lab updates

Gemfile.lock

@@ -19,7 +19,7 @@ GIT
 GEM
   remote: https://rubygems.org/
   specs:
-    CFPropertyList (2.3.6)
+    CFPropertyList (3.0.0)
     PriorityQueue (0.1.2)
     activesupport (5.2.2)
       concurrent-ruby (~> 1.0, >= 1.0.2)
@@ -39,7 +39,6 @@ GEM
     digest-whirlpool (1.0.3)
     duplicate (1.1.1)
     facter (2.5.1)
-      CFPropertyList (~> 2.2)
     faker (1.9.3)
       i18n (>= 0.7)
     faraday (0.13.1)
@@ -96,8 +95,7 @@ GEM
       json (>= 1, < 3)
     pg (1.1.4)
     process_helper (0.1.2)
-    puppet (6.2.0)
-      CFPropertyList (~> 2.2)
+    puppet (6.3.0)
       facter (> 2.0.1, < 4)
       fast_gettext (~> 1.1.2)
       hiera (>= 3.2.1, < 4)
@@ -188,4 +186,4 @@ DEPENDENCIES
   zipruby
 
 BUNDLED WITH
-   1.11.2
+   1.16.6

modules/generators/structured_content/hackerbot_config/hb_facls/templates/lab.xml.erb

@@ -142,11 +142,11 @@ Randomised instance generated by [SecGen](http://github.com/cliffe/SecGen) (<%=
 		</condition>
     <condition>
 			<output_matches>s-0-</output_matches>
-      <message>:( Looks like <%= $second_user %> can access the file... Almost there...</message>
+      <message>:( Looks like <%= $second_user %> can access the file... But not <%= $main_user %>. Almost there...</message>
 		</condition>
     <condition>
 			<output_matches>s-2-</output_matches>
-      <message>:( Looks like <%= $second_user %> can't access the file... Use ACLs to make sure they can...</message>
+      <message>:( Looks like <%= $second_user %> can't access the file... Use ACLs to make sure they can... (Hint: Consider the directory and file permissions)</message>
 		</condition>
     <condition>
 			<output_matches>m-0-</output_matches>
@@ -165,17 +165,16 @@ Randomised instance generated by [SecGen](http://github.com/cliffe/SecGen) (<%=
 
   <attack>
     <% $rand_shared_dir = "/home/#{$main_user}/shared#{SecureRandom.hex(3)}/" %>
-		<prompt>On your desktop system, create a directory, <%= $rand_shared_dir %>. Make sure the directory is owned by <%= $main_user %>. Use Linux ACLs (and Unix special permissions, but not groups) to enable <%= $second_user %> and <%= $third_user %> to also create shared files in the directory (read and write for all three users), but not delete files owned by each other.</prompt>
+		<prompt>On your desktop system, create a directory, <%= $rand_shared_dir %>. Make sure the directory is owned by <%= $main_user %>. Use Linux ACLs (but not groups) to enable <%= $second_user %> and <%= $third_user %> to also create shared files in the directory (read and write for all three users), but not available to other users.</prompt>
 
-<!-- TODO!!!!!! -->
-    <post_command>sudo -u <%= $main_user %> bash -c 'echo "<%= $main_user %> was here!" > <%= $rand_shared_dir %>/shared_file' >/dev/null; echo m-$?-; sudo -u <%= $second_user %> bash -c 'echo "<%= $second_user %> was here!" >> <%= $rand_shared_dir %>/shared_file' >/dev/null; echo s-$?-; sudo -u <%= $third_user %> bash -c 'echo "<%= $third_user %> was here!" >> <%= $rand_shared_dir %>/shared_file' >/dev/null; echo t-$?-; ls -l <%= $rand_shared_dir %>/shared_file | grep +; echo f-$?- ; getfacl <%= $rand_shared_dir %>/shared_file | grep '^group:[^:]'; echo g-$?-; sudo -u <%= $second_user %> rm <%= $rand_shared_dir %>/shared_file >/dev/null; echo del-$?-;  </post_command>
+    <post_command>sudo -u <%= $main_user %> bash -c 'echo "<%= $main_user %> was here!" > <%= $rand_shared_dir %>shared_file' >/dev/null; echo m-$?-; sudo -u <%= $second_user %> bash -c 'echo "<%= $second_user %> was here!" >> <%= $rand_shared_dir %>shared_file' >/dev/null; echo s-$?-; sudo -u <%= $third_user %> bash -c 'echo "<%= $third_user %> was here!" >> <%= $rand_shared_dir %>shared_file' >/dev/null; echo t-$?-; ls -l <%= $rand_shared_dir %>shared_file | grep +; echo f-$?- ; getfacl <%= $rand_shared_dir %>shared_file | grep '^group:[^:]'; echo g-$?-; getfacl <%= $rand_shared_dir %>shared_file | grep '^other::---'; echo o-$?-; rm <%= $rand_shared_dir %>shared_file </post_command>
 
