Merge pull request #17 from aau-network-security/develop

Release v1.1.0

config/config.example.yml

@@ -4,20 +4,18 @@ grpcPort: 8081
 proxyPort: 8082
 
 
-auth-key: test-auth-key
-sign-key: test-sign-key
+auth-key: agent-auth-key
+sign-key: agent-sign-key
 max-workers: 5
-guac-ssl: false
-jwtSecret: test
 file-transfer-root: /path/to/desired/filetransfer/root
 ova-dir: /path/to/desired/ova/directory
 state-path: /path/to/desired/state/directory
 
 vpn-service:
   endpoint: vpn.localhost
   port: 5353
-  auth-key: dev-auth-key
-  sign-key: dev-sign-key
+  auth-key: vpn-service-auth-key
+  sign-key: vpn-service-sign-key
   wg-conf-dir: /etc/wireguard
   tls-enabled: false
 

createRelease.sh

@@ -0,0 +1,60 @@
+#!/bin/bash
+
+# This script is used to create a release of the project.
+# Check if the -h or --help flag is passed
+if [ "$1" == "-h" ] || [ "$1" == "--help" ]; then
+  echo "Usage: $0 <version>"
+  echo
+  echo "This script is used to create a release of the project."
+  echo
+  echo "Arguments:"
+  echo "  <version>  The version number for the release."
+  echo
+  echo "Options:"
+  echo "  -h, --help  Show this help message and exit."
+  exit 0
+fi
+
+if [ -z "$1" ]; then
+  echo "Error: Please provide the version number as an argument."
+  echo "Usage: $0 <version>"
+  exit 1
+fi
+
+mkdir -p release
+
+# First we build the binary with the version tag
+echo "Building the project with version $1"
+date=$(date)
+go build --ldflags "-X 'main.version=$1' -X 'main.compileDate=$date'" -o release/haaukins-agent-$1-linux-64bit
+chmod +x release/haaukins-agent-$1-linux-64bit
+
+# cp assets folder to release
+cp -r assets release/
+
+# cp config folder to release
+cp -r config release/
+
+# cp nginx folder to release
+cp -r nginx release/
+
+# copy templates folder to release
+cp -r templates release/
+
+# cp the systemd service file to release
+cp haaukins-agent.service release/
+
+# cp cleanup.sh to release
+cp cleanup.sh release/
+
+# cd to release folder
+cd release
+
+# Create the tarball
+echo "Creating the tarball"
+tar -czf haaukins-agent-$1-linux-64bit.tar.gz haaukins-agent-$1-linux-64bit assets config nginx haaukins-agent.service templates cleanup.sh
+
+# remove everything exept the build binary and tarball
+rm -rf assets config nginx haaukins-agent.service templates cleanup.sh
+
+

haaukins-agent.service

@@ -0,0 +1,21 @@
+[Unit]
+Description=Haaukins (agent)
+ConditionPathExists=/home/haaukins
+After=network.target
+
+[Service]
+Type=simple
+User=haaukins
+Group=haaukins
+LimitNOFILE=9223372036854775807
+
+Restart=on-failure
+RestartSec=10
+TimeoutStopSec=600
+
+WorkingDirectory=/home/haaukins/haaukins-agent
+ExecStart=/home/haaukins/haaukins-agent/haaukins-agent
+
+StandardOutput=syslog
+StandardError=syslog
+SyslogIdentifier=haaukins-agent

internal/agent/config.go

@@ -17,8 +17,6 @@ type Config struct {
 	StatePath          string                           `yaml:"state-path"`
 	VPNService         VPNconf                          `yaml:"vpn-service"`
 	DockerRepositories []dockerclient.AuthConfiguration `yaml:"docker-repositories"`
-	GuacSSL            bool                             `yaml:"guac-ssl"`
-	JwtSecret          string                           `yaml:"jwtSecret"`
 }
 
 type VPNconf struct {

internal/environment/guac.go

@@ -75,7 +75,7 @@ func (guac *Guacamole) create(ctx context.Context, eventTag string) error {
 	containers := map[string]*virtual.Container{}
 
 	containers["guacd"] = virtual.NewContainer(virtual.ContainerConfig{
-		Image:     "guacamole/guacd:1.2.0",
+		Image:     "guacamole/guacd:1.5.3",
 		UseBridge: true,
 		Labels: map[string]string{
 			"hkn": "guacamole_guacd",
@@ -89,7 +89,7 @@ func (guac *Guacamole) create(ctx context.Context, eventTag string) error {
 	mysqlPass := uuid.New().String()
 	log.Debug().Str("mysqlPass", mysqlPass).Msg("mysql pw for guac")
 	containers["db"] = virtual.NewContainer(virtual.ContainerConfig{
-		Image: "registry.gitlab.com/haaukins/core-utils/guacamole:mysql",
+		Image: "ghcr.io/campfire-security/guac-db:latest",
 		EnvVars: map[string]string{
 			"MYSQL_ROOT_PASSWORD": uuid.New().String(),
 			"MYSQL_DATABASE":      "guacamole_db",
@@ -105,7 +105,7 @@ func (guac *Guacamole) create(ctx context.Context, eventTag string) error {
 	guacdAlias := uuid.New().String()
 	dbAlias := uuid.New().String()
 	containers["web"] = virtual.NewContainer(virtual.ContainerConfig{
-		Image: "guacamole/guacamole:1.2.0",
+		Image: "guacamole/guacamole:1.5.3",
 		EnvVars: map[string]string{
 			"MYSQL_DATABASE": "guacamole_db?useSSL=false",
 			"MYSQL_USER":     "guacamole_user",

internal/environment/lab/virtual/docker.go

@@ -274,9 +274,10 @@ func (c *Container) getCreateConfig() (*docker.CreateContainerOptions, error) {
 		}
 
 		hostConf.Mounts = append(hostConf.Mounts, docker.HostMount{
-			Target: "/etc/resolv.conf",
-			Source: resolvPath,
-			Type:   "bind",
+			Target:   "/etc/resolv.conf",
+			Source:   resolvPath,
+			Type:     "bind",
+			ReadOnly: true,
 		})
 	}
 

main.go

@@ -17,13 +17,20 @@ const (
 	defaultConfigFile = "config/config.yml"
 )
 
+var (
+	version     = "dev"
+	compileDate = "unknown"
+)
+
 func main() {
 	zerolog.SetGlobalLevel(zerolog.DebugLevel)
 	log.Logger = log.Output(zerolog.ConsoleWriter{Out: os.Stderr})
 
 	confFilePtr := flag.String("config", defaultConfigFile, "configuration file")
 	flag.Parse()
 
+	log.Info().Str("version", version).Str("compileDate", compileDate).Msg("Starting HAAUKINS Agent...")
+
 	c, err := agent.NewConfigFromFile(*confFilePtr)
 	if err != nil {
 		log.Fatal().Err(err).Msgf("unable to read configuration file: %s", *confFilePtr)

nginx/grpcproxy.conf

@@ -1,12 +1,15 @@
-upstream dev {
+upstream agentGrpc {
     server localhost:8081;
 }
 server {
     listen 5353 http2; #Add ssl after http2 if tls is needed
     #ssl_certificate /path/to/fullchain.pem;
     #ssl_certificate_key /path/to/privkey.pem;
-    client_max_body_size 100M;
+    client_max_body_size 0;
     location / {
-        grpc_pass grpc://dev;
+        grpc_pass grpc://agentGrpc;
+        grpc_connect_timeout 600s;
+        grpc_read_timeout 600s;
+        grpc_send_timeout 600s;
     }
 }

nginx/guacproxy.conf

@@ -1,4 +1,4 @@
-upstream haaukins_agent {
+upstream haaukins_agent_guac {
     keepalive 100;
     keepalive_requests 1000;
     keepalive_timeout 60s;
@@ -13,7 +13,7 @@ server {
     #limit_req_status 429;
     client_max_body_size 100M;
     location / {
-        proxy_pass http://haaukins_agent;
+        proxy_pass http://haaukins_agent_guac;
         proxy_buffering off;
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;