Merge branch 'premaster'

Author: mfthomps

README.md

@@ -89,6 +89,9 @@ The installation script and the update-designer.sh script set environment variab
 so you may want to logout/login, or start a new bash shell before using Labtainers the
 first time.
 
+July 22, 2024
+- Add a base container for Ubuntu22 and changes to framework to support that.
+
 July 5, 2024
 - Migrate to Ubuntu 24 as the VM appliance 
 - The docker pyhton package uses a broken python http library, requires package downgrade.

docs/labdesigner/labdesigner.pdf

@@ -2944,6 +2944,8 @@ \subsubsection{Move to network2 base}
 Note however that many packages will not install on Ubuntu 20.  You must either install the snap package manager, 
 which drags a ton of extra stuff, or find an alternate package source (e.g., the .deb packages).
 
+\subsubsection{Ubuntu 22 base image}
+The base3 and network3 base images are built using Ubuntu 22.  Only minimal testing has been done and no labs as yet use these images.
 
 \subsection{User management and sudo}
 The Dockerfile should make the initial user, i.e., the user named in the start.config file, a member of sudoers.

docs/labdesigner/labdesigner.tex

@@ -0,0 +1,58 @@
+#FROM jrei/systemd-ubuntu:20.04
+FROM ubuntu:noble
+LABEL description="Labtainer base image for ubuntu 22 noble"
+ARG lab
+#RUN mv /etc/apt/sources.list /var/tmp/
+RUN cp /etc/apt/sources.list /var/tmp/
+#ADD system/etc/nps.sources.list /etc/apt/sources.list
+ADD system/bin/apt-source.sh /usr/bin/apt-source.sh
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    build-essential \
+    expect \
+    file \
+    gcc-multilib \
+    gdb \
+    iputils-ping \
+    less \
+    man \
+    manpages-dev \
+    net-tools \
+    openssh-client \
+    python3 \
+    sudo \
+    tcl8.6 \
+    vim \
+    zip \
+    hexedit \
+    rsyslog \
+    ghex \
+    locales \
+    nano \
+    python3-pip
+
+# Set the locale
+RUN locale-gen en_US.UTF-8  
+ENV LANG en_US.UTF-8  
+ENV LANGUAGE en_US:en  
+ENV LC_ALL en_US.UTF-8  
+#RUN sudo pip3 install --upgrade pip
+#---Use virtual python environment to avoid Ubuntu lockdown
+RUN apt -y install python3.12-venv
+RUN mkdir -p /opt/labtainer/venv
+RUN python3 -m venv /opt/labtainer/venv
+RUN /opt/labtainer/venv/bin/python3 -m pip install setuptools parse inotify_simple 
+#RUN sudo pip3 install setuptools
+#RUN sudo pip3 install parse
+#RUN pip3 install inotify_simple
+#RUN pip3 install enum
+ADD system/etc/sudoers /etc/sudoers
+ADD system/etc/rc.local /etc/rc.local
+ADD system/bin/funbuffer /usr/bin/
+# manage default gateways
+ADD system/bin/togglegw.sh /usr/bin/
+ADD system/bin/set_default_gw.sh /usr/bin/
+ADD system/sbin/waitparam.sh /usr/sbin/waitparam.sh
+ADD system/lib/systemd/system/waitparam.service /lib/systemd/system/waitparam.service
+RUN systemctl enable waitparam.service
+ENV DEBIAN_FRONTEND noninteractive
+RUN yes | /usr/local/sbin/unminimize -y

scripts/designer/base_dockerfiles/Dockerfile.labtainer.base3

@@ -0,0 +1,26 @@
+ARG registry
+FROM $registry/labtainer.base3
+LABEL description="This is a base Docker image for networking Parameterized labs using base3"
+ARG lab
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    openssl \
+    openssh-server \
+    openvpn \
+    wget \
+    tcpdump \
+    update-inetd \
+    xinetd \
+    iptables \
+    dnsutils \
+    dnsmasq \
+    nmap \
+    netcat-openbsd
+
+# step around app armor or whatever
+#RUN sudo mv /usr/sbin/tcpdump /usr/bin/tcpdump
+#
+# /run/sshd created when parameterizing
+#
+RUN systemctl disable dnsmasq
+RUN rm /etc/systemd/system/multi-user.target.wants/openvpn.service 
+#RUN rm /etc/systemd/system/multi-user.target.wants/ssh.service 

