From d8671ea03afdd4aeae80b51d0d5ab1991b5cdd23 Mon Sep 17 00:00:00 2001 From: Matt Joyce Date: Thu, 5 Dec 2024 22:09:47 +1100 Subject: [PATCH] Added example files and tutorial --- plugins/template/Examples/README.md | 0 plugins/template/Examples/memories.db | Bin 0 -> 8192 bytes .../Examples/remote-security-report.sh | 24 ++++ .../Examples/remote-security-report.yaml | 17 +++ plugins/template/Examples/security-report.sh | 113 ++++++++++++++++++ .../template/Examples/security-report.yaml | 18 +++ plugins/template/Examples/sqlite3_demo.yaml | 23 ++++ plugins/template/Examples/track_packages.sh | 18 +++ plugins/template/Examples/word-generator.py | 36 ++++++ plugins/template/Examples/word-generator.yaml | 16 +++ 10 files changed, 265 insertions(+) create mode 100644 plugins/template/Examples/README.md create mode 100644 plugins/template/Examples/memories.db create mode 100755 plugins/template/Examples/remote-security-report.sh create mode 100644 plugins/template/Examples/remote-security-report.yaml create mode 100755 plugins/template/Examples/security-report.sh create mode 100644 plugins/template/Examples/security-report.yaml create mode 100644 plugins/template/Examples/sqlite3_demo.yaml create mode 100755 plugins/template/Examples/track_packages.sh create mode 100755 plugins/template/Examples/word-generator.py create mode 100644 plugins/template/Examples/word-generator.yaml diff --git a/plugins/template/Examples/README.md b/plugins/template/Examples/README.md new file mode 100644 index 00000000..e69de29b diff --git a/plugins/template/Examples/memories.db b/plugins/template/Examples/memories.db new file mode 100644 index 0000000000000000000000000000000000000000..045be3cdcf01091087bcdc4991b8d1ca805d38d0 GIT binary patch literal 8192 zcmeI1%~I4r5XX~s6-ARERTc*e9W4>DK&ns=94uYdNNuqoEK3Q+X*LQ4|}o;%E<>{rZzjt^uIfuU(cm$c6ZuT6LchGjx~DfO?kfWy+X+I zyxRDJsTw}~*T?sEvd{k;HSbB{2cYt!(u1EHj({WJ2si?cfFs}tI0BAKpsnxfWLH(rlBXuH$e zY;+FLMtrbX8Fg6@)Q$JMXzMLpd+qjUy^2wuw@fbB-h4V(@uHv6x9C&UiB_U8{2l%X zzlNW~!|+)c1iyms!IxkkL~b|&j({WJ2si?cfFs}tI0BA^a9D792DtnE1~O39EgQRIYcbR=<3j)fd7Oo2md z?9d^YEoquVWWlM1&JaSUSoM1X%k*Ic(&kwDnkp@6&uEgO9!>_PKuR#9so=}uKRIj@ zsRYLi4Y)XFB+Vc;<~W1S6Vgzn(j=b?z@c%Pbi0ML5X_zp!@D&`AZMkbYVJnen~8^* z8S+MepG1@=%qTh}C=q#XAZ2J}=dPd0nv!5RWmZOMOu6lM&yrNLlOTIuMe7h%090fY z#4IEo;-tKH4a_ep^O~V7t@50Tsta3pk61`i-ly zTm#{u6^;Pla~$m#0!$+lVmF`Nl#hLI*s%_qxGInC6SOX@IfLz%+Z-6?nStv60ov#= ATmS$7 literal 0 HcmV?d00001 diff --git a/plugins/template/Examples/remote-security-report.sh b/plugins/template/Examples/remote-security-report.sh new file mode 100755 index 00000000..af063b58 --- /dev/null +++ b/plugins/template/Examples/remote-security-report.sh @@ -0,0 +1,24 @@ +#!/bin/bash +# remote-security-report.sh +# Usage: remote-security-report.sh cert host [report_name] + +cert_path="$1" +host="$2" +report_name="${3:-report}" +temp_file="/tmp/security-report-${report_name}.txt" + +# Copy the security report script to remote host +scp -i "$cert_path" /usr/local/bin/security-report.sh "${host}:~/security-report.sh" >&2 + +# Make it executable and run it on remote host +ssh -i "$cert_path" "$host" "chmod +x ~/security-report.sh && sudo ~/security-report.sh ${temp_file}" >&2 + +# Copy the report back +scp -i "$cert_path" "${host}:${temp_file}" "${temp_file}" >&2 + +# Cleanup remote files +ssh -i "$cert_path" "$host" "rm ~/security-report.sh ${temp_file}" >&2 + +# Output the local file path for fabric to read +echo "${temp_file}" + diff --git a/plugins/template/Examples/remote-security-report.yaml b/plugins/template/Examples/remote-security-report.yaml new file mode 100644 index 00000000..bfe02d09 --- /dev/null +++ b/plugins/template/Examples/remote-security-report.yaml @@ -0,0 +1,17 @@ +name: "remote-security" +executable: "/usr/local/bin/remote-security-report.sh" +type: "executable" +timeout: "60s" +description: "Generate security report from remote system" + +operations: + report: + cmd_template: "{{executable}} {{1}} {{2}} {{3}}" + +config: + output: + method: "file" + file_config: + cleanup: true + path_from_stdout: true + work_dir: "/tmp" diff --git a/plugins/template/Examples/security-report.sh b/plugins/template/Examples/security-report.sh new file mode 100755 index 00000000..2cd7e497 --- /dev/null +++ b/plugins/template/Examples/security-report.sh @@ -0,0 +1,113 @@ +#!