Introduce new base Debian Bookworm - major update, fixes #326

modules/bases/debian_bookworm_desktop_kde/secgen_metadata.xml

@@ -0,0 +1,29 @@
+<?xml version="1.0"?>
+
+<base xmlns="http://www.github/cliffe/SecGen/base"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://www.github/cliffe/SecGen/base">
+  <name>Debian 12 Bookworm Desktop KDE: PROXMOX ONLY</name>
+  <author>Z. Cliffe Schreuders</author>
+  <module_license>GPLv3</module_license>
+  <description>Debian 12 Bookworm Desktop KDE amd64 -- dist-upgrade from buster box. Use buster on VirtualBox and oVirt. For testing purposes, the default root password is puppet.
+  I need to build this for VirtualBox.</description>
+  <cpu_word_size>64-bit</cpu_word_size>
+  <type>desktop</type>
+
+  <platform>linux</platform>
+  <platform>unix</platform>
+  <distro>Debian 12 Buster amd64</distro>
+  <url>https://app.vagrantup.com/secgen/boxes/debian_stretch_desktop_kde/versions/1.2/providers/virtualbox.box</url>
+  <esxi_url>https://app.vagrantup.com/redwiz666/boxes/debian_stretch_desktop_kde/versions/1.0.0/providers/vmware.box</esxi_url>
+  <ovirt_template>buster_desktop_kde_20230615</ovirt_template>
+  <proxmox_template>bookworm-desktop-kde-20240703</proxmox_template>
+
+  <reference>https://atlas.hashicorp.com/puppetlabs</reference>
+  <software_license>various</software_license>
+
+  <!-- another base should not be added to this base -->
+  <conflict>
+    <module_path>bases/.*</module_path>
+  </conflict>
+</base>

modules/bases/debian_buster_desktop_kde/secgen_metadata.xml

@@ -17,7 +17,7 @@
   <url>https://app.vagrantup.com/secgen/boxes/debian_stretch_desktop_kde/versions/1.2/providers/virtualbox.box</url>
   <esxi_url>https://app.vagrantup.com/redwiz666/boxes/debian_stretch_desktop_kde/versions/1.0.0/providers/vmware.box</esxi_url>
   <ovirt_template>buster_desktop_kde_20230615</ovirt_template>
-  <proxmox_template>buster-desktop-kde-20231212</proxmox_template>
+  <proxmox_template>buster-desktop-kde-20240703</proxmox_template>
 
   <reference>https://atlas.hashicorp.com/puppetlabs</reference>
   <software_license>various</software_license>

modules/bases/kali_light_msf/secgen_metadata.xml

@@ -17,7 +17,7 @@
   <url>https://app.vagrantup.com/secgen/boxes/kali_light_msf/versions/1.0/providers/virtualbox.box</url>
   <esxi_url></esxi_url>
   <ovirt_template>kali-linux-mfs-20231114</ovirt_template>
-  <proxmox_template>kali-linux-msf-20230116</proxmox_template>
+  <proxmox_template>kali-linux-msf-20240703</proxmox_template>
 
 
   <reference>https://app.vagrantup.com/secgen</reference>

modules/code_examples/vsftpd_234_backdoor/manifests/install.pp

@@ -2,7 +2,7 @@ class vsftpd_234_backdoor::install {
 
   # Add 32bit libs for stretch
   case $operatingsystemrelease {
-    /^(9|10).*/: { # do 9.x stretch stuff
+    /^(9|1[0-9]).*/: { # do 9.x stretch-buster-bookworm stuff
       exec { 'add_32bit_libs':
         command => '/usr/bin/dpkg --add-architecture i386 && /usr/bin/apt-get update'
       }

modules/services/unix/database/mysql_kali_compatible/mysql/secgen_metadata.xml

@@ -19,20 +19,18 @@
   <software_name>mysql</software_name>
   <software_license>GPL v2</software_license>
 
+  <!-- exclude any other base  -->
   <conflict>
-    <module_path>.*debian_stretch.*</module_path>
-  </conflict>
-  <conflict>
-    <module_path>.*debian_buster.*</module_path>
-  </conflict>
-  <conflict>
-    <module_path>.*debian_wheezy.*</module_path>
+    <module_path>.*bases/(?!kali).*</module_path>
   </conflict>
   <!--Cannot co-exist with other MySQL installations-->
   <conflict>
     <software_name>mysql</software_name>
   </conflict>
 
+  <requires>
+    <module_path>.*/puppet_module/cron.*</module_path>
+  </requires>
   <requires>
     <type>update</type>
   </requires>

modules/services/unix/database/mysql_stretch_compatible/mysql/manifests/server/installdb.pp

@@ -22,6 +22,13 @@ class mysql::server::installdb {
     }
 
   if $options['mysqld']['log-error'] {
+    file { '/var/log/mysql':
+      ensure => 'directory',
+      owner   => $mysqluser,
+      group   => $::mysql::server::mysql_group,
+      mode   => '0750',
+      before => File[$log_error],
+    }
     file { $options['mysqld']['log-error']:
       ensure  => present,
       owner   => $mysqluser,

modules/services/unix/database/mysql_stretch_compatible/mysql/secgen_metadata.xml

@@ -19,14 +19,9 @@
   <software_name>mysql</software_name>
   <software_license>GPL v2</software_license>
 
+  <!-- exclude any base except bookworm and buster and stretch -->
   <conflict>
-    <module_path>.*debian_stretch.*</module_path>
-  </conflict>
-  <conflict>
-    <module_path>.*kali_light.*</module_path>
-  </conflict>
-  <conflict>
-    <module_path>.*debian_wheezy.*</module_path>
+    <module_path>.*bases/(?!.*debian_(bookworm|buster|stretch).*)</module_path>
   </conflict>
 
   <!--Cannot co-exist with other MySQL installations-->
@@ -34,6 +29,9 @@
     <software_name>mysql</software_name>
   </conflict>
 
+  <requires>
+    <module_path>.*/puppet_module/cron.*</module_path>
+  </requires>
   <requires>
     <type>update</type>
   </requires>

modules/services/unix/database/mysql_wheezy_compatible/mysql/secgen_metadata.xml

@@ -19,14 +19,9 @@
   <software_name>mysql</software_name>
   <software_license>GPL v2</software_license>
 
-   <conflict>
-    <module_path>.*debian_stretch.*</module_path>
-  </conflict>
+  <!-- exclude any other base  -->
   <conflict>
-    <module_path>.*debian_buster.*</module_path>
-  </conflict>
-  <conflict>
-    <module_path>.*kali_light.*</module_path>
+    <module_path>.*bases/(?!debian_wheezy).*</module_path>
   </conflict>
   <!--Cannot co-exist with other MySQL installations-->
   <conflict>

modules/services/unix/http/apache_kali_compatible/apache/secgen_metadata.xml

@@ -32,6 +32,10 @@
   <conflict>
     <module_path>.*debian_wheezy.*</module_path>
   </conflict>
+  <!-- exclude any base except bookworm and buster and stretch -->
+  <conflict>
+    <module_path>.*bases/(?!kali).*</module_path>
+  </conflict>
   <requires>
     <type>update</type>
   </requires>

modules/services/unix/http/apache_stretch_compatible/apache/secgen_metadata.xml

@@ -25,11 +25,9 @@
   <conflict>
     <software_name>apache</software_name>
   </conflict>
+  <!-- exclude any base except bookworm and buster and stretch -->
   <conflict>
-    <name>.*Wheezy.*</name>
-  </conflict>
-  <conflict>
-    <module_path>bases/.*kali.*</module_path>
+    <module_path>.*bases/(?!debian_(bookworm|buster|stretch)).*</module_path>
   </conflict>
   <requires>
     <type>update</type>

modules/services/unix/http/apache_wheezy_compatible/apache/secgen_metadata.xml

@@ -23,14 +23,9 @@
   <conflict>
     <software_name>apache</software_name>
   </conflict>
+  <!-- exclude any other base  -->
   <conflict>
-    <name>Kali</name>
-  </conflict>
-  <conflict>
-    <name>Stretch</name>
-  </conflict>
-  <conflict>
-    <name>Buster</name>
+    <module_path>.*bases/(?!debian_wheezy).*</module_path>
   </conflict>
   <requires>
     <type>update</type>

modules/services/unix/http/php_5_stretch_compatible/php/manifests/install.pp

@@ -9,7 +9,7 @@ class php::install {
 
   exec { 'add repo to sources':
     command =>
-      '/bin/echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list',
+      '/bin/echo "deb http://172.33.0.44/packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list',
   } ->
 
   exec { 'apt update':

modules/services/unix/http/php_5_stretch_compatible/php/secgen_metadata.xml

@@ -18,8 +18,9 @@
   <software_name>php</software_name>
   <software_license>PHP License v3.01</software_license>
 
