Updating logger to use Python 3.6.4 for better Caldera support

2018-01-22 23:05:21 -08:00
parent 8112bfac42
commit 8bce148a89
4 changed files with 25 additions and 23 deletions
--- a/README.md
+++ b/README.md
@@ -34,6 +34,7 @@ OSX 10.12.6 | 2.0.1 | 1.1.2 | Virtualbox (5.1.30)
 OSX 10.12.4 | 1.9.2 | 1.0.0 | VMWare Fusion (8.5.6)
 OSX 10.12.5 | 1.9.3 | 1.0.0 | VMWare Fusion (8.5.8)
 OSX 10.12.6 | 2.0.1 | 1.1.3 | VMWare Fusion (8.5.9)
 OSX 10.12.6 | 2.0.1 | 1.1.3 | VMWare Fusion (8.5.10)
 **Known Bad Versions:**
 * Packer 1.1.2 will fail to build VMWare-ISOs correctly due to [this issue](https://github.com/hashicorp/packer/issues/5622).
@@ -65,6 +66,7 @@ $ packer build --only=[vmware|virtualbox]-iso windows_2016.json
 7. Navigate to https://192.168.38.5:8000 in a browser to access the Splunk instance on logger. Default credentials are admin:changeme (you will have the option to change them on the next screen)
 8. Navigate to https://192.168.38.5:8412 in a browser to access the Fleet server on logger. Default credentials are admin:admin123#. Query packs are pre-configured with queries from [palantir/osquery-configuration](https://github.com/palantir/osquery-configuration).
 9. Navigate to https://192.168.38.5:8888 in a browser to access the Caldera server on logger. Default credentials are admin:caldera.
 ## Basic Vagrant Usage
 Vagrant commands must be run from the "Vagrant" folder.
@@ -186,6 +188,12 @@ $ docker-compose up -d
 ---
 **Issue:** Your primary hard drive doesn't have enough space for DetectionLab
 **Workaround:** Documented in [#48](https://github.com/clong/detectionlab/issues/48). You can change the default location for Vagrant by using the [VAGRANT_HOME](https://www.vagrantup.com/docs/other/environmental-variables.html#vagrant_home) environment variable.
 ---
 ## Contributing
 Please do all of your development in a feature branch on your own fork of detectionlab.
 Requests for tools and features will be reviewed on a case by case basis, but I will always accept fixes and improvements.
--- a/Vagrant/bootstrap.sh
+++ b/Vagrant/bootstrap.sh
@@ -6,9 +6,18 @@ echo "deb http://repo.mongodb.org/apt/ubuntu "$(lsb_release -sc)"/mongodb-org/3.
 # Install prerequisites and useful tools
 apt-get update
-apt-get install -y jq whois build-essential git docker docker-compose unzip python3-dev python3-pip mongodb-org
+apt-get install -y jq whois build-essential git docker docker-compose unzip mongodb-org
 # Install Python 3.6.4
 echo "Installing Python v3.6.4..."
 wget https://www.python.org/ftp/python/3.6.4/Python-3.6.4.tgz
 tar -xvf Python-3.6.4.tgz
 cd Python-3.6.4
 ./configure && make && make install
 cd /home/vagrant
 # Install Golang v1.8
 echo "Installing GoLang v1.8..."
 wget https://storage.googleapis.com/golang/go1.8.linux-amd64.tar.gz
 tar -xvf go1.8.linux-amd64.tar.gz
 mv go /usr/local
@@ -28,6 +37,7 @@ sudo update-alternatives --set go /usr/local/go/bin/go
 if [ -f "/opt/splunk/bin/splunk" ]
  then echo "Splunk is already installed"
 else
  echo "Installing Splunk..."
  # Get Splunk.com into the DNS cache. Sometimes resolution randomly fails during wget below
  dig @8.8.8.8 splunk.com
  # Download Splunk
@@ -57,6 +67,7 @@ else
 fi
 # Install Fleet
 echo "Installing Fleet..."
 echo -e "\n127.0.0.1       kolide" >> /etc/hosts
 git clone https://github.com/kolide/kolide-quickstart.git
 cd kolide-quickstart
@@ -71,7 +82,7 @@ echo "Updated enrollment secret"
 cd /home/vagrant
 # Import Palantir osquery configs into Fleet
-echo "Downloading Palantir configs"
+echo "Downloading Palantir configs..."
 git clone https://github.com/palantir/osquery-configuration.git
 git clone https://github.com/kolide/configimporter.git
 cd configimporter
@@ -117,15 +128,12 @@ curl 'https://192.168.38.5:8412/api/v1/kolide/packs/5' -X PATCH -H 'origin: http
 /opt/splunk/bin/splunk add monitor "/home/vagrant/kolide-quickstart/osquery_status" -index osquery-status -sourcetype 'osquery:status' -auth 'admin:changeme'
 # Install Mitre's Caldera
 echo "Installing Caldera..."
 cd /home/vagrant
 git clone https://github.com/mitre/caldera.git
 cd /home/vagrant/caldera/caldera
-pip3 install -r requirements.txt
+pip3.6 install -r requirements.txt
-pip3 install aiohttp==2.3.8 # See https://github.com/mitre/caldera/pull/13
+
 # Patch sslproto https://github.com/mitre/caldera/issues/14#issuecomment-358190888
 cd /usr/lib/python3.5/asyncio
 cp /vagrant/resources/caldera/sslproto.patch .
 patch < sslproto.patch
 # Add a Systemd service for MongoDB
 # https://www.howtoforge.com/tutorial/install-mongodb-on-ubuntu-16.04/
 cp /vagrant/resources/caldera/mongod.service /lib/systemd/system/mongod.service
--- a/Vagrant/resources/caldera/caldera.service
+++ b/Vagrant/resources/caldera/caldera.service
@@ -5,7 +5,7 @@ After=multi-user.target
 [Service]
 Type=idle
 WorkingDirectory=/home/vagrant/caldera/caldera
-ExecStart=/usr/bin/python3 caldera.py
+ExecStart=/usr/local/bin/python3.6 caldera.py
 [Install]
 WantedBy=multi-user.target
--- a/Vagrant/resources/caldera/sslproto.patch
+++ b/Vagrant/resources/caldera/sslproto.patch
@@ -1,14 +0,0 @@
 --- sslproto.py	2018-01-17 08:00:50.567571454 +0000
 +++ sslproto.py.new	2018-01-17 08:03:31.996275969 +0000
@@ -533,8 +533,10 @@
     def _get_extra_info(self, name, default=None):
         if name in self._extra:
             return self._extra[name]
 -        else:
 +        elif self._transport is not None:
             return self._transport.get_extra_info(name, default)
 +        else:
 +            return default
     def _start_shutdown(self):
         if self._in_shutdown: