From 4ffaa30dac332b2bace35173ae507cc84830e765 Mon Sep 17 00:00:00 2001 From: Colton Myers Date: Fri, 3 Aug 2018 14:39:17 -0600 Subject: [PATCH 01/18] Add before-remove to all packages to stop hubble --- conf/beforeremove.sh | 2 ++ pkg/amazonlinux2016.09/Dockerfile | 1 + pkg/centos6/Dockerfile | 1 + pkg/centos7/Dockerfile | 1 + pkg/debian7/Dockerfile | 1 + pkg/debian8/Dockerfile | 1 + pkg/debian9/Dockerfile | 1 + pkg/dev/amazonlinux2016.09/Dockerfile | 1 + pkg/dev/centos6/Dockerfile | 1 + pkg/dev/centos7/Dockerfile | 1 + pkg/dev/debian7/Dockerfile | 1 + pkg/dev/debian8/Dockerfile | 1 + pkg/dev/debian9/Dockerfile | 1 + 13 files changed, 14 insertions(+) create mode 100644 conf/beforeremove.sh diff --git a/conf/beforeremove.sh b/conf/beforeremove.sh new file mode 100644 index 000000000..7594f873f --- /dev/null +++ b/conf/beforeremove.sh @@ -0,0 +1,2 @@ +service hubble stop +pkill hubble diff --git a/pkg/amazonlinux2016.09/Dockerfile b/pkg/amazonlinux2016.09/Dockerfile index ba29ec09e..5a917801b 100644 --- a/pkg/amazonlinux2016.09/Dockerfile +++ b/pkg/amazonlinux2016.09/Dockerfile @@ -176,6 +176,7 @@ CMD [ "pyinstaller --onedir --noconfirm --log-level ${_BINARY_LOG_LEVEL} --addit --config-files /etc/osquery/osquery.conf \ --after-install /hubble_build/conf/afterinstall.sh \ --after-upgrade /hubble_build/conf/afterupgrade.sh \ + --before-remove /hubble_build/conf/beforeremove.sh \ etc/hubble etc/osquery etc/init.d opt usr \ #edit to change iteration number, if necessary && cp hubblestack-${HUBBLE_VERSION}-${HUBBLE_ITERATION}.x86_64.rpm /data/hubblestack-${HUBBLE_VERSION}-${HUBBLE_ITERATION}.al1609.x86_64.rpm \ diff --git a/pkg/centos6/Dockerfile b/pkg/centos6/Dockerfile index c7feb0c74..a1727ccd0 100644 --- a/pkg/centos6/Dockerfile +++ b/pkg/centos6/Dockerfile @@ -178,6 +178,7 @@ CMD [ "scl enable python27 'pyinstaller --onedir --noconfirm --log-level ${_BINA --config-files /etc/osquery/osquery.conf \ --after-install /hubble_build/conf/afterinstall.sh \ --after-upgrade /hubble_build/conf/afterupgrade.sh \ + --before-remove /hubble_build/conf/beforeremove.sh \ etc/hubble etc/osquery etc/init.d opt usr' \ #edit to change iteration number, if necessary && cp hubblestack-${HUBBLE_VERSION}-${HUBBLE_ITERATION}.x86_64.rpm /data/hubblestack-${HUBBLE_VERSION}-${HUBBLE_ITERATION}.el6.x86_64.rpm \ diff --git a/pkg/centos7/Dockerfile b/pkg/centos7/Dockerfile index 97ea87594..f3ca42e00 100644 --- a/pkg/centos7/Dockerfile +++ b/pkg/centos7/Dockerfile @@ -175,6 +175,7 @@ CMD [ "pyinstaller --onedir --noconfirm --log-level ${_BINARY_LOG_LEVEL} --addit --config-files /etc/osquery/osquery.conf \ --after-install /hubble_build/conf/afterinstall-systemd.sh \ --after-upgrade /hubble_build/conf/afterupgrade-systemd.sh \ + --before-remove /hubble_build/conf/beforeremove.sh \ etc/hubble etc/osquery opt usr \ #edit to change iteration number, if necessary && cp hubblestack-${HUBBLE_VERSION}-${HUBBLE_ITERATION}.x86_64.rpm /data/hubblestack-${HUBBLE_VERSION}-${HUBBLE_ITERATION}.el7.x86_64.rpm \ diff --git a/pkg/debian7/Dockerfile b/pkg/debian7/Dockerfile index 010e8cb94..5e38b13e1 100644 --- a/pkg/debian7/Dockerfile +++ b/pkg/debian7/Dockerfile @@ -217,6 +217,7 @@ CMD [ "pyinstaller --onedir --noconfirm --log-level ${_BINARY_LOG_LEVEL} --addit --deb-no-default-config-files \ --after-install /hubble_build/conf/afterinstall.sh \ --after-upgrade /hubble_build/conf/afterupgrade.sh \ + --before-remove /hubble_build/conf/beforeremove.sh \ etc/hubble etc/osquery etc/init.d opt usr \ && cp hubblestack_${HUBBLE_VERSION}-${HUBBLE_ITERATION}_amd64.deb /data/hubblestack_${HUBBLE_VERSION}-${HUBBLE_ITERATION}deb7_amd64.deb \ && openssl dgst -sha256 /data/hubblestack_${HUBBLE_VERSION}-${HUBBLE_ITERATION}deb7_amd64.deb \ diff --git a/pkg/debian8/Dockerfile b/pkg/debian8/Dockerfile index 8cdf6354e..bf985b9bf 100644 --- a/pkg/debian8/Dockerfile +++ b/pkg/debian8/Dockerfile @@ -200,6 +200,7 @@ CMD [ "pyinstaller --onedir --noconfirm --log-level ${_BINARY_LOG_LEVEL} --addit --deb-no-default-config-files \ --after-install /hubble_build/conf/afterinstall.sh \ --after-upgrade /hubble_build/conf/afterupgrade.sh \ + --before-remove /hubble_build/conf/beforeremove.sh \ etc/hubble etc/osquery etc/init.d opt usr \ && cp hubblestack_${HUBBLE_VERSION}-${HUBBLE_ITERATION}_amd64.deb /data/hubblestack_${HUBBLE_VERSION}-${HUBBLE_ITERATION}deb8_amd64.deb \ && openssl dgst -sha256 /data/hubblestack_${HUBBLE_VERSION}-${HUBBLE_ITERATION}deb8_amd64.deb \ diff --git a/pkg/debian9/Dockerfile b/pkg/debian9/Dockerfile index a8a3f658a..d5f7a42f7 100644 --- a/pkg/debian9/Dockerfile +++ b/pkg/debian9/Dockerfile @@ -196,6 +196,7 @@ CMD [ "pyinstaller --onedir --noconfirm --log-level ${_BINARY_LOG_LEVEL} --addit --deb-no-default-config-files \ --after-install /hubble_build/conf/afterinstall.sh \ --after-upgrade /hubble_build/conf/afterupgrade.sh \ + --before-remove /hubble_build/conf/beforeremove.sh \ etc/hubble etc/osquery etc/init.d opt usr \ && cp hubblestack_${HUBBLE_VERSION}-${HUBBLE_ITERATION}_amd64.deb /data/hubblestack_${HUBBLE_VERSION}-${HUBBLE_ITERATION}deb9_amd64.deb \ && openssl dgst -sha256 /data/hubblestack_${HUBBLE_VERSION}-${HUBBLE_ITERATION}deb9_amd64.deb \ diff --git a/pkg/dev/amazonlinux2016.09/Dockerfile b/pkg/dev/amazonlinux2016.09/Dockerfile index 537ff1f3a..12275f831 100644 --- a/pkg/dev/amazonlinux2016.09/Dockerfile +++ b/pkg/dev/amazonlinux2016.09/Dockerfile @@ -179,6 +179,7 @@ CMD [ "if [ -f /data/hubble_buildinfo ] ; then echo \"\" >> /hubble_build/hubble --config-files /etc/osquery/osquery.conf \ --after-install /hubble_build/conf/afterinstall.sh \ --after-upgrade /hubble_build/conf/afterupgrade.sh \ + --before-remove /hubble_build/conf/beforeremove.sh \ etc/hubble etc/osquery etc/init.d opt usr \ #edit to change iteration number, if necessary && cp hubblestack-${HUBBLE_VERSION}-${HUBBLE_ITERATION}.x86_64.rpm /data/hubblestack-${HUBBLE_VERSION}-${HUBBLE_ITERATION}.al1609.x86_64.rpm \ diff --git a/pkg/dev/centos6/Dockerfile b/pkg/dev/centos6/Dockerfile index d27f8b506..3c79c65a7 100644 --- a/pkg/dev/centos6/Dockerfile +++ b/pkg/dev/centos6/Dockerfile @@ -181,6 +181,7 @@ CMD [ "if [ -f /data/hubble_buildinfo ] ; then echo \"\" >> /hubble_build/hubble --config-files /etc/osquery/osquery.conf \ --after-install /hubble_build/conf/afterinstall.sh \ --after-upgrade /hubble_build/conf/afterupgrade.sh \ + --before-remove /hubble_build/conf/beforeremove.sh \ etc/hubble etc/osquery etc/init.d opt usr' \ #edit to change iteration number, if necessary && cp hubblestack-${HUBBLE_VERSION}-${HUBBLE_ITERATION}.x86_64.rpm /data/hubblestack-${HUBBLE_VERSION}-${HUBBLE_ITERATION}.el6.x86_64.rpm \ diff --git a/pkg/dev/centos7/Dockerfile b/pkg/dev/centos7/Dockerfile index 8d0a0bde3..729c1c749 100644 --- a/pkg/dev/centos7/Dockerfile +++ b/pkg/dev/centos7/Dockerfile @@ -178,6 +178,7 @@ CMD [ "if [ -f /data/hubble_buildinfo ] ; then echo \"\" >> /hubble_build/hubble --config-files /etc/osquery/osquery.conf \ --after-install /hubble_build/conf/afterinstall-systemd.sh \ --after-upgrade /hubble_build/conf/afterupgrade-systemd.sh \ + --before-remove /hubble_build/conf/beforeremove.sh \ etc/hubble etc/osquery opt usr \ #edit to change iteration number, if necessary && cp hubblestack-${HUBBLE_VERSION}-${HUBBLE_ITERATION}.x86_64.rpm /data/hubblestack-${HUBBLE_VERSION}-${HUBBLE_ITERATION}.el7.x86_64.rpm \ diff --git a/pkg/dev/debian7/Dockerfile b/pkg/dev/debian7/Dockerfile index 6822b0005..c122b56ba 100644 --- a/pkg/dev/debian7/Dockerfile +++ b/pkg/dev/debian7/Dockerfile @@ -220,6 +220,7 @@ CMD [ "if [ -f /data/hubble_buildinfo ] ; then echo \"\" >> /hubble_build/hubble --deb-no-default-config-files \ --after-install /hubble_build/conf/afterinstall.sh \ --after-upgrade /hubble_build/conf/afterupgrade.sh \ + --before-remove /hubble_build/conf/beforeremove.sh \ etc/hubble etc/osquery etc/init.d opt usr \ && cp hubblestack_${HUBBLE_VERSION}-${HUBBLE_ITERATION}_amd64.deb /data/hubblestack_${HUBBLE_VERSION}-${HUBBLE_ITERATION}deb7_amd64.deb \ && openssl dgst -sha256 /data/hubblestack_${HUBBLE_VERSION}-${HUBBLE_ITERATION}deb7_amd64.deb \ diff --git a/pkg/dev/debian8/Dockerfile b/pkg/dev/debian8/Dockerfile index 8d879d54e..daa4d2971 100644 --- a/pkg/dev/debian8/Dockerfile +++ b/pkg/dev/debian8/Dockerfile @@ -203,6 +203,7 @@ CMD [ "if [ -f /data/hubble_buildinfo ] ; then echo \"\" >> /hubble_build/hubble --deb-no-default-config-files \ --after-install /hubble_build/conf/afterinstall.sh \ --after-upgrade /hubble_build/conf/afterupgrade.sh \ + --before-remove /hubble_build/conf/beforeremove.sh \ etc/hubble etc/osquery etc/init.d opt usr \ && cp hubblestack_${HUBBLE_VERSION}-${HUBBLE_ITERATION}_amd64.deb /data/hubblestack_${HUBBLE_VERSION}-${HUBBLE_ITERATION}deb8_amd64.deb \ && openssl dgst -sha256 /data/hubblestack_${HUBBLE_VERSION}-${HUBBLE_ITERATION}deb8_amd64.deb \ diff --git a/pkg/dev/debian9/Dockerfile b/pkg/dev/debian9/Dockerfile index 08165f33f..d8c3fbecd 100644 --- a/pkg/dev/debian9/Dockerfile +++ b/pkg/dev/debian9/Dockerfile @@ -199,6 +199,7 @@ CMD [ "if [ -f /data/hubble_buildinfo ] ; then echo \"\" >> /hubble_build/hubble --deb-no-default-config-files \ --after-install /hubble_build/conf/afterinstall.sh \ --after-upgrade /hubble_build/conf/afterupgrade.sh \ + --before-remove /hubble_build/conf/beforeremove.sh \ etc/hubble etc/osquery etc/init.d opt usr \ && cp hubblestack_${HUBBLE_VERSION}-${HUBBLE_ITERATION}_amd64.deb /data/hubblestack_${HUBBLE_VERSION}-${HUBBLE_ITERATION}deb9_amd64.deb \ && openssl dgst -sha256 /data/hubblestack_${HUBBLE_VERSION}-${HUBBLE_ITERATION}deb9_amd64.deb \ From e735c78ae27c940961ce62b8f0d3058c0623a2aa Mon Sep 17 00:00:00 2001 From: Josh Santos Date: Fri, 10 Aug 2018 21:27:03 -0400 Subject: [PATCH 02/18] Convert Vulners scanner to use SDK --- .../files/hubblestack_nova/vulners_scanner.py | 28 +++++-------------- 1 file changed, 7 insertions(+), 21 deletions(-) diff --git a/hubblestack/files/hubblestack_nova/vulners_scanner.py b/hubblestack/files/hubblestack_nova/vulners_scanner.py index 1c288d6dc..c584b61f7 100644 --- a/hubblestack/files/hubblestack_nova/vulners_scanner.py +++ b/hubblestack/files/hubblestack_nova/vulners_scanner.py @@ -11,6 +11,7 @@ The file should have the following format: vulners_scanner: +vulners_api_key: REDACTED It does not matter what `` is, as long as the top key of the file is named `vulners_scanner`. This allows the module to run under a certain profile, as all of the other Nova modules do. @@ -21,6 +22,7 @@ import sys import requests +import vulners log = logging.getLogger(__name__) @@ -43,8 +45,8 @@ def audit(data_list, tags, labels, debug=False, **kwargs): if 'vulners_scanner' in data: local_packages = _get_local_packages() - vulners_data = _vulners_query(local_packages, os=os_name, version=os_version) - if vulners_data['result'] == 'ERROR': + vulners_data = _vulners_query(local_packages, os=os_name, version=os_version, api_key=data['vulners_api_key']) + if 'result' in vulners_data and vulners_data['result'] == 'ERROR': log.error(vulners_data['data']['error']) vulners_data = _process_vulners(_vulners_query(local_packages, os=os_name, version=os_version)) @@ -69,7 +71,7 @@ def _get_local_packages(): return ['{0}-{1}'.format(pkg, local_packages[pkg]) for pkg in local_packages] -def _vulners_query(packages=None, os=None, version=None, url='https://vulners.com/api/v3/audit/audit/'): +def _vulners_query(packages=None, os=None, version=None, api_key=None): ''' Query the Vulners.com Linux Vulnerability Audit API for the provided packages. @@ -101,24 +103,8 @@ def _vulners_query(packages=None, os=None, version=None, url='https://vulners.co error['data']['error'] = 'Missing the operating system version.' return error - headers = { - 'Accept': 'application/json', - 'Content-Type': 'application/json' - } - - data = { - "os": os, - "package": packages, - "version": version - } - - try: - response = requests.post(url=url, headers=headers, json=data) - return response.json() - except requests.Timeout: - error['data']['error'] = 'Request to {0} timed out'.format(url) - return error - + vulners_api = vulners.Vulners(api_key=api_key) + return vulners_api.audit(str(os), str(version), packages) def _process_vulners(vulners): ''' From c04373e6af616cdb2ab10d4ba02186524855e284 Mon Sep 17 00:00:00 2001 From: Josh Santos Date: Fri, 10 Aug 2018 21:34:31 -0400 Subject: [PATCH 03/18] Add vulners dependency --- requirements.txt | 1 + 1 file changed, 1 insertion(+) create mode 100644 requirements.txt diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 000000000..fd114bd1e --- /dev/null +++ b/requirements.txt @@ -0,0 +1 @@ +vulners==1.3.0 From 21d05bac8d1599ad7f12caf7521fa97d74460a52 Mon Sep 17 00:00:00 2001 From: Josh Santos Date: Fri, 10 Aug 2018 21:34:43 -0400 Subject: [PATCH 04/18] Add preliminary development instructions --- README.rst | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/README.rst b/README.rst index 99559bc03..04bb3a6da 100644 --- a/README.rst +++ b/README.rst @@ -6,3 +6,15 @@ You can find the docs `here `_ You can file an issue `here `_ Follow us on `Twitter! `_ + +Development +=========== +Below are sample instructions to setup a dev environment: + +``` + virtualenv myvirtualenv + source myvirtualenv/bin/activate + pip install -r requirements.txt + sudo python setup.py develop + sudo hubble hubble.audit +``` From 41280ec470be175dbc7babef43cc17a661829a9f Mon Sep 17 00:00:00 2001 From: Joshua Santos Date: Fri, 10 Aug 2018 21:42:36 -0400 Subject: [PATCH 05/18] Update README.rst --- README.rst | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/README.rst b/README.rst index 04bb3a6da..0918df329 100644 --- a/README.rst +++ b/README.rst @@ -11,10 +11,8 @@ Development =========== Below are sample instructions to setup a dev environment: -``` - virtualenv myvirtualenv - source myvirtualenv/bin/activate - pip install -r requirements.txt - sudo python setup.py develop - sudo hubble hubble.audit -``` +1. virtualenv myvirtualenv +2. source myvirtualenv/bin/activate +3. pip install -r requirements.txt +4. sudo python setup.py develop +5. sudo hubble hubble.audit From b9bad0a78029690329f3fa8f5cf6a06452dffefa Mon Sep 17 00:00:00 2001 From: Colton Myers Date: Thu, 30 Aug 2018 10:14:02 -0600 Subject: [PATCH 06/18] Remove the pkill --- conf/beforeremove.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/conf/beforeremove.sh b/conf/beforeremove.sh index 7594f873f..c936fd90a 100644 --- a/conf/beforeremove.sh +++ b/conf/beforeremove.sh @@ -1,2 +1 @@ service hubble stop -pkill hubble From 0eff697edd6305367a9f2910cf0232ace0b33749 Mon Sep 17 00:00:00 2001 From: Josh Santos Date: Fri, 7 Sep 2018 23:15:41 -0400 Subject: [PATCH 07/18] Add salt-ssh to requirements.txt --- requirements.