From 867f4b0839665380025d1eae037a67926c64d82b Mon Sep 17 00:00:00 2001 From: Colton Myers Date: Wed, 27 Sep 2017 10:20:17 -0600 Subject: [PATCH 1/4] Add cve_scan_v2 fixes from https://github.com/hubblestack/hubble-salt/pull/111 --- hubblestack/files/hubblestack_nova/cve_scan_v2.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hubblestack/files/hubblestack_nova/cve_scan_v2.py b/hubblestack/files/hubblestack_nova/cve_scan_v2.py index 320e76a17..78297d0f8 100644 --- a/hubblestack/files/hubblestack_nova/cve_scan_v2.py +++ b/hubblestack/files/hubblestack_nova/cve_scan_v2.py @@ -295,7 +295,7 @@ def _get_cve_vulnerabilities(query_results, os_version): for pkg in report['_source']['affectedPackage']: #_source:affectedPackages - if pkg['OSVersion'] in ['any', os_version]: #Only use matching os + if pkg['OSVersion'] in ['any', str(__grains__.get('osmajorrelease', None)), str(__grains__.get('osrelease', None))]: #Only use matching os pkg_obj = VulnerablePkg(title, pkg['packageName'], pkg['packageVersion'], \ score, pkg['operator'], reporter, href, cve_list) if pkg_obj.pkg not in vulnerable_pkgs: From f06a0be4b53823410131a2f044e9364673465a04 Mon Sep 17 00:00:00 2001 From: Colton Myers Date: Thu, 28 Sep 2017 10:59:40 -0600 Subject: [PATCH 2/4] Rev osquery to 2.8.0 --- pkg/amazonlinux2016.09/Dockerfile | 2 +- pkg/amazonlinux2017.03/Dockerfile | 2 +- pkg/centos6/Dockerfile | 2 +- pkg/centos7/Dockerfile | 2 +- pkg/coreos/Dockerfile | 2 +- pkg/debian7/Dockerfile | 2 +- pkg/debian8/Dockerfile | 2 +- pkg/debian9/Dockerfile | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/pkg/amazonlinux2016.09/Dockerfile b/pkg/amazonlinux2016.09/Dockerfile index c4a4b73bf..587ebbc39 100644 --- a/pkg/amazonlinux2016.09/Dockerfile +++ b/pkg/amazonlinux2016.09/Dockerfile @@ -16,7 +16,7 @@ RUN mkdir -p /etc/osquery /var/log/osquery /etc/hubble/hubble.d /opt/hubble /opt #osquery should be built first since requirements for other packages can interfere with osquery dependencies #to build, osquery scripts want sudo and a user to sudo with. #to pin to a different version change the following envirnment variable -ENV OSQUERY_SRC_VERSION=2.7.0 +ENV OSQUERY_SRC_VERSION=2.8.0 ENV OSQUERY_BUILD_USER=osquerybuilder ENV OSQUERY_GIT_URL=https://github.com/facebook/osquery.git RUN yum -y install git make python ruby sudo which diff --git a/pkg/amazonlinux2017.03/Dockerfile b/pkg/amazonlinux2017.03/Dockerfile index 6f9046209..761bdbc7e 100644 --- a/pkg/amazonlinux2017.03/Dockerfile +++ b/pkg/amazonlinux2017.03/Dockerfile @@ -16,7 +16,7 @@ RUN mkdir -p /etc/osquery /var/log/osquery /etc/hubble/hubble.d /opt/hubble /opt #osquery should be built first since requirements for other packages can interfere with osquery dependencies #to build, osquery scripts want sudo and a user to sudo with. #to pin to a different version change the following envirnment variable -ENV OSQUERY_SRC_VERSION=2.7.0 +ENV OSQUERY_SRC_VERSION=2.8.0 ENV OSQUERY_BUILD_USER=osquerybuilder ENV OSQUERY_GIT_URL=https://github.com/facebook/osquery.git RUN yum -y install git make python ruby sudo which diff --git a/pkg/centos6/Dockerfile b/pkg/centos6/Dockerfile index 8e212b5f4..65994d190 100644 --- a/pkg/centos6/Dockerfile +++ b/pkg/centos6/Dockerfile @@ -16,7 +16,7 @@ RUN mkdir -p /etc/osquery /var/log/osquery /etc/hubble/hubble.d /opt/hubble /opt #osquery should be built first since requirements for other packages can interfere with osquery dependencies #to build, osquery scripts want sudo and a user to sudo with. #to pin to a different version change the following envirnment variable -ENV