     <condition>
 			<output_matches>No such file or directory</output_matches>
       <message>:( It looks like the directory might not exist (or perhaps a permissions issue).</message>
 		</condition>
     <condition>
-			<output_matches>m-0-.*s-0-.*t-0-.*f-0-.*g-1-.*del-1-</output_matches>
+			<output_matches>m-0-.*s-0-.*t-0-.*f-0-.*g-1-.*o-0-</output_matches>
       <message>:) Well done! <%= $flags.pop %></message>
       <trigger_next_attack />
 		</condition>
@@ -184,11 +183,11 @@ Randomised instance generated by [SecGen](http://github.com/cliffe/SecGen) (<%=
       <message>:P Looks like you got all the file access working, but you are supposed to use facls for this task! Hint: Make sure you have set a default ACL.</message>
 		</condition>
     <condition>
-			<output_matches>del-0-</output_matches>
-      <message>:( A file created by <%= $main_user %> wasn't protected from being deleted by <%= $second_user %>! Hint: consider using the sticky bit.</message>
+			<output_matches>o-[1-9]+-</output_matches>
+      <message>:( Other users can access files in your shared directory. Hint: consider using default ACLs.</message>
 		</condition>
     <else_condition>
-      <message>:( Something was not right. Make sure all three users can access the file. </message>
+      <message>:( Something was not right. Make sure all three users can access the directory to create and share files. </message>
 		</else_condition>
 
 	</attack>
@@ -201,7 +200,7 @@ Randomised instance generated by [SecGen](http://github.com/cliffe/SecGen) (<%=
 
 		<condition>
 			<output_matches>.*</output_matches>
-			<message>:)</message>
+			<message>8-)</message>
 			<trigger_next_attack />
 		</condition>
     <condition>
@@ -215,6 +214,5 @@ Randomised instance generated by [SecGen](http://github.com/cliffe/SecGen) (<%=
 
 	</attack>
 
-<!-- TODO: add another attack where HB uses a hardlink attack against the SUID program - they have to fix the problem  -->
 
 </hackerbot>

modules/vulnerabilities/unix/access_control_misconfigurations/suid_root_nano/manifests/change_uid_permissions.pp

@@ -1,10 +0,0 @@
-class suid_root_nano::change_uid_permissions ($file_input = [],$user = 'root') {
-  $file_input.each |String $file, String $permission_code| {
-    file { $file:
-      # ensure => 'file',
-      mode => "$permission_code",
-      owner => $user,
-    }
-    notice("File {$file} permissions have been checked.")
-  }
-}

modules/vulnerabilities/unix/access_control_misconfigurations/suid_root_nano/manifests/config.pp

@@ -1,5 +1,10 @@
-'suid_root_nano::change_uid_permissions':
-  file_input => {
-    '/bin/nano' => '4755',
-    '/usr/bin/nano' => '4755',
+class suid_root_nano::config {
+  file { '/bin/nano':
+    mode => "4755",
+    owner => "root",
   }
+  file { '/usr/bin/nano':
+    mode => "4755",
+    owner => "root",
+  }
+}