Skip to content

Commit

Permalink
security/caldera-ot: Add new plugins
Browse files Browse the repository at this point in the history 
- Add iec61850 plugin
- Add profinet plugin
- STRIP bacnet binaries
- Change modbus payload name
- Set MITRE Caldera dependency to 4.x
- Bump PORTREVISION
  • Loading branch information
@alonsobsd
alonsobsd committed Feb 19, 2024
1 parent 1472a55 commit bcbfdae
Show file tree
Hide file tree
Showing 43 changed files with 830 additions and 33 deletions.
41 changes: 34 additions & 7 deletions security/caldera-ot/Makefile
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
PORTNAME= caldera-ot
DISTVERSION= 4.2.0
PORTREVISION= 3
PORTREVISION= 4
CATEGORIES= security python

MAINTAINER= acm@FreeBSD.org
Expand All @@ -11,20 +11,26 @@ LICENSE= APACHE20
LICENSE_FILE= ${WRKSRC}/LICENSE

BUILD_DEPENDS= bacnet-stack>0:devel/bacnet-stack \
nuitka3:devel/nuitka
cmake:devel/cmake-core \
nuitka3:devel/nuitka \
argtable3>0:devel/argtable3 \
libiec61850>0:devel/libiec61850
RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}aiohttp>0:www/py-aiohttp@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}pymodbus>0:comms/py-pymodbus@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}pyserial>0:comms/py-pyserial@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}six>0:devel/py-six@${PY_FLAVOR} \
${LOCALBASE}/www/caldera/app/__init__.py:security/caldera
${PYTHON_PKGNAMEPREFIX}pnio-dcp>0:devel/py-pnio-dcp@${PY_FLAVOR} \
caldera4>0:security/caldera4

USE_GITHUB= yes
GH_ACCOUNT= mitre
GH_PROJECT= ${PORTNAME}
GH_TAGNAME= 6c6b971d96de121da33f27aa6f80806835346b23
GH_TUPLE= mitre:bacnet:745432c:bacnet/bacnet \
mitre:dnp3:01e3748:dnp3/dnp3 \
mitre:modbus:e47e259:modbus/modbus
mitre:modbus:e47e259:modbus/modbus \
mitre:iec61850:a72e2c1:iec61850/iec61850 \
mitre:profinet:7e62daa:profinet/profinet

USES= compiler:c++11-lang dos2unix python

Expand All @@ -51,24 +57,45 @@ post-patch:

do-build:
@${MKDIR} ${WRKDIR}/modbus_cli-build
@${MKDIR} ${WRKDIR}/profinet-build
@${MKDIR} ${WRKDIR}/iec61850-build
@${CP} ${WRKSRC}/profinet/src/dcp_utility.py ${WRKDIR}/profinet-build/dcp_utility.py
cd ${WRKSRC}/bacnet/src/bacnet-stack/apps && \
${CC} readprop/main.c -I${LOCALBASE}/include -L${LOCALBASE}/lib \
-lbacnet-stack -o ${WRKSRC}/bacnet/payloads/bacrp-freebsd
cd ${WRKSRC}/bacnet/src/bacnet-stack/apps && \
${CC} readprop/main.c -I${LOCALBASE}/include -L${LOCALBASE}/lib \
-lbacnet-stack -o ${WRKSRC}/bacnet/payloads/bacwp-freebsd
cd ${WRKDIR}/iec61850-build && \
cmake ${WRKSRC}/iec61850/src/ -DLOCALBASE=${LOCALBASE} -DBUILD_SYSTEM=ON && \
cmake --build .
cd ${WRKSRC}/modbus/src/src && \
${LOCALBASE}/bin/nuitka3 --standalone --onefile \
--output-filename=modbus_cli-freebsd --output-dir=${WRKDIR}/modbus_cli-build modbus_cli.py
--output-filename=modbus_cli_freebsd --output-dir=${WRKDIR}/modbus_cli-build modbus_cli.py
cd ${WRKDIR}/profinet-build && \
${LOCALBASE}/bin/nuitka3 --standalone --onefile \
--output-filename=dcp_utility_freebsd --output-dir=${WRKDIR}/profinet-build dcp_utility.py

