diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 690220a..b2612a1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,37 +1,33 @@ on: pull_request: - branches: + branches: - main paths-ignore: - "**/*.md" - + jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - uses: actions/setup-go@v2 - with: - go-version: '^1.14.0' + - uses: actions/checkout@v2 + - uses: actions/setup-go@v2 + with: + go-version: "^1.23.4" - - name: Setup GO environment - run: | - go mod download - go get -t . - - - name: Lint - run: | - golint -set_exit_status ./... + - name: Setup GO environment + run: | + go mod download + go get -t . - - name: Vet - run: | - go vet ./... + - name: Vet + run: | + go vet ./... - - name: Unit tests - run: | - sudo go test ./... -coverprofile coverage.out -covermode count - sudo go tool cover -func coverage.out + - name: Unit tests + run: | + sudo go test ./... -coverprofile coverage.out -covermode count + sudo go tool cover -func coverage.out - - name: Build - run: | - go build -o wireframe + - name: Build + run: | + go build -o wireframe diff --git a/.gitignore b/.gitignore index 3b13467..006a5b4 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,7 @@ +# specific to the project +config.yml +example + # Created by .ignore support plugin (hsz.mobi) ### Go template # Binaries for programs and plugins @@ -258,4 +262,4 @@ wireframe-darwin !internal/wireframe # Dir may be created during dev/debugging -main/ \ No newline at end of file +main/ diff --git a/CODEOWNERS b/CODEOWNERS deleted file mode 100644 index 649085c..0000000 --- a/CODEOWNERS +++ /dev/null @@ -1,4 +0,0 @@ -# All PRs in this repository will be blocked -# until they have been approved by a maintainer - -* @eddie-knight diff --git a/Makefile b/Makefile index f2c8eeb..246c27e 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -PACKNAME=SVC +PACKNAME=example BUILD_FLAGS=-X 'main.GitCommitHash=`git rev-parse --short HEAD`' -X 'main.BuiltAt=`date +%FT%T%z`' BUILD_WIN=@env GOOS=windows GOARCH=amd64 go build -o $(PACKNAME).exe BUILD_LINUX=@env GOOS=linux GOARCH=amd64 go build -o $(PACKNAME) diff --git a/README.md b/README.md index e920bcc..205a8c6 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# Privateer Raid SVC +# Privateer Raid example This wireframe is designed to quickly get your service pack repository up to speed! diff --git a/armory/armory.go b/armory/armory.go index b6219f6..1bd5cba 100644 --- a/armory/armory.go +++ b/armory/armory.go @@ -1,632 +1,125 @@ package armory import ( - hclog "github.com/hashicorp/go-hclog" - "github.com/spf13/viper" - "github.com/privateerproj/privateer-sdk/raidengine" - "github.com/privateerproj/privateer-sdk/utils" ) -// Conforms to the Armory interface type -type SVC struct { - Tactics map[string][]raidengine.Strike // Required, allows you to sort which strikes are run for each control - Log hclog.Logger // Recommended, allows you to set the log level for each log message - Results map[string]raidengine.StrikeResult // Optional, allows cross referencing between strikes -} - -// Optionally, retrieve config variables using Viper. -var user string - -func init() { - user = viper.GetString("user") -} - -func (a *SVC) SetLogger(loggerName string) hclog.Logger { - a.Log = raidengine.GetLogger(loggerName, false) - return a.Log -} - -func (a *SVC) GetTactics() map[string][]raidengine.Strike { - return a.Tactics -} - -// ----- -// Strike and Movements for CCC_OS_C1_TR01 -// ----- - -// CCC_OS_C1_TR01 conforms to the Strike function type -func (a *SVC) CCC_OS_C1_TR01() (strikeName string, result raidengine.StrikeResult) { - // set default return values - strikeName = "CCC_OS_C1_TR01" - result = raidengine.StrikeResult{ - Passed: false, - Description: "All supported network data protocols must be running on secure channels.", - Message: "Strike has not yet started.", // This message will be overwritten by subsequent movements - DocsURL: "https://maintainer.com/docs/raids/SVC", - ControlID: "CCC-Taxonomy-1", - Movements: make(map[string]raidengine.MovementResult), - } - - CCC_OS_C1_TR01_T01_Result := CCC_OS_C1_TR01_T01() - result.Movements["CCC_OS_C1_TR01_T01"] = CCC_OS_C1_TR01_T01_Result - if !CCC_OS_C1_TR01_T01_Result.Passed { - result.Message = CCC_OS_C1_TR01_T01_Result.Message - return - } - - // TODO: Additional movement calls go here - - return -} - -func CCC_OS_C1_TR01_T01() (result raidengine.MovementResult) { - result = raidengine.MovementResult{ - Description: "JokerName must be found in the runtime configuration.", - Function: utils.CallerPath(0), - } - - // TODO: Movement logic goes here - return -} - - -// ----- -// Strike and Movements for CCC_OS_C1_TR02 -// ----- - -// CCC_OS_C1_TR02 conforms to the Strike function type -func (a *SVC) CCC_OS_C1_TR02() (strikeName string, result raidengine.StrikeResult) { - // set default return values - strikeName = "CCC_OS_C1_TR02" - result = raidengine.StrikeResult{ - Passed: false, - Description: "All clear text channels should be disabled.", - Message: "Strike has not yet started.", // This message will be overwritten by subsequent movements - DocsURL: "https://maintainer.com/docs/raids/SVC", - ControlID: "CCC-Taxonomy-1", - Movements: make(map[string]raidengine.MovementResult), - } - - CCC_OS_C1_TR02_T01_Result := CCC_OS_C1_TR02_T01() - result.Movements["CCC_OS_C1_TR02_T01"] = CCC_OS_C1_TR02_T01_Result - if !CCC_OS_C1_TR02_T01_Result.Passed { - result.Message = CCC_OS_C1_TR02_T01_Result.Message - return - } - - // TODO: Additional movement calls go here - - return -} - -func CCC_OS_C1_TR02_T01() (result raidengine.MovementResult) { - result = raidengine.MovementResult{ - Description: "JokerName must be found in the runtime configuration.", - Function: utils.CallerPath(0), - } - - // TODO: Movement logic goes here - return -} - - -// ----- -// Strike and Movements for CCC_OS_C1_TR03 -// ----- - -// CCC_OS_C1_TR03 conforms to the Strike function type -func (a *SVC) CCC_OS_C1_TR03() (strikeName string, result raidengine.StrikeResult) { - // set default return values - strikeName = "CCC_OS_C1_TR03" - result = raidengine.StrikeResult{ - Passed: false, - Description: "The cipher suite implemented for ensuring the integrity and confidentiality of data should conform with the latest suggested cipher suites. [NIST proposed latest standard cipher suites](<[#](https://csrc.nist.gov/pubs/sp/800/52/r2/final)>).", - Message: "Strike has not yet started.", // This message will be overwritten by subsequent movements - DocsURL: "https://maintainer.com/docs/raids/SVC", - ControlID: "CCC-Taxonomy-1", - Movements: make(map[string]raidengine.MovementResult), - } - - CCC_OS_C1_TR03_T01_Result := CCC_OS_C1_TR03_T01() - result.Movements["CCC_OS_C1_TR03_T01"] = CCC_OS_C1_TR03_T01_Result - if !CCC_OS_C1_TR03_T01_Result.Passed { - result.Message = CCC_OS_C1_TR03_T01_Result.Message - return - } - - // TODO: Additional movement calls go here - - return -} - -func CCC_OS_C1_TR03_T01() (result raidengine.MovementResult) { - result = raidengine.MovementResult{ - Description: "JokerName must be found in the runtime configuration.", - Function: utils.CallerPath(0), - } - - // TODO: Movement logic goes here - return -} - - -// ----- -// Strike and Movements for CCC_OS_C2_TR01 -// ----- - -// CCC_OS_C2_TR01 conforms to the Strike function type -func (a *SVC) CCC_OS_C2_TR01() (strikeName string, result raidengine.StrikeResult) { - // set default return values - strikeName = "CCC_OS_C2_TR01" - result = raidengine.StrikeResult{ - Passed: false, - Description: "Verify that data stored in the object storage bucket is encrypted using industry-standard algorithms.", - Message: "Strike has not yet started.", // This message will be overwritten by subsequent movements - DocsURL: "https://maintainer.com/docs/raids/SVC", - ControlID: "CCC-Taxonomy-1", - Movements: make(map[string]raidengine.MovementResult), - } - - CCC_OS_C2_TR01_T01_Result := CCC_OS_C2_TR01_T01() - result.Movements["CCC_OS_C2_TR01_T01"] = CCC_OS_C2_TR01_T01_Result - if !CCC_OS_C2_TR01_T01_Result.Passed { - result.Message = CCC_OS_C2_TR01_T01_Result.Message - return - } - - // TODO: Additional movement calls go here - - return -} - -func CCC_OS_C2_TR01_T01() (result raidengine.MovementResult) { - result = raidengine.MovementResult{ - Description: "JokerName must be found in the runtime configuration.", - Function: utils.CallerPath(0), - } - - // TODO: Movement logic goes here - return -} - - -// ----- -// Strike and Movements for CCC_OS_C2_TR02 -// ----- - -// CCC_OS_C2_TR02 conforms to the Strike function type -func (a *SVC) CCC_OS_C2_TR02() (strikeName string, result raidengine.StrikeResult) { - // set default return values - strikeName = "CCC_OS_C2_TR02" - result = raidengine.StrikeResult{ - Passed: false, - Description: "Ensure that encryption keys are managed securely and rotated periodically.", - Message: "Strike has not