Merge pull request #2688 from W00glin/master

T1613 - Podman
redcanaryco · Mar 7, 2024 · c4a5113 · c4a5113
2 parents 4e9698e + e218a8a
commit c4a5113
Show file tree

Hide file tree

Showing 3 changed files with 100 additions and 26 deletions.
diff --git a/atomics/T1613/T1613.md b/atomics/T1613/T1613.md
@@ -6,21 +6,15 @@ These resources can be viewed within web applications such as the Kubernetes das
 
 ## Atomic Tests
 
-- [Atomic Test #1 - Container and ResourceDiscovery](#atomic-test-1---container-and-resourcediscovery)
-
+- [Atomic Test #1 - Docker Container and ResourceDiscovery](#atomic-test-1---container-and-resourcediscovery)
+- [Atomic Test #2 - Podman Container and ResourceDiscovery](#atomic-test-2---podman-container-and-resourcediscovery)
 
 <br/>
 
-## Atomic Test #1 - Container and ResourceDiscovery
-Adversaries may attempt to discover containers and other resources that are available within a containers environment.
-
-**Supported Platforms:** Containers
-
-
-**auto_generated_guid:** 8a895923-f99f-4668-acf2-6cc59a44f05e
-
-
+## Atomic Test #1 - Docker Container and ResourceDiscovery
+Adversaries may attempt to discover Docker containers and other resources that are available within a containers environment.
 
+**Supported Platforms:** Docker, Containers
 
 
 
@@ -64,6 +58,61 @@ sudo systemctl start docker
 ```
 
 
+## Atomic Test #2 - Podman Container and ResourceDiscovery
+Adversaries may attempt to discover Podman containers and other resources that are available within a containers environment.
+
+**Supported Platforms:** Podman, Containers
+
+
+#### Attack Commands: Run with `sh`! 
+
+
+```sh
+podman build -t t1613 $PathtoAtomicsFolder/T1613/src/
+podman run --name t1613_container -d -t t1613
+podman ps
+podman stats --no-stream
+podman inspect $(podman ps -l -q --filter ancestor=t1613)
+```
+
+#### Cleanup Commands:
+```sh
+podman stop t1613_container
+podman rmi -f t1613_container
+```
+
+
+
+#### Dependencies:  Run with `sh`!
+##### Description: Verify podman is installed.
+##### Check Prereq Commands:
+```sh
+which podman
+```
+##### Get Prereq Commands:
+```sh
+if [ "" == "`which podman`" ]; then
+    echo "Podman Not Found"
+    if [ -n "`which apt-get`" ]; then
+        sudo apt-get -y install podman
+    elif [ -n "`which yum`" ]; then
+        sudo yum -y install podman
+    fi
+else
+    echo "Podman installed"
+fi
+
+```
+##### Description: Verify docker service is running.
+##### Check Prereq Commands:
+```sh
+sudo systemctl status podman  --no-pager
+```
+##### Get Prereq Commands:
+```sh
+sudo systemctl start podman
+```
+
 
 
 <br/>
diff --git a/atomics/T1613/T1613.yaml b/atomics/T1613/T1613.yaml
@@ -1,33 +1,58 @@
----
 attack_technique: T1613
 display_name: "Container and Resource Discovery"
 atomic_tests:
-- name: Container and ResourceDiscovery
-  auto_generated_guid: 8a895923-f99f-4668-acf2-6cc59a44f05e
+- name: Docker Container and Resource Discovery
   description: Adversaries may attempt to discover containers and other resources that are available within a containers environment. 
   supported_platforms:
   - containers
   dependency_executor_name: sh
   dependencies: 
-  - description: Verify docker is installed.
+  - description: Verify Docker is installed.
     prereq_command: |
       which docker
     get_prereq_command: |
       if [ "" == "`which docker`" ]; then echo "Docker Not Found"; if [ -n "`which apt-get`" ]; then sudo apt-get -y install docker ; elif [ -n "`which yum`" ]; then sudo yum -y install docker ; fi ; else echo "Docker installed"; fi
-  
-  - description: Verify docker service is running.
+  - description: Verify Docker service is running.
     prereq_command: |
-      sudo systemctl status docker  --no-pager
+      sudo systemctl status docker --no-pager
     get_prereq_command: |
-      sudo systemctl start docker
+      sudo systemctl start docker 
   executor:
     command: |-
-      docker build -t t1613  $PathtoAtomicsFolder/T1613/src/
-      docker run --name t1613_container  -d -t t1613
+      docker build -t t1613 $PathtoAtomicsFolder/T1613/src/
+      docker run --name t1613_container -d -t t1613
       docker ps
       docker stats --no-stream
       docker inspect $(docker ps -l -q --filter ancestor=t1613)
     cleanup_command: |-
       docker stop t1613_container
       docker rmi -f t1613_container
-    name: sh
+    name: sh
+
+- name: Podman Container and Resource Discovery
+  description: Adversaries may attempt to discover containers and other resources that are available within a containers environment. 
+  supported_platforms:
+  - containers
+  dependency_executor_name: sh
+  dependencies: 
+  - description: Verify Podman is installed.
+    prereq_command: |
+      which podman
+    get_prereq_command: |
+      if [ "" == "`which podman`" ]; then echo "Podman Not Found"; if [ -n "`which apt-get`" ]; then sudo apt-get -y install podman ; elif [ -n "`which yum`" ]; then sudo yum -y install podman ; elif [ -n "`which pacman`" ]; then sudo pacman -Sy podman --noconfirm ; elif [ -n "`which brew`" ]; then brew install podman ; else echo "Unsupported package manager"; fi ; else echo "Podman installed"; fi        
+  - description: Verify Podman service is running.
+    prereq_command: |
+      sudo systemctl status podman --no-pager
+    get_prereq_command: |
+      sudo systemctl start podman 
+  executor:
+    command: |-
+      podman build -t t1613 $PathtoAtomicsFolder/T1613/src/
+      podman run --name t1613_container -d -t t1613
+      podman ps
+      podman stats --no-stream
+      podman inspect $(podman ps -l -q --filter ancestor=t1613)
+    cleanup_command: |-
+      podman stop t1613_container
+      podman rmi -f t1613_container
+    name: sh
diff --git a/atomics/T1613/src/Dockerfile b/atomics/T1613/src/Dockerfile
@@ -1,4 +1,4 @@
-FROM ubuntu:20.04
-MAINTAINER Group12
-RUN echo "Group 12"
-ENTRYPOINT ["tail", "-f", "/dev/null"]
+FROM ubuntu:24.04
+LABEL = "canonical"
+RUN echo "canonical"
+ENTRYPOINT ["tail", "-f", "/dev/null"]