Merge pull request #81 from fkie-cad/replace-smtpd-with-aiosmtpd

Replace smtpd with aiosmtpd

.github/workflows/socbed-systemtest-dev.yml

@@ -4,6 +4,7 @@ on:
   schedule:
     - cron: "0 1 * * THU" # At 01:00 on Thursday
 
+
 jobs:
   prepare-environment:
     runs-on: [self-hosted, linux]
@@ -12,15 +13,15 @@ jobs:
         with:
           ref: dev
 
-      - name: Create virtual environment
-        run: python -m venv /usr/share/runner-dependencies/socbed_env
-
-      - name: Activate virtual environment
-        run: source /usr/share/runner-dependencies/socbed_env/bin/activate
-
-      - name: Install requirements in virtual environment (without using cached packages)
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.12' 
+          cache: 'pip'
+      - name: Install dependencies
         run: pip install -r requirements.txt --no-cache-dir
-
+      - name: Install SOCBED
+        run: pip install --editable .
+
   build-machines:
     runs-on: [self-hosted, linux]
     needs: [prepare-environment]
@@ -29,10 +30,12 @@ jobs:
       - uses: actions/checkout@v4
         with:
           ref: dev
-
-      - name: Activate virtual environment
-        run: source /usr/share/runner-dependencies/socbed_env/bin/activate
-
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.12' 
+          cache: 'pip'
+
       - name: Build Internet Router
         uses: nick-invision/retry@v3
         with:
@@ -91,14 +94,16 @@ jobs:
 
   test-machines:
     runs-on: [self-hosted, linux]
-    needs: [prepare-environment, build-machines]
+    needs: [build-machines]
     steps:
       - uses: actions/checkout@v4
         with:
           ref: dev
-
-      - name: Activate virtual environment
-        run: source /usr/share/runner-dependencies/socbed_env/bin/activate
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.12' 
+          cache: 'pip'
 
       - name: Ensure all machines are powered off
         run: ./tools/cleanup_failed_session
@@ -114,18 +119,22 @@ jobs:
   delete-machines:
     runs-on: [self-hosted, linux]
     if: always()
-    needs: [prepare-environment, build-machines, test-machines]
+    needs: [test-machines]
     steps:
       - uses: actions/checkout@v4
         with:
           ref: dev
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.12' 
+          cache: 'pip'
 
       - name: Delete created VMs
         run: ./tools/delete_vms
-
-      - name: Deactivate virtual environment
-        run: deactivate || true
-
-      - name: Delete virtual environment
-        run: rm -rf /usr/share/runner-dependencies/socbed_env
 
+      - name: Uninstall SOCBED
+        run: pip uninstall socbed -y
+
+      - name: Remove all installed packages
+        run: pip freeze | xargs pip uninstall -y

.github/workflows/socbed-systemtest.yml

@@ -11,19 +11,13 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - name: Create virtual environment
-        run: python3 -m venv /usr/share/runner-dependencies/socbed_env
-
-      - name: Activate virtual environment
-        run: source /usr/share/runner-dependencies/socbed_env/bin/activate
-
-      - name: Upgrade pip3 inside virtual environment
-        run: pip3 install --upgrade pip
-
-      - name: Install requirements in virtual environment (without using cached packages)
-        run: pip3 install -r requirements.txt --no-cache-dir
-
-      - name: Install socbed
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.12' 
+          cache: 'pip'
+      - name: Install dependencies
+        run: pip install -r requirements.txt --no-cache-dir
+      - name: Install SOCBED
         run: pip install --editable .
 
   build-machines:
@@ -33,9 +27,11 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - name: Activate virtual environment
-        run: source /usr/share/runner-dependencies/socbed_env/bin/activate
-
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.12' 
+          cache: 'pip'
+
       - name: Build Internet Router
         uses: nick-invision/retry@v3
         with:
@@ -94,12 +90,14 @@ jobs:
 
   test-machines:
     runs-on: [self-hosted, linux]
-    needs: [prepare-environment, build-machines]
+    needs: [build-machines]
     steps:
       - uses: actions/checkout@v4
 
-      - name: Activate virtual environment
-        run: source /usr/share/runner-dependencies/socbed_env/bin/activate
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.12' 
+          cache: 'pip'
 
       - name: Ensure all machines are powered off
         run: ./tools/cleanup_failed_session
@@ -115,16 +113,21 @@ jobs:
   delete-machines:
     runs-on: [self-hosted, linux]
     if: always()
-    needs: [prepare-environment, build-machines, test-machines]
+    needs: [test-machines]
     steps:
       - uses: actions/checkout@v4
 
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.12' 
+          cache: 'pip'
+
       - name: Delete created VMs
         run: ./tools/delete_vms
-        
-      - name: Deactivate virtual environment
-        run: deactivate || true
-        
-      - name: Delete virtual environment
-        run: rm -rf /usr/share/runner-dependencies/socbed_env
+
+      - name: Uninstall SOCBED
+        run: pip uninstall socbed -y
+
+      - name: Remove all installed packages
+        run: pip freeze | xargs pip uninstall -y
 

.github/workflows/socbed-unittest.yml

@@ -9,5 +9,9 @@ jobs:
     runs-on: [self-hosted, linux]
     steps:
       - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.12' 
+      - run: pip install tox==4.18.1
       - run: tox -- -m "not systest"
 

.gitignore

@@ -20,7 +20,7 @@ __pycache__/
 ### Cache ###
 .cache/*
 
-# DS_STORE

+# DS_STORE
 .DS_STORE
 
 ### PyCharm ###

README.md

@@ -18,7 +18,7 @@ After the build process is finished, SOCBED sessions can be started, controlled,
 ## System Requirements
 
 * Physical host with Linux or macOS. Note: Running SOCBED (and therefore VirtualBox) in a virtual machine might work as well but was not tested.
-* Python v3.8 or newer
+* Python v3.9 or newer
 * RAM: 16 GB minimum, 32 GB recommended
 * CPU: Quad-core with hardware support for virtualization
 * HDD: 50 GB free, SSD strongly recommended
@@ -165,12 +165,12 @@ The domain name is `BREACH`.
 
 The following table shows all available web interfaces and their logins:
 
-| Machine | Service | Username | Password | URL |
-| --- | --- | --- | --- | --- |
-| Company Router | IPFire | admin | breach | https://192.168.56.10:444/ |
-| DMZ Server | phpMyAdmin | root | breach | http://192.168.56.20/phpmyadmin/ |
-| Log Server | Kibana | - | - | http://192.168.56.12:5601/app/kibana |
-| Internet Router | IPFire | admin | breach | https://192.168.56.30:444/ |
+| Machine         | Service    | Username | Password | URL                                  |
+| --------------- | ---------- | -------- | -------- | ------------------------------------ |
+| Company Router  | IPFire     | admin    | breach   | https://192.168.56.10:444/           |
+| DMZ Server      | phpMyAdmin | root     | breach   | http://192.168.56.20/phpmyadmin/     |
+| Log Server      | Kibana     | -        | -        | http://192.168.56.12:5601/app/kibana |
+| Internet Router | IPFire     | admin    | breach   | https://192.168.56.30:444/           |
 
 ## Documentation
 

provisioning/ansible/roles/auditbeat/tasks/main.yml

@@ -1,4 +1,4 @@
 ---
-- include: add_auditbeat_apt_repository.yml
-- include: install_auditbeat.yml
-- include: configure_auditbeat.yml
+- include_tasks: add_auditbeat_apt_repository.yml
+- include_tasks: install_auditbeat.yml
+- include_tasks: configure_auditbeat.yml

