter(
+ (ability) => getAbilityPlatforms(ability).indexOf("darwin") >= 0
diff --git a/security/caldera/files/patch-plugins_magma_src_components_adversaries_DetailsTable.vue b/security/caldera/files/patch-plugins_magma_src_components_adversaries_DetailsTable.vue
new file mode 100644
index 000000000000..e41e282ea1b3
--- /dev/null
+++ b/security/caldera/files/patch-plugins_magma_src_components_adversaries_DetailsTable.vue
@@ -0,0 +1,10 @@
+--- plugins/magma/src/components/adversaries/DetailsTable.vue 2024-02-16 18:25:56.033533000 -0500
++++ plugins/magma/src/components/adversaries/DetailsTable.vue 2024-02-16 18:26:25.865321000 -0500
+@@ -395,6 +395,7 @@
+ span.icon.is-small.mr-2
+ font-awesome-icon(v-if="platform.includes('windows')" icon="fab fa-windows")
+ font-awesome-icon(v-if="platform.includes('darwin')" icon="fab fa-apple")
++ font-awesome-icon(v-if="platform.includes('freebsd')" icon="fab fa-freebsd")
+ font-awesome-icon(v-if="platform.includes('linux')" icon="fab fa-linux")
+ td.has-text-centered(:class="{ 'unlock': onHoverUnlocks.indexOf(ability.ability_id) > -1 }")
+ span(v-if="abilityDependencies[ability.ability_id] && getExecutorDetail('requirements', ability)" v-tooltip="`This ability has requirements: (${abilityDependencies[ability.ability_id].requireTypes})`")
diff --git a/security/caldera/files/patch-plugins_magma_src_components_agents_DeployModal.vue b/security/caldera/files/patch-plugins_magma_src_components_agents_DeployModal.vue
new file mode 100644
index 000000000000..a149339b5584
--- /dev/null
+++ b/security/caldera/files/patch-plugins_magma_src_components_agents_DeployModal.vue
@@ -0,0 +1,30 @@
+--- plugins/magma/src/components/agents/DeployModal.vue.orig 2024-02-16 18:38:55.910370000 -0500
++++ plugins/magma/src/components/agents/DeployModal.vue 2024-02-16 18:38:22.148726000 -0500
+@@ -142,6 +142,11 @@
+ font-awesome-icon(icon="fab fa-apple").fa-2x
+ br
+ span darwin
++ .has-text-centered.platform(v-if="platforms.includes('freebsd')" :class="{ 'selected': selectedPlatform === 'freebsd' }" @click="changePlatform('freebsd')")
++ span.icon.is-large
++ font-awesome-icon(icon="fab fa-freebsd").fa-2x
++ br
++ span freebsd
+ form.mt-4
+ div(v-for="field in agentFields" :key="field.name")
+ .field.is-horizontal.mb-2
+@@ -162,6 +167,7 @@
+ span.icon
+ font-awesome-icon(v-if="command.platform === 'windows'" icon="fab fa-windows")
+ font-awesome-icon(v-if="command.platform === 'darwin'" icon="fab fa-apple")
++ font-awesome-icon(v-if="command.platform === 'freebsd'" icon="fab fa-freebsd")
+ font-awesome-icon(v-if="command.platform === 'linux'" icon="fab fa-linux")
+ span {{ command.platform }}
+ span.tag {{ command.executor }}
+@@ -180,6 +186,7 @@
+ span.icon
+ font-awesome-icon(v-if="command.platform === 'windows'" icon="fab fa-windows")
+ font-awesome-icon(v-if="command.platform === 'darwin'" icon="fab fa-apple")
++ font-awesome-icon(v-if="command.platform === 'freebsd'" icon="fab fa-freebsd")
+ font-awesome-icon(v-if="command.platform === 'linux'" icon="fab fa-linux")
+ span {{ command.platform }}
+ span.tag {{ command.executor }}
diff --git a/security/caldera/files/patch-plugins_magma_src_main.js b/security/caldera/files/patch-plugins_magma_src_main.js
new file mode 100644
index 000000000000..3e6823e73ff1
--- /dev/null
+++ b/security/caldera/files/patch-plugins_magma_src_main.js
@@ -0,0 +1,15 @@
+--- plugins/magma/src/main.js.orig 2024-02-16 18:19:33.493026000 -0500
++++ plugins/magma/src/main.js 2024-02-16 18:19:57.472456000 -0500
+@@ -53,10 +53,10 @@
+ faCircle, faCircleQuestion, faCopy, farFlag
+ );
+ import {
+- faApple, faLinux, faWindows
++ faApple, faLinux, faWindows, faFreebsd
+ } from '@fortawesome/free-brands-svg-icons';
+ library.add(
+- faApple, faLinux, faWindows
++ faApple, faLinux, faWindows, faFreebsd
+ );
+
+ app.component('font-awesome-icon', FontAwesomeIcon);
diff --git a/security/caldera/files/patch-plugins_sandcat_update-agents.sh b/security/caldera/files/patch-plugins_sandcat_update-agents.sh
index 1d3129337293..eaa43c49a8fa 100644
--- a/security/caldera/files/patch-plugins_sandcat_update-agents.sh
+++ b/security/caldera/files/patch-plugins_sandcat_update-agents.sh
@@ -1,6 +1,6 @@
---- plugins/sandcat/update-agents.sh.orig 2022-07-20 19:48:00 UTC
-+++ plugins/sandcat/update-agents.sh
-@@ -1,10 +1,11 @@
+--- plugins/sandcat/update-agents.sh.orig 2024-02-13 17:44:40.000000000 -0500
++++ plugins/sandcat/update-agents.sh 2024-02-16 16:03:09.225623000 -0500
+@@ -1,11 +1,12 @@
-#!/bin/bash
+#!/bin/sh