do-install:
@${MKDIR} ${STAGEDIR}${WWWDIR}/plugins/bacnet
@${MKDIR} ${STAGEDIR}${WWWDIR}/plugins/dnp3
@${MKDIR} ${STAGEDIR}${WWWDIR}/plugins/modbus
@${MKDIR} ${STAGEDIR}${WWWDIR}/plugins/iec61850
@${MKDIR} ${STAGEDIR}${WWWDIR}/plugins/profinet
@cd ${WRKSRC}/bacnet && ${COPYTREE_SHARE} . ${STAGEDIR}/${WWWDIR}/plugins/bacnet
@cd ${WRKSRC}/dnp3 && ${COPYTREE_SHARE} . ${STAGEDIR}/${WWWDIR}/plugins/dnp3
@cd ${WRKSRC}/modbus && ${COPYTREE_SHARE} . ${STAGEDIR}/${WWWDIR}/plugins/modbus
${INSTALL_PROGRAM} ${WRKDIR}/modbus_cli-build/modbus_cli-freebsd \
${STAGEDIR}/${WWWDIR}/plugins/modbus/payloads/
@cd ${WRKSRC}/iec61850 && ${COPYTREE_SHARE} . ${STAGEDIR}/${WWWDIR}/plugins/iec61850
@cd ${WRKSRC}/profinet && ${COPYTREE_SHARE} . ${STAGEDIR}/${WWWDIR}/plugins/profinet
${INSTALL_PROGRAM} ${WRKDIR}/modbus_cli-build/modbus_cli_freebsd \
${STAGEDIR}/${WWWDIR}/plugins/modbus/payloads/modbus_cli_freebsd
${INSTALL_PROGRAM} ${WRKDIR}/iec61850-build/bin/iec61850_actions \
${STAGEDIR}/${WWWDIR}/plugins/iec61850/payloads/iec61850_actions_freebsd
${INSTALL_PROGRAM} ${WRKDIR}/profinet-build/dcp_utility_freebsd \
${STAGEDIR}/${WWWDIR}/plugins/profinet/payloads/dcp_utility_freebsd

post-install:
${STRIP_CMD} ${STAGEDIR}/${WWWDIR}/plugins/bacnet/payloads/bacwp-freebsd
${STRIP_CMD} ${STAGEDIR}/${WWWDIR}/plugins/bacnet/payloads/bacrp-freebsd