OSQUERY_SRC_VERSION=2.7.0 +ENV OSQUERY_SRC_VERSION=2.8.0 ENV OSQUERY_BUILD_USER=osquerybuilder ENV OSQUERY_GIT_URL=https://github.com/facebook/osquery.git RUN yum -y install git make python ruby sudo which python-argparse diff --git a/pkg/centos7/Dockerfile b/pkg/centos7/Dockerfile index 031f5f735..09af4f8b5 100644 --- a/pkg/centos7/Dockerfile +++ b/pkg/centos7/Dockerfile @@ -16,7 +16,7 @@ RUN mkdir -p /etc/osquery /var/log/osquery /etc/hubble/hubble.d /opt/hubble /opt #osquery should be built first since requirements for other packages can interfere with osquery dependencies #to build, osquery scripts want sudo and a user to sudo with. #to pin to a different version change the following envirnment variable -ENV OSQUERY_SRC_VERSION=2.7.0 +ENV OSQUERY_SRC_VERSION=2.8.0 ENV OSQUERY_BUILD_USER=osquerybuilder ENV OSQUERY_GIT_URL=https://github.com/facebook/osquery.git RUN yum -y install git make python ruby sudo which diff --git a/pkg/coreos/Dockerfile b/pkg/coreos/Dockerfile index 5406ac1d5..e400c433b 100644 --- a/pkg/coreos/Dockerfile +++ b/pkg/coreos/Dockerfile @@ -17,7 +17,7 @@ RUN mkdir -p /etc/osquery /var/log/osquery /etc/hubble/hubble.d /opt/hubble /opt #osquery should be built first since requirements for other packages can interfere with osquery dependencies #to build, osquery scripts want sudo and a user to sudo with. #to pin to a different version change the following envirnment variable -ENV OSQUERY_SRC_VERSION=2.7.0 +ENV OSQUERY_SRC_VERSION=2.8.0 ENV OSQUERY_BUILD_USER=osquerybuilder ENV OSQUERY_GIT_URL=https://github.com/facebook/osquery.git RUN apt-get -y install git make python ruby sudo diff --git a/pkg/debian7/Dockerfile b/pkg/debian7/Dockerfile index a27fdbdc1..d5a6e67eb 100644 --- a/pkg/debian7/Dockerfile +++ b/pkg/debian7/Dockerfile @@ -17,7 +17,7 @@ RUN mkdir -p /etc/osquery /var/log/osquery /etc/hubble/hubble.d /opt/hubble /opt #osquery should be built first since requirements for other packages can interfere with osquery dependencies #to build, osquery scripts want sudo and a user to sudo with. #to pin to a different version change the following envirnment variable -ENV OSQUERY_SRC_VERSION=2.7.0 +ENV OSQUERY_SRC_VERSION=2.8.0 ENV OSQUERY_BUILD_USER=osquerybuilder ENV OSQUERY_GIT_URL=https://github.com/facebook/osquery.git RUN apt-get -y install git make python ruby sudo locales diff --git a/pkg/debian8/Dockerfile b/pkg/debian8/Dockerfile index b3e8286ac..9033cb452 100644 --- a/pkg/debian8/Dockerfile +++ b/pkg/debian8/Dockerfile @@ -17,7 +17,7 @@ RUN mkdir -p /etc/osquery /var/log/osquery /etc/hubble/hubble.d /opt/hubble /opt #osquery should be built first since requirements for other packages can interfere with osquery dependencies #to build, osquery scripts want sudo and a user to sudo with. #to pin to a different version change the following envirnment variable -ENV OSQUERY_SRC_VERSION=2.7.0 +ENV OSQUERY_SRC_VERSION=2.8.0 ENV OSQUERY_BUILD_USER=osquerybuilder ENV OSQUERY_GIT_URL=https://github.com/facebook/osquery.git RUN apt-get -y install git make python ruby sudo locales diff --git a/pkg/debian9/Dockerfile b/pkg/debian9/Dockerfile index 47a130409..c50b59a97 100644 --- a/pkg/debian9/Dockerfile +++ b/pkg/debian9/Dockerfile @@ -17,7 +17,7 @@ RUN mkdir -p /etc/osquery /var/log/osquery /etc/hubble/hubble.d /opt/hubble /opt #osquery should be built first since requirements for other packages can interfere with osquery dependencies #to build, osquery scripts want sudo and a user to sudo with. #to pin to a different version change the following envirnment variable -ENV OSQUERY_SRC_VERSION=2.7.0 +ENV OSQUERY_SRC_VERSION=2.8.0 ENV OSQUERY_BUILD_USER=osquerybuilder ENV OSQUERY_GIT_URL=https://github.com/facebook/osquery.git RUN apt-get -y install git make python ruby sudo From 05fc041dce4baa8d146f1b4250c677831f57879a Mon Sep 17 00:00:00 2001 From: Colton Myers Date: Thu, 28 Sep 2017 11:00:31 -0600 Subject: [PATCH 3/4] Fix unicode bug in hubble --- hubblestack/extmods/modules/hubble.