diff --git a/modules/vulnerabilities/unix/web_training/security_shepherd/files/ROOT.war b/modules/vulnerabilities/unix/web_training/security_shepherd/files/ROOT.war
deleted file mode 100644
index 3dc831384..000000000
Binary files a/modules/vulnerabilities/unix/web_training/security_shepherd/files/ROOT.war and /dev/null differ
diff --git a/modules/vulnerabilities/unix/web_training/security_shepherd/files/ROOT.zip b/modules/vulnerabilities/unix/web_training/security_shepherd/files/ROOT.zip
new file mode 100644
index 000000000..a9c125220
Binary files /dev/null and b/modules/vulnerabilities/unix/web_training/security_shepherd/files/ROOT.zip differ
diff --git a/modules/vulnerabilities/unix/web_training/security_shepherd/manifests/install.pp b/modules/vulnerabilities/unix/web_training/security_shepherd/manifests/install.pp
index db57fa87a..459b64fbb 100644
--- a/modules/vulnerabilities/unix/web_training/security_shepherd/manifests/install.pp
+++ b/modules/vulnerabilities/unix/web_training/security_shepherd/manifests/install.pp
@@ -18,11 +18,22 @@ class security_shepherd::install {
exec { 'remove-default-site':
command => 'rm -rf /var/lib/tomcat9/webapps/*',
}
- -> file { '/var/lib/tomcat9/webapps/ROOT.war':
+ #-> file { '/var/lib/tomcat9/webapps/ROOT.war':
+ # ensure => file,
+ # source => 'puppet:///modules/security_shepherd/ROOT.war',
+ #}
+ -> file { '/tmp/ROOT.zip':
ensure => file,
- source => 'puppet:///modules/security_shepherd/ROOT.war',
+ source => 'puppet:///modules/security_shepherd/ROOT.zip',
}
- file { '/var/lib/tomcat9/conf/shepherdKeystore.p12':
+ -> file { ['/tmp/ROOT' ,'/tmp/ROOT/WEB-INF', '/tmp/ROOT/WEB-INF/classes']:
+ ensure => directory,
+ }
+ exec { 'extract ROOT':
+ cwd => '/tmp',
+ command => 'unzip ROOT.zip -d ROOT',
+ }
+ -> file { '/var/lib/tomcat9/conf/shepherdKeystore.p12':
ensure => file,
source => 'puppet:///modules/security_shepherd/shepherdKeystore.p12',
}
@@ -45,14 +56,15 @@ class security_shepherd::install {
source => 'puppet:///modules/security_shepherd/my.cnf',
replace => true,
}
-
- service { 'tomcat9':
+ -> service { 'tomcat9':
ensure => running,
name => 'tomcat9',
enable => true,
hasrestart => true,
- subscribe => [
- File['/var/lib/tomcat9/webapps/ROOT.war'],
- ],
+ #subscribe => [
+ # File['/var/lib/tomcat9/webapps/ROOT.war'],
+ #],
}
+
+
}
diff --git a/modules/vulnerabilities/unix/web_training/security_shepherd/manifests/mariadb.pp b/modules/vulnerabilities/unix/web_training/security_shepherd/manifests/mariadb.pp
index d26ae9b6a..147b5b616 100644
--- a/modules/vulnerabilities/unix/web_training/security_shepherd/manifests/mariadb.pp
+++ b/modules/vulnerabilities/unix/web_training/security_shepherd/manifests/mariadb.pp
@@ -36,19 +36,27 @@ class security_shepherd::mariadb {
cwd => '/tmp',
command => "mysql -u ${user} -p${db_pass} < moduleSchemas.sql",
}
-
- file { ['/var/lib/tomcat9/webapps/ROOT', '/var/lib/tomcat9/webapps/ROOT/WEB-INF', '/var/lib/tomcat9/webapps/ROOT/WEB-INF/classes', '/var/lib/tomcat9/webapps/ROOT/WEB-INF/classes/flag-store']:
- ensure => directory,
- }
- -> file { '/var/lib/tomcat9/webapps/ROOT/WEB-INF/classes/flags':
+
+ # /var/lib/tomcat9/webapps
+ -> file { '/tmp/ROOT/WEB-INF/classes/flags':
ensure => file,
+ replace => true,
+ owner => 'tomcat',
+ group => 'tomcat',
content => template('security_shepherd/flags.erb'),
}
- -> file { '/var/lib/tomcat9/webapps/ROOT/WEB-INF/classes/active-modules':
+ # /var/lib/tomcat9/webapps
+ -> file { '/tmp/ROOT/WEB-INF/classes/active-modules':
ensure => file,
+ replace => true,
+ owner => 'tomcat',
+ group => 'tomcat',
content => template('security_shepherd/active-modules.erb'),
- notify => Service['tomcat9']
}
+ -> exec { 'jar -cvf ROOT.war *':
+ cwd => '/tmp/ROOT',
+ }
+ -> exec { 'mv /tmp/ROOT/ROOT.war /var/lib/tomcat9/webapps':}
# This needs updating? Weird chicanery happens if not used this way
exec { 'restart-tom':
command => 'systemctl restart tomcat9',
diff --git a/scenarios/labs/web_security/1_intro_web_security.xml b/scenarios/labs/web_security/1_intro_web_security.xml