scripts/designer/base_dockerfiles/Dockerfile.labtainer.network3

@@ -0,0 +1,74 @@
+#
+# Labtainer Dockerfile
+#
+#  This is the default Labtainer Dockerfile template, plesae choose the appropriate
+#  base image below.
+#
+# The labtainer.base image includes the following packages:
+#    build-essential  expect  file  gcc-multilib  gdb  iputils-ping  less  man  manpages-dev 
+#    net-tools  openssh-client  python  sudo  tcl8.6  vim  zip  hexedit  rsyslog
+#
+# The labtainer.network image adds the following packages:
+#   openssl openssh-server openvpn wget tcpdump  update-inetd  xinetd
+#
+ARG registry
+FROM $registry/labtainer.base3
+#FROM $registry/labtainer.network
+#FROM $registry/labtainer.centos
+#FROM $registry/labtainer.lamp
+#
+#  lab is the fully qualified image name, e.g., mylab.some_container.student
+#  labdir is the name of the lab, e.g., mylab 
+#  imagedir is the name of the container
+#  user_name is the USER from the start.config, if other than ubuntu,
+#            then that user must be added in this dockerfile
+#            before the USER command
+#
+ARG lab
+ARG labdir
+ARG imagedir
+ARG user_name
+ARG password
+ARG apt_source
+ARG version
+LABEL version=$version
+ENV APT_SOURCE $apt_source
+RUN /usr/bin/apt-source.sh
+#
+#  put package installation here, e.g.,
+#     RUN apt-get update && apt-get install -y --no-install-recommends somepackage
+#
+#
+#
+# Install the system files found in the _system directory
+#
+ADD $labdir/$imagedir/sys_tar/sys.tar /
+ADD $labdir/sys_$lab.tar.gz /
+#
+RUN deluser --remove-home ubuntu`
+RUN useradd -ms /bin/bash $user_name
+RUN echo "$user_name:$password" | chpasswd
+RUN adduser $user_name sudo
+# replace above with below for centos/fedora
+#RUN usermod $user_name -a -G wheel
+
+
+#
+#  **** Perform all root operations, e.g.,           ****
+#  **** "apt-get install" prior to the USER command. ****
+#
+USER $user_name
+ENV HOME /home/$user_name
+#
+# Install files in the user home directory
+#
+ADD $labdir/$imagedir/home_tar/home.tar $HOME
+# remove after docker fixes problem with empty tars
+RUN rm -f $HOME/home.tar
+ADD $labdir/$lab.tar.gz $HOME
+#
+#  The first thing that executes on the container.
+#
+USER root
+CMD ["/bin/bash", "-c", "exec /sbin/init --log-target=journal 3>&1"]
+

scripts/designer/templates/dockerfiles/Dockerfile.template.base3.student

@@ -92,7 +92,7 @@ def CopyStudentArtifacts(labtainer_config, container_name, labname, regress_test
     zip_filelist.extend(lab_filelist)
     #logger.debug("zip_filelist is (%s)" % zip_filelist)
     # Copy zip files from 'Shared' folder to 'home/$CONTAINER_USER'
-    if len(zip_filelist) is 0:
+    if len(zip_filelist) == 0:
         full_xfer = os.path
         print('WARNING: there are no lab results files in %s' % xfer_dir)
     for fname in zip_filelist:

scripts/labtainer-instructor/bin/gradelab

@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/opt/labtainer/venv/bin/python3
 '''
 This software was created by United States Government employees at 
 The Center for Cybersecurity and Cyber Operations (C3O) 
@@ -43,21 +43,31 @@ import CurrentLab
 import argparse
 import subprocess
 import shlex
-import imp
+try:
+    import imp
+except:
+    from importlib.machinery import SourceFileLoader
+
+
+labtainer_dir = os.getenv('LABTAINER_DIR')
+scripts_dir = os.path.join(labtainer_dir, 'scripts')
+student_dir = os.path.join(scripts_dir, 'labtainer-student')
+lab_bin_dir = os.path.join(student_dir, 'lab_bin')
 here = os.path.dirname(os.path.abspath(__file__))
-lab_bin_dir = os.path.join(here, '../lab_bin')
+#lab_bin_dir = os.path.join(here, '../lab_bin')
 sys.path.append(here)
 sys.path.append(lab_bin_dir)
-student_dir = os.path.dirname(here)
-scripts_dir = os.path.dirname(os.path.dirname(here))
 assess_bin_path = os.path.join(scripts_dir, 'labtainer-instructor', 'assess_bin')
 instruct_bin_path = os.path.join(scripts_dir, 'labtainer-instructor', 'bin')
 sys.path.append(assess_bin_path)
 sys.path.append(instruct_bin_path)
 grade_lab_path = os.path.join(scripts_dir, 'labtainer-instructor', 'bin', 'gradelab')
 orig_dir=os.getcwd()
 os.chdir(student_dir)
-gradelab = imp.load_source('gradelab', grade_lab_path)
+try:
+    gradelab = imp.load_source('gradelab', grade_lab_path)
+except:
+    gradelab = SourceFileLoader('gradelab', grade_lab_path).load_module()
 
 def checkRunning(logger):
     command = "docker ps"
@@ -107,7 +117,9 @@ def main():
 
     labutils.logger.debug("Begin logging checkwork for %s lab" % labname)
 
-    lab_path = os.path.join(os.path.abspath('../../labs'), labname)
+    labtainer_dir = os.getenv('LABTAINER_DIR')
+    #lab_path = os.path.join(os.path.abspath('../../labs'), labname)
+    lab_path = os.path.join(labtainer_dir, 'labs', labname)
     labtainer_config, start_config = labutils.GetBothConfigs(lab_path, labutils.logger)
     if labtainer_config.checkwork != 'yes':
         print('Checking own work not supported for this deployment of Labtainers')

scripts/labtainer-student/bin/checkwork

@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/opt/labtainer/venv/bin/python3
 import os
 import argparse
 import subprocess

scripts/labtainer-student/bin/imodule

@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/opt/labtainer/venv/bin/python3
 '''
 This software was created by United States Government employees at 
 The Center for Cybersecurity and Cyber Operations (C3O)