provisioning/ansible/roles/configure_company_router/tasks/main.yml

@@ -1,17 +1,17 @@
-- include: configure_suricata.yml
-- include: configure_dhcpd.yml
-- include: configure_fwhosts_customservices.yml
-- include: configure_hosts.yml
-- include: configure_K00squid.yml
-- include: configure_loggings_settings.yml
-- include: configure_ntp.yml
-- include: configure_proxy_advanced.yml
-- include: configure_proxy_cachemgr.yml
-- include: configure_proxy_settings.yml
-- include: configure_proxy_viewersettings.yml
-- include: configure_squid.yml
-- include: configure_squid_cachemgr.yml
-- include: configure_syslog.yml
-- include: configure_time_settings.yml
-- include: create_ipfire_proxy_enable.yml
-- include: create_symbolic_link_for_syslog.yml
+- include_tasks: configure_suricata.yml
+- include_tasks: configure_dhcpd.yml
+- include_tasks: configure_fwhosts_customservices.yml
+- include_tasks: configure_hosts.yml
+- include_tasks: configure_K00squid.yml
+- include_tasks: configure_loggings_settings.yml
+- include_tasks: configure_ntp.yml
+- include_tasks: configure_proxy_advanced.yml
+- include_tasks: configure_proxy_cachemgr.yml
+- include_tasks: configure_proxy_settings.yml
+- include_tasks: configure_proxy_viewersettings.yml
+- include_tasks: configure_squid.yml
+- include_tasks: configure_squid_cachemgr.yml
+- include_tasks: configure_syslog.yml
+- include_tasks: configure_time_settings.yml
+- include_tasks: create_ipfire_proxy_enable.yml
+- include_tasks: create_symbolic_link_for_syslog.yml

provisioning/ansible/roles/configure_internet_router/tasks/main.yml

@@ -1,5 +1,5 @@
-- include: configure_etc_hosts.yml
-- include: configure_etc_unbound_hosts.yml
-- include: configure_hosts.yml
-- include: configure_ntp.yml
-- include: create_symbolic_link_for_syslog.yml
+- include_tasks: configure_etc_hosts.yml
+- include_tasks: configure_etc_unbound_hosts.yml
+- include_tasks: configure_hosts.yml
+- include_tasks: configure_ntp.yml
+- include_tasks: create_symbolic_link_for_syslog.yml

provisioning/ansible/roles/configure_win10_client/tasks/install_firefox.yml

@@ -23,4 +23,4 @@
     src: files/win10_firefox/mozilla.cfg
     dest: C:\Program Files (x86)\Mozilla Firefox\mozilla.cfg
 
-- include: set_default_browser.yml
+- include_tasks: set_default_browser.yml

provisioning/ansible/roles/configure_win10_client/tasks/main.yml

@@ -1,21 +1,21 @@
-- include: setup_user.yml
-- include: set_timezone.yml
-- include: add_exclusion_folder.yml
-- include: disable_firewall.yml
-- include: disable_screen_lock.yml
-- include: install_python.yml
-- include: update_pip.yml
-- include: install_pip_selenium.yml
-- include: upload_assets.yml
-- include: upload_userbehavior_src.yml
-- include: install_firefox.yml
-- include: disable_automatic_updates.yml
-- include: run_init_tbf_client_on_boot.yml
-- include: install_ssh_server.yml
-- include: disable_ipv6.yml
-- include: set_autostart.yml
-- include: install_imdisk.yml
-- include: set_logging_config.yml
-- include: install_sysmon.yml
-- include: install_winlogbeat.yml
-- include: disable_defender.yml
+- include_tasks: setup_user.yml
+- include_tasks: set_timezone.yml
+- include_tasks: add_exclusion_folder.yml
+- include_tasks: disable_firewall.yml
+- include_tasks: disable_screen_lock.yml
+- include_tasks: install_python.yml
+- include_tasks: update_pip.yml
+- include_tasks: install_pip_selenium.yml
+- include_tasks: upload_assets.yml
+- include_tasks: upload_userbehavior_src.yml
+- include_tasks: install_firefox.yml
+- include_tasks: disable_automatic_updates.yml
+- include_tasks: run_init_tbf_client_on_boot.yml
+- include_tasks: install_ssh_server.yml
+- include_tasks: disable_ipv6.yml
+- include_tasks: set_autostart.yml
+- include_tasks: install_imdisk.yml
+- include_tasks: set_logging_config.yml
+- include_tasks: install_sysmon.yml
+- include_tasks: install_winlogbeat.yml
+- include_tasks: disable_defender.yml