From 2abeea504e5c9883f7cebd9da1bdc6cbaad822a7 Mon Sep 17 00:00:00 2001 From: Pablo Santiago <69458381+pablosnt@users.noreply.github.com> Date: Thu, 25 Apr 2024 20:15:28 +0200 Subject: [PATCH] Fix postgresql incompatibility issues between major versions (#311) --- CHANGELOG.md | 7 +++ README.md | 2 +- docker/debian/Dockerfile | 57 +++++++++++++++--------- docker/debian/downgrade_postgresql_16.sh | 16 +++++++ docker/debian/entrypoint.sh | 18 +++++++- rekono/frontend/package-lock.json | 4 +- rekono/frontend/package.json | 2 +- rekono/rekono/settings.py | 2 +- 8 files changed, 79 insertions(+), 29 deletions(-) create mode 100644 docker/debian/downgrade_postgresql_16.sh diff --git a/CHANGELOG.md b/CHANGELOG.md index 007cf249c..b392a8042 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,13 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [1.6.6] - 2024-04-25 + +### Fixed + +- Incompatibility issue between data from PostgreSQL 16.x and PostgreSQL 15.x in Rekono Desktop (https://github.com/pablosnt/rekono/issues/310) + + ## [1.6.5] - 2024-03-29 ### Fixed diff --git a/README.md b/README.md index 4f2e50b74..ec1ffed9b 100644 --- a/README.md +++ b/README.md @@ -68,7 +68,7 @@ apt install rekono-kbx If you are using **Parrot OS**, you can download the Debian package from the Rekono release: ```bash -wget https://github.com/pablosnt/rekono/releases/download/1.6.5/rekono-kbx_1.6.5_amd64.deb && dpkg -i rekono-kbx_1.6.5_amd64.deb || apt -f install -y +wget https://github.com/pablosnt/rekono/releases/download/1.6.6/rekono-kbx_1.6.6_amd64.deb && dpkg -i rekono-kbx_1.6.6_amd64.deb || apt -f install -y ``` > Default credentials are `rekono:rekono`. For security reasons, **password should be changed** the first time you access the account diff --git a/docker/debian/Dockerfile b/docker/debian/Dockerfile index a7ee926c4..694e91753 100644 --- a/docker/debian/Dockerfile +++ b/docker/debian/Dockerfile @@ -1,4 +1,4 @@ -FROM kalilinux/kali-last-release:latest +FROM debian:bookworm-20240423 # Environment ENV PYTHONDONTWRITEBYTECODE 1 @@ -21,8 +21,8 @@ ENV EXECUTION_WORKERS 5 ARG REKONO_VERSION # Install requirements -RUN apt update -y && \ - apt install python3-pip libpq-dev python3-dev libmagic1 libcap2-bin redis-server firefox-esr sudo libgbm-dev libasound2 postgresql -y && \ +RUN apt update && \ + apt install python3-pip libpq-dev python3-dev libmagic1 redis-server firefox-esr sudo libgbm-dev libasound2 postgresql-15 wget libcap2-bin -y && \ ln -s /usr/bin/python3 /usr/bin/python && \ mkdir -p $REKONO_HOME $PGDATA /code /config /kaboxer && \ chown -R postgres:postgres /config && \ @@ -36,26 +36,12 @@ COPY requirements.txt /code COPY config.yaml /code COPY docker/debian/entrypoint.sh /entrypoint.sh COPY docker/debian/set_permissions.sh /set_permissions.sh -RUN pip install -r /code/requirements.txt && \ +COPY docker/debian/downgrade_postgresql_16.sh /downgrade_postgresql_16.sh +RUN pip install --break-system-packages -r /code/requirements.txt && \ dpkg -i /code/frontend/dist_electron/rekono_*.deb || apt -f install -y && \ rm -R /code/frontend/ && \ rm -R /code/testing/ -# Tools -RUN apt install nmap dirsearch theharvester nikto sslscan sslyze cmseek zaproxy exploitdb metasploit-framework emailharvester joomscan gitleaks smbmap nuclei gobuster -y && \ - apt install seclists dirb -y && \ - apt autoremove -y && \ - apt autoclean -y && \ - apt clean -y && \ - rm -rf /var/lib/apt/lists/* && \ - setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip $(which nmap) && \ - git clone https://github.com/fullhunt/log4j-scan /opt/log4j-scan && \ - git clone https://github.com/fullhunt/spring4shell-scan.git /opt/spring4shell-scan && \ - git clone https://github.com/internetwache/GitTools.git /opt/GitTools && \ - pip install -r /opt/log4j-scan/requirements.txt && \ - pip install -r /opt/spring4shell-scan/requirements.txt && \ - pip install emailfinder ssh-audit - # Initialize database USER postgres RUN export RKN_DB_PASSWORD=$(cat /config/rkn_db_password.txt) && \ @@ -69,9 +55,32 @@ RUN export RKN_DB_PASSWORD=$(cat /config/rkn_db_password.txt) && \ psql ${RKN_DB_NAME} -c "GRANT ALL ON ALL TABLES IN SCHEMA public to ${RKN_DB_USER};" && \ psql ${RKN_DB_NAME} -c "GRANT ALL ON ALL SEQUENCES IN SCHEMA public to ${RKN_DB_USER};" && \ psql ${RKN_DB_NAME} -c "GRANT ALL ON ALL FUNCTIONS IN SCHEMA public to ${RKN_DB_USER};" + +# Tools USER root +RUN wget https://archive.kali.org/archive-key.asc -O /etc/apt/trusted.gpg.d/kali-archive-keyring.asc && \ + echo 'deb http://http.kali.org/kali kali-rolling main contrib non-free non-free-firmware' >> /etc/apt/sources.list && \ + apt update && \ + apt install nmap dirsearch theharvester nikto sslscan sslyze cmseek zaproxy exploitdb metasploit-framework emailharvester joomscan gitleaks smbmap nuclei gobuster -y && \ + apt install seclists dirb -y && \ + apt autoremove -y && \ + apt autoclean -y && \ + apt clean -y && \ + rm -rf /var/lib/apt/lists/* && \ + sed -i '$ d' /etc/apt/sources.list && \ + rm /etc/apt/trusted.gpg.d/kali-archive-keyring.asc && \ + setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip $(which nmap) && \ + git clone https://github.com/fullhunt/log4j-scan /opt/log4j-scan && \ + git clone https://github.com/fullhunt/spring4shell-scan.git /opt/spring4shell-scan && \ + git clone https://github.com/internetwache/GitTools.git /opt/GitTools && \ + pip install -r /opt/log4j-scan/requirements.txt && \ + pip install -r /opt/spring4shell-scan/requirements.txt && \ + pip install emailfinder ssh-audit && \ + mkdir -p /home/kali + +# Migrate database RUN export RKN_DB_PASSWORD=$(cat /config/rkn_db_password.txt) && \ - sudo /etc/init.d/postgresql start && \ + /etc/init.d/postgresql start 15 && \ python /code/manage.py migrate && \ python /code/manage.py createsuperuser --no-input @@ -86,14 +95,18 @@ RUN adduser --disabled-password rekono && \ chown rekono:rekono /set_permissions.sh && \ chmod 700 /set_permissions.sh && \ /set_permissions.sh && \ + chown rekono:rekono /downgrade_postgresql_16.sh && \ + chmod 700 /downgrade_postgresql_16.sh && \ chown -R rekono:rekono /code && \ chown -R rekono:rekono /config && \ chown -R rekono:rekono /opt && \ - echo "rekono ALL=(ALL) NOPASSWD:SETENV:/etc/init.d/postgresql,/var/run/postgresql,/etc/init.d/redis-server,/set_permissions.sh" >> /etc/sudoers && \ + chown -R rekono:rekono /home/kali && \ + chown -R rekono:rekono /usr/share && \ + echo "rekono ALL=(ALL) NOPASSWD:SETENV:/etc/init.d/postgresql,/var/run/postgresql,/etc/init.d/redis-server,/set_permissions.sh,/downgrade_postgresql_16.sh" >> /etc/sudoers && \ export DEFAULT_PGDATA=$(cat /config/default_pgdata.txt) && \ chown -R rekono:rekono $DEFAULT_PGDATA && \ sed -i 's:'"$DEFAULT_PGDATA"':'"$PGDATA"':' $(cat /config/postgresql_config.txt) && \ rm /config/postgresql_config.txt -USER rekono +USER root WORKDIR /code diff --git a/docker/debian/downgrade_postgresql_16.sh b/docker/debian/downgrade_postgresql_16.sh new file mode 100644 index 000000000..b5a3689e6 --- /dev/null +++ b/docker/debian/downgrade_postgresql_16.sh @@ -0,0 +1,16 @@ +#! /bin/sh + +sed -i 's:/var/lib/postgresql/16/main:'"$PGDATA"':' /etc/postgresql/16/main/postgresql.conf +/etc/init.d/postgresql start 16 +mkdir -p $REKONO_HOME/backup +chown -R postgres:postgres $REKONO_HOME/backup +sudo -u postgres /usr/lib/postgresql/16/bin/pg_dump --clean --dbname=$RKN_DB_NAME --port=5433 --role=$RKN_DB_USER -f $REKONO_HOME/backup/backup.sql +/etc/init.d/postgresql stop 16 +sed -i 's:'"$PGDATA"':/var/lib/postgresql/16/main:' /etc/postgresql/16/main/postgresql.conf +mv $PGDATA $REKONO_HOME/backup/data +cp -r $(cat /config/default_pgdata.txt) $PGDATA +chown -R postgres:postgres $PGDATA +/etc/init.d/postgresql start 15 +sudo -u postgres psql rekono < $REKONO_HOME/backup/backup.sql +/etc/init.d/postgresql stop 15 +rm -R $REKONO_HOME/backup \ No newline at end of file diff --git a/docker/debian/entrypoint.sh b/docker/debian/entrypoint.sh index cab453a38..6ea3cdd5b 100644 --- a/docker/debian/entrypoint.sh +++ b/docker/debian/entrypoint.sh @@ -14,11 +14,22 @@ then cp -r $(cat /config/default_pgdata.txt) $PGDATA fi +export PGVERSION=15 +# Compatibility fix for upgrades from version 1.6.5 where the PostgreSQL 16 was being used +if [ -f "$PGDATA/PG_VERSION" ] +then + CURRENT_VERSION=$(cat $PGDATA/PG_VERSION) + if [ "$CURRENT_VERSION" -eq "16" ] + then + sudo REKONO_HOME=$REKONO_HOME PGDATA=$PGDATA RKN_DB_NAME=$RKN_DB_NAME RKN_DB_USER=$RKN_DB_USER /downgrade_postgresql_16.sh + fi +fi + # Set proper permissions to resources sudo REKONO_HOME=$REKONO_HOME PGDATA=$PGDATA /set_permissions.sh # Start services -sudo /etc/init.d/postgresql start +sudo /etc/init.d/postgresql start $PGVERSION sudo /etc/init.d/redis-server start # Migrate database @@ -40,4 +51,7 @@ python /code/manage.py rqworker emails-queue & python /code/manage.py telegram_bot & # Run Desktop app -/usr/bin/rekono --no-sandbox \ No newline at end of file +/usr/bin/rekono --no-sandbox + +sudo /etc/init.d/postgresql stop $PGVERSION +sudo /etc/init.d/redis-server stop \ No newline at end of file diff --git a/rekono/frontend/package-lock.json b/rekono/frontend/package-lock.json index b36220b10..195e90e6c 100644 --- a/rekono/frontend/package-lock.json +++ b/rekono/frontend/package-lock.json @@ -1,12 +1,12 @@ { "name": "rekono", - "version": "1.6.5", + "version": "1.6.6", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "rekono", - "version": "1.6.5", + "version": "1.6.6", "hasInstallScript": true, "dependencies": { "axios": "^0.28.0", diff --git a/rekono/frontend/package.json b/rekono/frontend/package.json index ec72866a0..428a9778b 100644 --- a/rekono/frontend/package.json +++ b/rekono/frontend/package.json @@ -1,6 +1,6 @@ { "name": "rekono", - "version": "1.6.5", + "version": "1.6.6", "description": "Automation platform that combines different hacking tools to complete pentesting processes", "author": "Pablo Santiago López ", "homepage": "https://github.com/pablosnt/rekono", diff --git a/rekono/rekono/settings.py b/rekono/rekono/settings.py index ace9784fd..c62ca22c3 100644 --- a/rekono/rekono/settings.py +++ b/rekono/rekono/settings.py @@ -54,7 +54,7 @@ # Rekono description DESCRIPTION = 'Automation platform that combines different hacking tools to complete pentesting processes' -VERSION = '1.6.5' # Rekono version +VERSION = '1.6.6' # Rekono version TESTING = 'test' in sys.argv # Tests execution ################################################################################