Skip to content

Commit

Permalink
Fix postgresql incompatibility issues between major versions (#311)
Browse files Browse the repository at this point in the history
  • Loading branch information
pablosnt authored Apr 25, 2024
1 parent bd92bab commit 2abeea5
Show file tree
Hide file tree
Showing 8 changed files with 79 additions and 29 deletions.
7 changes: 7 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,13 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).


## [1.6.6] - 2024-04-25

### Fixed

- Incompatibility issue between data from PostgreSQL 16.x and PostgreSQL 15.x in Rekono Desktop (https://github.com/pablosnt/rekono/issues/310)


## [1.6.5] - 2024-03-29

### Fixed
Expand Down
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ apt install rekono-kbx
If you are using **Parrot OS**, you can download the Debian package from the Rekono release:

```bash
wget https://github.com/pablosnt/rekono/releases/download/1.6.5/rekono-kbx_1.6.5_amd64.deb && dpkg -i rekono-kbx_1.6.5_amd64.deb || apt -f install -y
wget https://github.com/pablosnt/rekono/releases/download/1.6.6/rekono-kbx_1.6.6_amd64.deb && dpkg -i rekono-kbx_1.6.6_amd64.deb || apt -f install -y
```

> Default credentials are `rekono:rekono`. For security reasons, **password should be changed** the first time you access the account
Expand Down
57 changes: 35 additions & 22 deletions docker/debian/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM kalilinux/kali-last-release:latest
FROM debian:bookworm-20240423

# Environment
ENV PYTHONDONTWRITEBYTECODE 1
Expand All @@ -21,8 +21,8 @@ ENV EXECUTION_WORKERS 5
ARG REKONO_VERSION

# Install requirements
RUN apt update -y && \
apt install python3-pip libpq-dev python3-dev libmagic1 libcap2-bin redis-server firefox-esr sudo libgbm-dev libasound2 postgresql -y && \
RUN apt update && \
apt install python3-pip libpq-dev python3-dev libmagic1 redis-server firefox-esr sudo libgbm-dev libasound2 postgresql-15 wget libcap2-bin -y && \
ln -s /usr/bin/python3 /usr/bin/python && \
mkdir -p $REKONO_HOME $PGDATA /code /config /kaboxer && \
chown -R postgres:postgres /config && \
Expand All @@ -36,26 +36,12 @@ COPY requirements.txt /code
COPY config.yaml /code
COPY docker/debian/entrypoint.sh /entrypoint.sh
COPY docker/debian/set_permissions.sh /set_permissions.sh
RUN pip install -r /code/requirements.txt && \
COPY docker/debian/downgrade_postgresql_16.sh /downgrade_postgresql_16.sh
RUN pip install --break-system-packages -r /code/requirements.txt && \
dpkg -i /code/frontend/dist_electron/rekono_*.deb || apt -f install -y && \
rm -R /code/frontend/ && \
rm -R /code/testing/

# Tools
RUN apt install nmap dirsearch theharvester nikto sslscan sslyze cmseek zaproxy exploitdb metasploit-framework emailharvester joomscan gitleaks smbmap nuclei gobuster -y && \
apt install seclists dirb -y && \
apt autoremove -y && \
apt autoclean -y && \
apt clean -y && \
rm -rf /var/lib/apt/lists/* && \
setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip $(which nmap) && \
git clone https://github.com/fullhunt/log4j-scan /opt/log4j-scan && \
git clone https://github.com/fullhunt/spring4shell-scan.git /opt/spring4shell-scan && \
git clone https://github.com/internetwache/GitTools.git /opt/GitTools && \
pip install -r /opt/log4j-scan/requirements.txt && \
pip install -r /opt/spring4shell-scan/requirements.txt && \
pip install emailfinder ssh-audit

# Initialize database
USER postgres
RUN export RKN_DB_PASSWORD=$(cat /config/rkn_db_password.txt) && \
Expand All @@ -69,9 +55,32 @@ RUN export RKN_DB_PASSWORD=$(cat /config/rkn_db_password.txt) && \
psql ${RKN_DB_NAME} -c "GRANT ALL ON ALL TABLES IN SCHEMA public to ${RKN_DB_USER};" && \
psql ${RKN_DB_NAME} -c "GRANT ALL ON ALL SEQUENCES IN SCHEMA public to ${RKN_DB_USER};" && \
psql ${RKN_DB_NAME} -c "GRANT ALL ON ALL FUNCTIONS IN SCHEMA public to ${RKN_DB_USER};"

# Tools
USER root
RUN wget https://archive.kali.org/archive-key.asc -O /etc/apt/trusted.gpg.d/kali-archive-keyring.asc && \
echo 'deb http://http.kali.org/kali kali-rolling main contrib non-free non-free-firmware' >> /etc/apt/sources.list && \
apt update && \
apt install nmap dirsearch theharvester nikto sslscan sslyze cmseek zaproxy exploitdb metasploit-framework emailharvester joomscan gitleaks smbmap nuclei gobuster -y && \
apt install seclists dirb -y && \
apt autoremove -y && \
apt autoclean -y && \
apt clean -y && \
rm -rf /var/lib/apt/lists/* && \
sed -i '$ d' /etc/apt/sources.list && \
rm /etc/apt/trusted.gpg.d/kali-archive-keyring.asc && \
setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip $(which nmap) && \
git clone https://github.com/fullhunt/log4j-scan /opt/log4j-scan && \
git clone https://github.com/fullhunt/spring4shell-scan.git /opt/spring4shell-scan && \
git clone https://github.com/internetwache/GitTools.git /opt/GitTools && \
pip install -r /opt/log4j-scan/requirements.txt && \
pip install -r /opt/spring4shell-scan/requirements.txt && \
pip install emailfinder ssh-audit && \
mkdir -p /home/kali