.include <bsd.port.mk>
6 changes: 5 additions & 1 deletion security/caldera-ot/distinfo
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
TIMESTAMP = 1698267655
TIMESTAMP = 1708238060
SHA256 (mitre-caldera-ot-4.2.0-6c6b971d96de121da33f27aa6f80806835346b23_GH0.tar.gz) = a4568765b1a373870ae00b781aa251ac94af089b46a3239bf743b0430405844e
SIZE (mitre-caldera-ot-4.2.0-6c6b971d96de121da33f27aa6f80806835346b23_GH0.tar.gz) = 5887
SHA256 (mitre-bacnet-745432c_GH0.tar.gz) = 60763dc1f3670124f3ec0caf11dd2a3c71def7689c6e90af66864e9924853ad7
Expand All @@ -7,3 +7,7 @@ SHA256 (mitre-dnp3-01e3748_GH0.tar.gz) = 5324a9910b22dd101ef52b2b48334f67d4e9d1f
SIZE (mitre-dnp3-01e3748_GH0.tar.gz) = 97589582
SHA256 (mitre-modbus-e47e259_GH0.tar.gz) = 2094210dbf96c0f60d7d5146e4ec7855e19b4bc23b47d51b906aa5961222c14d
SIZE (mitre-modbus-e47e259_GH0.tar.gz) = 38272647
SHA256 (mitre-iec61850-a72e2c1_GH0.tar.gz) = a75623efb6bdb686ba63615a5861b1e5de8704fe4ba5339bacb54b1e162918be
SIZE (mitre-iec61850-a72e2c1_GH0.tar.gz) = 1140484
SHA256 (mitre-profinet-7e62daa_GH0.tar.gz) = a7e747ac604dae44d2c5a64e35b9220af0ff42d8b043c818e25e5f3f0f9a34f9
SIZE (mitre-profinet-7e62daa_GH0.tar.gz) = 24278633
23 changes: 23 additions & 0 deletions ...t/files/patch-iec61850_data_abilities_collection_04ccfa36-f576-379f-a268-6283de403ad8.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
--- iec61850/data/abilities/collection/04ccfa36-f576-379f-a268-6283de403ad8.yml.orig 2024-02-18 18:34:52 UTC
+++ iec61850/data/abilities/collection/04ccfa36-f576-379f-a268-6283de403ad8.yml
@@ -52,6 +52,20 @@
- source: iec61850.device.name
edge: has_node
target: iec61850.node.name
+ freebsd:
+ sh:
+ command: './iec61850_actions_freebsd get data_sets #{iec61850.server.ip}'
+ payloads:
+ - iec61850_actions_freebsd
+ timeout: 360
+ parsers:
+ plugins.iec61850.app.parsers.data_set:
+ - source: iec61850.device.name
+ edge: has_dataset
+ target: iec61850.dataset.name
+ - source: iec61850.device.name
+ edge: has_node
+ target: iec61850.node.name
repeatable: true
plugin: iec61850
additional_info:
21 changes: 21 additions & 0 deletions ...t/files/patch-iec61850_data_abilities_collection_15758d41-4237-34eb-adb2-d5698e3ea4ff.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
--- iec61850/data/abilities/collection/15758d41-4237-34eb-adb2-d5698e3ea4ff.yml.orig 2024-02-18 18:34:52 UTC
+++ iec61850/data/abilities/collection/15758d41-4237-34eb-adb2-d5698e3ea4ff.yml
@@ -27,10 +27,16 @@
payloads:
- iec61850_actions
timeout: 360
+ freebsd:
+ sh:
+ command: './iec61850_actions_freebsd get reports #{iec61850.server.ip}'
+ payloads:
+ - iec61850_actions_freebsd
+ timeout: 360
repeatable: true
plugin: iec61850
additional_info:
facts:
iec61850.server.ip:
default: null
- description: IP address of the server
\ No newline at end of file
+ description: IP address of the server
27 changes: 27 additions & 0 deletions ...t/files/patch-iec61850_data_abilities_collection_1b7dcec1-0b12-3df4-b323-6c1b33356981.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
--- iec61850/data/abilities/collection/1b7dcec1-0b12-3df4-b323-6c1b33356981.yml.orig 2024-02-18 18:34:52 UTC
+++ iec61850/data/abilities/collection/1b7dcec1-0b12-3df4-b323-6c1b33356981.yml
@@ -67,6 +67,24 @@
- source: iec61850.attribute.name
edge: has_value
target: iec61850.attribute.value
+ freebsd:
+ sh:
+ command: './iec61850_actions_freebsd get value #{iec61850.attribute.name} --fc #{iec61850.attribute.fc}
+ #{iec61850.server.ip}'
+ payloads:
+ - iec61850_actions_freebsd
+ timeout: 360
+ parsers:
+ plugins.iec61850.app.parsers.value:
+ - source: iec61850.attribute.name
+ edge: has_fc
+ target: iec61850.attribute.fc
+ - source: iec61850.attribute.name
+ edge: has_datatype
+ target: iec61850.attribute.datatype
+ - source: iec61850.attribute.name
+ edge: has_value
+ target: iec61850.attribute.value
