From 685acf0300b8c22b816c4504def3c1962fae5c9b Mon Sep 17 00:00:00 2001
From: "Z. Cliffe Schreuders" <code.cliffe@schreuders.org>
Date: Thu, 8 Aug 2024 02:19:59 +0100
Subject: [PATCH] Update MySQL configuration for MariaDB server

---
 .../mysql_kali_compatible/mysql/mysql.pp      | 23 ++++++++++++++++---
 .../mysql/secgen_metadata.xml                 |  2 +-
 scenarios/labs/web_security/4_sqli.xml        |  2 +-
 .../labs/web_security/5_sqli_advanced.xml     |  2 +-
 4 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/modules/services/unix/database/mysql_kali_compatible/mysql/mysql.pp b/modules/services/unix/database/mysql_kali_compatible/mysql/mysql.pp
index b8676d674..17820c784 100644
--- a/modules/services/unix/database/mysql_kali_compatible/mysql/mysql.pp
+++ b/modules/services/unix/database/mysql_kali_compatible/mysql/mysql.pp
@@ -7,12 +7,29 @@ user { 'mysql':
 group { 'mysql':
   ensure => 'present',
 } ->
+file { '/var/log/mysql':
+  ensure => 'directory',
+  owner  => 'mysql',
+  group  => 'mysql',
+  mode   => '0755',
+} ->
 
-class {'::mysql::server':
+class { '::mysql::server':
   package_name     => 'mariadb-server',
   service_name     => 'mariadb',
-  package_manage   => false, # avoid managing the client package
-  service_manage   => true, # this doesn't work (workaround below)
+  package_manage   => false,
+  service_manage   => true,
+  override_options => {
+    'mysqld' => {
+      'ssl' => false,
+      'skip-ssl' => true,
+      'require_secure_transport' => false,
+    },
+    'client' => {
+      'ssl' => false,
+    }
+  }
+  
 } ->
 
 exec { 'start_and_enable_mariadb':
diff --git a/modules/services/unix/database/mysql_stretch_compatible/mysql/secgen_metadata.xml b/modules/services/unix/database/mysql_stretch_compatible/mysql/secgen_metadata.xml
index 3799299b2..1a58f0404 100644
--- a/modules/services/unix/database/mysql_stretch_compatible/mysql/secgen_metadata.xml
+++ b/modules/services/unix/database/mysql_stretch_compatible/mysql/secgen_metadata.xml
@@ -21,7 +21,7 @@
 
   <!-- exclude any base except bookworm and buster and stretch -->
   <conflict>
-    <module_path>.*bases/(?!.*debian_(bookworm|buster|stretch).*)</module_path>
+    <module_path>.*bases/(?!debian_(bookworm|buster|stretch)).*</module_path>
   </conflict>
 
   <!--Cannot co-exist with other MySQL installations-->
diff --git a/scenarios/labs/web_security/4_sqli.xml b/scenarios/labs/web_security/4_sqli.xml
index a12309a9b..c0bb3d28e 100644
--- a/scenarios/labs/web_security/4_sqli.xml
+++ b/scenarios/labs/web_security/4_sqli.xml
@@ -149,7 +149,7 @@ Throughout this lab, you will engage in a series of tasks across various platfor
                 <value>true</value>
             </input>
             <input into="start_page">
-                <value>http://localhost:8085/WebGoat|webserver</value>
+                <value>http://localhost:8085/WebGoat|http://localhost/|webserver</value>
             </input>
         </utility>
 
diff --git a/scenarios/labs/web_security/5_sqli_advanced.xml b/scenarios/labs/web_security/5_sqli_advanced.xml
index 93c73cca2..0a47747ed 100644
--- a/scenarios/labs/web_security/5_sqli_advanced.xml
+++ b/scenarios/labs/web_security/5_sqli_advanced.xml
@@ -150,7 +150,7 @@ Throughout the lab, you will engage with various vulnerable environments, includ
                 <value>true</value>
             </input>
             <input into="start_page">
-                <value>http://localhost:8085/WebGoat|webserver</value>
+                <value>http://localhost:8085/WebGoat|http://localhost/|webserver</value>
             </input>
         </utility>