+  <!-- works with pretty much any base except wheezy -->
   <conflict>
-    <name>.*Wheezy.*</name>
+    <module_path>.*bases/debian_wheezy.*</module_path>
   </conflict>
 
   <requires>

modules/services/unix/http/php_5_wheezy_compatible/php/secgen_metadata.xml

@@ -16,14 +16,9 @@
   <software_name>php</software_name>
   <software_license>PHP License v3.01</software_license>
 
+  <!-- exclude any other base  -->
   <conflict>
-    <name>.*Kali.*</name>
-  </conflict>
-  <conflict>
-    <name>.*Stretch.*</name>
-  </conflict>
-  <conflict>
-    <name>.*Buster.*</name>
+    <module_path>.*bases/(?!debian_wheezy).*</module_path>
   </conflict>
   <requires>
     <type>update</type>

modules/services/unix/irc/unrealirc/manifests/install.pp

@@ -42,19 +42,31 @@ class unrealirc::install {
     require => Exec['extract-unrealirc'],
   }
 
-  ensure_packages('build-essential')
-  ensure_packages('gcc-multilib')
+  ensure_packages([
+    'build-essential',
+    'pkg-config',
+    'gdb',
+    'gcc-multilib',
+    'zlib1g-dev',
+    'libssl-dev',
+    'libpcre2-dev',
+    'libargon2-0-dev',
+    'libsodium-dev',
+    'libc-ares-dev',
+    'libcurl4-openssl-dev'
+  ])
 
   # Configure and make unrealircd, with or without ssl enabled
   if $unrealirc::use_ssl {
-    package { 'libssl-dev': 
-      ensure => present,
-    }
+
     exec { 'make-unrealirc':
       command => "${configure} --enable-ssl && make",
       timeout => 0,
       cwd     => "${unrealirc::install_path}",
       creates => "${unrealirc::install_path}/unreal",
+      environment => [
+        'CFLAGS=-fno-strict-aliasing -fno-strict-overflow -std=gnu89 -Wno-pointer-sign -fcommon'
+      ],
       require => [ Package['build-essential','gcc-multilib','libssl-dev'], Exec['unrealirc-dir'] ],
     }
   } else {
@@ -63,7 +75,12 @@ class unrealirc::install {
       timeout => 0,
       cwd     => "${unrealirc::install_path}",
       creates => "${unrealirc::install_path}/unreal",
+      environment => [
+        # these flags are required to get it compiled on newer systems (after Debian Buster)
+        'CFLAGS=-fno-strict-aliasing -fno-strict-overflow -std=gnu89 -Wno-pointer-sign -fcommon'
+      ],
       require => [Package['build-essential', 'gcc-multilib'],Exec['unrealirc-dir']],
+      logoutput => true,
     }
   }
 

modules/utilities/unix/audit_tools/ghidra/manifests/install.pp

@@ -1,6 +1,26 @@
 class ghidra::install{
 
-  ensure_packages(['openjdk-11-jre', 'openjdk-11-jdk', 'zip' ])
+  ensure_packages('zip')
+
+  if ($operatingsystem == 'Debian') {
+    case $operatingsystemrelease {
+      /^(12).*/: { # do 12.x bookworm stuff
+        ensure_packages(['openjdk-17-jre', 'openjdk-17-jdk'])
+      }
+      /^(9|10).*/: { # do 9.x stretch stuff
+        ensure_packages(['openjdk-11-jre', 'openjdk-11-jdk'])
+      }
+      /^7.*/: { # do 7.x wheezy stuff
+        # Will error -- TODO needs repo
+        ensure_packages(['openjdk-11-jre', 'openjdk-11-jdk'])
+      }
+      'kali-rolling': { # do kali
+        ensure_packages(['openjdk-11-jre', 'openjdk-11-jdk'])
+      }
+      default: {
+      }
+    }
+  }
 
