security/caldera: Fix permission issues with some payload directories

- Fix a problem in ragdoll payload - Add GOCACHE and GOMODCACHE to caldera_env into caldera rc script. It is useful for avoid issues when some payloads are compiled - Some other modifications - Bump PORTREVISION
freebsd · Jun 2, 2023 · 4ae9030 · 4ae9030
1 parent d6766c7
commit 4ae9030
Show file tree

Hide file tree

Showing 5 changed files with 26 additions and 3 deletions.
diff --git a/security/caldera/Makefile b/security/caldera/Makefile
@@ -1,6 +1,6 @@
 PORTNAME=	caldera
 DISTVERSION=	4.1.0
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	security python
 
 MAINTAINER=	acm@FreeBSD.org
@@ -43,6 +43,7 @@ RUN_DEPENDS=	${PYTHON_PKGNAMEPREFIX}aiohttp>0:www/py-aiohttp@${PY_FLAVOR} \
 		${PYTHON_PKGNAMEPREFIX}networkx>0:math/py-networkx@${PY_FLAVOR} \
 		${PYTHON_PKGNAMEPREFIX}numpy>0:math/py-numpy@${PY_FLAVOR} \
 		upx>0:archivers/upx \
+		base64>0:converters/base64 \
 		git>0:devel/git \
 		bash>0:shells/bash
 

diff --git a/security/caldera/files/caldera.in b/security/caldera/files/caldera.in
@@ -22,6 +22,7 @@ export PATH="${PATH}:/usr/local/bin:/usr/local/sbin"
 : ${caldera_enable:=NO}
 : ${caldera_flags="--insecure"}
 
+caldera_env="GOCACHE=/tmp/caldera/.cache GOMODCACHE=/tmp/caldera/.vendor"
 caldera_user="caldera"
 caldera_wwwdir="%%WWWDIR%%"
 caldera_logfile="/var/log/caldera.log"

diff --git a/security/caldera/files/patch-plugins_stockpile_payloads_ragdoll.py b/security/caldera/files/patch-plugins_stockpile_payloads_ragdoll.py
@@ -0,0 +1,11 @@
+--- plugins/stockpile/payloads/ragdoll.py.orig	2023-05-16 23:53:18 UTC
++++ plugins/stockpile/payloads/ragdoll.py
+@@ -63,7 +63,7 @@ class OperationLoop:
+     def _execute_instruction(self, i):
+         print('[+] Running instruction: %s' % i['id'])
+         cmd = self._decode_bytes(i['command'])
+-        execution_timestamp = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
++        execution_timestamp = datetime.datetime.now().strftime('%Y-%m-%dT%H:%M:%SZ')
+         try:
+             output = subprocess.check_output(cmd, shell=True, timeout=i['timeout'])
+         except subprocess.CalledProcessError as e:
diff --git a/security/caldera/files/pkg-message.in b/security/caldera/files/pkg-message.in
@@ -17,8 +17,8 @@ Caldera port was installed
 3) Before of start Caldera you must run some scripts for generate/update payload
    files
 
-   # cd %%WWWDIR%%/plugins/manx && sh update-shells.sh
-   # cd %%WWWDIR%%/plugins/sandcat && sh update-agents.sh
+   # su -m caldera -c 'cd %%WWWDIR%%/plugins/manx && sh update-shells.sh'
+   # su -m caldera -c 'cd %%WWWDIR%%/plugins/sandcat && sh update-agents.sh'
 
 4) Do not forget modify configuration files before of run Caldera. For default
    it runs in insecure mode (http). Caldera configuration files are located at

diff --git a/security/caldera/pkg-plist b/security/caldera/pkg-plist
@@ -1272,9 +1272,19 @@
 @owner caldera
 @group caldera
 @dir %%WWWDIR%%
+@dir %%WWWDIR%%/data
 @dir %%WWWDIR%%/plugins
 @dir %%WWWDIR%%/plugins/atomic/data
+@dir %%WWWDIR%%/plugins/atomic/payloads
 @dir %%WWWDIR%%/plugins/atomic
+@dir %%WWWDIR%%/plugins/builder/payloads
+@dir %%WWWDIR%%/plugins/debrief/downloads
+@dir %%WWWDIR%%/plugins/debrief/uploads
+@dir %%WWWDIR%%/plugins/emu/data
+@dir %%WWWDIR%%/plugins/emu/payloads
+@dir %%WWWDIR%%/plugins/human/payloads
+@dir %%WWWDIR%%/plugins/manx/payloads
+@dir %%WWWDIR%%/plugins/sandcat/payloads
 @dir %%WWWDIR%%/plugins/fieldmanual/sphinx-docs/plugins
 @dir %%WWWDIR%%/plugins/fieldmanual/sphinx-docs
 @dir %%WWWDIR%%/plugins/fieldmanual