yet started.", // This message will be overwritten by subsequent movements - DocsURL: "https://maintainer.com/docs/raids/SVC", - ControlID: "CCC-Taxonomy-1", - Movements: make(map[string]raidengine.MovementResult), - } - - CCC_OS_C2_TR02_T01_Result := CCC_OS_C2_TR02_T01() - result.Movements["CCC_OS_C2_TR02_T01"] = CCC_OS_C2_TR02_T01_Result - if !CCC_OS_C2_TR02_T01_Result.Passed { - result.Message = CCC_OS_C2_TR02_T01_Result.Message - return - } - - // TODO: Additional movement calls go here - - return -} - -func CCC_OS_C2_TR02_T01() (result raidengine.MovementResult) { - result = raidengine.MovementResult{ - Description: "JokerName must be found in the runtime configuration.", - Function: utils.CallerPath(0), - } - - // TODO: Movement logic goes here - return -} - - -// ----- -// Strike and Movements for CCC_OS_C2_TR03 -// ----- - -// CCC_OS_C2_TR03 conforms to the Strike function type -func (a *SVC) CCC_OS_C2_TR03() (strikeName string, result raidengine.StrikeResult) { - // set default return values - strikeName = "CCC_OS_C2_TR03" - result = raidengine.StrikeResult{ - Passed: false, - Description: "Confirm that decryption is only possible through authorized access mechanisms.", - Message: "Strike has not yet started.", // This message will be overwritten by subsequent movements - DocsURL: "https://maintainer.com/docs/raids/SVC", - ControlID: "CCC-Taxonomy-1", - Movements: make(map[string]raidengine.MovementResult), - } - - CCC_OS_C2_TR03_T01_Result := CCC_OS_C2_TR03_T01() - result.Movements["CCC_OS_C2_TR03_T01"] = CCC_OS_C2_TR03_T01_Result - if !CCC_OS_C2_TR03_T01_Result.Passed { - result.Message = CCC_OS_C2_TR03_T01_Result.Message - return - } - - // TODO: Additional movement calls go here - - return -} - -func CCC_OS_C2_TR03_T01() (result raidengine.MovementResult) { - result = raidengine.MovementResult{ - Description: "JokerName must be found in the runtime configuration.", - Function: utils.CallerPath(0), - } - - // TODO: Movement logic goes here - return -} - - -// ----- -// Strike and Movements for CCC_OS_C3_TR01 -// ----- - -// CCC_OS_C3_TR01 conforms to the Strike function type -func (a *SVC) CCC_OS_C3_TR01() (strikeName string, result raidengine.StrikeResult) { - // set default return values - strikeName = "CCC_OS_C3_TR01" - result = raidengine.StrikeResult{ - Passed: false, - Description: "Verify that MFA is enforced for all access attempts to the object storage bucket.", - Message: "Strike has not yet started.", // This message will be overwritten by subsequent movements - DocsURL: "https://maintainer.com/docs/raids/SVC", - ControlID: "CCC-Taxonomy-1", - Movements: make(map[string]raidengine.MovementResult), - } - - CCC_OS_C3_TR01_T01_Result := CCC_OS_C3_TR01_T01() - result.Movements["CCC_OS_C3_TR01_T01"] = CCC_OS_C3_TR01_T01_Result - if !CCC_OS_C3_TR01_T01_Result.Passed { - result.Message = CCC_OS_C3_TR01_T01_Result.Message - return - } - - // TODO: Additional movement calls go here - - return -} - -func CCC_OS_C3_TR01_T01() (result raidengine.MovementResult) { - result = raidengine.MovementResult{ - Description: "JokerName must be found in the runtime configuration.", - Function: utils.CallerPath(0), - } - - // TODO: Movement logic goes here - return -} - - -// ----- -// Strike and Movements for CCC_OS_C3_TR02 -// ----- - -// CCC_OS_C3_TR02 conforms to the Strike function type -func (a *SVC) CCC_OS_C3_TR02() (strikeName string, result raidengine.StrikeResult) { - // set default return values - strikeName = "CCC_OS_C3_TR02" - result = raidengine.StrikeResult{ - Passed: false, - Description: "Ensure that MFA is required for all administrative access to the storage management interface.", - Message: "Strike has not yet started.", // This message will be overwritten by subsequent movements - DocsURL: "https://maintainer.com/docs/raids/SVC", - ControlID: "CCC-Taxonomy-1", - Movements: make(map[string]raidengine.MovementResult), +var ( + Armory = raidengine.Armory{ + Tactics: map[string][]raidengine.Strike{ + + "tlp_amber": { + CCC_C01_TR01, + CCC_C01_TR02, + CCC_C02_TR01, + CCC_C03_TR01, + CCC_C03_TR02, + CCC_C03_TR03, + CCC_C03_TR04, + CCC_C03_TR05, + CCC_C03_TR06, + CCC_C04_TR01, + CCC_C04_TR01, + CCC_C04_TR02, + CCC_C05_TR01, + CCC_C05_TR02, + CCC_C05_TR03, + CCC_C05_TR04, + CCC_C06_TR01, + CCC_C06_TR02, + CCC_C07_TR02, + CCC_C08_TR01, + CCC_C08_TR02, + CCC_C09_TR01, + CCC_C09_TR02, + CCC_C09_TR03, + CCC_C10_TR01, + CCC_C11_TR01, + CCC_C11_TR02, + CCC_C11_TR03, + CCC_C11_TR04, + CCC_VPC_C01_TR01, + CCC_VPC_C03_TR01, + CCC_VPC_C04_TR01, + }, + "tlp_clear": { + CCC_C01_TR01, + CCC_C01_TR02, + CCC_C02_TR01, + CCC_C03_TR01, + CCC_C03_TR04, + CCC_C03_TR06, + CCC_C04_TR02, + CCC_C05_TR02, + CCC_C05_TR04, + CCC_C06_TR01, + CCC_C06_TR02, + CCC_C07_TR02, + CCC_C09_TR01, + CCC_C09_TR02, + CCC_C09_TR03, + CCC_C11_TR01, + CCC_C11_TR02, + }, + "tlp_green": { + CCC_C01_TR01, + CCC_C01_TR02, + CCC_C02_TR01, + CCC_C03_TR01, + CCC_C03_TR04, + CCC_C03_TR06, + CCC_C04_TR02, + CCC_C05_TR02, + CCC_C05_TR04, + CCC_C06_TR01, + CCC_C06_TR02, + CCC_C07_TR02, + CCC_C08_TR01, + CCC_C08_TR02, + CCC_C09_TR01, + CCC_C09_TR02, + CCC_C09_TR03, + CCC_C10_TR01, + CCC_C11_TR01, + CCC_C11_TR02, + CCC_VPC_C03_TR01, + }, + "tlp_red": { + CCC_C01_TR01, + CCC_C01_TR02, + CCC_C02_TR01, + CCC_C03_TR01, + CCC_C03_TR02, + CCC_C03_TR03, + CCC_C03_TR04, + CCC_C03_TR05, + CCC_C03_TR06, + CCC_C04_TR01, + CCC_C04_TR01, + CCC_C04_TR02, + CCC_C05_TR01, + CCC_C05_TR02, + CCC_C05_TR03, + CCC_C05_TR04, + CCC_C06_TR01, + CCC_C06_TR02, + CCC_C07_TR01, + CCC_C07_TR02, + CCC_C08_TR01, + CCC_C08_TR02, + CCC_C09_TR01, + CCC_C09_TR02, + CCC_C09_TR03, + CCC_C10_TR01, + CCC_C11_TR01, + CCC_C11_TR02, + CCC_C11_TR03, + CCC_C11_TR04, + CCC_VPC_C01_TR01, + CCC_VPC_C02_TR01, + CCC_VPC_C03_TR01, + CCC_VPC_C04_TR01, + }, + }, } - - CCC_OS_C3_TR02_T01_Result := CCC_OS_C3_TR02_T01() - result.Movements["CCC_OS_C3_TR02_T01"] = CCC_OS_C3_TR02_T01_Result - if !CCC_OS_C3_TR02_T01_Result.Passed { - result.Message = CCC_OS_C3_TR02_T01_Result.Message - return - } - - // TODO: Additional movement calls go here - - return -} - -func CCC_OS_C3_TR02_T01() (result raidengine.MovementResult) { - result = raidengine.MovementResult{ - Description: "JokerName must be found in the runtime configuration.", - Function: utils.CallerPath(0), - } - - // TODO: Movement logic goes here - return -} - - -// ----- -// Strike and Movements for CCC_OS_C3_TR03 -// ----- - -// CCC_OS_C3_TR03 conforms to the Strike function type -func (a *SVC) CCC_OS_C3_TR03() (strikeName string, result raidengine.StrikeResult) { - // set default return values - strikeName = "CCC_OS_C3_TR03" - result = raidengine.StrikeResult{ - Passed: false, - Description: "Confirm that users are unable to access the object storage bucket without completing MFA.", - Message: "Strike has not yet started.", // This message will be overwritten by subsequent movements - DocsURL: "https://maintainer.com/docs/raids/SVC", - ControlID: "CCC-Taxonomy-1", - Movements: make(map[string]raidengine.MovementResult), - } - - CCC_OS_C3_TR03_T01_Result := CCC_OS_C3_TR03_T01() - result.Movements["CCC_OS_C3_TR03_T01"] = CCC_OS_C3_TR03_T01_Result - if !CCC_OS_C3_TR03_T01_Result.Passed { - result.Message = CCC_OS_C3_TR03_T01_Result.Message - return - } - - // TODO: Additional movement calls go here - - return -} - -func CCC_OS_C3_TR03_T01() (result raidengine.MovementResult) { - result = raidengine.MovementResult{ - Description: "JokerName must be found in the runtime configuration.", - Function: utils.CallerPath(0), - } - - // TODO: Movement logic goes here - return -} - - -// ----- -// Strike and Movements for CCC_OS_C4_TR01 -// ----- - -// CCC_OS_C4_TR01 conforms to the Strike function type -func (a *SVC) CCC_OS_C4_TR01() (strikeName string, result raidengine.StrikeResult) { - // set default return values - strikeName = "CCC_OS_C4_TR01" - result = raidengine.StrikeResult{ - Passed: false, - Description: "Verify that data in the object storage bucket is protected by immutability settings.", - Message: "Strike has not yet started.", // This message will be overwritten by subsequent movements - DocsURL: "https://maintainer.com/docs/raids/SVC", - ControlID: "CCC-Taxonomy-1", - Movements: make(map[string]raidengine.MovementResult), - } - - CCC_OS_C4_TR01_T01_Result := CCC_OS_C4_TR01_T01() - result.Movements["CCC_OS_C4_TR01_T01"] = CCC_OS_C4_TR01_T01_Result - if !CCC_OS_C4_TR01_T01_Result.Passed { - result.Message = CCC_OS_C4_TR01_T01_Result.Message - return - } - - // TODO: Additional movement calls go here - - return -} - -func CCC_OS_C4_TR01_T01() (result raidengine.MovementResult) { - result = raidengine.MovementResult{ - Description: "JokerName must be found in the runtime configuration.", - Function: utils.CallerPath(0), - } - - // TODO: Movement logic goes here - return -} - - -// ----- -// Strike and Movements for CCC_OS_C4_TR02 -// ----- - -// CCC_OS_C4_TR02 conforms to the Strike function type -func (a *SVC) CCC_OS_C4_TR02() (strikeName string, result raidengine.StrikeResult) { - // set default return values - strikeName = "CCC_OS_C4_TR02" - result = raidengine.StrikeResult{ - Passed: false, - Description: "Ensure that attempts to modify or delete data within the immutability period are denied.", - Message: "Strike has not yet started.", // This message will be overwritten by subsequent movements - DocsURL: "https://maintainer.com/docs/raids/SVC", - ControlID: "CCC-Taxonomy-1", - Movements: make(map[string]raidengine.MovementResult), - } - - CCC_OS_C4_TR02_T01_Result := CCC_OS_C4_TR02_T01() - result.Movements["CCC_OS_C4_TR02_T01"] = CCC_OS_C4_TR02_T01_Result - if !CCC_OS_C4_TR02_T01_Result.Passed { - result.Message = CCC_OS_C4_TR02_T01_Result.Message - return - } - - // TODO: Additional movement calls go here - - return -} - -func CCC_OS_C4_TR02_T01() (result raidengine.MovementResult) { - result = raidengine.MovementResult{ - Description: "JokerName must be found in the runtime configuration.", - Function: utils.CallerPath(0), - } - - // TODO: Movement logic goes here - return -} - - -// ----- -// Strike and Movements for CCC_OS_C4_TR03 -// ----- - -// CCC_OS_C4_TR03 conforms to the Strike function type -func (a *SVC) CCC_OS_C4_TR03() (strikeName string, result raidengine.StrikeResult) { - // set default return values - strikeName = "CCC_OS_C4_TR03" - result = raidengine.StrikeResult{ - Passed: false, - Description: "Confirm that immutable data remains unchanged throughout the defined retention period.", - Message: "Strike has not yet started.", // This message will be overwritten by subsequent movements - DocsURL: "https://maintainer.com/docs/raids/SVC", - ControlID: "CCC-Taxonomy-1", - Movements: make(map[string]raidengine.MovementResult), - } - - CCC_OS_C4_TR03_T01_Result := CCC_OS_C4_TR03_T01() - result.Movements["CCC_OS_C4_TR03_T01"] = CCC_OS_C4_TR03_T01_Result - if !CCC_OS_C4_TR03_T01_Result.Passed { - result.Message = CCC_OS_C4_TR03_T01_Result.Message - return - } - - // TODO: Additional movement calls go here - - return -} - -func CCC_OS_C4_TR03_T01() (result raidengine.MovementResult) { - result = raidengine.MovementResult{ - Description: "JokerName must be found in the runtime configuration.", - Function: utils.CallerPath(0), - } - - // TODO: Movement logic goes here - return -} - - -// ----- -// Strike and Movements for CCC_OS_C5_TR01 -// ----- - -// CCC_OS_C5_TR01 conforms to the Strike function type -func (a *SVC) CCC_OS_C5_TR01() (strikeName string, result raidengine.StrikeResult) { - // set default return values - strikeName = "CCC_OS_C5_TR01" - result = raidengine.StrikeResult{ - Passed: false, - Description: "Verify that all access attempts to the object storage bucket are logged.", - Message: "Strike has not yet started.", // This message will be overwritten by subsequent movements - DocsURL: "https://maintainer.com/docs/raids/SVC", - ControlID: "CCC-Taxonomy-1", - Movements: make(map[string]raidengine.MovementResult), - } - - CCC_OS_C5_TR01_T01_Result := CCC_OS_C5_TR01_T01() - result.Movements["CCC_OS_C5_TR01_T01"] = CCC_OS_C5_TR01_T01_Result - if !CCC_OS_C5_TR01_T01_Result.Passed { - result.Message = CCC_OS_C5_TR01_T01_Result.Message - return - } - - // TODO: Additional movement calls go here - - return -} - -func CCC_OS_C5_TR01_T01() (result raidengine.MovementResult) { - result = raidengine.MovementResult{ - Description: "JokerName must be found in the runtime configuration.", - Function: utils.CallerPath(0), - } - - // TODO: Movement logic goes here - return -} - - -// ----- -// Strike and Movements for CCC_OS_C5_TR02 -// ----- - -// CCC_OS_C5_TR02 conforms to the Strike function type -func (a *SVC) CCC_OS_C5_TR02() (strikeName string, result raidengine.StrikeResult) { - // set default return values - strikeName = "CCC_OS_C5_TR02" - result = raidengine.StrikeResult{ - Passed: false, - Description: "Ensure that all changes to the object storage bucket configurations are logged.", - Message: "Strike has not yet started.", // This message will be overwritten by subsequent movements - DocsURL: "https://maintainer.com/docs/raids/SVC", - ControlID: "CCC-Taxonomy-1", - Movements: make(map[string]raidengine.MovementResult), - } - - CCC_OS_C5_TR02_T01_Result := CCC_OS_C5_TR02_T01() - result.Movements["CCC_OS_C5_TR02_T01"] = CCC_OS_C5_TR02_T01_Result - if !CCC_OS_C5_TR02_T01_Result.Passed { - result.Message = CCC_OS_C5_TR02_T01_Result.Message - return - } - - // TODO: Additional movement calls go here - - return -} - -func CCC_OS_C5_TR02_T01() (result raidengine.MovementResult) { - result = raidengine.MovementResult{ - Description: "JokerName must be found in the runtime configuration.", - Function: utils.CallerPath(0), - } - - // TODO: Movement logic goes here - return -} - - -// ----- -// Strike and Movements for CCC_OS_C5_TR03 -// ----- - -// CCC_OS_C5_TR03 conforms to the Strike function type -func (a *SVC) CCC_OS_C5_TR03() (strikeName string, result raidengine.StrikeResult) { - // set default return values - strikeName = "CCC_OS_C5_TR03" - result = raidengine.StrikeResult{ - Passed: false, - Description: "Confirm that logs are protected against unauthorized access and tampering.", - Message: "Strike has not yet started.", // This message will be overwritten by subsequent movements - DocsURL: "https://maintainer.com/docs/raids/SVC", - ControlID: "CCC-Taxonomy-1", - Movements: make(map[string]raidengine.MovementResult), - } - - CCC_OS_C5_TR03_T01_Result := CCC_OS_C5_TR03_T01() - result.Movements["CCC_OS_C5_TR03_T01"] = CCC_OS_C5_TR03_T01_Result - if !CCC_OS_C5_TR03_T01_Result.Passed { - result.Message = CCC_OS_C5_TR03_T01_Result.Message - return - } - - // TODO: Additional movement calls go here - - return -} - -func CCC_OS_C5_TR03_T01() (result raidengine.MovementResult) { - result = raidengine.MovementResult{ - Description: "JokerName must be found in the runtime configuration.", - Function: utils.CallerPath(0), - } - - // TODO: Movement logic goes here - return -} - \ No newline at end of file +) diff --git a/armory/examples.go b/armory/examples.go new file mode 100644 index 0000000..7facac3 --- /dev/null +++ b/armory/examples.go @@ -0,0 +1,107 @@ +package armory + +import ( + "github.com/privateerproj/privateer-sdk/raidengine" + "github.com/privateerproj/privateer-sdk/utils" +) + +// +// ! +// !! +// !!! +// +// This file is for reference purposes only +// These are not customized or generated for your use case +// Delete this as soon as you start adding your own changes +// +// !!! +// !! +// ! +// + +var globalObject interface{} + +// Example of a strike that calls an invasive and non-invasive movement. +// Any number or combination of movements can be called +func ExampleStrike01() (strikeName string, result raidengine.StrikeResult) { + // set default return values + strikeName = "Example_Strike_01" + result = raidengine.StrikeResult{ + Description: "The service enforces the use of secure transport protocols for all network communications (e.g., TLS 1.2 or higher).", + Message: "Strike has not yet started.", // This message will be overwritten by subsequent movements + DocsURL: "https://maintainer.com/docs/raids/DEV", // This is an optional link to documentation that will help users better understand the strike + ControlID: "CCC.C01", // This is the control ID that the strike is testing against + Movements: make(map[string]raidengine.MovementResult), // This map will be populated with the results of each movement + Passed: false, // This will be updated to true if a movement passes, and back to false if a movement fails + } + + result.ExecuteMovement(ExampleMovement0101) + + // if a movement relies on another movement to pass, add this type of condition + if result.Movements["ExampleMovement0101"].Passed { + // if a movement could potentially cause harm to the target env, flag it as invasive like this + result.ExecuteInvasiveMovement(ExampleMovement0102) + } + + return +} + +// ExampleMovement0101 does not apply a change to the system +func ExampleMovement0101() (moveResult raidengine.MovementResult) { + // Pretend we're making some API call or other logic to determine if the movement is applicable + customLogicResults := true + + moveResult = raidengine.MovementResult{ + Description: "Making an API call to see if HTTPS is enforced.", + Function: utils.CallerPath(0), // This allows interested users to jump directly to the code that is executing this movement + Passed: customLogicResults, + } + return +} + +// ExampleMovement0102 applies an invasive change to the system. Not all changes are invasive, but this one is. +// Use ExecuteInvasiveMovement() to ensure it is run only when the user has opted in to potentially destructive changes. +func ExampleMovement0102() (moveResult raidengine.MovementResult) { + // The