diff --git a/lib/.DS_Store b/lib/.DS_Store
deleted file mode 100644
index 691b1bbab..000000000
Binary files a/lib/.DS_Store and /dev/null differ
diff --git a/lib/templates/.DS_Store b/lib/templates/.DS_Store
deleted file mode 100644
index 2ee34ff66..000000000
Binary files a/lib/templates/.DS_Store and /dev/null differ
diff --git a/lib/templates/Vagrantfile.erb b/lib/templates/Vagrantfile.erb
index c024fd8a3..8fc3568b7 100644
--- a/lib/templates/Vagrantfile.erb
+++ b/lib/templates/Vagrantfile.erb
@@ -14,12 +14,28 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
config.vm.define "<%= system.name %>" do |<%= system.name %>|
config.vm.provider :virtualbox do |vb|
<%= if (@options.has_key? :gui_output)
-" vb.gui = true"
+" vb.gui = true
+"
else
" vb.gui = false
- vb.customize ['modifyvm', :id, '--pae', 'on']
- vb.customize ['modifyvm', :id, '--hwvirtex', 'off']
- vb.customize ['modifyvm', :id, '--vtxvpid', 'off']"
+"
+ end -%>
+<%= if (@options.has_key? :nopae)
+" vb.customize ['modifyvm', :id, '--pae', 'off']"
+ else
+" vb.customize ['modifyvm', :id, '--pae', 'on']"
+ end -%>
+
+<%= if (@options.has_key? :hwvirtex)
+" vb.customize ['modifyvm', :id, '--hwvirtex', 'on']"
+ else
+" vb.customize ['modifyvm', :id, '--hwvirtex', 'off']"
+ end -%>
+
+<%= if (@options.has_key? :vtxvpid)
+" vb.customize ['modifyvm', :id, '--vtxvpid', 'on']"
+ else
+" vb.customize ['modifyvm', :id, '--vtxvpid', 'off']"
end -%>
<%= if (@options.has_key? :memory_per_vm)
" vb.memory = #{@options[:memory_per_vm]}"
diff --git a/modules/build/puppet/secgen_functions/manifests/leak_file.pp b/modules/build/puppet/secgen_functions/manifests/leak_file.pp
index bcbb1304e..19bdc65dc 100644
--- a/modules/build/puppet/secgen_functions/manifests/leak_file.pp
+++ b/modules/build/puppet/secgen_functions/manifests/leak_file.pp
@@ -1,20 +1,22 @@
define secgen_functions::leak_file($leaked_filename, $storage_directory, $strings_to_leak, $owner = 'root', $group = 'root', $mode = '0777', $leaked_from = '' ) {
- $path_to_leak = "$storage_directory/$leaked_filename"
+ if ($leaked_filename != ''){
+ $path_to_leak = "$storage_directory/$leaked_filename"
- # If the file already exists append to it, otherwise create it.
- if (defined(File[$path_to_leak])){
- notice("File with that name already defined, appending leaked strings instead...")
- exec { "$leaked_from-$path_to_leak":
- path => ['/bin', '/usr/bin', '/usr/local/bin', '/sbin', '/usr/sbin'],
- command => "echo $strings_to_leak >> $path_to_leak",
- }
- } else {
- file { $path_to_leak:
- ensure => present,
- owner => $owner,
- group => $group,
- mode => $mode,
- content => template('secgen_functions/overshare.erb')
+ # If the file already exists append to it, otherwise create it.
+ if (defined(File[$path_to_leak])){
+ notice("File with that name already defined, appending leaked strings instead...")
