João Gomes

Merge ~gomesjoao/+git/ubuntu-fips-tools:master into ~fips-cc-stig/+git/ubuntu-fips-tools:master

  1. Git
  2. lp:~gomesjoao/+git/ubuntu-fips-tools
  3. master
  4. Merge into master
Proposed by João Gomes
Status: Needs review
Proposed branch: ~gomesjoao/+git/ubuntu-fips-tools:master
Merge into: ~fips-cc-stig/+git/ubuntu-fips-tools:master
Diff against target: 165 lines (+147/-0)
3 files modified
audit_build_schroot.sh (+69/-0)
audit_scan_lxd.sh (+47/-0)
audit_scan_schroot.sh (+31/-0)
Reviewer Review Type Date Requested Status
Miha Purg Pending
Jordan Rogers Pending
Tobias Heider Pending
Review via email: mp+461259@code.launchpad.net
To post a comment you must log in.
~gomesjoao/+git/ubuntu-fips-tools:master updated
729b886... by João Gomes

Add initial version of script to scan lxc minimal image.

33a7243... by João Gomes

Add initial version of script to scan schroot target.

Unmerged commits

33a7243... by João Gomes

Add initial version of script to scan schroot target.

729b886... by João Gomes

Add initial version of script to scan lxc minimal image.

ceafe9e... by João Gomes

Add initial version of script to build audit schroot

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/audit_build_schroot.sh b/audit_build_schroot.sh
0new file mode 1007550new file mode 100755
index 0000000..bfe69b7
--- /dev/null
+++ b/audit_build_schroot.sh
@@ -0,0 +1,69 @@
1#!/bin/sh
2
3set -e
4
5ARCH="amd64"
6RELEASE="jammy"
7EXTRA_PKG=""
8
9DEPS="debootstrap schroot"
10for dep in $DEPS ; do
11 if ! [ -x "$(command -v "$dep")" ]; then
12 printf "Error:\t%s is missing.\n" "$dep"
13 exit 1
14 fi
15done
16
17if [ $# -lt 2 ]; then
18 printf "Error:\tMissing parameters\n"
19 printf "\tThe name and dir of the schroot needs to be provided\n"
20 printf "Usage:\t%s [name] [dir]\n" "$0"
21 exit 1
22fi
23
24SCHROOT_NAME=$1
25SCHROOT_DIR=$2
26
27schroot_config=$(cat <<-END
28[$SCHROOT_NAME]
29description=$SCHROOT_NAME
30groups=sbuild,root
31root-groups=sbuild,root
32source-root-users=root,sbuild,admin
33source-root-groups=root,sbuild,admin
34type=directory
35profile=default
36union-type=overlay
37directory=$SCHROOT_DIR
38preserve-environment=true
39END
40)
41
42[ -d "$SCHROOT_DIR" ] || {
43 # Create dir to install chroot on
44 mkdir -p "$SCHROOT_DIR"
45}
46
47[ -f "$schroot_config" ] || {
48 # Create chroot config
49 echo "$schroot_config" > /etc/schroot/chroot.d/"$SCHROOT_NAME-$ARCH"
50}
51
52# Bootstrap minimal chroot
53debootstrap --variant=minbase --arch="$ARCH" "$RELEASE" "$SCHROOT_DIR" http://archive.ubuntu.com/ubuntu
54
55# Install ubuntu-minimal to install all software we consider required
56schroot -c "$SCHROOT_NAME" -u root -- apt-get install ubuntu-minimal
57
58# Remove symlinks that reference the base system and cause loops when scanning
59rm --one-file-system /srv/devel/schroot/test-minimal/var/lock
60rm --one-file-system /srv/devel/schroot/test-minimal/var/run
61rm --one-file-system /srv/devel/schroot/test-minimal/dev/fd
62rm --one-file-system /srv/devel/schroot/test-minimal/dev/stderr
63rm --one-file-system /srv/devel/schroot/test-minimal/dev/stdin
64rm --one-file-system /srv/devel/schroot/test-minimal/dev/stdout
65
66# Install extra packages if necessary
67[ -n "$EXTRA_PKG" ] && {
68 schroot -c "$SCHROOT_NAME" -u root -- apt-get -y install "$EXTRA_PKG"
69}
diff --git a/audit_scan_lxd.sh b/audit_scan_lxd.sh
0new file mode 10075570new file mode 100755
index 0000000..3c1e951
--- /dev/null
+++ b/audit_scan_lxd.sh
@@ -0,0 +1,47 @@
1#!/bin/sh
2
3set -e
4
5EXTRA_PKG=""
6
7DEPS="lxc"
8for dep in $DEPS ; do
9 if ! [ -x "$(command -v "$dep")" ]; then
10 printf "Error:\t%s is missing." "$dep"
11 exit 1
12 fi
13done
14
15if [ $# -lt 2 ]; then
16 printf "Error:\tMissing parameters\n"
17 printf "\tThe container name and rule file need to be provided\n"
18 printf "Usage:\t%s [container_name] [rulefile]\n" "$0"
19 exit 1
20fi
21
22CONTAINER_NAME=$1
23RULE_FILE=$2
24
25[ -f "$RULE_FILE" ] || {
26 printf "Error:\trule file does not exist\n"
27 exit 1
28}
29
30# Setting up the container if it isn't available already
31[ "$(lxc list -c n -f csv "$CONTAINER_NAME")" ] || {
32 lxc launch ubuntu-minimal:jammy "$CONTAINER_NAME"
33}
34
35# install yara from the archives
36lxc exec "$CONTAINER_NAME" -- apt-get update
37lxc exec "$CONTAINER_NAME" -- apt-get -y install yara
38
39# Install any extra packages that are needed
40[ -n "$EXTRA_PKG" ] && {
41 lxc exec "$CONTAINER_NAME" -- apt-get -y install "$EXTRA_PKG"
42}
43
44# Send the rule file into the container
45lxc file push "$RULE_FILE" "$CONTAINER_NAME/root/"
46
47lxc exec "$CONTAINER_NAME" -- yara -N -r "./$(basename "$RULE_FILE")" /
diff --git a/audit_scan_schroot.sh b/audit_scan_schroot.sh
0new file mode 10075548new file mode 100755
index 0000000..bf9b2e0
--- /dev/null
+++ b/audit_scan_schroot.sh
@@ -0,0 +1,31 @@
1#!/bin/sh
2
3DEPS="yara"
4for dep in $DEPS ; do
5 if ! [ -x "$(command -v "$dep")" ]; then
6 printf "Error:\t%s is missing." "$dep"
7 exit 1
8 fi
9done
10
11if [ $# -lt 2 ]; then
12 printf "Error:\tMissing parameters\n"
13 printf "\tThe schroot dir and rule file need to be provided\n"
14 printf "Usage:\t%s [schroot_dir] [rulefile]\n" "$0"
15 exit 1
16fi
17
18SCHROOT_DIR=$1
19RULE_FILE=$2
20
21[ -d "$SCHROOT_DIR" ] || {
22 printf "Error:\tschroot dir does not exist\n"
23 exit 1
24}
25
26[ -f "$RULE_FILE" ] || {
27 printf "Error:\trule file does not exist\n"
28 exit 1
29}
30
31yara -N -r "$RULE_FILE" "$SCHROOT_DIR"

Subscribers

People subscribed via source and target branches