functions here can be defined whereever you like + // If you have a lot of changes or plan to reuse them, you may want to put them in a separate file + change1 := raidengine.NewChange( + "targetName", + "This change should create a new storage object", // For logging purposes. This will be overwritten by the result of a successful apply function. + applyChange, + revertChange, + ) + + // Any intended changes should be applied before returning the movement result + change1.Apply() + + // A future release may have better object handling for objects returned by the change + // For now, toss it onto a global variable if you need to access it later + globalObject = change1.TargetObject + + // If the change is not needed for subsequent movements, revert it now + // A future release will use this logic to multi-thread the revert process + // Any changes that are not reverted within the movement will be reverted together at the end of the strike + change1.Revert() + + // Note that we are not setting Passed to true or false. That will be determined by ExecuteMovement() or ExecuteInvasiveMovement() + moveResult = raidengine.MovementResult{ + Description: "Making an API call to see if HTTPS is enforced.", + Function: utils.CallerPath(0), // This allows interested users to jump directly to the code that is executing this movement + Changes: map[string]*raidengine.Change{ + "TestChange1": change1, + }, + } + return +} + +// Mock function to simulate applying a change +func applyChange() (modifiedObject interface{}, err error) { + // Replace with actual logic + return nil, nil +} + +// Mock function to simulate undoing a change +func revertChange() error { + // Replace with actual logic + return nil // Return an error here to simulate failure +} diff --git a/armory/strikes.go b/armory/strikes.go new file mode 100644 index 0000000..b7f1de4 --- /dev/null +++ b/armory/strikes.go @@ -0,0 +1,1029 @@ +package armory + +import ( + "github.com/privateerproj/privateer-sdk/raidengine" + "github.com/privateerproj/privateer-sdk/utils" +) + +// ----- +// Strike and Movements for CCC_C01_TR01 +// ----- + +// CCC_C01_TR01 conforms to the Strike function type +func CCC_C01_TR01() (strikeName string, result raidengine.StrikeResult) { + // set default return values + strikeName = "CCC_C01_TR01" + result = raidengine.StrikeResult{ + Passed: false, + Description: "When a port is exposed for non-SSH network traffic, all traffic MUST include a TLS handshake AND be encrypted using TLS 1.2 or higher.", + ControlID: "CCC.C01", + Movements: make(map[string]raidengine.MovementResult), + } + + result.ExecuteMovement(CCC_C01_TR01_T01) + // TODO: Additional movement calls go here + + return +} + +func CCC_C01_TR01_T01() (moveResult raidengine.MovementResult) { + moveResult = raidengine.MovementResult{ + Description: "This movement is still under construction", + Function: utils.CallerPath(0), + } + + // TODO: Use this section to write a single step or test that contributes to CCC_C01_TR01 + return +} + +// ----- +// Strike and Movements for CCC_C01_TR02 +// ----- + +// CCC_C01_TR02 conforms to the Strike function type +func CCC_C01_TR02() (strikeName string, result raidengine.StrikeResult) { + // set default return values + strikeName = "CCC_C01_TR02" + result = raidengine.StrikeResult{ + Passed: false, + Description: "When a port is exposed for SSH network traffic, all traffic MUST include a SSH handshake AND be encrypted using SSHv2 or higher.", + ControlID: "CCC.C01", + Movements: make(map[string]raidengine.MovementResult), + } + + result.ExecuteMovement(CCC_C01_TR02_T01) + // TODO: Additional movement calls go here + + return +} + +func CCC_C01_TR02_T01() (moveResult raidengine.MovementResult) { + moveResult = raidengine.MovementResult{ + Description: "This movement is still under construction", + Function: utils.CallerPath(0), + } + + // TODO: Use this section to write a single step or test that contributes to CCC_C01_TR02 + return +} + +// ----- +// Strike and Movements for CCC_C02_TR01 +// ----- + +// CCC_C02_TR01 conforms to the Strike function type +func CCC_C02_TR01() (strikeName string, result raidengine.StrikeResult) { + // set default return values + strikeName = "CCC_C02_TR01" + result = raidengine.StrikeResult{ + Passed: false, + Description: "When data is stored at rest, the service MUST be configured to encrypt data at rest using the latest industry-standard encryption methods.", + ControlID: "CCC.C02", + Movements: make(map[string]raidengine.MovementResult), + } + + result.ExecuteMovement(CCC_C02_TR01_T01) + // TODO: Additional movement calls go here + + return +} + +func CCC_C02_TR01_T01() (moveResult raidengine.MovementResult) { + moveResult = raidengine.MovementResult{ + Description: "This movement is still under construction", + Function: utils.CallerPath(0), + } + + // TODO: Use this section to write a single step or test that contributes to CCC_C02_TR01 + return +} + +// ----- +// Strike and Movements for CCC_C03_TR01 +// ----- + +// CCC_C03_TR01 conforms to the Strike function type +func CCC_C03_TR01() (strikeName string, result raidengine.StrikeResult) { + // set default return values + strikeName = "CCC_C03_TR01" + result = raidengine.StrikeResult{ + Passed: false, + Description: "When an entity attempts to modify the service, the service MUST attempt to verify the client's identity through an authentication process.", + ControlID: "CCC.C03", + Movements: make(map[string]raidengine.MovementResult), + } + + result.ExecuteMovement(CCC_C03_TR01_T01) + // TODO: Additional movement calls go here + + return +} + +func CCC_C03_TR01_T01() (moveResult raidengine.MovementResult) { + moveResult = raidengine.MovementResult{ + Description: "This movement is still under construction", + Function: utils.CallerPath(0), + } + + // TODO: Use this section to write a single step or test that contributes to CCC_C03_TR01 + return +} + +// ----- +// Strike and Movements for CCC_C03_TR02 +// ----- + +// CCC_C03_TR02 conforms to the Strike function type +func CCC_C03_TR02() (strikeName string, result raidengine.StrikeResult) { + // set default return values + strikeName = "CCC_C03_TR02" + result = raidengine.StrikeResult{ + Passed: false, + Description: "When an entity attempts to view information presented by the service, service, the service MUST attempt to verify the client's identity through an authentication process.", + ControlID: "CCC.C03", + Movements: make(map[string]raidengine.MovementResult), + } + + result.ExecuteMovement(CCC_C03_TR02_T01) + // TODO: Additional movement calls go here + + return +} + +func CCC_C03_TR02_T01() (moveResult raidengine.MovementResult) { + moveResult = raidengine.MovementResult{ + Description: "This movement is still under construction", + Function: utils.CallerPath(0), + } + + // TODO: Use this section to write a single step or test that contributes to CCC_C03_TR02 + return +} + +// ----- +// Strike and Movements for CCC_C03_TR03 +// ----- + +// CCC_C03_TR03 conforms to the Strike function type +func CCC_C03_TR03() (strikeName string, result raidengine.StrikeResult) { + // set default return values + strikeName = "CCC_C03_TR03" + result = raidengine.StrikeResult{ + Passed: false, + Description: "When an entity attempts to view information on the service through a user interface, the authentication process MUST require multiple identifying factors from the user.", + ControlID: "CCC.C03", + Movements: make(map[string]raidengine.MovementResult), + } + + result.ExecuteMovement(CCC_C03_TR03_T01) + // TODO: Additional movement calls go here + + return +} + +func CCC_C03_TR03_T01() (moveResult raidengine.MovementResult) { + moveResult = raidengine.MovementResult{ + Description: "This movement is still under construction", + Function: utils.CallerPath(0), + } + + // TODO: Use this section to write a single step or test that contributes to CCC_C03_TR03 + return +} + +// ----- +// Strike and Movements for CCC_C03_TR04 +// ----- + +// CCC_C03_TR04 conforms to the Strike function type +func CCC_C03_TR04() (strikeName string, result raidengine.StrikeResult) { + // set default return values + strikeName = "CCC_C03_TR04" + result = raidengine.StrikeResult{ + Passed: false, + Description: "When an entity attempts to modify the service through an API endpoint, the authentication process MUST be limited to a specific allowed network.", + ControlID: "CCC.C03", + Movements: make(map[string]raidengine.MovementResult), + } + + result.ExecuteMovement(CCC_C03_TR04_T01) + // TODO: Additional movement calls go here + + return +} + +func CCC_C03_TR04_T01() (moveResult raidengine.MovementResult) { + moveResult = raidengine.MovementResult{ + Description: "This movement is still under construction", + Function: utils.CallerPath(0), + } + + // TODO: Use this section to write a single step or test that contributes to CCC_C03_TR04 + return +} + +// ----- +// Strike and Movements for CCC_C03_TR05 +// ----- + +// CCC_C03_TR05 conforms to the Strike function type +func CCC_C03_TR05() (strikeName string, result raidengine.StrikeResult) { + // set default return values + strikeName = "CCC_C03_TR05" + result = raidengine.StrikeResult{ + Passed: false, + Description: "When an entity attempts to view information on the service through an API endpoint, the authentication process MUST be limited to a specific allowed network.", + ControlID: "CCC.C03", + Movements: make(map[string]raidengine.MovementResult), + } + + result.ExecuteMovement(CCC_C03_TR05_T01) + // TODO: Additional movement calls go here + + return +} + +func CCC_C03_TR05_T01() (moveResult raidengine.MovementResult) { + moveResult = raidengine.MovementResult{ + Description: "This movement is still under construction", + Function: utils.CallerPath(0), + } + + // TODO: Use this section to write a single step or test that contributes to CCC_C03_TR05 + return +} + +// ----- +// Strike and Movements for CCC_C03_TR06 +// ----- + +// CCC_C03_TR06 conforms to the Strike function type +func CCC_C03_TR06() (strikeName string, result raidengine.StrikeResult) { + // set default return values + strikeName = "CCC_C03_TR06" + result = raidengine.StrikeResult{ + Passed: false, + Description: "When an entity attempts to modify the service through a user interface, the authentication process MUST require multiple identifying factors from the user.", + ControlID: "CCC.C03", + Movements: make(map[string]raidengine.MovementResult), + } + + result.ExecuteMovement(CCC_C03_TR06_T01) + // TODO: Additional movement calls go here + + return +} + +func CCC_C03_TR06_T01() (moveResult raidengine.MovementResult) { + moveResult = raidengine.MovementResult{ + Description: "This movement is still under construction", + Function: utils.CallerPath(0), + } + + // TODO: Use this section to write a single step or test that contributes to CCC_C03_TR06 + return +} + +// ----- +// Strike and Movements for CCC_C04_TR01 +// ----- + +// CCC_C04_TR01 conforms to the Strike function type +func CCC_C04_TR01() (strikeName string, result raidengine.StrikeResult) { + // set default return values + strikeName = "CCC_C04_TR01" + result = raidengine.StrikeResult{ + Passed: false, + Description: "When any access attempt is made to the view sensitive information, the service MUST log the client identity, time, and result of the attempt.", + ControlID: "CCC.C04", + Movements: make(map[string]raidengine.MovementResult), + } + + result.ExecuteMovement(CCC_C04_TR01_T01) + // TODO: Additional movement calls go here + + return +} + +func CCC_C04_TR01_T01() (moveResult raidengine.MovementResult) { + moveResult = raidengine.MovementResult{ + Description: "This movement is still under construction", + Function: utils.CallerPath(0), + } + + // TODO: Use this section to write a single step or test that contributes to CCC_C04_TR01 + return +} + +// ----- +// Strike and Movements for CCC_C04_TR02 +// ----- + +// CCC_C04_TR02 conforms to the Strike function type +func CCC_C04_TR02() (strikeName string, result raidengine.StrikeResult) { + // set default return values + strikeName = "CCC_C04_TR02" + result = raidengine.StrikeResult{ + Passed: false, + Description: "When any change is made to the service configuration, the service MUST log the change, including the client, time, previous state, and the new state following the change.", + ControlID: "CCC.C04", + Movements: make(map[string]raidengine.MovementResult), + } + + result.ExecuteMovement(CCC_C04_TR02_T01) + // TODO: Additional movement calls go here + + return +} + +func CCC_C04_TR02_T01() (moveResult raidengine.MovementResult) { + moveResult = raidengine.MovementResult{ + Description: "This movement is still under construction", + Function: utils.CallerPath(0), + } + + // TODO: Use this section to write a single step or test that contributes to CCC_C04_TR02 + return +} + +// ----- +// Strike and Movements for CCC_C05_TR01 +// ----- + +// CCC_C05_TR01 conforms to the Strike function type +func CCC_C05_TR01() (strikeName string, result raidengine.StrikeResult) { + // set default return values + strikeName = "CCC_C05_TR01" + result = raidengine.StrikeResult{ + Passed: false, + Description: "When access to sensitive resources is attempted, the service MUST block requests from untrusted sources, including IP addresses, domains, or networks that are not explicitly included in a pre-approved allowlist.", + ControlID: "CCC.C05", + Movements: make(map[string]raidengine.MovementResult), + } + + result.ExecuteMovement(CCC_C05_TR01_T01) + // TODO: Additional movement calls go here + + return +} + +func CCC_C05_TR01_T01() (moveResult raidengine.MovementResult) { + moveResult = raidengine.MovementResult{ + Description: "This movement is still under construction", + Function: utils.CallerPath(0), + } + + // TODO: Use this section to write a single step or test that contributes to CCC_C05_TR01 + return +} + +// ----- +// Strike and Movements for CCC_C05_TR02 +// ----- + +// CCC_C05_TR02 conforms to the Strike function type +func CCC_C05_TR02() (strikeName string, result raidengine.StrikeResult) { + // set default return values + strikeName = "CCC_C05_TR02" + result = raidengine.StrikeResult{ + Passed: false, + Description: "When administrative access is attempted, the service MUST validate that the request originates from an explicitly allowed source as defined in the allowlist.", + ControlID: "CCC.C05", + Movements: make(map[string]raidengine.MovementResult), + } + + result.ExecuteMovement(CCC_C05_TR02_T01) + // TODO: Additional movement calls go here + + return +} + +func CCC_C05_TR02_T01() (moveResult raidengine.MovementResult) { + moveResult = raidengine.MovementResult{ + Description: "This movement is still under construction", + Function: utils.CallerPath(0), + } + + // TODO: Use this section to write a single step or test that contributes to CCC_C05_TR02 + return +} + +// ----- +// Strike and Movements for CCC_C05_TR03 +// ----- + +// CCC_C05_TR03 conforms to the Strike function type +func CCC_C05_TR03() (strikeName string, result raidengine.StrikeResult) { + // set default return values + strikeName = "CCC_C05_TR03" + result = raidengine.StrikeResult{ + Passed: false, + Description: "When resources are accessed in a multi-tenant environment, the service MUST enforce isolation by allowing access only to explicitly allowlisted tenants.", + ControlID: "CCC.C05", + Movements: make(map[string]raidengine.MovementResult), + } + + result.ExecuteMovement(CCC_C05_TR03_T01) + // TODO: Additional movement calls go here + + return +} + +func CCC_C05_TR03_T01() (moveResult raidengine.MovementResult) { + moveResult = raidengine.MovementResult{ + Description: "This movement is still under construction", + Function: utils.CallerPath(0), + } + + // TODO: Use this section to write a single step or test that contributes to CCC_C05_TR03 + return +} + +// ----- +// Strike and Movements for CCC_C05_TR04 +// ----- + +// CCC_C05_TR04 conforms to the Strike function type +func CCC_C05_TR04() (strikeName string, result raidengine.StrikeResult) { + // set default return values + strikeName = "CCC_C05_TR04" + result = raidengine.StrikeResult{ + Passed: false, + Description: "When an access attempt from an untrusted source is blocked, the service MUST log the event, including the source details, time, and reason for denial.", + ControlID: "CCC.C05", + Movements: make(map[string]raidengine.MovementResult), + } + + result.ExecuteMovement(CCC_C05_TR04_T01) + // TODO: Additional movement calls go here + + return +} + +func CCC_C05_TR04_T01() (moveResult raidengine.MovementResult) { + moveResult = raidengine.MovementResult{ + Description: "This movement is still under construction", + Function: utils.CallerPath(0), + } + + // TODO: Use this section to write a single step or test that contributes to CCC_C05_TR04 + return +} + +// ----- +// Strike and Movements for CCC_C06_TR01 +// ----- + +// CCC_C06_TR01 conforms to the Strike function type +func CCC_C06_TR01() (strikeName string, result raidengine.StrikeResult) { + // set default return values + strikeName = "CCC_C06_TR01" + result = raidengine.StrikeResult{ + Passed: false, + Description: "When a deployment request is made, the service MUST validate that the deployment region is not to a restricted or regions or availability zones.", + ControlID: "CCC.C06", + Movements: make(map[string]raidengine.MovementResult), + } + + result.ExecuteMovement(CCC_C06_TR01_T01) + // TODO: Additional movement calls go here + + return +} + +func CCC_C06_TR01_T01() (moveResult raidengine.MovementResult) { + moveResult = raidengine.MovementResult{ + Description: "This movement is still under construction", + Function: utils.CallerPath(0), + } + + // TODO: Use this section to write a single step or test that contributes