# Migrate database
RUN export RKN_DB_PASSWORD=$(cat /config/rkn_db_password.txt) && \
sudo /etc/init.d/postgresql start && \
/etc/init.d/postgresql start 15 && \
python /code/manage.py migrate && \
python /code/manage.py createsuperuser --no-input

Expand All @@ -86,14 +95,18 @@ RUN adduser --disabled-password rekono && \
chown rekono:rekono /set_permissions.sh && \
chmod 700 /set_permissions.sh && \
/set_permissions.sh && \
chown rekono:rekono /downgrade_postgresql_16.sh && \
chmod 700 /downgrade_postgresql_16.sh && \
chown -R rekono:rekono /code && \
chown -R rekono:rekono /config && \
chown -R rekono:rekono /opt && \
echo "rekono ALL=(ALL) NOPASSWD:SETENV:/etc/init.d/postgresql,/var/run/postgresql,/etc/init.d/redis-server,/set_permissions.sh" >> /etc/sudoers && \
chown -R rekono:rekono /home/kali && \
chown -R rekono:rekono /usr/share && \
echo "rekono ALL=(ALL) NOPASSWD:SETENV:/etc/init.d/postgresql,/var/run/postgresql,/etc/init.d/redis-server,/set_permissions.sh,/downgrade_postgresql_16.sh" >> /etc/sudoers && \
export DEFAULT_PGDATA=$(cat /config/default_pgdata.txt) && \
chown -R rekono:rekono $DEFAULT_PGDATA && \
sed -i 's:'"$DEFAULT_PGDATA"':'"$PGDATA"':' $(cat /config/postgresql_config.txt) && \
rm /config/postgresql_config.txt

USER rekono
USER root
WORKDIR /code
16 changes: 16 additions & 0 deletions docker/debian/downgrade_postgresql_16.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
#! /bin/sh

sed -i 's:/var/lib/postgresql/16/main:'"$PGDATA"':' /etc/postgresql/16/main/postgresql.conf
/etc/init.d/postgresql start 16
mkdir -p $REKONO_HOME/backup
chown -R postgres:postgres $REKONO_HOME/backup
sudo -u postgres /usr/lib/postgresql/16/bin/pg_dump --clean --dbname=$RKN_DB_NAME --port=5433 --role=$RKN_DB_USER -f $REKONO_HOME/backup/backup.sql
/etc/init.d/postgresql stop 16
sed -i 's:'"$PGDATA"':/var/lib/postgresql/16/main:' /etc/postgresql/16/main/postgresql.conf
mv $PGDATA $REKONO_HOME/backup/data
cp -r $(cat /config/default_pgdata.txt) $PGDATA
chown -R postgres:postgres $PGDATA
/etc/init.d/postgresql start 15
sudo -u postgres psql rekono < $REKONO_HOME/backup/backup.sql
/etc/init.d/postgresql stop 15
rm -R $REKONO_HOME/backup
18 changes: 16 additions & 2 deletions docker/debian/entrypoint.sh
Original file line number Diff line number Diff line change
Expand Up @@ -14,11 +14,22 @@ then
cp -r $(cat /config/default_pgdata.txt) $PGDATA
fi

export PGVERSION=15
# Compatibility fix for upgrades from version 1.6.5 where the PostgreSQL 16 was being used
if [ -f "$PGDATA/PG_VERSION" ]
then
CURRENT_VERSION=$(cat $PGDATA/PG_VERSION)
if [ "$CURRENT_VERSION" -eq "16" ]
then
sudo REKONO_HOME=$REKONO_HOME PGDATA=$PGDATA RKN_DB_NAME=$RKN_DB_NAME RKN_DB_USER=$RKN_DB_USER /downgrade_postgresql_16.sh
fi
fi

# Set proper permissions to resources
sudo REKONO_HOME=$REKONO_HOME PGDATA=$PGDATA /set_permissions.sh

# Start services
sudo /etc/init.d/postgresql start
sudo /etc/init.d/postgresql start $PGVERSION
sudo /etc/init.d/redis-server start

# Migrate database
Expand All @@ -40,4 +51,7 @@ python /code/manage.py rqworker emails-queue &
python /code/manage.py telegram_bot &

# Run Desktop app
/usr/bin/rekono --no-sandbox
/usr/bin/rekono --no-sandbox

sudo /etc/init.d/postgresql stop $PGVERSION
sudo /etc/init.d/redis-server stop
4 changes: 2 additions & 2 deletions rekono/frontend/package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion rekono/frontend/package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "rekono",
"version": "1.6.5",
"version": "1.6.6",
"description": "Automation platform that combines different hacking tools to complete pentesting processes",
"author": "Pablo Santiago López <[email protected]>",
"homepage": "https://github.com/pablosnt/rekono",
Expand Down
2 changes: 1 addition & 1 deletion rekono/rekono/settings.py
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@

# Rekono description
DESCRIPTION = 'Automation platform that combines different hacking tools to complete pentesting processes'
VERSION = '1.6.5' # Rekono version
VERSION = '1.6.6' # Rekono version
TESTING = 'test' in sys.argv # Tests execution

################################################################################
Expand Down

0 comments on commit 2abeea5

Please sign in to comment.