index 05ae7b4ac..817cbbe09 100644
--- a/scenarios/labs/web_security/1_intro_web_security.xml
+++ b/scenarios/labs/web_security/1_intro_web_security.xml
@@ -7,7 +7,8 @@
Introducing Web security
James Davis
Web and Network Security - Introducing Web security
- https://docs.google.com/document/d/1vLy56U53lqb8ZpQVLwxznCBsGv0KPM_uXJW1WD5DCiI/edit?usp=sharing
+
+ https://docs.google.com/document/d/1vLy56U53lqb8ZpQVLwxznCBsGv0KPM_uXJW1WD5DCiI/edit?usp=sharing
ctf-lab
lab-sheet
@@ -52,7 +53,7 @@
shepherd
-
+
1
diff --git a/scenarios/labs/web_security/2_sessions_and_cookies.xml b/scenarios/labs/web_security/2_sessions_and_cookies.xml
index 0ab516284..84c4b1c77 100644
--- a/scenarios/labs/web_security/2_sessions_and_cookies.xml
+++ b/scenarios/labs/web_security/2_sessions_and_cookies.xml
@@ -7,7 +7,8 @@
Session Management
James Davis
Web and Network Security - Session Management
- https://docs.google.com/document/d/1xcbf0bqtdMGgJAjeedw5MUbkRosMyQ_UZ0gN4IeCBFs/edit?usp=sharing
+
+ https://docs.google.com/document/d/1xcbf0bqtdMGgJAjeedw5MUbkRosMyQ_UZ0gN4IeCBFs/edit?usp=sharing
lab-environment
ctf-lab
@@ -51,7 +52,7 @@
shepherd
-
+
10
diff --git a/scenarios/labs/web_security/3_xss.xml b/scenarios/labs/web_security/3_xss.xml
index ab4bed394..9b3e4ac53 100644
--- a/scenarios/labs/web_security/3_xss.xml
+++ b/scenarios/labs/web_security/3_xss.xml
@@ -7,7 +7,8 @@
Cross-Site Scripting
James Davis
Web and Network Security - Cross-Site Scripting
- https://docs.google.com/document/d/1f7hD_sZnBChklLZmskpxp1dIJUG9Ntw_06t76ltnPTk/edit?usp=sharing
+
+ https://docs.google.com/document/d/1f7hD_sZnBChklLZmskpxp1dIJUG9Ntw_06t76ltnPTk/edit?usp=sharing
lab-environment
ctf-lab
@@ -51,7 +52,7 @@
shepherd
-
+
6
diff --git a/scenarios/labs/web_security/4_sqli.xml b/scenarios/labs/web_security/4_sqli.xml
index d0db9e844..ef50cdce9 100644
--- a/scenarios/labs/web_security/4_sqli.xml
+++ b/scenarios/labs/web_security/4_sqli.xml
@@ -7,7 +7,8 @@
SQL injection
James Davis
Web and Network Security - SQL
- https://docs.google.com/document/d/1G_b4f25ufopbDw6djpO1D-nhbJ7vFOCY-QZJtoTUSKg/edit?usp=sharing
+
+ https://docs.google.com/document/d/1G_b4f25ufopbDw6djpO1D-nhbJ7vFOCY-QZJtoTUSKg/edit?usp=sharing
lab-environment
ctf-lab
@@ -51,7 +52,7 @@
shepherd
-
+
11
diff --git a/scenarios/labs/web_security/5_sqli_advanced.xml b/scenarios/labs/web_security/5_sqli_advanced.xml
index e5f092869..274495023 100644
--- a/scenarios/labs/web_security/5_sqli_advanced.xml
+++ b/scenarios/labs/web_security/5_sqli_advanced.xml
@@ -7,7 +7,8 @@
WNS Intro
James Davis
Web and Network Security - Advanced Injection
- https://docs.google.com/document/d/1tj7qQ-1HbmxXaZNMOCPVECHrFAHpkRVcD_Q0FvMhIWQ/edit?usp=sharing
+
+ https://docs.google.com/document/d/1tj7qQ-1HbmxXaZNMOCPVECHrFAHpkRVcD_Q0FvMhIWQ/edit?usp=sharing
lab-environment
ctf-lab
@@ -51,7 +52,7 @@
shepherd
-
+
4
diff --git a/scenarios/labs/web_security/6_csrf.xml b/scenarios/labs/web_security/6_csrf.xml
index d00767ce2..7879da9b0 100644
--- a/scenarios/labs/web_security/6_csrf.xml
+++ b/scenarios/labs/web_security/6_csrf.xml
@@ -7,7 +7,8 @@
Cross-Site Request Forgery
James Davis
Web and Network Security - Cross-Site Request Forgery
- https://docs.google.com/document/d/1ABryiNKLDiIG6i7PQUztzzynjPo3fRSBP4OakxCPraY/edit?usp=sharing
+
+ https://docs.google.com/document/d/1ABryiNKLDiIG6i7PQUztzzynjPo3fRSBP4OakxCPraY/edit?usp=sharing
lab-environment
ctf-lab
@@ -51,7 +52,7 @@
shepherd
-
+
8
diff --git a/scenarios/labs/web_security/7_additional_web.xml b/scenarios/labs/web_security/7_additional_web.xml
index 922c46d4d..75a221227 100644
--- a/scenarios/labs/web_security/7_additional_web.xml
+++ b/scenarios/labs/web_security/7_additional_web.xml
@@ -7,7 +7,8 @@
Additional Web Challenges
James Davis
Web and Network Security - Packet analysis, firewalls and VPNs
- https://docs.google.com/document/d/1DDjyBGtB9vaFD6S2s1jQn7_bpVn4UlK-njbmVX5_UiM/edit?usp=sharing
+
+ https://docs.google.com/document/d/1DDjyBGtB9vaFD6S2s1jQn7_bpVn4UlK-njbmVX5_UiM/edit?usp=sharing
lab-environment
ctf-lab
@@ -44,7 +45,7 @@
shepherd
-
+
4