/bin/bash + +# security-report.sh - Enhanced system security information collection +# Usage: security-report.sh [output_file] + +output_file=${1:-/tmp/security-report.txt} + +{ + echo "=== System Security Report ===" + echo "Generated: $(date)" + echo "Hostname: $(hostname)" + echo "Kernel: $(uname -r)" + echo + + echo "=== System Updates ===" + echo "Last update: $(stat -c %y /var/cache/apt/pkgcache.bin | cut -d' ' -f1)" + echo "Pending updates:" + apt list --upgradable 2>/dev/null + + echo -e "\n=== Security Updates ===" + echo "Pending security updates:" + apt list --upgradable 2>/dev/null | grep -i security + + echo -e "\n=== User Accounts ===" + echo "Users with login shells:" + grep -v '/nologin\|/false' /etc/passwd + echo -e "\nUsers who can login:" + awk -F: '$2!="*" && $2!="!" {print $1}' /etc/shadow + echo -e "\nUsers with empty passwords:" + awk -F: '$2=="" {print $1}' /etc/shadow + echo -e "\nUsers with UID 0:" + awk -F: '$3==0 {print $1}' /etc/passwd + + echo -e "\n=== Sudo Configuration ===" + echo "Users/groups with sudo privileges:" + grep -h '^[^#]' /etc/sudoers.d/* /etc/sudoers 2>/dev/null + echo -e "\nUsers with passwordless sudo:" + grep -h NOPASSWD /etc/sudoers.d/* /etc/sudoers 2>/dev/null + + echo -e "\n=== SSH Configuration ===" + if [ -f /etc/ssh/sshd_config ]; then + echo "Key SSH settings:" + grep -E '^(PermitRootLogin|PasswordAuthentication|Port|Protocol|X11Forwarding|MaxAuthTries|PermitEmptyPasswords)' /etc/ssh/sshd_config + fi + + echo -e "\n=== SSH Keys ===" + echo "Authorized keys found:" + find /home -name "authorized_keys" -ls 2>/dev/null + + echo -e "\n=== Firewall Status ===" + echo "UFW Status:" + ufw status verbose + echo -e "\nIPTables Rules:" + iptables -L -n + + echo -e "\n=== Network Services ===" + echo "Listening services (port - process):" + netstat -tlpn 2>/dev/null | grep LISTEN + + echo -e "\n=== Recent Authentication Failures ===" + echo "Last 5 failed SSH attempts:" + grep "Failed password" /var/log/auth.log | tail -5 + + echo -e "\n=== File Permissions ===" + echo "World-writable files in /etc:" + find /etc -type f -perm -002 -ls 2>/dev/null + echo -e "\nWorld-writable directories in /etc:" + find /etc -type d -perm -002 -ls 2>/dev/null + + echo -e "\n=== System Resource Usage ===" + echo "Disk Usage:" + df -h + echo -e "\nMemory Usage:" + free -h + echo -e "\nTop 5 CPU-using processes:" + ps aux --sort=-%cpu | head -6 + + echo -e "\n=== System Timers ===" + echo "Active timers (potential scheduled tasks):" + systemctl list-timers --all + + echo -e "\n=== Important Service Status ===" + for service in ssh ufw apparmor fail2ban clamav-freshclam; do + echo "Status of $service:" + systemctl status $service --no-pager 2>/dev/null + done + + echo -e "\n=== Fail2Ban Logs ===" + echo "Recent Fail2Ban activity (fail2ban.log):" + if [ -f /var/log/fail2ban.log ]; then + echo "=== Current log (fail2ban.log) ===" + cat /var/log/fail2ban.log + else + echo "fail2ban.log not found" + fi + + if [ -f /var/log/fail2ban.log.1 ]; then + echo -e "\n=== Previous log (fail2ban.log.1) ===" + cat /var/log/fail2ban.log.1 + else + echo -e "\nfail2ban.log.1 not found" + fi + + echo -e "\n=== Fail2Ban Status ===" + echo "Currently banned IPs:" + sudo fail2ban-client status + + +} > "$output_file" + +# Output the file path for fabric to read +echo "$output_file" + diff --git a/plugins/template/Examples/security-report.yaml b/plugins/template/Examples/security-report.yaml new file mode 100644 index 