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/requirements.txt b/requirements.txt index fd114bd1e..dc12880c2 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1 +1,2 @@ +salt-ssh vulners==1.3.0 From deefc9fe36a3bd0450996f375dd141c421ceaf04 Mon Sep 17 00:00:00 2001 From: Josh Santos Date: Fri, 7 Sep 2018 23:36:20 -0400 Subject: [PATCH 08/18] Update pyinstaller-requirements.txt --- cp-pyinstaller.bash | 10 ++++++++++ .../pyinstaller-requirements.txt | 1 + pkg/centos6/pyinstaller-requirements.txt | 1 + pkg/centos7/pyinstaller-requirements.txt | 3 ++- pkg/coreos/pyinstaller-requirements.txt | 1 + pkg/debian7/pyinstaller-requirements.txt | 1 + pkg/debian8/pyinstaller-requirements.txt | 1 + pkg/debian9/pyinstaller-requirements.txt | 1 + .../pyinstaller-requirements.txt | 1 + pkg/dev/centos6/pyinstaller-requirements.txt | 1 + pkg/dev/centos7/pyinstaller-requirements.txt | 3 ++- pkg/dev/coreos/pyinstaller-requirements.txt | 1 + pkg/dev/debian7/pyinstaller-requirements.txt | 1 + pkg/dev/debian8/pyinstaller-requirements.txt | 1 + pkg/dev/debian9/pyinstaller-requirements.txt | 1 + pkg/windows/pyinstaller-requirements.txt | 1 + pyinstaller-requirements.txt | 19 +++++++++++++++++++ 17 files changed, 46 insertions(+), 2 deletions(-) create mode 100644 cp-pyinstaller.bash create mode 100644 pyinstaller-requirements.txt diff --git a/cp-pyinstaller.bash b/cp-pyinstaller.bash new file mode 100644 index 000000000..3190881c5 --- /dev/null +++ b/cp-pyinstaller.bash @@ -0,0 +1,10 @@ +#!/bin/bash +# NOTE: after running this script check the diff to fix any +# unintended changes + +directories=`find pkg -type d | egrep -v "source|scripts|pyinstaller*|dev$|pkg$"` + +for i in $directories; +do + cp -f pyinstaller-requirements.txt $i +done diff --git a/pkg/amazonlinux2016.09/pyinstaller-requirements.txt b/pkg/amazonlinux2016.09/pyinstaller-requirements.txt index a2784cc3d..d0e789d94 100644 --- a/pkg/amazonlinux2016.09/pyinstaller-requirements.txt +++ b/pkg/amazonlinux2016.09/pyinstaller-requirements.txt @@ -16,3 +16,4 @@ azure azure-storage-common azure-storage-blob croniter +vulners==1.3.0 diff --git a/pkg/centos6/pyinstaller-requirements.txt b/pkg/centos6/pyinstaller-requirements.txt index a2784cc3d..d0e789d94 100644 --- a/pkg/centos6/pyinstaller-requirements.txt +++ b/pkg/centos6/pyinstaller-requirements.txt @@ -16,3 +16,4 @@ azure azure-storage-common azure-storage-blob croniter +vulners==1.3.0 diff --git a/pkg/centos7/pyinstaller-requirements.txt b/pkg/centos7/pyinstaller-requirements.txt index ca536c746..d0e789d94 100644 --- a/pkg/centos7/pyinstaller-requirements.txt +++ b/pkg/centos7/pyinstaller-requirements.txt @@ -1,4 +1,4 @@ -pyinstaller==3.3.1 +pyinstaller==3.3.1 Crypto pyopenssl>=16.2.0 argparse @@ -16,3 +16,4 @@ azure azure-storage-common azure-storage-blob croniter +vulners==1.3.0 diff --git a/pkg/coreos/pyinstaller-requirements.txt b/pkg/coreos/pyinstaller-requirements.txt index a2784cc3d..d0e789d94 100644 --- a/pkg/coreos/pyinstaller-requirements.txt +++ b/pkg/coreos/pyinstaller-requirements.txt @@ -16,3 +16,4 @@ azure azure-storage-common azure-storage-blob croniter +vulners==1.3.0 diff --git a/pkg/debian7/pyinstaller-requirements.txt b/pkg/debian7/pyinstaller-requirements.txt index ea992b545..a7d93f2a1 100644 --- a/pkg/debian7/pyinstaller-requirements.txt +++ b/pkg/debian7/pyinstaller-requirements.txt @@ -17,3 +17,4 @@ azure azure-storage-common azure-storage-blob croniter +vulners==1.3.0 diff --git a/pkg/debian8/pyinstaller-requirements.txt b/pkg/debian8/pyinstaller-requirements.txt index a2784cc3d..d0e789d94 100644 --- a/pkg/debian8/pyinstaller-requirements.txt +++ b/pkg/debian8/pyinstaller-requirements.txt @@ -16,3 +16,4 @@ azure azure-storage-common azure-storage-blob croniter +vulners==1.3.0 diff --git a/pkg/debian9/pyinstaller-requirements.txt b/pkg/debian9/pyinstaller-requirements.txt index a2784cc3d..d0e789d94 100644 --- a/pkg/debian9/pyinstaller-requirements.txt +++ b/pkg/debian9/pyinstaller-requirements.txt @@ -16,3 +16,4 @@ azure azure-storage-common azure-storage-blob croniter +vulners==1.3.0 diff --git a/pkg/dev/amazonlinux2016.09/pyinstaller-requirements.txt b/pkg/dev/amazonlinux2016.09/pyinstaller-requirements.txt index a2784cc3d..d0e789d94 100644 --- a/pkg/dev/amazonlinux2016.09/pyinstaller-requirements.txt +++ b/pkg/dev/amazonlinux2016.09/pyinstaller-requirements.txt @@ -16,3 +16,4 @@ azure azure-storage-common azure-storage-blob croniter +vulners==1.3.0 diff --git a/pkg/dev/centos6/pyinstaller-requirements.txt b/pkg/dev/centos6/pyinstaller-requirements.txt index a2784cc3d..d0e789d94 100644 --- a/pkg/dev/centos6/pyinstaller-requirements.txt +++ b/pkg/dev/centos6/pyinstaller-requirements.txt @@ -16,3 +16,4 @@ azure azure-storage-common azure-storage-blob croniter +vulners==1.3.0 diff --git a/pkg/dev/centos7/pyinstaller-requirements.txt b/pkg/dev/centos7/pyinstaller-requirements.txt index ca536c746..d0e789d94 100644 --- a/pkg/dev/centos7/pyinstaller-requirements.txt +++ b/pkg/dev/centos7/pyinstaller-requirements.txt @@ -1,4 +1,4 @@ -pyinstaller==3.3.1 +pyinstaller==3.3.1 Crypto pyopenssl>=16.2.0 argparse @@ -16,3 +16,4 @@ azure azure-storage-common azure-storage-blob croniter +vulners==1.3.0 diff --git a/pkg/dev/coreos/pyinstaller-requirements.txt b/pkg/dev/coreos/pyinstaller-requirements.txt index a2784cc3d..d0e789d94 100644 --- a/pkg/dev/coreos/pyinstaller-requirements.txt +++ b/pkg/dev/coreos/pyinstaller-requirements.txt @@ -16,3 +16,4 @@ azure azure-storage-common azure-storage-blob croniter +vulners==1.3.0 diff --git a/pkg/dev/debian7/pyinstaller-requirements.txt b/pkg/dev/debian7/pyinstaller-requirements.txt index ea992b545..a7d93f2a1 100644 --- a/pkg/dev/debian7/pyinstaller-requirements.txt +++ b/pkg/dev/debian7/pyinstaller-requirements.txt @@ -17,3 +17,4 @@ azure azure-storage-common azure-storage-blob croniter +vulners==1.3.0 diff --git a/pkg/dev/debian8/pyinstaller-requirements.txt b/pkg/dev/debian8/pyinstaller-requirements.txt index a2784cc3d..d0e789d94 100644 --- a/pkg/dev/debian8/pyinstaller-requirements.txt +++ b/pkg/dev/debian8/pyinstaller-requirements.txt @@ -16,3 +16,4 @@ azure azure-storage-common azure-storage-blob croniter +vulners==1.3.0 diff --git a/pkg/dev/debian9/pyinstaller-requirements.txt b/pkg/dev/debian9/pyinstaller-requirements.txt index a2784cc3d..d0e789d94 100644 --- a/pkg/dev/debian9/pyinstaller-requirements.txt +++ b/pkg/dev/debian9/pyinstaller-requirements.txt @@ -16,3 +16,4 @@ azure azure-storage-common azure-storage-blob croniter +vulners==1.3.0 diff --git a/pkg/windows/pyinstaller-requirements.txt b/pkg/windows/pyinstaller-requirements.txt index 9aae8ffb2..20a079098 100644 --- a/pkg/windows/pyinstaller-requirements.txt +++ b/pkg/windows/pyinstaller-requirements.txt @@ -14,3 +14,4 @@ azure azure-storage-common azure-storage-blob croniter +vulners==1.3.0 diff --git a/pyinstaller-requirements.txt b/pyinstaller-requirements.txt new file mode 100644 index 000000000..d0e789d94 --- /dev/null +++ b/pyinstaller-requirements.txt @@ -0,0 +1,19 @@ +pyinstaller==3.3.1 +Crypto +pyopenssl>=16.2.0 +argparse +requests>=2.13.0 +pprint +daemon +boto3 +botocore +pygit2<0.27.0 +salt-ssh +gitpython +pyinotify +cffi +azure +azure-storage-common +azure-storage-blob +croniter +vulners==1.3.0 From 5d9df5508188653995abbb66f1a276f386720647 Mon Sep 17 00:00:00 2001 From: Josh Santos Date: Fri, 7 Sep 2018 23:38:28 -0400 Subject: [PATCH 09/18] Add vulners to setup.py --- setup.py | 1 + 1 file changed, 1 insertion(+) diff --git a/setup.py b/setup.py index 2b14b2deb..1731f5d2f 100644 --- a/setup.py +++ b/setup.py @@ -46,6 +46,7 @@ 'croniter', 'gitpython', 'pyinotify', + 'vulners == 1.3.0' ], data_files=data_files, options={ From b1b7bb8332175ab42d61dc5cc1ed2d8758346cea Mon Sep 17 00:00:00 2001 From: Yashvinder Singh Date: Tue, 11 Sep 2018 14:56:46 +0530 Subject: [PATCH 10/18] Update misc.py --- hubblestack/files/hubblestack_nova/misc.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hubblestack/files/hubblestack_nova/misc.py b/hubblestack/files/hubblestack_nova/misc.py index e174c923a..ec70140b1 100644 --- a/hubblestack/files/hubblestack_nova/misc.py +++ b/hubblestack/files/hubblestack_nova/misc.py @@ -494,6 +494,9 @@ def check_directory_files_permission(path, permission): ''' Check all files permission inside a directory ''' + blacklisted_characters = '[^a-zA-Z0-9-_/]' + if re.findall(blacklisted_characters, path): + raise CommandExecutionError("Profile parameter '{0}' not a safe pattern".format(path)) files_list = _execute_shell_command("find {0} -type f".format(path)).strip() files_list = files_list.split('\n') if files_list != "" else [] bad_permission_files = [] From 46fe36fd0096c130414f2cd904ff40c0d75a71d9 Mon Sep 17 00:00:00 2001 From: Yashvinder Singh Date: Tue, 11 Sep 2018 15:02:53 +0530 Subject: [PATCH 11/18] Update daemon.py --- hubblestack/daemon.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/hubblestack/daemon.py b/hubblestack/daemon.py index 6d87a2b06..41ed1a925 100644 --- a/hubblestack/daemon.py +++ b/hubblestack/daemon.py @@ -169,8 +169,8 @@ def getsecondsbycronexpression(base, cron_exp): this function will return the seconds according to the cron expression provided in the hubble config ''' - iter = croniter(cron_exp, base) - next_datetime = iter.get_next(datetime) + cron_iter = croniter(cron_exp, base) + next_datetime = cron_iter.get_next(datetime) epoch_base_datetime = time.mktime(base.timetuple()) epoch_datetime = time.mktime(next_datetime.timetuple()) seconds = int(epoch_datetime) - int(epoch_base_datetime) @@ -197,8 +197,8 @@ def getlastrunbybuckets(buckets, seconds): buckets = int(buckets) if int(buckets)!=0 else 256 host_ip = socket.gethostbyname(socket.gethostname()) ips = host_ip.split('.') - sum = (int(ips[0])*256*256*256)+(int(ips[1])*256*256)+(int(ips[2])*256)+int(ips[3]) - bucket = sum%buckets + bucket_sum = (int(ips[0])*256*256*256)+(int(ips[1])*256*256)+(int(ips[2])*256)+int(ips[3]) + bucket = bucket_sum%buckets log.debug('bucket number is {0} out of {1}'.format(bucket, buckets)) current_time = time.time() base_time = seconds*(math.floor(current_time/seconds)) From 3de842593a7192b64a482bbdb0b84df6e9b16935 Mon Sep 17 00:00:00 2001 From: Yashvinder Singh Date: Wed, 12 Sep 2018 14:22:38 +0530 Subject: [PATCH 12/18] Update daemon.py --- hubblestack/daemon.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/hubblestack/daemon.py b/hubblestack/daemon.py index 41ed1a925..63dc825c5 100644 --- a/hubblestack/daemon.py +++ b/hubblestack/daemon.py @@ -294,6 +294,7 @@ def schedule(): else: seconds = int(jobdata['seconds']) splay = int(jobdata.get('splay', 0)) + min_splay = int(jobdata.get('min_splay', 0)) except ValueError: log.error('Scheduled job {0} has an invalid value for seconds or ' 'splay.'.format(jobname)) @@ -317,7 +318,7 @@ def schedule(): if splay: # Run `splay` seconds in the future, by telling the scheduler we last ran it # `seconds - splay` seconds ago. - jobdata['last_run'] = time.time() - (seconds - random.randint(0, splay)) + jobdata['last_run'] = time.time() - (seconds - random.randint(min_splay, splay)) else: # Run now run = True @@ -326,7 +327,7 @@ def schedule(): if splay: # Run `seconds + splay` seconds in the future by telling the scheduler we last # ran it at now + `splay` seconds. - jobdata['last_run'] = time.time() + random.randint(0, splay) + jobdata['last_run'] = time.time() + random.randint(min_splay, splay) elif 'buckets' in jobdata: # Place the host in a bucket and fix the execution time. jobdata['last_run'] = getlastrunbybuckets(jobdata['buckets'], seconds) From 5cb8341e66adf8d51cb4263b4cdc6d4d38b3a9b6 Mon Sep 17 00:00:00 2001 From: Yashvinder Singh Date: Wed, 12 Sep 2018 18:24:15 +0530 Subject: [PATCH 13/18] Update daemon.py --- hubblestack/daemon.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/hubblestack/daemon.py b/hubblestack/daemon.py index 63dc825c5..e9a16ebce 100644 --- a/hubblestack/daemon.py +++ b/hubblestack/daemon.py @@ -228,6 +228,7 @@ def schedule(): function: hubble.audit seconds: 3600 splay: 100 + min_splay: 50 args: - cis.centos-7-level-1-scored-v2-1-0 kwargs: @@ -236,7 +237,7 @@ def schedule(): returner: splunk_nova_return run_on_start: True - Note that ``args``, ``kwargs``, and ``splay`` are all optional. However, a + Note that ``args``, ``kwargs``,``min_splay`` and ``splay`` are all optional. However, a scheduled job must always have a ``function`` and a time in ``seconds`` of how often to run the job. @@ -251,11 +252,16 @@ def schedule(): Frequency with which the job should be run, in seconds splay - Randomized splay for the job, in seconds. A random number between 0 and + Randomized splay for the job, in seconds. A random number between and will be chosen and added to the ``seconds`` argument, to decide the true frequency. The splay will be chosen on first run, and will only change when the daemon is restarted. Optional. + min_splay + This parameters works in conjunction with . If a is provided, and random + between and is chosen. If is not provided, it + defaults to zero. Optional. + args List of arguments for the function. Optional. From 6a666baa8cdb3ac717febff3992fe68e4ac598dc Mon Sep 17 00:00:00 2001 From: Yashvinder Singh Date: Wed, 12 Sep 2018 18:27:45 +0530 Subject: [PATCH 14/18] Update hubble --- conf/hubble | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/conf/hubble b/conf/hubble index 99cdd7e9b..8deb6ab69 100644 --- a/conf/hubble +++ b/conf/hubble @@ -41,7 +41,8 @@ fileserver_backend: # audit_daily: # function: hubble.audit # seconds: 86400 -# splay: 3600 +# min_splay: 1800 # due to this min_splay, audit will run 30 to 60 minutes +# splay: 3600 # after hubble service starts # kwargs: # verbose: True # returner: splunk_nova_return From 57a5faaebf2e916cf383842afa6367b70697c52e Mon Sep 17 00:00:00 2001 From: Yashvinder Singh Date: Wed, 12 Sep 2018 18:40:56 +0530 Subject: [PATCH 15/18] Update misc.py --- hubblestack/files/hubblestack_nova/misc.py | 1 + 1 file changed, 1 insertion(+) diff --git a/hubblestack/files/hubblestack_nova/misc.py b/hubblestack/files/hubblestack_nova/misc.py index ec70140b1..f16c5c414 100644 --- a/hubblestack/files/hubblestack_nova/misc.py +++ b/hubblestack/files/hubblestack_nova/misc.py @@ -46,6 +46,7 @@ import re import salt.utils from salt.ext import six +from salt.exceptions import CommandExecutionError from collections import Counter log = logging.getLogger(__name__) From 345d3d41d02393474ea700ef607829c6994a6fcd Mon Sep 17 00:00:00 2001 From: Yashvinder Singh Date: Thu, 13 Sep 2018 18:05:13 +0530 Subject: [PATCH 16/18] Update misc.py --- hubblestack/files/hubblestack_nova/misc.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hubblestack/files/hubblestack_nova/misc.py b/hubblestack/files/hubblestack_nova/misc.py index f16c5c414..439603a2d 100644 --- a/hubblestack/files/hubblestack_nova/misc.py +++ b/hubblestack/files/hubblestack_nova/misc.py @@ -496,7 +496,7 @@ def check_directory_files_permission(path, permission): Check all files permission inside a directory ''' blacklisted_characters = '[^a-zA-Z0-9-_/]' - if re.findall(blacklisted_characters, path): + if "-exec" in path or re.findall(blacklisted_characters, path): raise CommandExecutionError("Profile parameter '{0}' not a safe pattern".format(path)) files_list = _execute_shell_command("find {0} -type f".format(path)).strip() files_list = files_list.split('\n') if files_list != "" else [] From 685e8d17052f3360a4cbb9cc9915039959f91a20 Mon Sep 17 00:00:00 2001 From: Paul Miller Date: Thu, 13 Sep 2018 11:20:39 -0400 Subject: [PATCH 17/18] I sometimes desire to change the console log format. It makes sense to not allow this for the central logging, but I can't see the harm in altering the console logging. --- hubblestack/daemon.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/hubblestack/daemon.py b/hubblestack/daemon.py index 6d87a2b06..6647402e3 100644 --- a/hubblestack/daemon.py +++ b/hubblestack/daemon.py @@ -549,8 +549,15 @@ def load_config(): ]) __opts__['disable_modules'] = disable_modules + # Console logging is probably the same, but can be different + console_logging_opts = { + 'log_level': __opts__.get('console_log_level', __opts__['log_level']), + 'log_format': __opts__.get('console_log_format'), + 'date_format': __opts__.get('console_log_date_format'), + } + # Setup logging - salt.log.setup.setup_console_logger(__opts__['log_level']) + salt.log.setup.setup_console_logger(**console_logging_opts) salt.log.setup.setup_logfile_logger(__opts__['log_file'], __opts__['log_level'], max_bytes=__opts__.get('logfile_maxbytes', 100000000), From ff8445dbfb073b979b0ebac268d6c45517c3ad5b Mon Sep 17 00:00:00 2001 From: Colton Myers Date: Tue, 18 Sep 2018 10:38:00 -0600 Subject: [PATCH 18/18] Rev to v2.4.4 --- doc/conf.py | 4 ++-- hubblestack/__init__.py | 2 +- pkg/amazonlinux2016.09/Dockerfile | 4 ++-- pkg/centos6/Dockerfile | 4 ++-- pkg/centos7/Dockerfile | 4 ++-- pkg/coreos/Dockerfile | 4 ++-- pkg/debian7/Dockerfile | 4 ++-- pkg/debian8/Dockerfile | 4 ++-- pkg/debian9/Dockerfile | 4 ++-- pkg/dev/amazonlinux2016.09/Dockerfile | 2 +- pkg/dev/centos6/Dockerfile | 2 +- pkg/dev/centos7/Dockerfile | 2 +- pkg/dev/coreos/Dockerfile | 2 +- pkg/dev/debian7/Dockerfile | 2 +- pkg/dev/debian8/Dockerfile | 2 +- pkg/dev/debian9/Dockerfile | 2 +- 16 files changed, 24 insertions(+), 24 deletions(-) diff --git a/doc/conf.py b/doc/conf.py index a4315bb20..e19990c26 100644 --- a/doc/conf.py +++ b/doc/conf.py @@ -59,9 +59,9 @@ # built documents. # # The short X.Y version. -version = u'2.4.3' +version = u'2.4.4' # The full version, including alpha/beta/rc tags. -release = u'2.4.3-1' +release = u'2.4.4-1' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. diff --git a/hubblestack/__init__.py b/hubblestack/__init__.py index 9a0e3da65..0d6ef5fbd 100644 --- a/hubblestack/__init__.py +++ b/hubblestack/__init__.py @@ -1 +1 @@ -__version__ = '2.4.3' +__version__ = '2.4.4' diff --git a/pkg/amazonlinux2016.09/Dockerfile b/pkg/amazonlinux2016.09/Dockerfile index 72e60c3df..a27444431 100644 --- a/pkg/amazonlinux2016.09/Dockerfile +++ b/pkg/amazonlinux2016.09/Dockerfile @@ -125,8 +125,8 @@ RUN yum install -y ruby ruby-devel rpmbuild rpm-build rubygems gcc make \ #pyinstaller start #commands specified for ENTRYPOINT and CMD are executed when the container is run, not when the image is built #use the following variables to choose the version of hubble -ENV HUBBLE_CHECKOUT=v2.4.3 -ENV HUBBLE_VERSION=2.4.3 +ENV HUBBLE_CHECKOUT=v2.4.4 +ENV HUBBLE_VERSION=2.4.4 ENV HUBBLE_ITERATION=1 ENV HUBBLE_GIT_URL=https://github.com/hubblestack/hubble.git ENV HUBBLE_SRC_PATH=/hubble_src diff --git a/pkg/centos6/Dockerfile b/pkg/centos6/Dockerfile index 355178532..292f1cd36 100644 --- a/pkg/centos6/Dockerfile +++ b/pkg/centos6/Dockerfile @@ -127,8 +127,8 @@ RUN yum install -y rpmbuild rpm-build gcc make rh-ruby23 rh-ruby23-ruby-devel \ #pyinstaller start #commands specified for ENTRYPOINT and CMD are executed when the container is run, not when the image is built #use the following variables to choose the version of hubble -ENV HUBBLE_CHECKOUT=v2.4.3 -ENV HUBBLE_VERSION=2.4.3 +ENV HUBBLE_CHECKOUT=v2.4.4 +ENV HUBBLE_VERSION=2.4.4 ENV HUBBLE_ITERATION=1 ENV HUBBLE_GIT_URL=https://github.com/hubblestack/hubble.git ENV HUBBLE_SRC_PATH=/hubble_src diff --git a/pkg/centos7/Dockerfile b/pkg/centos7/Dockerfile index ab3c5296b..a9a3f66c3 100644 --- a/pkg/centos7/Dockerfile +++ b/pkg/centos7/Dockerfile @@ -124,8 +124,8 @@ RUN yum install -y ruby ruby-devel rpmbuild rpm-build rubygems gcc make \ #pyinstaller start #commands specified for ENTRYPOINT and CMD are executed when the container is run, not when the image is built #use the following variables to choose the version of hubble -ENV HUBBLE_CHECKOUT=v2.4.3 -ENV HUBBLE_VERSION=2.4.3 +ENV HUBBLE_CHECKOUT=v2.4.4 +ENV HUBBLE_VERSION=2.4.4 ENV HUBBLE_ITERATION=1 ENV HUBBLE_GIT_URL=https://github.com/hubblestack/hubble.git ENV HUBBLE_SRC_PATH=/hubble_src diff --git a/pkg/coreos/Dockerfile b/pkg/coreos/Dockerfile index 1cdf17a4a..807133761 100644 --- a/pkg/coreos/Dockerfile +++ b/pkg/coreos/Dockerfile @@ -136,9 +136,9 @@ RUN pip -v install -r pyinstaller-requirements.txt #pyinstaller start #commands specified for ENTRYPOINT and CMD are executed when the container is run, not when the image is built #use the following variables to choose the version of hubble -ENV HUBBLE_CHECKOUT=v2.4.3 +ENV HUBBLE_CHECKOUT=v2.4.4 ENV HUBBLE_GIT_URL=https://github.com/hubblestack/hubble.git -ENV HUBBLE_VERSION=2.4.3 +ENV HUBBLE_VERSION=2.4.4 ENV HUBBLE_ITERATION=1 ENV HUBBLE_SRC_PATH=/hubble_src ENV _HOOK_DIR="./pkg/" diff --git a/pkg/debian7/Dockerfile b/pkg/debian7/Dockerfile index cd6bf225e..5941b4a96 100644 --- a/pkg/debian7/Dockerfile +++ b/pkg/debian7/Dockerfile @@ -163,9 +163,9 @@ RUN apt-get install -y ruby ruby-dev rubygems gcc make \ #pyinstaller start #commands specified for ENTRYPOINT and CMD are executed when the container is run, not when the image is built #use the following variables to choose the version of hubble -ENV HUBBLE_CHECKOUT=v2.4.3 +ENV HUBBLE_CHECKOUT=v2.4.4 ENV HUBBLE_GIT_URL=https://github.com/hubblestack/hubble.git -ENV HUBBLE_VERSION=2.4.3 +ENV HUBBLE_VERSION=2.4.4 ENV HUBBLE_ITERATION=1 ENV HUBBLE_SRC_PATH=/hubble_src ENV _HOOK_DIR="./pkg/" diff --git a/pkg/debian8/Dockerfile b/pkg/debian8/Dockerfile index