to CCC_C06_TR01 + return +} + +// ----- +// Strike and Movements for CCC_C06_TR02 +// ----- + +// CCC_C06_TR02 conforms to the Strike function type +func CCC_C06_TR02() (strikeName string, result raidengine.StrikeResult) { + // set default return values + strikeName = "CCC_C06_TR02" + result = raidengine.StrikeResult{ + Passed: false, + Description: "When a deployment request is made, the service MUST validate that replication of data, backups, and disaster recovery operations will not occur in restricted regions or availability zones.", + ControlID: "CCC.C06", + Movements: make(map[string]raidengine.MovementResult), + } + + result.ExecuteMovement(CCC_C06_TR02_T01) + // TODO: Additional movement calls go here + + return +} + +func CCC_C06_TR02_T01() (moveResult raidengine.MovementResult) { + moveResult = raidengine.MovementResult{ + Description: "This movement is still under construction", + Function: utils.CallerPath(0), + } + + // TODO: Use this section to write a single step or test that contributes to CCC_C06_TR02 + return +} + +// ----- +// Strike and Movements for CCC_C07_TR01 +// ----- + +// CCC_C07_TR01 conforms to the Strike function type +func CCC_C07_TR01() (strikeName string, result raidengine.StrikeResult) { + // set default return values + strikeName = "CCC_C07_TR01" + result = raidengine.StrikeResult{ + Passed: false, + Description: "When suspicious enumeration activities are detected, the service MUST generate real-time alerts to notify security personnel.", + ControlID: "CCC.C07", + Movements: make(map[string]raidengine.MovementResult), + } + + result.ExecuteMovement(CCC_C07_TR01_T01) + // TODO: Additional movement calls go here + + return +} + +func CCC_C07_TR01_T01() (moveResult raidengine.MovementResult) { + moveResult = raidengine.MovementResult{ + Description: "This movement is still under construction", + Function: utils.CallerPath(0), + } + + // TODO: Use this section to write a single step or test that contributes to CCC_C07_TR01 + return +} + +// ----- +// Strike and Movements for CCC_C07_TR02 +// ----- + +// CCC_C07_TR02 conforms to the Strike function type +func CCC_C07_TR02() (strikeName string, result raidengine.StrikeResult) { + // set default return values + strikeName = "CCC_C07_TR02" + result = raidengine.StrikeResult{ + Passed: false, + Description: "When suspicious enumeration activities are detected, the service MUST log the event, including the source details, time, and nature of the activity.", + ControlID: "CCC.C07", + Movements: make(map[string]raidengine.MovementResult), + } + + result.ExecuteMovement(CCC_C07_TR02_T01) + // TODO: Additional movement calls go here + + return +} + +func CCC_C07_TR02_T01() (moveResult raidengine.MovementResult) { + moveResult = raidengine.MovementResult{ + Description: "This movement is still under construction", + Function: utils.CallerPath(0), + } + + // TODO: Use this section to write a single step or test that contributes to CCC_C07_TR02 + return +} + +// ----- +// Strike and Movements for CCC_C08_TR01 +// ----- + +// CCC_C08_TR01 conforms to the Strike function type +func CCC_C08_TR01() (strikeName string, result raidengine.StrikeResult) { + // set default return values + strikeName = "CCC_C08_TR01" + result = raidengine.StrikeResult{ + Passed: false, + Description: "When data is stored, the service MUST ensure that data is replicated across multiple availability zones or regions.", + ControlID: "CCC.C08", + Movements: make(map[string]raidengine.MovementResult), + } + + result.ExecuteMovement(CCC_C08_TR01_T01) + // TODO: Additional movement calls go here + + return +} + +func CCC_C08_TR01_T01() (moveResult raidengine.MovementResult) { + moveResult = raidengine.MovementResult{ + Description: "This movement is still under construction", + Function: utils.CallerPath(0), + } + + // TODO: Use this section to write a single step or test that contributes to CCC_C08_TR01 + return +} + +// ----- +// Strike and Movements for CCC_C08_TR02 +// ----- + +// CCC_C08_TR02 conforms to the Strike function type +func CCC_C08_TR02() (strikeName string, result raidengine.StrikeResult) { + // set default return values + strikeName = "CCC_C08_TR02" + result = raidengine.StrikeResult{ + Passed: false, + Description: "When data is replicated across multiple zones or regions, the service MUST be able to verify the replication state, including the replication locations and data synchronization status.", + ControlID: "CCC.C08", + Movements: make(map[string]raidengine.MovementResult), + } + + result.ExecuteMovement(CCC_C08_TR02_T01) + // TODO: Additional movement calls go here + + return +} + +func CCC_C08_TR02_T01() (moveResult raidengine.MovementResult) { + moveResult = raidengine.MovementResult{ + Description: "This movement is still under construction", + Function: utils.CallerPath(0), + } + + // TODO: Use this section to write a single step or test that contributes to CCC_C08_TR02 + return +} + +// ----- +// Strike and Movements for CCC_C09_TR01 +// ----- + +// CCC_C09_TR01 conforms to the Strike function type +func CCC_C09_TR01() (strikeName string, result raidengine.StrikeResult) { + // set default return values + strikeName = "CCC_C09_TR01" + result = raidengine.StrikeResult{ + Passed: false, + Description: "When access logs are stored, the service MUST ensure that access logs cannot be accessed without proper authorization.", + ControlID: "CCC.C09", + Movements: make(map[string]raidengine.MovementResult), + } + + result.ExecuteMovement(CCC_C09_TR01_T01) + // TODO: Additional movement calls go here + + return +} + +func CCC_C09_TR01_T01() (moveResult raidengine.MovementResult) { + moveResult = raidengine.MovementResult{ + Description: "This movement is still under construction", + Function: utils.CallerPath(0), + } + + // TODO: Use this section to write a single step or test that contributes to CCC_C09_TR01 + return +} + +// ----- +// Strike and Movements for CCC_C09_TR02 +// ----- + +// CCC_C09_TR02 conforms to the Strike function type +func CCC_C09_TR02() (strikeName string, result raidengine.StrikeResult) { + // set default return values + strikeName = "CCC_C09_TR02" + result = raidengine.StrikeResult{ + Passed: false, + Description: "When access logs are stored, the service MUST ensure that access logs cannot be modified without proper authorization.", + ControlID: "CCC.C09", + Movements: make(map[string]raidengine.MovementResult), + } + + result.ExecuteMovement(CCC_C09_TR02_T01) + // TODO: Additional movement calls go here + + return +} + +func CCC_C09_TR02_T01() (moveResult raidengine.MovementResult) { + moveResult = raidengine.MovementResult{ + Description: "This movement is still under construction", + Function: utils.CallerPath(0), + } + + // TODO: Use this section to write a single step or test that contributes to CCC_C09_TR02 + return +} + +// ----- +// Strike and Movements for CCC_C09_TR03 +// ----- + +// CCC_C09_TR03 conforms to the Strike function type +func CCC_C09_TR03() (strikeName string, result raidengine.StrikeResult) { + // set default return values + strikeName = "CCC_C09_TR03" + result = raidengine.StrikeResult{ + Passed: false, + Description: "When access logs are stored, the service MUST ensure that access logs cannot be deleted without proper authorization.", + ControlID: "CCC.C09", + Movements: make(map[string]raidengine.MovementResult), + } + + result.ExecuteMovement(CCC_C09_TR03_T01) + // TODO: Additional movement calls go here + + return +} + +func CCC_C09_TR03_T01() (moveResult raidengine.MovementResult) { + moveResult = raidengine.MovementResult{ + Description: "This movement is still under construction", + Function: utils.CallerPath(0), + } + + // TODO: Use this section to write a single step or test that contributes to CCC_C09_TR03 + return +} + +// ----- +// Strike and Movements for CCC_C10_TR01 +// ----- + +// CCC_C10_TR01 conforms to the Strike function type +func CCC_C10_TR01() (strikeName string, result raidengine.StrikeResult) { + // set default return values + strikeName = "CCC_C10_TR01" + result = raidengine.StrikeResult{ + Passed: false, + Description: "When data is replicated, the service MUST ensure that replication is restricted to explicitly trusted destinations.", + ControlID: "CCC.C10", + Movements: make(map[string]raidengine.MovementResult), + } + + result.ExecuteMovement(CCC_C10_TR01_T01) + // TODO: Additional movement calls go here + + return +} + +func CCC_C10_TR01_T01() (moveResult raidengine.MovementResult) { + moveResult = raidengine.MovementResult{ + Description: "This movement is still under construction", + Function: utils.CallerPath(0), + } + + // TODO: Use this section to write a single step or test that contributes to CCC_C10_TR01 + return +} + +// ----- +// Strike and Movements for CCC_C11_TR01 +// ----- + +// CCC_C11_TR01 conforms to the Strike function type +func CCC_C11_TR01() (strikeName string, result raidengine.StrikeResult) { + // set default return values + strikeName = "CCC_C11_TR01" + result = raidengine.StrikeResult{ + Passed: false, + Description: "When encryption keys are used, the service MUST verify that all encryption keys use approved cryptographic algorithms as per organizational standards.", + ControlID: "CCC.C11", + Movements: make(map[string]raidengine.MovementResult), + } + + result.ExecuteMovement(CCC_C11_TR01_T01) + // TODO: Additional movement calls go here + + return +} + +func CCC_C11_TR01_T01() (moveResult raidengine.MovementResult) { + moveResult = raidengine.MovementResult{ + Description: "This movement is still under construction", + Function: utils.CallerPath(0), + } + + // TODO: Use this section to write a single step or test that contributes to CCC_C11_TR01 + return +} + +// ----- +// Strike and Movements for CCC_C11_TR02 +// ----- + +// CCC_C11_TR02 conforms to the Strike function type +func CCC_C11_TR02() (strikeName string, result raidengine.StrikeResult) { + // set default return values + strikeName = "CCC_C11_TR02" + result = raidengine.StrikeResult{ + Passed: false, + Description: "When encryption keys are used, the service MUST verify that encryption keys are rotated at a frequency compliant with organizational policies.", + ControlID: "CCC.C11", + Movements: make(map[string]raidengine.MovementResult), + } + + result.ExecuteMovement(CCC_C11_TR02_T01) + // TODO: Additional movement calls go here + + return +} + +func CCC_C11_TR02_T01() (moveResult raidengine.MovementResult) { + moveResult = raidengine.MovementResult{ + Description: "This movement is still under construction", + Function: utils.CallerPath(0), + } + + // TODO: Use this section to write a single step or test that contributes to CCC_C11_TR02 + return +} + +// ----- +// Strike and Movements for CCC_C11_TR03 +// ----- + +// CCC_C11_TR03 conforms to the Strike function type +func CCC_C11_TR03() (strikeName string, result raidengine.StrikeResult) { + // set default return values + strikeName = "CCC_C11_TR03" + result = raidengine.StrikeResult{ + Passed: false, + Description: "When encrypting data, the service MUST verify that customer-managed encryption keys (CMEKs) are used.", + ControlID: "CCC.C11", + Movements: make(map[string]raidengine.MovementResult), + } + + result.ExecuteMovement(CCC_C11_TR03_T01) + // TODO: Additional movement calls go here + + return +} + +func CCC_C11_TR03_T01() (moveResult raidengine.MovementResult) { + moveResult = raidengine.MovementResult{ + Description: "This movement is still under construction", + Function: utils.CallerPath(0), + } + + // TODO: Use this section to write a single step or test that contributes to CCC_C11_TR03 + return +} + +// ----- +// Strike and Movements for CCC_C11_TR04 +// ----- + +// CCC_C11_TR04 conforms to the Strike function type +func CCC_C11_TR04() (strikeName string, result raidengine.StrikeResult) { + // set default return values + strikeName = "CCC_C11_TR04" + result = raidengine.StrikeResult{ + Passed: false, + Description: "When encryption keys are accessed, the service MUST verify that access to encryption keys is restricted to authorized personnel and services, following the principle of least privilege.", + ControlID: "CCC.C11", + Movements: make(map[string]raidengine.MovementResult), + } + + result.ExecuteMovement(CCC_C11_TR04_T01) + // TODO: Additional movement calls go here + + return +} + +func CCC_C11_TR04_T01() (moveResult raidengine.MovementResult) { + moveResult = raidengine.MovementResult{ + Description: "This movement is still under construction", + Function: utils.CallerPath(0), + } + + // TODO: Use this section to write a single step or test that contributes to CCC_C11_TR04 + return +} + +// ----- +// Strike and Movements for CCC_VPC_C01_TR01 +// ----- + +// CCC_VPC_C01_TR01 conforms to the Strike function type +func CCC_VPC_C01_TR01() (strikeName string, result raidengine.StrikeResult) { + // set default return values + strikeName = "CCC_VPC_C01_TR01" + result = raidengine.StrikeResult{ + Passed: false, + Description: "When a subscription is created, the subscription MUST NOT contain default network resources.", + ControlID: "CCC.VPC.C01", + Movements: make(map[string]raidengine.MovementResult), + } + + result.ExecuteMovement(CCC_VPC_C01_TR01_T01) + // TODO: Additional movement calls go here + + return +} + +func CCC_VPC_C01_TR01_T01() (moveResult raidengine.MovementResult) { + moveResult = raidengine.MovementResult{ + Description: "This movement is still under construction", + Function: utils.CallerPath(0), + } + + // TODO: Use this section to write a single step or test that contributes to CCC_VPC_C01_TR01 + return +} + +// ----- +// Strike and Movements for CCC_VPC_C02_TR01 +// ----- + +// CCC_VPC_C02_TR01 conforms to the Strike function type +func CCC_VPC_C02_TR01() (strikeName string, result raidengine.StrikeResult) { + // set default return values + strikeName = "CCC_VPC_C02_TR01" + result = raidengine.StrikeResult{ + Passed: false, + Description: "When a resource is created in a public subnet, that resource MUST NOT be assigned an external IP address by default.", + ControlID: "CCC.VPC.C02", + Movements: make(map[string]raidengine.MovementResult), + } + + result.ExecuteMovement(CCC_VPC_C02_TR01_T01) + // TODO: Additional movement calls go here + + return +} + +func CCC_VPC_C02_TR01_T01() (moveResult raidengine.MovementResult) { + moveResult = raidengine.MovementResult{ + Description: "This movement is still under construction", + Function: utils.CallerPath(0), + } + + // TODO: Use this section to write a single step or test that contributes to CCC_VPC_C02_TR01 + return +} + +// ----- +// Strike and Movements for CCC_VPC_C03_TR01 +// ----- + +// CCC_VPC_C03_TR01 conforms to the Strike function type +func CCC_VPC_C03_TR01() (strikeName string, result raidengine.StrikeResult) { + // set default return values + strikeName = "CCC_VPC_C03_TR01" + result = raidengine.StrikeResult{ + Passed: false, + Description: "When a VPC peering connection is requested, the service MUST prevent connections from VPCs that are not explicitly allowed.", + ControlID: "CCC.VPC.C03", + Movements: make(map[string]raidengine.MovementResult), + } + + result.ExecuteMovement(CCC_VPC_C03_TR01_T01) + // TODO: Additional movement calls go here + + return +} + +func CCC_VPC_C03_TR01_T01() (moveResult raidengine.MovementResult) { + moveResult = raidengine.MovementResult{ + Description: "This movement is still under construction", + Function: utils.CallerPath(0), + } + + // TODO: Use this section to write a single step or test that contributes to CCC_VPC_C03_TR01 + return +} + +// ----- +// Strike and Movements for CCC_VPC_C04_TR01 +// ----- + +// CCC_VPC_C04_TR01 conforms to the Strike function type +func CCC_VPC_C04_TR01() (strikeName string, result raidengine.StrikeResult) { + // set default return values + strikeName = "CCC_VPC_C04_TR01" + result = raidengine.StrikeResult{ + Passed: false, + Description: "When any network traffic goes to or from an interface in the VPC, the service MUST capture and log all relevant information.", + ControlID: "CCC.VPC.C04", + Movements: make(map[string]raidengine.MovementResult), + } + + result.ExecuteMovement(CCC_VPC_C04_TR01_T01) + // TODO: Additional movement calls go here + + return +} + +func CCC_VPC_C04_TR01_T01() (moveResult raidengine.MovementResult) { + moveResult = raidengine.MovementResult{ + Description: "This movement is still under construction", + Function: utils.CallerPath(0), + } + + // TODO: Use this section to write a single step or test that contributes to CCC_VPC_C04_TR01 + return +} diff --git a/cmd/debug.go b/cmd/debug.go index 4855b32..d1fdb76 100644 --- a/cmd/debug.go +++ b/cmd/debug.go @@ -3,8 +3,9 @@ package cmd import ( "log" - "github.com/privateerproj/privateer-sdk/raidengine" "github.com/spf13/cobra" + + "github.com/privateerproj/privateer-raid-example/armory" ) var ( @@ -13,7 +14,7 @@ var ( Use: "debug", Short: "Run the Raid in debug mode", Run: func(cmd *cobra.Command, args []string) { - err := raidengine.Run(RaidName, Armory) + err := Vessel.Mobilize(&armory.Armory, nil) // Replace nil with a slice of your required var names if err != nil { log.Fatal(err) } diff --git a/cmd/raid.go b/cmd/raid.go new file mode 100644 index 0000000..26f0f3d --- /dev/null +++ b/cmd/raid.go @@ -0,0 +1,21 @@ +package cmd + +import ( + "github.com/privateerproj/privateer-raid-example/armory" + + "github.com/privateerproj/privateer-sdk/raidengine" +) + +var ( + Vessel = raidengine.Vessel{ + RaidName: "example", // Double check that this is what you want the raid to be named + } // Used by the plugin or debug function to run the Raid +) + +type Raid struct{} + +// Raid.Start() is called by plugin.Serve +func (r *Raid) Start() (err error) { + err = Vessel.Mobilize(&armory.Armory, nil) // Replace