00000000..bb050e4f --- /dev/null +++ b/plugins/template/Examples/security-report.yaml @@ -0,0 +1,18 @@ +name: "security-report" +executable: "/usr/local/bin/security-report.sh" +type: "executable" +timeout: "30s" +description: "Generate system security report" +version: "1.0.0" + +operations: + generate: + cmd_template: "{{executable}} /tmp/security-report-{{1}}.txt" + +config: + output: + method: "file" + file_config: + cleanup: true + path_from_stdout: true + work_dir: "/tmp" diff --git a/plugins/template/Examples/sqlite3_demo.yaml b/plugins/template/Examples/sqlite3_demo.yaml new file mode 100644 index 00000000..0faaaa27 --- /dev/null +++ b/plugins/template/Examples/sqlite3_demo.yaml @@ -0,0 +1,23 @@ +name: memory-query +executable: /usr/bin/sqlite3 +type: executable +timeout: "5s" +description: "Query memories database" +version: "1.0.0" +env: [] + +operations: + goal: + cmd_template: "{{executable}} -json /home/matt/memories.db \"select * from memories where type= 'goal'\"" + value: + cmd_template: "{{executable}} -json /home/matt/memories.db \"select * from memories where type= 'value'\"" + project: + cmd_template: "{{executable}} -json /home/matt/memories.db \"select * from memories where type= 'project'\"" + byid: + cmd_template: "{{executable}} -json /home/matt/memories.db \"select * from memories where uid= {{value}}\"" + all: + cmd_template: "{{executable}} -json ~/memories.db \"select * from memories\"" + +config: + output: + method: stdout diff --git a/plugins/template/Examples/track_packages.sh b/plugins/template/Examples/track_packages.sh new file mode 100755 index 00000000..6970d44c --- /dev/null +++ b/plugins/template/Examples/track_packages.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +LOG_DIR="/var/log/package_tracking" +DATE=$(date +%Y%m%d) + +# Ensure directory exists +mkdir -p "$LOG_DIR" + +# Current package list +dpkg -l > "$LOG_DIR/packages_current.list" + +# Create diff if previous exists +if [ -f "$LOG_DIR/packages_previous.list" ]; then + diff "$LOG_DIR/packages_previous.list" "$LOG_DIR/packages_current.list" > "$LOG_DIR/changes_current.diff" +fi + +# Keep copy for next comparison +cp "$LOG_DIR/packages_current.list" "$LOG_DIR/packages_previous.list" diff --git a/plugins/template/Examples/word-generator.py b/plugins/template/Examples/word-generator.py new file mode 100755 index 00000000..eb33c517 --- /dev/null +++ b/plugins/template/Examples/word-generator.py @@ -0,0 +1,36 @@ +#!/usr/bin/env python3 +import sys +import json +import random + +# A small set of words for demonstration! +WORD_LIST = [ + "apple", "banana", "cherry", "date", "elderberry", + "fig", "grape", "honeydew", "kiwi", "lemon", + "mango", "nectarine", "orange", "papaya", "quince", + "raspberry", "strawberry", "tangerine", "ugli", "watermelon" +] + +def generate_words(count): + try: + count = int(count) + if count < 1: + return json.dumps({"error": "Count must be positive"}) + + # Generate random words + words = random.sample(WORD_LIST, min(count, len(WORD_LIST))) + + # Return JSON formatted result + return json.dumps({ + "words": words, + "count": len(words) + }) + except ValueError: + return json.dumps({"error": "Invalid count parameter"}) + +if __name__ == "__main__": + if len(sys.argv) != 2: + print(json.dumps({"error": "Exactly one argument required"})) + sys.exit(1) + + print(generate_words(sys.argv[1])) diff --git a/plugins/template/Examples/word-generator.yaml b/plugins/template/Examples/word-generator.yaml new file mode 100644 index 00000000..a283b25d --- /dev/null +++ b/plugins/template/Examples/word-generator.yaml @@ -0,0 +1,16 @@ +name: word-generator +executable: /usr/local/bin/word-generator.py +type: executable +timeout: "5s" +description: "Generates random words based on count parameter" +version: "1.0.0" +env: [] + +operations: + generate: + cmd_template: "{{executable}} {{value}}" + +config: + output: + method: stdout +