repeatable: true
plugin: iec61850
additional_info:
39 changes: 39 additions & 0 deletions ...t/files/patch-iec61850_data_abilities_collection_30419718-6f7c-3eab-8b06-ed6cea7858c7.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
--- iec61850/data/abilities/collection/30419718-6f7c-3eab-8b06-ed6cea7858c7.yml.orig 2024-02-18 18:34:52 UTC
+++ iec61850/data/abilities/collection/30419718-6f7c-3eab-8b06-ed6cea7858c7.yml
@@ -102,6 +102,36 @@
- source: iec61850.attribute.name
edge: has_datatype
target: iec61850.attribute.value
+ freebsd:
+ sh:
+ command: './iec61850_actions_freebsd get data_set_members #{iec61850.dataset.name}
+ #{iec61850.server.ip}'
+ payloads:
+ - iec61850_actions_freebsd
+ timeout: 360
+ parsers:
+ plugins.iec61850.app.parsers.data_set:
+ - source: iec61850.device.name
+ edge: has_node
+ target: iec61850.node.name
+ - source: iec61850.device.name
+ edge: has_dataset
+ target: iec61850.dataset.name
+ - source: iec61850.node.name
+ edge: has_object
+ target: iec61850.object.name
+ - source: iec61850.object.name
+ edge: has_attribute
+ target: iec61850.attribute.name
+ - source: iec61850.attribute.name
+ edge: has_fc
+ target: iec61850.attribute.fc
+ - source: iec61850.attribute.name
+ edge: has_datatype
+ target: iec61850.attribute.datatype
+ - source: iec61850.attribute.name
+ edge: has_datatype
+ target: iec61850.attribute.value
repeatable: true
plugin: iec61850
additional_info:
15 changes: 15 additions & 0 deletions ...t/files/patch-iec61850_data_abilities_collection_4c1138da-50b9-3744-99ea-1310690f2743.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
--- iec61850/data/abilities/collection/4c1138da-50b9-3744-99ea-1310690f2743.yml.orig 2024-02-18 18:34:52 UTC
+++ iec61850/data/abilities/collection/4c1138da-50b9-3744-99ea-1310690f2743.yml
@@ -30,6 +30,12 @@
payloads:
- iec61850_actions
timeout: 360
+ freebsd:
+ sh:
+ command: './iec61850_actions_freebsd get log #{iec61850.lcb.name} #{iec61850.server.ip}'
+ payloads:
+ - iec61850_actions_freebsd
+ timeout: 360
repeatable: true
plugin: iec61850
additional_info:
30 changes: 30 additions & 0 deletions ...t/files/patch-iec61850_data_abilities_collection_6ac44da4-f546-3e33-be1a-829b173b660f.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
--- iec61850/data/abilities/collection/6ac44da4-f546-3e33-be1a-829b173b660f.yml.orig 2024-02-18 18:34:52 UTC
+++ iec61850/data/abilities/collection/6ac44da4-f546-3e33-be1a-829b173b660f.yml
@@ -55,6 +55,20 @@
- source: iec61850.node.name
edge: has_object
target: iec61850.object.name
+ freebsd:
+ sh:
+ command: './iec61850_actions_freebsd get data_objects #{iec61850.node.name} #{iec61850.server.ip}'
+ payloads:
+ - iec61850_actions_freebsd
+ timeout: 360
+ parsers:
+ plugins.iec61850.app.parsers.data_model:
+ - source: iec61850.device.name
+ edge: has_node
+ target: iec61850.node.name
+ - source: iec61850.node.name
+ edge: has_object
+ target: iec61850.object.name
repeatable: true
plugin: iec61850
additional_info:
@@ -64,4 +78,4 @@
description: Name of a logical node
iec61850.server.ip:
default: null
- description: IP address of the server
\ No newline at end of file
+ description: IP address of the server
32 changes: 32 additions & 0 deletions ...t/files/patch-iec61850_data_abilities_collection_9f7757da-1da9-3b35-90f3-fdab578be198.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
--- iec61850/data/abilities/collection/9f7757da-1da9-3b35-90f3-fdab578be198.yml.orig 2024-02-18 18:34:52 UTC
+++ iec61850/data/abilities/collection/9f7757da-1da9-3b35-90f3-fdab578be198.yml
@@ -80,6 +80,29 @@
- source: iec61850.device.name
edge: has_lcb
target: iec61850.lcb.name
+ freebsd:
+ sh:
+ command: './iec61850_actions_freebsd get log_blocks #{iec61850.server.ip}'
+ payloads:
+ - iec61850_actions_freebsd
+ timeout: 360
+ parsers:
+ plugins.iec61850.app.parsers.lcb:
+ - source: iec61850.attribute.name
+ edge: has_fc
+ target: iec61850.attribute.fc
+ - source: iec61850.attribute.name
+ edge: has_datatype
+ target: iec61850.attribute.datatype
+ - source: iec61850.attribute.name
+ edge: has_value
+ target: iec61850.attribute.value
+ - source: iec61850.device.name
+ edge: has_node
+ target: iec61850.node.name
+ - source: iec61850.device.name
+ edge: has_lcb
+ target: iec61850.lcb.name
repeatable: true
plugin: iec61850
additional_info:
15 changes: 15 additions & 0 deletions ...t/files/patch-iec61850_data_abilities_collection_a0718ea1-9f55-3e24-b81a-c03f15eb89c2.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
--- iec61850/data/abilities/collection/a0718ea1-9f55-3e24-b81a-c03f15eb89c2.yml.orig 2024-02-18 18:34:52 UTC
+++ iec61850/data/abilities/collection/a0718ea1-9f55-3e24-b81a-c03f15eb89c2.yml
@@ -29,6 +29,12 @@
payloads:
- iec61850_actions
timeout: 360
+ freebsd:
+ sh:
+ command: './iec61850_actions_freebsd get files #{iec61850.server.ip}'
+ payloads:
+ - iec61850_actions_freebsd
+ timeout: 360
repeatable: true
plugin: iec61850
additional_info:
29 changes: 29 additions & 0 deletions ...t/files/patch-iec61850_data_abilities_collection_bbb3e7dc-3103-3ae9-9a77-6eb789cb3a07.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
--- iec61850/data/abilities/collection/bbb3e7dc-3103-3ae9-9a77-6eb789cb3a07.yml.orig 2024-02-18 18:34:52 UTC
+++ iec61850/data/abilities/collection/bbb3e7dc-3103-3ae9-9a77-6eb789cb3a07.yml
@@ -75,6 +75,26 @@
- source: iec61850.attribute.name
edge: has_fc
target: iec61850.attribute.fc
+ freebsd:
+ sh:
+ command: './iec61850_actions_freebsd get data_attributes #{iec61850.object.name} #{iec61850.server.ip}'
+ payloads:
+ - iec61850_actions_freebsd
+ timeout: 360
+ parsers:
+ plugins.iec61850.app.parsers.data_model:
+ - source: iec61850.device.name
+ edge: has_node
+ target: iec61850.node.name
+ - source: iec61850.node.name
+ edge: has_object
+ target: iec61850.object.name
+ - source: iec61850.object.name
+ edge: has_attribute
+ target: iec61850.attribute.name
+ - source: iec61850.attribute.name
+ edge: has_fc
+ target: iec61850.attribute.fc
repeatable: true
plugin: iec61850
additional_info:
20 changes: 20 additions & 0 deletions ...t/files/patch-iec61850_data_abilities_collection_f9308f14-e0d3-389e-9d77-ff2be9c3f34f.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
--- iec61850/data/abilities/collection/f9308f14-e0d3-389e-9d77-ff2be9c3f34f.yml.orig 2024-02-18 18:34:52 UTC
+++ iec61850/data/abilities/collection/f9308f14-e0d3-389e-9d77-ff2be9c3f34f.yml
@@ -46,6 +46,17 @@
- source: iec61850.device.name
edge: has_node
target: iec61850.node.name
+ freebsd:
+ sh:
+ command: './iec61850_actions_freebsd get logical_nodes #{iec61850.device.name} #{iec61850.server.ip}'
+ payloads:
+ - iec61850_actions_freebsd
+ timeout: 360
+ parsers:
+ plugins.iec61850.app.parsers.data_model:
+ - source: iec61850.device.name
+ edge: has_node
+ target: iec61850.node.name
repeatable: true
plugin: iec61850
additional_info:
18 changes: 18 additions & 0 deletions ...t/files/patch-iec61850_data_abilities_collection_fb81314b-0308-3761-b764-e523645e8df6.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
--- iec61850/data/abilities/collection/fb81314b-0308-3761-b764-e523645e8df6.yml.orig 2024-02-18 18:34:52 UTC
+++ iec61850/data/abilities/collection/fb81314b-0308-3761-b764-e523645e8df6.yml
@@ -38,6 +38,15 @@
parsers:
plugins.iec61850.app.parsers.data_model:
- source: iec61850.device.name
+ freebsd:
+ sh:
+ command: './iec61850_actions_freebsd get logical_devices #{iec61850.server.ip}'
+ payloads:
+ - iec61850_actions_freebsd
+ timeout: 360
+ parsers:
+ plugins.iec61850.app.parsers.data_model:
+ - source: iec61850.device.name
repeatable: true
plugin: iec61850
additional_info:

0 comments on commit bcbfdae

Please sign in to comment.