+ exec { "$leaked_from-$path_to_leak":
+ path => ['/bin', '/usr/bin', '/usr/local/bin', '/sbin', '/usr/sbin'],
+ command => "echo $strings_to_leak >> $path_to_leak",
+ }
+ } else {
+ file { $path_to_leak:
+ ensure => present,
+ owner => $owner,
+ group => $group,
+ mode => $mode,
+ content => template('secgen_functions/overshare.erb')
+ }
}
}
}
diff --git a/modules/generators/content/name_based_username/secgen_local/local.rb b/modules/generators/content/name_based_username/secgen_local/local.rb
index b946701c4..d3abea0c7 100644
--- a/modules/generators/content/name_based_username/secgen_local/local.rb
+++ b/modules/generators/content/name_based_username/secgen_local/local.rb
@@ -13,7 +13,7 @@ class NameBasedUsernameGenerator < StringEncoder
# Generate a username based on a random adjective and a random noun
def encode_all
- self.outputs << Faker::Internet.user_name(self.name, %w(- _))
+ self.outputs << Faker::Internet.user_name(self.name, %w(nil _))
end
def get_options_array
diff --git a/modules/utilities/unix/desktop/gnome/gnome.pp b/modules/utilities/unix/desktop/gnome/gnome.pp
new file mode 100644
index 000000000..3fcb92668
--- /dev/null
+++ b/modules/utilities/unix/desktop/gnome/gnome.pp
@@ -0,0 +1 @@
+include gnome::install
diff --git a/modules/utilities/unix/desktop/gnome/manifests/install.pp b/modules/utilities/unix/desktop/gnome/manifests/install.pp
new file mode 100644
index 000000000..446aa8a8f
--- /dev/null
+++ b/modules/utilities/unix/desktop/gnome/manifests/install.pp
@@ -0,0 +1,9 @@
+class gnome::install{
+ case $operatingsystem {
+ 'Debian': {
+ package { ['task-gnome-desktop']:
+ ensure => 'installed',
+ }
+ }
+ }
+}
diff --git a/modules/utilities/unix/desktop/gnome/secgen_metadata.xml b/modules/utilities/unix/desktop/gnome/secgen_metadata.xml
new file mode 100644
index 000000000..7fb9601ff
--- /dev/null
+++ b/modules/utilities/unix/desktop/gnome/secgen_metadata.xml
@@ -0,0 +1,17 @@
+
+
+
+ Gnome desktop environment
+ Mihai Ordean
+ Apache v2
+ Installs Gnome desktop environment
+
+ desktop_environment
+ linux
+
+
+ update
+
+
diff --git a/modules/vulnerabilities/unix/system/ssh_leaked_keys/files/.ssh.tar.gz b/modules/vulnerabilities/unix/system/ssh_leaked_keys/files/.ssh.tar.gz
new file mode 100644
index 000000000..e9e48beeb
Binary files /dev/null and b/modules/vulnerabilities/unix/system/ssh_leaked_keys/files/.ssh.tar.gz differ
diff --git a/modules/vulnerabilities/unix/system/ssh_leaked_keys/manifests/account.pp b/modules/vulnerabilities/unix/system/ssh_leaked_keys/manifests/account.pp
new file mode 100644
index 000000000..9f1e6dd2e
--- /dev/null
+++ b/modules/vulnerabilities/unix/system/ssh_leaked_keys/manifests/account.pp
@@ -0,0 +1,42 @@
+define ssh_leaked_keys::account($username, $password, $strings_to_leak, $leaked_filenames) {
+ ::accounts::user { $username:
+ shell => '/bin/bash',
+ password => pw_hash($password, 'SHA-512', 'mysalt'),
+ managehome => true,
+ home_mode => '0755',
+ sshkeys => [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCj2gbaOju+u3bdwiMcd2JRgdFqmgaMyRhj6eCu2f8aBfZZVSyrNw+aOzlbILIjIlCHjhUfY/56n6XnH/iaLVr8IpGIz43VuxZ0/dKrjQerbbrJKg25rlDE+kbBwfdBeK3XkJj0d35ON6hkks7jU6scKy4t5LJZ+vnuISs98Gz1t9qjcdHEV5eYNdRjX+FzPW1bTI/RHHAZ53upuEpNArTITn29tnhp5sybDTUba6T09u2rowijn3s46mvqF9NXPZMnjghsStbvHtCYuY8uXNMJCyQzjxsUJbTMuqu2DZ2t2cGnC1wITE/4ZCpNC9gBLQ4ssJVbe0pF3lLJnMx3ggPV $username" ],
+ }
+
+ # Leak strings in a text file in the users home directory
+ ::secgen_functions::leak_files { "$username-file-leak":
+ storage_directory => "/home/$username/",
+ leaked_filenames => $leaked_filenames,
+ strings_to_leak => $strings_to_leak,
+ owner => $username,
+ group => $username,
+ mode => '0600',
+ leaked_from => "accounts_$username",
+ }
+
+ file { "/home/$username/.ssh.tar.gz":
+ owner => $username,
+ group => $username,
+ mode => '0644',
+ ensure => file,
+ source => 'puppet:///modules/ssh_leaked_keys/.ssh.tar.gz',
+ notify => Exec['unpack'],
+ }
+
+ exec { 'unpack':
+ cwd => "/home/$username/",
+ command => "tar -xzf /home/$username/.ssh.tar.gz",
+ path => [ '/bin/', '/sbin/' , '/usr/bin/', '/usr/sbin/' ],
+ notify => Exec['setperm'],
+ }
+
+ exec { 'setperm':
+ cwd => "/home/$username/",
+ command => "sudo chown -R $username:$username /home/$username/.ssh",
+ path => [ '/bin/', '/sbin/' , '/usr/bin/', '/usr/sbin/' ],
+ }
+}
\ No newline at end of file
diff --git a/modules/vulnerabilities/unix/system/ssh_leaked_keys/manifests/init.pp b/modules/vulnerabilities/unix/system/ssh_leaked_keys/manifests/init.pp
new file mode 100644
index 000000000..a48fcd25b
--- /dev/null
+++ b/modules/vulnerabilities/unix/system/ssh_leaked_keys/manifests/init.pp
@@ -0,0 +1,16 @@
+class ssh_leaked_keys::init {
+ $json_inputs = base64('decode', $::base64_inputs)
+ $secgen_parameters = parsejson($json_inputs)
+
+ $accounts = $secgen_parameters['accounts']
+ $accounts.each |$raw_account| {
+ $account = parsejson($raw_account)
+ $username = $account['username']
+ ssh_leaked_keys::account { "ssh_leaked_keys_$username":
+ username => $username,
+ password => $account['password'],
+ strings_to_leak => $account['strings_to_leak'],
+ leaked_filenames => $account['leaked_filenames']
+ }
+ }
+}
\ No newline at end of file
diff --git a/modules/vulnerabilities/unix/system/ssh_leaked_keys/secgen_metadata.xml b/modules/vulnerabilities/unix/system/ssh_leaked_keys/secgen_metadata.xml
new file mode 100644
index 000000000..d82f5b562
--- /dev/null
+++ b/modules/vulnerabilities/unix/system/ssh_leaked_keys/secgen_metadata.xml
@@ -0,0 +1,34 @@
+
+
+
+ Leaked SSH keys module
+ Mihai Ordean
+ Puppet Labs
+ Apache v2
+ Adds a ssh enabled account which has keys leaked in user dir.
