Initial Changes and working install

2026-02-21 11:18:06 +00:00 · 2023-04-12 02:49:19 +01:00
parent b44e6ede5a
commit 22b2410152
4 changed files with 31 additions and 12 deletions
--- a/modules/vulnerabilities/unix/http/apache_couchdb/manifests/configure.pp
+++ b/modules/vulnerabilities/unix/http/apache_couchdb/manifests/configure.pp
@@ -4,8 +4,8 @@ class apache_couchdb::configure {
  $user = $secgen_parameters['leaked_username'][0]
  $password = $secgen_parameters['leaked_password'][0]
  $jsondb = 'sampledata' ##TODO secgen
-  $strings_to_leak = $secgen_parameters['strings_to_leak'][0]
-  $leaked_filenames = $secgen_parameters['leaked_filenames'][0]
+  $strings_to_leak = $secgen_parameters['strings_to_leak']
+  $leaked_filenames = $secgen_parameters['leaked_filenames']
  $user_home = "/home/${user}"

  Exec { path => ['/bin', '/usr/bin', '/usr/local/bin', '/sbin', '/usr/sbin'] }
--- a/modules/vulnerabilities/unix/http/apache_couchdb/manifests/couchdb.pp
+++ b/modules/vulnerabilities/unix/http/apache_couchdb/manifests/couchdb.pp
@@ -11,9 +11,10 @@ class apache_couchdb::couchdb {
  Exec { path => ['/bin', '/usr/bin', '/usr/local/bin', '/sbin', '/usr/sbin'] }
  #create user
  #create system user
-  user { $username :
-    ensure => present,
-    shell  => '/bin/bash',
+  user { $username:
+    ensure   => present,
+    shell    => '/bin/bash',
+    password => pw_hash($password, 'SHA-512', 'mysalt'),
  }
  #set folder permissions
  -> exec { 'chown-couchdb':
@@ -24,11 +25,10 @@ class apache_couchdb::couchdb {
    command   => "chmod -R 770 ${docroot}",
    logoutput => true
  }
-
  #configuration file
  -> file { "${docroot}/etc/local.ini" :
-     ensure  => file,
-     content => template('apache_couchdb/local.ini.erb'),
+    ensure  => file,
+    content => template('apache_couchdb/local.ini.erb'),
  }
  # add vm.args files
  -> file { "${docroot}/etc/vm.args":
@@ -43,11 +43,13 @@ class apache_couchdb::couchdb {
    logoutput => true,
    notify    => Exec['wait-apache-couchdb'],
  }
+
  exec { 'wait-apache-couchdb':
    command   => 'sleep 4',
    logoutput => true,
    notify    => Exec['chown-uri-file'],
  }
+
  exec { 'chown-uri-file':
    command   => "chown -R ${username}:${username} /var/run/couchdb/",
    logoutput => true,
@@ -57,3 +59,4 @@ class apache_couchdb::couchdb {
    logoutput => true,
  }
 }
+
--- a/modules/vulnerabilities/unix/http/apache_couchdb/manifests/install.pp
+++ b/modules/vulnerabilities/unix/http/apache_couchdb/manifests/install.pp
@@ -21,12 +21,12 @@ class apache_couchdb::install {
    source => "puppet:///modules/apache_couchdb/${packagename}.deb",
  }
  -> file { "/usr/bin/${responsefile}" :
-     ensure  => file,
-     content => template("apache_couchdb/${responsefile}.erb"),
+    ensure  => file,
+    content => template("apache_couchdb/${responsefile}.erb"),
  }
  -> file { "/usr/bin/${jsondb}.json" :
-     ensure  => file,
-     content => template("apache_couchdb/${jsondb}.erb"),
+    ensure  => file,
+    content => template("apache_couchdb/${jsondb}.erb"),
  }
  #install couch db from deb file
  -> package {'couchdb-install':
--- a/scenarios/examples/vulnerability_examples/apache_couchdb.xml
+++ b/scenarios/examples/vulnerability_examples/apache_couchdb.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0"?>
+
+<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
+
+    <system>
+        <system_name>couchdb</system_name>
+        <base distro="Debian 10" type="desktop" name="KDE" />
+
+        <vulnerability module_path=".*/apache_couchdb" />
+
+        <network type="private_network" range="dhcp" />
+    </system>
+
+</scenario>