# generates payloads for each os
@@ -10,6 +10,7 @@
GOOS=windows go build -o ../payloads/sandcat.go-windows -ldflags="-s -w" sandcat.go
GOOS=linux go build -o ../payloads/sandcat.go-linux -ldflags="-s -w" sandcat.go
GOOS=darwin go build -o ../payloads/sandcat.go-darwin -ldflags="-s -w" sandcat.go
+ GOOS=darwin GOARCH=arm64 go build -o ../payloads/sandcat.go-darwin-arm64 -ldflags="-s -w" sandcat.go
+GOOS=freebsd go build -o ../payloads/sandcat.go-freebsd -ldflags="-s -w" sandcat.go
}
cd gocat && build
diff --git a/security/caldera/files/patch-plugins_stockpile_payloads_ragdoll.py b/security/caldera/files/patch-plugins_stockpile_payloads_ragdoll.py
deleted file mode 100644
index 13f037f6db8b..000000000000
--- a/security/caldera/files/patch-plugins_stockpile_payloads_ragdoll.py
+++ /dev/null
@@ -1,11 +0,0 @@
---- plugins/stockpile/payloads/ragdoll.py.orig 2023-05-16 23:53:18 UTC
-+++ plugins/stockpile/payloads/ragdoll.py
-@@ -63,7 +63,7 @@ class OperationLoop:
- def _execute_instruction(self, i):
- print('[+] Running instruction: %s' % i['id'])
- cmd = self._decode_bytes(i['command'])
-- execution_timestamp = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
-+ execution_timestamp = datetime.datetime.now().strftime('%Y-%m-%dT%H:%M:%SZ')
- try:
- output = subprocess.check_output(cmd, shell=True, timeout=i['timeout'])
- except subprocess.CalledProcessError as e:
diff --git a/security/caldera/files/pkg-message.in b/security/caldera/files/pkg-message.in
index 5662ac917f51..dfd4fd953b9a 100644
--- a/security/caldera/files/pkg-message.in
+++ b/security/caldera/files/pkg-message.in
@@ -1,7 +1,7 @@
[
{ type: install
message: <<EOM
-Caldera port was installed
+Caldera 5 port was installed
1) Take on mind it is a modifying version of Caldera for include FreeBSD as
supported OS and you could found some issues. Problem reports are welcome.
@@ -17,8 +17,12 @@ Caldera port was installed
3) Before of start Caldera you must run some scripts for generate/update payload
files
- # su -m caldera -c 'cd %%WWWDIR%%/plugins/manx && sh update-shells.sh'
- # su -m caldera -c 'cd %%WWWDIR%%/plugins/sandcat && sh update-agents.sh'
+ # su -m caldera -c 'cd %%WWWDIR%%/plugins/manx && \
+ setenv GOCACHE /tmp/caldera/.cache; setenv GOMODCACHE /tmp/caldera/.vendor; \
+ sh update-shells.sh'
+ # su -m caldera -c 'cd %%WWWDIR%%/plugins/sandcat && \
+ setenv GOCACHE /tmp/caldera/.cache; setenv GOMODCACHE /tmp/caldera/.vendor; \
+ sh update-agents.sh'
4) Do not forget modify configuration files before of run Caldera. For default
it runs in insecure mode (http). Caldera configuration files are located at
@@ -29,14 +33,18 @@ Caldera port was installed
%%WWWDIR%%/conf folder. By default Caldera uses admin/admin,
blue/admin or red/admin like user/password.
- # sed -i "" -e "s|admin: admin|admin: `openssl rand -base64 14`|g" default.yml
- # sed -i "" -e "s|blue: admin|blue: `openssl rand -base64 14`|g" default.yml
- # sed -i "" -e "s|red: admin|red: `openssl rand -base64 14`|g" default.yml
+ # sed -i "" -e "s|admin: admin|admin: `openssl rand -base64 32`|g" default.yml
+ # sed -i "" -e "s|blue: admin|blue: `openssl rand -base64 32`|g" default.yml
+ # sed -i "" -e "s|red: admin|red: `openssl rand -base64 32`|g" default.yml
6) If you want run it in secure mode (https) take a look in ssl plugin section:
https://caldera.readthedocs.io/en/latest/Plugin-library.html#ssl
+ You will need add an empty caldera_flags to /etc/rc.conf for enable it
+
+ # sysrc caldera_flags=
+
7) Start Caldera service
# service caldera start
@@ -55,9 +63,24 @@ Caldera port was installed
Those files are necessary for generate yml files used by Caldera abilities
-9) Caldera web listens on port 8888 by default
+9) Caldera web listens on port localhost:8888 by default
+
+ http://localhost:8888
+
+ If you want to MITRE Caldera works wth non-localhost settings, you can do the
+ following:
+
+ # sed -i "" -e 's|http://localhost|http://ip_or_hostname_here|g' %%WWWDIR%%/plugins/magma/dist/index*.js
+
+ If you are using ssl plugin:
+
+ # sed -i "" -e 's|http://localhost:8888|https://ip_or_hostname_here:8443|g' %%WWWDIR%%/plugins/magma/dist/assets/index*.js
+
+ Take on mind port number must be changed depending of your settings
- http://your_caldera_server_ip:8888
+ I prefer change the ip/hostname:port of this way because it is more quick
+ instead of re-build plugins/magma each time we define/change VITE_CALDERA_URL
+ into .env file. Also it drop dependency of node_modules files and nodejs app.
10) Log file is located at /var/log/caldera.log