+
+ system
+ none
+ local
+ linux
+
+ accounts
+
+
+
+
+
+
+
+
+
+
+ https://forge.puppet.com/puppetlabs/accounts
+
+
+ utilities/unix/system/accounts
+
+
+
\ No newline at end of file
diff --git a/modules/vulnerabilities/unix/system/ssh_leaked_keys/ssh_leaked_keys.pp b/modules/vulnerabilities/unix/system/ssh_leaked_keys/ssh_leaked_keys.pp
new file mode 100644
index 000000000..9260b14b3
--- /dev/null
+++ b/modules/vulnerabilities/unix/system/ssh_leaked_keys/ssh_leaked_keys.pp
@@ -0,0 +1 @@
+require ssh_leaked_keys::init
\ No newline at end of file
diff --git a/scenarios/examples/parameterised_examples/encoder_examples/parameterised_accounts.xml b/scenarios/examples/parameterised_examples/encoder_examples/parameterised_accounts.xml
index fc468d04d..7523abc38 100644
--- a/scenarios/examples/parameterised_examples/encoder_examples/parameterised_accounts.xml
+++ b/scenarios/examples/parameterised_examples/encoder_examples/parameterised_accounts.xml
@@ -6,10 +6,18 @@
storage_server
-
-
-
+
+
+
+
+
+ example_username
+
+
+
+
+
diff --git a/scenarios/seccourse.xml b/scenarios/seccourse.xml
new file mode 100644
index 000000000..96b045ea4
--- /dev/null
+++ b/scenarios/seccourse.xml
@@ -0,0 +1,57 @@
+
+
+
+
+
+ course_vm
+
+
+
+
+
+
+
+
+
+ admin
+
+
+ test
+
+
+ true
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ flag.txt
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/secgen.rb b/secgen.rb
index fb8f7d4f7..394af525b 100644
--- a/secgen.rb
+++ b/secgen.rb
@@ -19,6 +19,10 @@ def usage
--project [output dir], -p [output dir]: directory for the generated project
(output will default to #{default_project_dir})
--help, -h: shows this usage information
+ --gui-output', '-g' gui output
+ --nopae: disable PAE support
+ --hwvirtex: enable HW virtex support
+ --vtxvpid: enable VTX support
COMMANDS:
run, r: builds project and then builds the VMs
@@ -128,6 +132,9 @@ opts = GetoptLong.new(
[ '--project', '-p', GetoptLong::REQUIRED_ARGUMENT ],
[ '--scenario', '-s', GetoptLong::REQUIRED_ARGUMENT ],
[ '--gui-output', '-g', GetoptLong::NO_ARGUMENT],
+ [ '--nopae', GetoptLong::NO_ARGUMENT],
+ [ '--hwvirtex', GetoptLong::NO_ARGUMENT],
+ [ '--vtxvpid', GetoptLong::NO_ARGUMENT],
[ '--memory-per-vm', GetoptLong::REQUIRED_ARGUMENT],
[ '--total-memory', GetoptLong::REQUIRED_ARGUMENT],
[ '--max-cpu-cores', GetoptLong::REQUIRED_ARGUMENT],
@@ -153,6 +160,15 @@ opts.each do |opt, arg|
when '--gui-output'
Print.info "Gui output set (virtual machines will be spawned)"
options[:gui_output] = true
+ when '--nopae'
+ Print.info "no pae"
+ options[:nopae] = true
+ when '--hwvirtex'
+ Print.info "with HW virtualisation"
+ options[:hwvirtex] = true
+ when '--vtxvpid'
+ Print.info "with VT support"
+ options[:vtxvpid] = true
when '--memory-per-vm'
if options.has_key? :total_memory
Print.info 'Total memory option specified before memory per vm option, defaulting to total memory value'