From c917ab54fcbb3c6c2b6e727100e76e2cc4f5a903 Mon Sep 17 00:00:00 2001 From: Patrick Date: Tue, 2 Jul 2024 10:56:05 +0200 Subject: [PATCH 1/6] bug fix ssh key generation --- modules/configuration.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/configuration.py b/modules/configuration.py index 7e790b6ea..db48092fe 100644 --- a/modules/configuration.py +++ b/modules/configuration.py @@ -53,7 +53,7 @@ def create_key_pair_aws(region): epoch_time = str(int(time.time())) ssh_key_name = getpass.getuser() + "-" + epoch_time[-5:] + ".key" # create ssh keys - response = client.create_key_pair(KeyType='ed25519', KeyName=str(ssh_key_name)[:-4]) + response = client.create_key_pair(KeyType='rsa', KeyName=str(ssh_key_name)[:-4]) with open(ssh_key_name, "w") as ssh_key: ssh_key.write(response['KeyMaterial']) os.chmod(ssh_key_name, 0o600) From 480a04328c48f3c597782f22be621eb81f256fb3 Mon Sep 17 00:00:00 2001 From: ljstella Date: Tue, 2 Jul 2024 10:28:25 -0500 Subject: [PATCH 2/6] Swapping TA --- packer/ansible/roles/splunk_server/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packer/ansible/roles/splunk_server/tasks/main.yml b/packer/ansible/roles/splunk_server/tasks/main.yml index 0703b52a9..b1c28a1f4 100644 --- a/packer/ansible/roles/splunk_server/tasks/main.yml +++ b/packer/ansible/roles/splunk_server/tasks/main.yml @@ -22,7 +22,7 @@ - "splunk-machine-learning-toolkit_541.tgz" - "splunk-security-essentials_380.tgz" - "splunk-add-on-for-sysmon_400.tgz " - - "add-on-for-linux-sysmon_104.tgz" + - "splunk-add-on-for-sysmon-for-linux_100.tgz" - "splunk-add-on-for-amazon-web-services-aws_760.tgz" - "splunk-add-on-for-microsoft-office-365_451.tgz" - "splunk-add-on-for-amazon-kinesis-firehose_131r7d1d093.tgz" From 1c2b383a215bf02109ee4949206ecb0335457e14 Mon Sep 17 00:00:00 2001 From: ljstella Date: Tue, 2 Jul 2024 10:31:17 -0500 Subject: [PATCH 3/6] Updated sourcetype --- packer/ansible/roles/linux_sysmon/files/inputs.conf | 2 +- .../ansible/roles/sysmon_linux/files/deb_template_inputs.conf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/packer/ansible/roles/linux_sysmon/files/inputs.conf b/packer/ansible/roles/linux_sysmon/files/inputs.conf index a774773b7..88d7027dd 100644 --- a/packer/ansible/roles/linux_sysmon/files/inputs.conf +++ b/packer/ansible/roles/linux_sysmon/files/inputs.conf @@ -6,4 +6,4 @@ journalctl-exclude-fields = __MONOTONIC_TIMESTAMP,__SOURCE_REALTIME_TIMESTAMP journalctl-filter = _SYSTEMD_UNIT=sysmon.service index = unix source = Syslog:Linux-Sysmon/Operational -sourcetype = sysmon_linux \ No newline at end of file +sourcetype = sysmon:linux \ No newline at end of file diff --git a/packer/ansible/roles/sysmon_linux/files/deb_template_inputs.conf b/packer/ansible/roles/sysmon_linux/files/deb_template_inputs.conf index a774773b7..88d7027dd 100644 --- a/packer/ansible/roles/sysmon_linux/files/deb_template_inputs.conf +++ b/packer/ansible/roles/sysmon_linux/files/deb_template_inputs.conf @@ -6,4 +6,4 @@ journalctl-exclude-fields = __MONOTONIC_TIMESTAMP,__SOURCE_REALTIME_TIMESTAMP journalctl-filter = _SYSTEMD_UNIT=sysmon.service index = unix source = Syslog:Linux-Sysmon/Operational -sourcetype = sysmon_linux \ No newline at end of file +sourcetype = sysmon:linux \ No newline at end of file From c3d08bdea0f96a23f7f85bc8c548f3db958cbbfd Mon Sep 17 00:00:00 2001 From: pyth0n1c Date: Tue, 2 Jul 2024 10:40:21 -0700 Subject: [PATCH 4/6] add to pyproject.toml --- pyproject.toml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/pyproject.toml b/pyproject.toml index af574b65f..46de67ea8 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -26,6 +26,12 @@ questionary = "^1.10.0" Jinja2 = "^3.1.2" python-vagrant = "^1.0.0" +# Fix issue with docutils ".post1" release +# https://github.com/python-poetry/poetry/issues/9293#issuecomment-2048205226 +[[tool.poetry.source]] +name = "pypi-public" +url = "https://pypi.org/simple/" + [tool.poetry.dev-dependencies] [build-system] From f6308c102dcf04272cbbc52dd4ab2fcb5701eae2 Mon Sep 17 00:00:00 2001 From: ljstella Date: Wed, 3 Jul 2024 08:56:29 -0500 Subject: [PATCH 5/6] Bumped action versions to ones that support newer versions of Node --- .github/workflows/build_attack_destroy_aws.yml | 8 ++++---- .github/workflows/build_attack_destroy_azure.yml | 8 ++++---- .github/workflows/destroy_old_attack_ranges.yml | 6 +++--- .github/workflows/publish-docker-image.yml | 10 +++++----- .github/workflows/release.yml | 10 +++++----- 5 files changed, 21 insertions(+), 21 deletions(-) diff --git a/.github/workflows/build_attack_destroy_aws.yml b/.github/workflows/build_attack_destroy_aws.yml index 068410724..fd5542c80 100644 --- a/.github/workflows/build_attack_destroy_aws.yml +++ b/.github/workflows/build_attack_destroy_aws.yml @@ -10,19 +10,19 @@ jobs: steps: - name: Checkout repo - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: Install System Packages run: | sudo apt update -qq sudo apt install -y openssh-client - - uses: actions/setup-python@v2 + - uses: actions/setup-python@v5 with: python-version: '3.9' #Available versions here - https://github.com/actions/python-versions/releases easy to change/make a matrix/use pypy architecture: 'x64' # optional x64 or x86. Defaults to x64 if not specified - - uses: aws-actions/configure-aws-credentials@v1 + - uses: aws-actions/configure-aws-credentials@v4 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} @@ -36,7 +36,7 @@ jobs: known_hosts: unnecessary if_key_exists: fail - - uses: hashicorp/setup-terraform@v1 + - uses: hashicorp/setup-terraform@v3 - name: Install Packer run: | diff --git a/.github/workflows/build_attack_destroy_azure.yml b/.github/workflows/build_attack_destroy_azure.yml index 636dc9cda..ddb278632 100644 --- a/.github/workflows/build_attack_destroy_azure.yml +++ b/.github/workflows/build_attack_destroy_azure.yml @@ -10,19 +10,19 @@ jobs: steps: - name: Checkout repo - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: Install System Packages run: | sudo apt update -qq sudo apt install -y openssh-client - - uses: actions/setup-python@v2 + - uses: actions/setup-python@v5 with: python-version: '3.9' #Available versions here - https://github.com/actions/python-versions/releases easy to change/make a matrix/use pypy architecture: 'x64' # optional x64 or x86. Defaults to x64 if not specified - - uses: Azure/login@v1 + - uses: Azure/login@v2 with: creds: '{"clientId":"${{ secrets.CLIENT_ID }}","clientSecret":"${{ secrets.CLIENT_SECRET }}","subscriptionId":"${{ secrets.SUBSCRIPTION_ID }}","tenantId":"${{ secrets.TENANT_ID }}"}' @@ -38,7 +38,7 @@ jobs: run: | echo ${{ secrets.AR_SSH_PUBLIC_KEY }} > ~/.ssh/ar-github-actions.pub - - uses: hashicorp/setup-terraform@v1 + - uses: hashicorp/setup-terraform@v3 - name: Install Packer run: | diff --git a/.github/workflows/destroy_old_attack_ranges.yml b/.github/workflows/destroy_old_attack_ranges.yml index ce89a3163..e26c5839b 100644 --- a/.github/workflows/destroy_old_attack_ranges.yml +++ b/.github/workflows/destroy_old_attack_ranges.yml @@ -10,18 +10,18 @@ jobs: steps: - name: Checkout repo - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: Install System Packages run: | sudo apt update -qq - - uses: actions/setup-python@v2 + - uses: actions/setup-python@v5 with: python-version: '3.9' #Available versions here - https://github.com/actions/python-versions/releases easy to change/make a matrix/use pypy architecture: 'x64' # optional x64 or x86. Defaults to x64 if not specified - - uses: aws-actions/configure-aws-credentials@v1 + - uses: aws-actions/configure-aws-credentials@v4 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} diff --git a/.github/workflows/publish-docker-image.yml b/.github/workflows/publish-docker-image.yml index b73daef56..1c0a69ad6 100644 --- a/.github/workflows/publish-docker-image.yml +++ b/.github/workflows/publish-docker-image.yml @@ -13,24 +13,24 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: ref: 'develop' - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Login to Docker Hub - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PASSWORD }} - name: Build and push - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v6 with: context: docker/ platforms: linux/amd64,linux/arm64 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7bc9fece1..3f4d0d20f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -43,7 +43,7 @@ jobs: if: startsWith(github.ref, 'refs/tags/v') steps: - name: Checkout repo - uses: actions/checkout@v2 + uses: actions/checkout@v4 with: ref: 'develop' @@ -60,7 +60,7 @@ jobs: #Upload all of the release artifacts that we have created using the third party #action recommended bu Github - name: Upload Release Artifacts - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@v2 with: files: | ../attack-range-${{ steps.vars.outputs.tag }}.tar.gz @@ -75,18 +75,18 @@ jobs: if: startsWith(github.ref, 'refs/tags/v') steps: - name: Checkout repo - uses: actions/checkout@v2 + uses: actions/checkout@v4 with: ref: 'develop' - name: Login to DockerHub - uses: docker/login-action@v1 + uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PASSWORD }} - name: Setup Docker Build and Push - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v6 with: push: true context: docker/ #do the build in the docker directory, not current working directory From 29b5a2615a154cca0a6be42092dae5611cdde17e Mon Sep 17 00:00:00 2001 From: ljstella Date: Wed, 3 Jul 2024 10:06:36 -0500 Subject: [PATCH 6/6] Add GH Actions to dependabot --- .github/dependabot.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 8d6bfb30c..d25f88efc 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -6,3 +6,7 @@ updates: interval: daily time: "14:00" open-pull-requests-limit: 10 +- package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly"