| Port details on branch 2024Q2 |
- caldera Automated Adversary Emulation Platform
- 5.0.0_7 security
 =0       5.0.0_7Version of this port present on the latest quarterly branch. - Maintainer: acm@FreeBSD.org
- Port Added: 2024-04-15 08:39:30
- Last Update: 2024-06-15 09:57:50
- Commit Hash: aa2919f
- Also Listed In: python
- License: APACHE20
- WWW:
- https://github.com/mitre/caldera
- Description:
- CALDERA a cyber security platform designed to easily automate adversary
emulation, assist manual red-teams, and automate incident response.
It is built on the MITRE ATT&CK framework and is an active research project
at MITRE.
The framework consists of two components:
- The core system. This is the framework code, consisting of what is available
in this repository. Included is an asynchronous command-and-control (C2)
server with a REST API and a web interface.
- Plugins. These repositories expand the core framework capabilities and
providing additional functionality. Examples include agents, reporting,
collections of TTPs and more.
  ¦  ¦  ¦  ¦ 
- Manual pages:
- FreshPorts has no man page information for this port.
- pkg-plist: as obtained via:
make generate-plist - USE_RC_SUBR (Service Scripts)
- no SUBR information found for this port
- Dependency lines:
-
- caldera>0:security/caldera
- Conflicts:
- CONFLICTS:
- To install the port:
- cd /usr/ports/security/caldera/ && make install clean
- To add the package, run one of these commands:
- pkg install security/caldera
- pkg install caldera
NOTE: If this package has multiple flavors (see below), then use one of them instead of the name specified above.- PKGNAME: caldera
- Flavors: there is no flavor information for this port.
- distinfo:
- TIMESTAMP = 1708127632
SHA256 (caldera-cache-5.0.0.tar.gz) = c0f160ec5431b0096a9ce8e2adde062de97be96e66e9e8756b4646e4d8c2a9a9
SIZE (caldera-cache-5.0.0.tar.gz) = 41756498
Packages (timestamps in pop-ups are UTC):
- Dependencies
- NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.
- Build dependencies:
-
- npm-node18>0 : www/npm-node18
- go121 : lang/go121
- node : www/node18
- python3.9 : lang/python39
- Test dependencies:
-
- python3.9 : lang/python39
- Runtime dependencies:
-
- py39-aiohttp>0 : www/py-aiohttp@py39
- py39-aiohttp-jinja2>0 : www/py-aiohttp-jinja2@py39
- py39-aiohttp-session>0 : www/py-aiohttp-session@py39
- py39-aiohttp-security>0 : security/py-aiohttp-security@py39
- py39-aiohttp-apispec>0 : devel/py-aiohttp-apispec@py39
- py39-Jinja2>0 : devel/py-Jinja2@py39
- py39-yaml>0 : devel/py-yaml@py39
- py39-websockets>0 : devel/py-websockets@py39
- py39-sphinx>0 : textproc/py-sphinx@py39
- py39-docutils>0 : textproc/py-docutils@py39
- py39-sphinx_rtd_theme>0 : textproc/py-sphinx_rtd_theme@py39
- py39-myst-parser>0 : textproc/py-myst-parser@py39
- py39-marshmallow>0 : devel/py-marshmallow@py39
- py39-dirhash>0 : security/py-dirhash@py39
- py39-docker>0 : sysutils/py-docker@py39
- py39-donut-shellcode>0 : devel/py-donut-shellcode@py39
- py39-marshmallow-enum>0 : devel/py-marshmallow-enum@py39
- py39-ldap3>0 : net/py-ldap3@py39
- py39-lxml>0 : devel/py-lxml@py39
- py39-reportlab>0 : print/py-reportlab@py39
- py39-svglib>0 : converters/py-svglib@py39
- py39-markdown>0 : textproc/py-markdown@py39
- py39-dnspython>0 : dns/py-dnspython@py39
- py39-asyncssh>0 : security/py-asyncssh@py39
- py39-aioftp>0 : ftp/py-aioftp@py39
- py39-packaging>0 : devel/py-packaging@py39
- py39-pyautogui>0 : x11/py-pyautogui@py39
- py39-selenium>0 : www/py-selenium@py39
- py39-webdriver_manager>0 : www/py-webdriver_manager@py39
- py39-beautifulsoup>0 : www/py-beautifulsoup@py39
- py39-networkx>0 : math/py-networkx@py39
- py39-numpy>0 : math/py-numpy@py39
- upx>0 : archivers/upx
- base64>0 : converters/base64
- git>0 : devel/git
- bash>0 : shells/bash
- haproxy24>0 : net/haproxy24
- go121 : lang/go121
- py39-cryptography>=42.0.5,1 : security/py-cryptography@py39
- python3.9 : lang/python39
- There are no ports dependent upon this port
Configuration Options:- ===> The following configuration options are available for caldera-5.0.0_7:
HAPROXY=on: Support for HTTPS
===> Use 'make config' to modify these settings
- Options name:
- security_caldera
- USES:
- dos2unix go:run nodejs:18,build python
- pkg-message:
- For install:
- Caldera 5 port was installed
1) Take on mind it is a modifying version of Caldera for include FreeBSD as
supported OS and you could found some issues. Problem reports are welcome.
2) Add the following lines to /etc/rc.conf
# sysrc caldera_enable="YES"
or enable it from service command
# service caldera enable
3) Before of start Caldera you must run some scripts for generate/update payload
files
# su -m caldera -c 'cd /usr/local/www/caldera/plugins/manx && \
setenv GOCACHE /tmp/caldera/.cache; setenv GOMODCACHE /tmp/caldera/.vendor; \
sh update-shells.sh'
# su -m caldera -c 'cd /usr/local/www/caldera/plugins/sandcat && \
setenv GOCACHE /tmp/caldera/.cache; setenv GOMODCACHE /tmp/caldera/.vendor; \
sh update-agents.sh'
4) Do not forget modify configuration files before of run Caldera. For default
it runs in insecure mode (http). Caldera configuration files are located at
/usr/local/www/caldera/conf
5) You can change default user passwords modifying default.yml file into
/usr/local/www/caldera/conf folder. By default Caldera uses admin/admin,
blue/admin or red/admin like user/password.
# sed -i "" -e "s|admin: admin|admin: `openssl rand -base64 32`|g" default.yml
# sed -i "" -e "s|blue: admin|blue: `openssl rand -base64 32`|g" default.yml
# sed -i "" -e "s|red: admin|red: `openssl rand -base64 32`|g" default.yml
6) If you want run it in secure mode (https) take a look in ssl plugin section:
https://caldera.readthedocs.io/en/latest/Plugin-library.html#ssl
You will need add an empty caldera_flags to /etc/rc.conf for enable it
# sysrc caldera_flags=
7) Start Caldera service
# service caldera start
8) When Caldera is starting, atomic plugin will use git to download files from
the following link:
https://github.com/redcanaryco/atomic-red-team
Currently, the project does not include FreeBSD like a supported platform.
For this reason, Atomic plugin was patched for download atomic-red-team
files from the following repository until my pull request will be merge into
redcanaryco/atomic-red-team:
https://github.com/alonsobsd/atomic-red-team
Those files are necessary for generate yml files used by Caldera abilities
9) Caldera web listens on port localhost:8888 by default
http://localhost:8888
If you want to MITRE Caldera works wth non-localhost settings, you can do the
following:
# sed -i "" -e 's|http://localhost|http://ip_or_hostname_here|g' /usr/local/www/caldera/plugins/magma/dist/index*.js
If you are using ssl plugin:
# sed -i "" -e 's|http://localhost:8888|https://ip_or_hostname_here:8443|g' /usr/local/www/caldera/plugins/magma/dist/assets/index*.js
Take on mind port number must be changed depending of your settings
I prefer change the ip/hostname:port of this way because it is more quick
instead of re-build plugins/magma each time we define/change VITE_CALDERA_URL
into .env file. Also it drop dependency of node_modules files and nodejs app.
10) Log file is located at /var/log/caldera.log
11) For more configure information you can look at the following link:
https://caldera.readthedocs.io/en/latest/
12) Enjoy it
- Master Sites:
|
As an Amazon Associate I earn from qualifying purchases.