c51a75408..463b59265 100644 --- a/pkg/debian8/Dockerfile +++ b/pkg/debian8/Dockerfile @@ -145,9 +145,9 @@ RUN apt-get install -y ruby ruby-dev rubygems gcc make \ #pyinstaller start #commands specified for ENTRYPOINT and CMD are executed when the container is run, not when the image is built #use the following variables to choose the version of hubble -ENV HUBBLE_CHECKOUT=v2.4.3 +ENV HUBBLE_CHECKOUT=v2.4.4 ENV HUBBLE_GIT_URL=https://github.com/hubblestack/hubble.git -ENV HUBBLE_VERSION=2.4.3 +ENV HUBBLE_VERSION=2.4.4 ENV HUBBLE_ITERATION=1 ENV HUBBLE_SRC_PATH=/hubble_src ENV _HOOK_DIR="./pkg/" diff --git a/pkg/debian9/Dockerfile b/pkg/debian9/Dockerfile index 0e8192d5e..beb27c25f 100644 --- a/pkg/debian9/Dockerfile +++ b/pkg/debian9/Dockerfile @@ -140,9 +140,9 @@ RUN apt-get install -y ruby ruby-dev rubygems gcc make \ #pyinstaller start #commands specified for ENTRYPOINT and CMD are executed when the container is run, not when the image is built #use the following variables to choose the version of hubble -ENV HUBBLE_CHECKOUT=v2.4.3 +ENV HUBBLE_CHECKOUT=v2.4.4 ENV HUBBLE_GIT_URL=https://github.com/hubblestack/hubble.git -ENV HUBBLE_VERSION=2.4.3 +ENV HUBBLE_VERSION=2.4.4 ENV HUBBLE_ITERATION=1 ENV HUBBLE_SRC_PATH=/hubble_src ENV _HOOK_DIR="./pkg/" diff --git a/pkg/dev/amazonlinux2016.09/Dockerfile b/pkg/dev/amazonlinux2016.09/Dockerfile index f417a6f76..487998834 100644 --- a/pkg/dev/amazonlinux2016.09/Dockerfile +++ b/pkg/dev/amazonlinux2016.09/Dockerfile @@ -128,7 +128,7 @@ RUN yum install -y ruby ruby-devel rpmbuild rpm-build rubygems gcc make \ #use the following variables to choose the version of hubble ARG HUBBLE_CHECKOUT=develop ARG HUBBLE_GIT_URL=https://github.com/hubblestack/hubble.git -ENV HUBBLE_VERSION=2.4.3_develop +ENV HUBBLE_VERSION=2.4.4_develop ENV HUBBLE_ITERATION=1 ENV HUBBLE_SRC_PATH=/hubble_src ENV _HOOK_DIR="./pkg/" diff --git a/pkg/dev/centos6/Dockerfile b/pkg/dev/centos6/Dockerfile index 9b5e1e920..6c58382d3 100644 --- a/pkg/dev/centos6/Dockerfile +++ b/pkg/dev/centos6/Dockerfile @@ -130,7 +130,7 @@ RUN yum install -y rpmbuild rpm-build gcc make rh-ruby23 rh-ruby23-ruby-devel \ #use the following variables to choose the version of hubble ARG HUBBLE_CHECKOUT=develop ARG HUBBLE_GIT_URL=https://github.com/hubblestack/hubble.git -ENV HUBBLE_VERSION=2.4.3_develop +ENV HUBBLE_VERSION=2.4.4_develop ENV HUBBLE_ITERATION=1 ENV HUBBLE_SRC_PATH=/hubble_src ENV _HOOK_DIR="./pkg/" diff --git a/pkg/dev/centos7/Dockerfile b/pkg/dev/centos7/Dockerfile index 7e1879b6d..04d67226a 100644 --- a/pkg/dev/centos7/Dockerfile +++ b/pkg/dev/centos7/Dockerfile @@ -127,7 +127,7 @@ RUN yum install -y ruby ruby-devel rpmbuild rpm-build rubygems gcc make \ #use the following variables to choose the version of hubble ARG HUBBLE_CHECKOUT=develop ARG HUBBLE_GIT_URL=https://github.com/hubblestack/hubble.git -ENV HUBBLE_VERSION=2.4.3_develop +ENV HUBBLE_VERSION=2.4.4_develop ENV HUBBLE_ITERATION=1 ENV HUBBLE_SRC_PATH=/hubble_src ENV _HOOK_DIR="./pkg/" diff --git a/pkg/dev/coreos/Dockerfile b/pkg/dev/coreos/Dockerfile index af982847c..1e9852548 100644 --- a/pkg/dev/coreos/Dockerfile +++ b/pkg/dev/coreos/Dockerfile @@ -139,7 +139,7 @@ RUN pip -v install -r pyinstaller-requirements.txt #use the following variables to choose the version of hubble ARG HUBBLE_CHECKOUT=develop ARG HUBBLE_GIT_URL=https://github.com/hubblestack/hubble.git -ENV HUBBLE_VERSION=2.4.3_develop +ENV HUBBLE_VERSION=2.4.4_develop ENV HUBBLE_ITERATION=1 ENV HUBBLE_SRC_PATH=/hubble_src ENV _HOOK_DIR="./pkg/" diff --git a/pkg/dev/debian7/Dockerfile b/pkg/dev/debian7/Dockerfile index 1fc159bce..290b2e2c2 100644 --- a/pkg/dev/debian7/Dockerfile +++ b/pkg/dev/debian7/Dockerfile @@ -166,7 +166,7 @@ RUN apt-get install -y ruby ruby-dev rubygems gcc make \ #use the following variables to choose the version of hubble ARG HUBBLE_CHECKOUT=develop ARG HUBBLE_GIT_URL=https://github.com/hubblestack/hubble.git -ENV HUBBLE_VERSION=2.4.3_develop +ENV HUBBLE_VERSION=2.4.4_develop ENV HUBBLE_ITERATION=1 ENV HUBBLE_SRC_PATH=/hubble_src ENV _HOOK_DIR="./pkg/" diff --git a/pkg/dev/debian8/Dockerfile b/pkg/dev/debian8/Dockerfile index b332c76ff..63d947395 100644 --- a/pkg/dev/debian8/Dockerfile +++ b/pkg/dev/debian8/Dockerfile @@ -148,7 +148,7 @@ RUN apt-get install -y ruby ruby-dev rubygems gcc make \ #use the following variables to choose the version of hubble ARG HUBBLE_CHECKOUT=develop ARG HUBBLE_GIT_URL=https://github.com/hubblestack/hubble.git -ENV HUBBLE_VERSION=2.4.3_develop +ENV HUBBLE_VERSION=2.4.4_develop ENV HUBBLE_ITERATION=1 ENV HUBBLE_SRC_PATH=/hubble_src ENV _HOOK_DIR="./pkg/" diff --git a/pkg/dev/debian9/Dockerfile b/pkg/dev/debian9/Dockerfile index 4698ba6fe..47f2cd1a5 100644 --- a/pkg/dev/debian9/Dockerfile +++ b/pkg/dev/debian9/Dockerfile @@ -143,7 +143,7 @@ RUN apt-get install -y ruby ruby-dev rubygems gcc make \ #use the following variables to choose the version of hubble ARG HUBBLE_CHECKOUT=develop ARG HUBBLE_GIT_URL=https://github.com/hubblestack/hubble.git -ENV HUBBLE_VERSION=2.4.3_develop +ENV HUBBLE_VERSION=2.4.4_develop ENV HUBBLE_ITERATION=1 ENV HUBBLE_SRC_PATH=/hubble_src ENV _HOOK_DIR="./pkg/"