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hubblestack/extmods/modules/hubble.py b/hubblestack/extmods/modules/hubble.py index 3a8d870b2..b4b9a6ebd 100644 --- a/hubblestack/extmods/modules/hubble.py +++ b/hubblestack/extmods/modules/hubble.py @@ -453,7 +453,7 @@ def top(topfile='top.nova', # tag. data_by_tag = {} for data in top_data: - if isinstance(data, str): + if isinstance(data, basestring): if '*' not in data_by_tag: data_by_tag['*'] = [] data_by_tag['*'].append(data) @@ -466,7 +466,7 @@ def top(topfile='top.nova', if 'Errors' not in results: results['Errors'] = {} error_log = 'topfile malformed, list entries must be strings or '\ - 'dicts: {0}'.format(data) + 'dicts: {0} | {1}'.format(data, type(data)) results['Errors'][topfile] = {'error': error_log} log.error(error_log) continue From dccea47f2e73d8d4af46770a30f73a3190411d20 Mon Sep 17 00:00:00 2001 From: Colton Myers Date: Thu, 28 Sep 2017 11:01:02 -0600 Subject: [PATCH 4/4] Rev to 2.2.6 --- hubblestack/__init__.py | 2 +- pkg/amazonlinux2016.09/Dockerfile | 4 ++-- pkg/amazonlinux2017.03/Dockerfile | 4 ++-- pkg/centos6/Dockerfile | 4 ++-- pkg/centos7/Dockerfile | 4 ++-- pkg/coreos/Dockerfile | 4 ++-- pkg/debian7/Dockerfile | 4 ++-- pkg/debian8/Dockerfile | 4 ++-- pkg/debian9/Dockerfile | 4 ++-- 9 files changed, 17 insertions(+), 17 deletions(-) diff --git a/hubblestack/__init__.py b/hubblestack/__init__.py index 3db1b9fed..5d724e8d2 100644 --- a/hubblestack/__init__.py +++ b/hubblestack/__init__.py @@ -1 +1 @@ -__version__ = '2.2.5' +__version__ = '2.2.6' diff --git a/pkg/amazonlinux2016.09/Dockerfile b/pkg/amazonlinux2016.09/Dockerfile index 587ebbc39..b3efaa8d4 100644 --- a/pkg/amazonlinux2016.09/Dockerfile +++ b/pkg/amazonlinux2016.09/Dockerfile @@ -91,8 +91,8 @@ RUN yum install -y ruby ruby-devel rpmbuild rubygems gcc make \ #pyinstaller start #commands specified for ENTRYPOINT and CMD are executed when the container is run, not when the image is built #use the following variables to choose the version of hubble -ENV HUBBLE_CHECKOUT=v2.2.5 -ENV HUBBLE_VERSION=2.2.5 +ENV HUBBLE_CHECKOUT=v2.2.6 +ENV HUBBLE_VERSION=2.2.6 ENV HUBBLE_GIT_URL=https://github.com/hubblestack/hubble.git ENV HUBBLE_SRC_PATH=/hubble_src ENV _HOOK_DIR="./pkg/" diff --git a/pkg/amazonlinux2017.03/Dockerfile b/pkg/amazonlinux2017.03/Dockerfile index 761bdbc7e..ae5ac4ce8 100644 --- a/pkg/amazonlinux2017.03/Dockerfile +++ b/pkg/amazonlinux2017.03/Dockerfile @@ -91,8 +91,8 @@ RUN yum install -y ruby ruby-devel rpmbuild rubygems gcc make \ #pyinstaller start #commands specified for ENTRYPOINT and CMD are executed when the container is run, not when the image is built #use the following variables to choose the version of hubble -ENV HUBBLE_CHECKOUT=v2.2.5 -ENV HUBBLE_VERSION=2.2.5 +ENV HUBBLE_CHECKOUT=v2.2.6 +ENV HUBBLE_VERSION=2.2.6 ENV HUBBLE_GIT_URL=https://github.com/hubblestack/hubble.git ENV HUBBLE_SRC_PATH=/hubble_src ENV _HOOK_DIR="./pkg/" diff --git a/pkg/centos6/Dockerfile b/pkg/centos6/Dockerfile index 65994d190..6a17d59e1 100644 --- a/pkg/centos6/Dockerfile +++ b/pkg/centos6/Dockerfile @@ -93,8 +93,8 @@ RUN yum install -y rpmbuild gcc make rh-ruby23 rh-ruby23-ruby-devel \ #pyinstaller start #commands specified for ENTRYPOINT and CMD are executed when the container is run, not when the image is built #use the following variables to choose the version of hubble -ENV HUBBLE_CHECKOUT=v2.2.5 -ENV HUBBLE_VERSION=2.2.5 +ENV HUBBLE_CHECKOUT=v2.2.6 +ENV HUBBLE_VERSION=2.2.6 ENV HUBBLE_GIT_URL=https://github.com/hubblestack/hubble.git ENV HUBBLE_SRC_PATH=/hubble_src ENV _HOOK_DIR="./pkg/" diff --git a/pkg/centos7/Dockerfile b/pkg/centos7/Dockerfile index 09af4f8b5..fa4b8fb4e 100644 --- a/pkg/centos7/Dockerfile +++ b/pkg/centos7/Dockerfile @@ -90,8 +90,8 @@ RUN yum install -y ruby ruby-devel rpmbuild rubygems gcc make \ #pyinstaller start #commands specified for ENTRYPOINT and CMD are executed when the container is run, not when the image is built #use the following variables to choose the version of hubble -ENV HUBBLE_CHECKOUT=v2.2.5 -ENV HUBBLE_VERSION=2.2.5 +ENV HUBBLE_CHECKOUT=v2.2.6 +ENV HUBBLE_VERSION=2.2.6 ENV HUBBLE_GIT_URL=https://github.com/hubblestack/hubble.git ENV HUBBLE_SRC_PATH=/hubble_src ENV _HOOK_DIR="./pkg/" diff --git a/pkg/coreos/Dockerfile b/pkg/coreos/Dockerfile index e400c433b..be943cd6a 100644 --- a/pkg/coreos/Dockerfile +++ b/pkg/coreos/Dockerfile @@ -88,8 +88,8 @@ RUN pip install --upgrade pip \ #pyinstaller start #commands specified for ENTRYPOINT and CMD are executed when the container is run, not when the image is built #use the following variables to choose the version of hubble -ENV HUBBLE_CHECKOUT=v2.2.5 -ENV HUBBLE_VERSION=2.2.5 +ENV HUBBLE_CHECKOUT=v2.2.6 +ENV HUBBLE_VERSION=2.2.6 ENV HUBBLE_GIT_URL=https://github.com/hubblestack/hubble.git ENV HUBBLE_SRC_PATH=/hubble_src ENV _HOOK_DIR="./pkg/" diff --git a/pkg/debian7/Dockerfile b/pkg/debian7/Dockerfile index d5a6e67eb..4dd45a80c 100644 --- a/pkg/debian7/Dockerfile +++ b/pkg/debian7/Dockerfile @@ -115,8 +115,8 @@ RUN apt-get install -y ruby ruby-dev rubygems gcc make \ #pyinstaller start #commands specified for ENTRYPOINT and CMD are executed when the container is run, not when the image is built #use the following variables to choose the version of hubble -ENV HUBBLE_CHECKOUT=v2.2.5 -ENV HUBBLE_VERSION=2.2.5 +ENV HUBBLE_CHECKOUT=v2.2.6 +ENV HUBBLE_VERSION=2.2.6 ENV HUBBLE_GIT_URL=https://github.com/hubblestack/hubble.git ENV HUBBLE_SRC_PATH=/hubble_src ENV _HOOK_DIR="./pkg/" diff --git a/pkg/debian8/Dockerfile b/pkg/debian8/Dockerfile index 9033cb452..0372a2212 100644 --- a/pkg/debian8/Dockerfile +++ b/pkg/debian8/Dockerfile @@ -96,8 +96,8 @@ RUN apt-get install -y ruby ruby-dev rubygems gcc make \ #pyinstaller start #commands specified for ENTRYPOINT and CMD are executed when the container is run, not when the image is built #use the following variables to choose the version of hubble -ENV HUBBLE_CHECKOUT=v2.2.5 -ENV HUBBLE_VERSION=2.2.5 +ENV HUBBLE_CHECKOUT=v2.2.6 +ENV HUBBLE_VERSION=2.2.6 ENV HUBBLE_GIT_URL=https://github.com/hubblestack/hubble.git ENV HUBBLE_SRC_PATH=/hubble_src ENV _HOOK_DIR="./pkg/" diff --git a/pkg/debian9/Dockerfile b/pkg/debian9/Dockerfile index c50b59a97..758119214 100644 --- a/pkg/debian9/Dockerfile +++ b/pkg/debian9/Dockerfile @@ -92,8 +92,8 @@ RUN apt-get install -y ruby ruby-dev rubygems gcc make \ #pyinstaller start #commands specified for ENTRYPOINT and CMD are executed when the container is run, not when the image is built #use the following variables to choose the version of hubble -ENV HUBBLE_CHECKOUT=v2.2.5 -ENV HUBBLE_VERSION=2.2.5 +ENV HUBBLE_CHECKOUT=v2.2.6 +ENV HUBBLE_VERSION=2.2.6 ENV HUBBLE_GIT_URL=https://github.com/hubblestack/hubble.git ENV HUBBLE_SRC_PATH=/hubble_src ENV _HOOK_DIR="./pkg/"