   file { '/opt/ghidra':
     ensure => directory,

modules/utilities/unix/audit_tools/reversing_tools/manifests/install.pp

@@ -1,7 +1,7 @@
 class reversing_tools::install {
 
   Exec { path => ['/bin', '/usr/bin', '/usr/local/bin', '/sbin', '/usr/sbin'] }
-  ensure_packages(['gdb', 'git', 'ltrace', 'strace', 'valgrind', 'pax-utils', 'binwalk', 'vbindiff', 'ssdeep', 'pyew', 'gcc-multilib','yara'])
+  ensure_packages(['gdb', 'git', 'ltrace', 'strace', 'valgrind', 'pax-utils', 'binwalk', 'vbindiff', 'ssdeep', 'gcc-multilib','yara'])
 
   # java
   ensure_packages(['procyon-decompiler'])
@@ -9,7 +9,7 @@ class reversing_tools::install {
   # ensure ncat is installed for testing purposes
   ensure_packages("nmap")
   case $operatingsystemrelease {
-    /^(10).*/: { # do buster stuff
+    /^(1[0-9]).*/: { # do buster stuff
       ensure_packages("ncat")
     }
   }

modules/utilities/unix/desktop/kde_minimal/manifests/config.pp

@@ -5,7 +5,7 @@ class kde_minimal::config {
   $autostart_konsole = str2bool($secgen_params['autostart_konsole'][0])
 
   case $operatingsystemrelease {
-    /^10.*/: { # do 10.x buster stuff
+    /^1[0-9].*/: { # do 10.x buster|bookworm stuff
       if $autologin_user != "false" {
         file { "/etc/sddm.conf":
           ensure  => file,
@@ -65,7 +65,7 @@ class kde_minimal::config {
         }
       }
 
-      if $operatingsystemrelease =~ /^(9|10).*/ { # Disable stretch auto screen lock
+      if $operatingsystemrelease =~ /^(9|10).*/ { # Disable stretch auto screen lock (not needed for our new templates)
         file { "/home/$username/.config/kscreenlockerrc":
           ensure  => file,
           source  => 'puppet:///modules/kde_minimal/kscreenlockerrc',

modules/utilities/unix/desktop/kde_minimal/manifests/install.pp

@@ -1,7 +1,7 @@
 class kde_minimal::install{
   case $operatingsystem {
     'Debian': {
-      package { ['kde-plasma-desktop', 'kate', 'ksnapshot', 'qtcurve', 'kdesudo']:
+      package { ['kde-plasma-desktop', 'kate', 'ksnapshot', 'qtcurve']:
         ensure => 'installed',
       }
     }

modules/utilities/unix/malware/coconut/secgen_metadata.xml

@@ -35,6 +35,9 @@
     <generator type="coconut_config"/>
   </default_input>
 
+  <requires>
+    <module_path>.*/puppet_module/cron.*</module_path>
+  </requires>
   <requires>
     <type>update</type>
   </requires>

modules/utilities/unix/nc_message/manifests/install.pp

@@ -4,7 +4,7 @@ class nc_message::install {
 
   ensure_packages("nmap")
   case $operatingsystemrelease {
-    /^(10).*/: { # do buster stuff
+    /^(1[0-9]).*/: { # do buster stuff
       ensure_packages("ncat")
     }
   }

modules/utilities/unix/nc_message/secgen_metadata.xml

@@ -33,6 +33,9 @@
   <!-- <hint>Connect to a port</hint> -->
   <!-- <solution>Simply connecting to the right port will give you a message.</solution> -->
 
+  <requires>
+    <module_path>.*/puppet_module/cron.*</module_path>
+  </requires>
   <requires>
     <type>update</type>
   </requires>

modules/utilities/unix/puppet_module/cron_legacy/secgen_metadata.xml

@@ -11,4 +11,9 @@
   <type>puppet_module</type>
   <platform>linux</platform>
 
+  <conflict>
+    <!-- only use this version with older distros -->
+    <module_path>.*bases/(?!debian_(stretch|buster|wheezy)).*$</module_path>
+  </conflict>
+
 </utility>