Merge ~gomesjoao/+git/ubuntu-fips-tools:master into ~fips-cc-stig/+git/ubuntu-fips-tools:master

Proposed by João Gomes
Status: Needs review
Proposed branch: ~gomesjoao/+git/ubuntu-fips-tools:master
Merge into: ~fips-cc-stig/+git/ubuntu-fips-tools:master
Diff against target: 165 lines (+147/-0)
3 files modified
audit_build_schroot.sh (+69/-0)
audit_scan_lxd.sh (+47/-0)
audit_scan_schroot.sh (+31/-0)
Reviewer Review Type Date Requested Status
Miha Purg Pending
Jordan Rogers Pending
Tobias Heider Pending
Review via email: mp+461259@code.launchpad.net
To post a comment you must log in.
729b886... by João Gomes

Add initial version of script to scan lxc minimal image.

33a7243... by João Gomes

Add initial version of script to scan schroot target.

Unmerged commits

33a7243... by João Gomes

Add initial version of script to scan schroot target.

729b886... by João Gomes

Add initial version of script to scan lxc minimal image.

ceafe9e... by João Gomes

Add initial version of script to build audit schroot

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/audit_build_schroot.sh b/audit_build_schroot.sh
2new file mode 100755
3index 0000000..bfe69b7
4--- /dev/null
5+++ b/audit_build_schroot.sh
6@@ -0,0 +1,69 @@
7+#!/bin/sh
8+
9+set -e
10+
11+ARCH="amd64"
12+RELEASE="jammy"
13+EXTRA_PKG=""
14+
15+DEPS="debootstrap schroot"
16+for dep in $DEPS ; do
17+ if ! [ -x "$(command -v "$dep")" ]; then
18+ printf "Error:\t%s is missing.\n" "$dep"
19+ exit 1
20+ fi
21+done
22+
23+if [ $# -lt 2 ]; then
24+ printf "Error:\tMissing parameters\n"
25+ printf "\tThe name and dir of the schroot needs to be provided\n"
26+ printf "Usage:\t%s [name] [dir]\n" "$0"
27+ exit 1
28+fi
29+
30+SCHROOT_NAME=$1
31+SCHROOT_DIR=$2
32+
33+schroot_config=$(cat <<-END
34+[$SCHROOT_NAME]
35+description=$SCHROOT_NAME
36+groups=sbuild,root
37+root-groups=sbuild,root
38+source-root-users=root,sbuild,admin
39+source-root-groups=root,sbuild,admin
40+type=directory
41+profile=default
42+union-type=overlay
43+directory=$SCHROOT_DIR
44+preserve-environment=true
45+END
46+)
47+
48+[ -d "$SCHROOT_DIR" ] || {
49+ # Create dir to install chroot on
50+ mkdir -p "$SCHROOT_DIR"
51+}
52+
53+[ -f "$schroot_config" ] || {
54+ # Create chroot config
55+ echo "$schroot_config" > /etc/schroot/chroot.d/"$SCHROOT_NAME-$ARCH"
56+}
57+
58+# Bootstrap minimal chroot
59+debootstrap --variant=minbase --arch="$ARCH" "$RELEASE" "$SCHROOT_DIR" http://archive.ubuntu.com/ubuntu
60+
61+# Install ubuntu-minimal to install all software we consider required
62+schroot -c "$SCHROOT_NAME" -u root -- apt-get install ubuntu-minimal
63+
64+# Remove symlinks that reference the base system and cause loops when scanning
65+rm --one-file-system /srv/devel/schroot/test-minimal/var/lock
66+rm --one-file-system /srv/devel/schroot/test-minimal/var/run
67+rm --one-file-system /srv/devel/schroot/test-minimal/dev/fd
68+rm --one-file-system /srv/devel/schroot/test-minimal/dev/stderr
69+rm --one-file-system /srv/devel/schroot/test-minimal/dev/stdin
70+rm --one-file-system /srv/devel/schroot/test-minimal/dev/stdout
71+
72+# Install extra packages if necessary
73+[ -n "$EXTRA_PKG" ] && {
74+ schroot -c "$SCHROOT_NAME" -u root -- apt-get -y install "$EXTRA_PKG"
75+}
76diff --git a/audit_scan_lxd.sh b/audit_scan_lxd.sh
77new file mode 100755
78index 0000000..3c1e951
79--- /dev/null
80+++ b/audit_scan_lxd.sh
81@@ -0,0 +1,47 @@
82+#!/bin/sh
83+
84+set -e
85+
86+EXTRA_PKG=""
87+
88+DEPS="lxc"
89+for dep in $DEPS ; do
90+ if ! [ -x "$(command -v "$dep")" ]; then
91+ printf "Error:\t%s is missing." "$dep"
92+ exit 1
93+ fi
94+done
95+
96+if [ $# -lt 2 ]; then
97+ printf "Error:\tMissing parameters\n"
98+ printf "\tThe container name and rule file need to be provided\n"
99+ printf "Usage:\t%s [container_name] [rulefile]\n" "$0"
100+ exit 1
101+fi
102+
103+CONTAINER_NAME=$1
104+RULE_FILE=$2
105+
106+[ -f "$RULE_FILE" ] || {
107+ printf "Error:\trule file does not exist\n"
108+ exit 1
109+}
110+
111+# Setting up the container if it isn't available already
112+[ "$(lxc list -c n -f csv "$CONTAINER_NAME")" ] || {
113+ lxc launch ubuntu-minimal:jammy "$CONTAINER_NAME"
114+}
115+
116+# install yara from the archives
117+lxc exec "$CONTAINER_NAME" -- apt-get update
118+lxc exec "$CONTAINER_NAME" -- apt-get -y install yara
119+
120+# Install any extra packages that are needed
121+[ -n "$EXTRA_PKG" ] && {
122+ lxc exec "$CONTAINER_NAME" -- apt-get -y install "$EXTRA_PKG"
123+}
124+
125+# Send the rule file into the container
126+lxc file push "$RULE_FILE" "$CONTAINER_NAME/root/"
127+
128+lxc exec "$CONTAINER_NAME" -- yara -N -r "./$(basename "$RULE_FILE")" /
129diff --git a/audit_scan_schroot.sh b/audit_scan_schroot.sh
130new file mode 100755
131index 0000000..bf9b2e0
132--- /dev/null
133+++ b/audit_scan_schroot.sh
134@@ -0,0 +1,31 @@
135+#!/bin/sh
136+
137+DEPS="yara"
138+for dep in $DEPS ; do
139+ if ! [ -x "$(command -v "$dep")" ]; then
140+ printf "Error:\t%s is missing." "$dep"
141+ exit 1
142+ fi
143+done
144+
145+if [ $# -lt 2 ]; then
146+ printf "Error:\tMissing parameters\n"
147+ printf "\tThe schroot dir and rule file need to be provided\n"
148+ printf "Usage:\t%s [schroot_dir] [rulefile]\n" "$0"
149+ exit 1
150+fi
151+
152+SCHROOT_DIR=$1
153+RULE_FILE=$2
154+
155+[ -d "$SCHROOT_DIR" ] || {
156+ printf "Error:\tschroot dir does not exist\n"
157+ exit 1
158+}
159+
160+[ -f "$RULE_FILE" ] || {
161+ printf "Error:\trule file does not exist\n"
162+ exit 1
163+}
164+
165+yara -N -r "$RULE_FILE" "$SCHROOT_DIR"

Subscribers

People subscribed via source and target branches