diff --git a/lib/output/xml_marker_generator.rb b/lib/output/xml_marker_generator.rb index 2d5b6dc64..6279d3670 100644 --- a/lib/output/xml_marker_generator.rb +++ b/lib/output/xml_marker_generator.rb @@ -42,7 +42,7 @@ class XmlMarkerGenerator system.module_selections.each { |search_module| if search_module.unique_id == selected_module.write_to_module_with_id # special case check for flag that's fed into a parameter that isn't defined within the receiving module - if search_module.attributes["read_fact"].include? selected_module.write_output_variable + if search_module.attributes["read_fact"]&.include? selected_module.write_output_variable xml.flag(output_value) else Print.warn "Ignoring flag generated but fed into a fact that the module doesn't read: #{selected_module.write_to_module_with_id}.#{selected_module.write_output_variable} #{output_value}" diff --git a/modules/services/unix/database/mysql_stretch_compatible/mysql/mysql.pp b/modules/services/unix/database/mysql_stretch_compatible/mysql/mysql.pp index 1d37e9c51..0ee797f2d 100644 --- a/modules/services/unix/database/mysql_stretch_compatible/mysql/mysql.pp +++ b/modules/services/unix/database/mysql_stretch_compatible/mysql/mysql.pp @@ -1,2 +1,13 @@ -include '::mysql::server' -include '::mysql::client' \ No newline at end of file +class { '::mysql::server': + override_options => { + 'mysqld' => { + 'ssl' => undef, + 'ssl-ca' => undef, + 'ssl-cert' => undef, + 'ssl-key' => undef, + 'ssl-disable' => true + } + } +} + +include '::mysql::client' diff --git a/modules/services/unix/database/mysql_stretch_compatible/mysql/secgen_metadata.xml b/modules/services/unix/database/mysql_stretch_compatible/mysql/secgen_metadata.xml index 1a58f0404..cf9f3385c 100644 --- a/modules/services/unix/database/mysql_stretch_compatible/mysql/secgen_metadata.xml +++ b/modules/services/unix/database/mysql_stretch_compatible/mysql/secgen_metadata.xml @@ -25,9 +25,9 @@ - + .*/puppet_module/cron.* diff --git a/modules/vulnerabilities/unix/webapp/commando/manifests/apache.pp b/modules/vulnerabilities/unix/webapp/commando/manifests/apache.pp index 86c90ed75..e441f06cf 100644 --- a/modules/vulnerabilities/unix/webapp/commando/manifests/apache.pp +++ b/modules/vulnerabilities/unix/webapp/commando/manifests/apache.pp @@ -4,7 +4,7 @@ class commando::apache { $db_password = $secgen_parameters['db_password'][0] # essential packages for commando to function - package { ['php', 'php-mysqli', 'php-gd', 'libapache2-mod-php','mysql-server']: + package { ['php', 'php-gd', 'libapache2-mod-php']: ensure => installed, } @@ -19,9 +19,9 @@ class commando::apache { docroot => '/var/www/commando', } -> - # enabling of the php7.0 module so functions on app work - exec { 'a2enmod php7.0': - command => "/usr/sbin/a2enmod php7.0", + # enabling of the php5.6 module so functions on app work + exec { 'a2enmod php5.6': + command => "/usr/sbin/a2enmod php5.6", require => Class['::apache'] } diff --git a/modules/vulnerabilities/unix/webapp/commando/secgen_metadata.xml b/modules/vulnerabilities/unix/webapp/commando/secgen_metadata.xml index 08212d8c1..a35733908 100644 --- a/modules/vulnerabilities/unix/webapp/commando/secgen_metadata.xml +++ b/modules/vulnerabilities/unix/webapp/commando/secgen_metadata.xml @@ -72,12 +72,12 @@ WARNING: This module needs some further testing, and may not work without input - - .*commando - + + .*apache.*compatible.* + - .*/apache.* + .*php.*compatible.* .*mysql.*compatible.* diff --git a/scenarios/ctf/rand_webapp.xml b/scenarios/ctf/rand_webapp.xml index 3c69d6958..19fcbed2d 100644 --- a/scenarios/ctf/rand_webapp.xml +++ b/scenarios/ctf/rand_webapp.xml @@ -30,7 +30,7 @@ web_server - + 172.10.0.2