nil with a slice of your required var names + return +} diff --git a/cmd/root.go b/cmd/root.go index 97ef27c..9a536cb 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -6,31 +6,24 @@ import ( "github.com/spf13/cobra" - "github.com/privateerproj/privateer-pack-SVC/armory" "github.com/privateerproj/privateer-sdk/command" "github.com/privateerproj/privateer-sdk/plugin" - "github.com/privateerproj/privateer-sdk/raidengine" ) -// Raid makes the correlated raidengine struct available to the plugin -type Raid struct { -} - var ( // Build information is added by the Makefile at compile time buildVersion string buildGitCommitHash string buildTime string - RaidName = "SVC" - Armory = &armory.SVC{} + RaidName = "example" // runCmd represents the base command when called without any subcommands runCmd = &cobra.Command{ Use: RaidName, Short: fmt.Sprintf("Test suite for %s.", RaidName), PersistentPreRun: func(cmd *cobra.Command, args []string) { - command.InitializeConfig() + // optional }, Run: func(cmd *cobra.Command, args []string) { // Serve plugin @@ -58,38 +51,5 @@ func Execute(version, commitHash, builtAt string) { } func init() { - Armory.Tactics = map[string][]raidengine.Strike{ - "CCC_OS_Security": { - Armory.CCC_OS_C1_TR01, - Armory.CCC_OS_C1_TR02, - Armory.CCC_OS_C1_TR03, - Armory.CCC_OS_C2_TR01, - Armory.CCC_OS_C2_TR02, - Armory.CCC_OS_C2_TR03, - Armory.CCC_OS_C3_TR01, - Armory.CCC_OS_C3_TR02, - Armory.CCC_OS_C3_TR03, - Armory.CCC_OS_C4_TR01, - Armory.CCC_OS_C4_TR02, - Armory.CCC_OS_C4_TR03, - Armory.CCC_OS_C5_TR01, - Armory.CCC_OS_C5_TR02, - Armory.CCC_OS_C5_TR03, - }, - } - command.SetBase(runCmd) // This initializes the base CLI functionality } - -// cleanupFunc is called when the plugin is stopped -func cleanupFunc() error { - return nil -} - -// Start is called from Privateer after the plugin is served -// At minimum, this should call raidengine.Run() -// Adding raidengine.SetupCloseHandler(cleanupFunc) will allow you to append custom cleanup behavior -func (r *Raid) Start() error { - raidengine.SetupCloseHandler(cleanupFunc) - return raidengine.Run(RaidName, Armory) -} diff --git a/example-config.yml b/example-config.yml index 0d481d5..8d171ed 100644 --- a/example-config.yml +++ b/example-config.yml @@ -1,7 +1,10 @@ loglevel: Debug -WriteDirectory: sample_test_output -raids: - SVC: - tactics: - - CCC_OS_Taxonomy - - CCC_OS_Security \ No newline at end of file +write-directory: sample_output +services: + my-cloud-service1: + raid: example + tactics: + - tlp_red + # - tlp_amber + # - tlp_green + # - tlp_clear diff --git a/go.mod b/go.mod index 3c64817..f645b9e 100644 --- a/go.mod +++ b/go.mod @@ -1,10 +1,9 @@ -module github.com/privateerproj/privateer-pack-SVC +module github.com/privateerproj/privateer-raid-example -go 1.20 +go 1.23 require ( - github.com/hashicorp/go-hclog v1.6.3 - github.com/privateerproj/privateer-sdk v0.0.7 + github.com/privateerproj/privateer-sdk v0.0.15 github.com/spf13/cobra v1.8.1 github.com/spf13/viper v1.19.0 ) @@ -13,6 +12,7 @@ require ( github.com/fatih/color v1.14.1 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/golang/protobuf v1.5.3 // indirect + github.com/hashicorp/go-hclog v1.6.3 // indirect github.com/hashicorp/go-plugin v1.4.0 // indirect github.com/hashicorp/hcl v1.0.0 // indirect github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb // indirect diff --git a/go.sum b/go.sum index 639c16f..ffd0b32 100644 --- a/go.sum +++ b/go.sum @@ -429,6 +429,7 @@ github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ3 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= @@ -447,6 +448,7 @@ github.com/fatih/color v1.14.1 h1:qfhVLaG5s+nCROl1zJsZRxFeYrHLqWroPOQ8BWiNb4w= github.com/fatih/color v1.14.1/go.mod h1:2oHN61fhTpgcxD3TSWCgKDiH1+x4OiDVVGH8WlgGZGg= github.com/frankban/quicktest v1.14.3/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps= github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= +github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= @@ -516,6 +518,7 @@ github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= @@ -623,6 +626,7 @@ github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfn github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= @@ -679,10 +683,11 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s= -github.com/privateerproj/privateer-sdk v0.0.7 h1:amvOH0fFDR/HsarKqBNMCBUNGhv7kUweXsOjsUi/Xhs= -github.com/privateerproj/privateer-sdk v0.0.7/go.mod h1:wLc/yv9UDFXR9kZ0ioXpCOdWhm4hTSK3VqMEziJqMo4= +github.com/privateerproj/privateer-sdk v0.0.15 h1:cjnDkZ48om7GGYSTz70R6aKrduog/NZoXpl1mN51TiA= +github.com/privateerproj/privateer-sdk v0.0.15/go.mod h1:wLc/yv9UDFXR9kZ0ioXpCOdWhm4hTSK3VqMEziJqMo4= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= @@ -705,6 +710,7 @@ github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6L github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= +github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= diff --git a/main.go b/main.go index c83d590..c98f4d8 100644 --- a/main.go +++ b/main.go @@ -3,7 +3,7 @@ package main import ( "fmt" - "github.com/privateerproj/privateer-pack-SVC/cmd" + "github.com/privateerproj/privateer-raid-example/cmd" ) var ( diff --git a/sample_output/my-cloud-service1/tlp_red.yml b/sample_output/my-cloud-service1/tlp_red.yml new file mode 100644 index 0000000..864d74e --- /dev/null +++ b/sample_output/my-cloud-service1/tlp_red.yml @@ -0,0 +1,501 @@ +tacticname: tlp_red +starttime: 2024-12-14 14:12:44.292517 -0600 CST m=+0.007123001 +endtime: 2024-12-14 14:12:44.293232 -0600 CST m=+0.007838001 +strikeresults: + CCC_C01_TR01: + passed: false + description: When a port is exposed for non-SSH network traffic, all traffic MUST include a TLS handshake AND be encrypted using TLS 1.2 or higher. + message: strike did not return a result, and may still be under development + docsurl: "" + controlid: CCC.C01 + movements: + CCC_C01_TR01_T01: + passed: false + description: This movement is still under construction + message: "" + function: github.com/privateerproj/privateer-raid-example/armory.CCC_C01_TR01_T01 + value: null + changes: {} + badstatealert: false + CCC_C01_TR02: + passed: false + description: When a port is exposed for SSH network traffic, all traffic MUST include a SSH handshake AND be encrypted using SSHv2 or higher. + message: strike did not return a result, and may still be under development + docsurl: "" + controlid: CCC.C01 + movements: + CCC_C01_TR02_T01: + passed: false + description: This movement is still under construction + message: "" + function: github.com/privateerproj/privateer-raid-example/armory.CCC_C01_TR02_T01 + value: null + changes: {} + badstatealert: false + CCC_C02_TR01: + passed: false + description: When data is stored at rest, the service MUST be configured to encrypt data at rest using the latest industry-standard encryption methods. + message: strike did not return a result, and may still be under development + docsurl: "" + controlid: CCC.C02 + movements: + CCC_C02_TR01_T01: + passed: false + description: This movement is still under construction + message: "" + function: github.com/privateerproj/privateer-raid-example/armory.CCC_C02_TR01_T01 + value: null + changes: {} + badstatealert: false + CCC_C03_TR01: + passed: false + description: When an entity attempts to modify the service, the service MUST attempt to verify the client's identity through an authentication process. + message: strike did not return a result, and may still be under development + docsurl: "" + controlid: CCC.C03 + movements: + CCC_C03_TR01_T01: + passed: false + description: This movement is still under construction + message: "" + function: github.com/privateerproj/privateer-raid-example/armory.CCC_C03_TR01_T01 + value: null + changes: {} + badstatealert: false + CCC_C03_TR02: + passed: false + description: When an entity attempts to view information presented by the service, service, the service MUST attempt to verify the client's identity through an authentication process. + message: strike did not return a result, and may still be under development + docsurl: "" + controlid: CCC.C03 + movements: + CCC_C03_TR02_T01: + passed: false + description: This movement is still under construction + message: "" + function: github.com/privateerproj/privateer-raid-example/armory.CCC_C03_TR02_T01 + value: null + changes: {} + badstatealert: false + CCC_C03_TR03: + passed: false + description: When an entity attempts to view information on the service through a user interface, the authentication process MUST require multiple identifying factors from the user. + message: strike did not return a result, and may still be under development + docsurl: "" + controlid: CCC.C03 + movements: + CCC_C03_TR03_T01: + passed: false + description: This movement is still under construction + message: "" + function: github.com/privateerproj/privateer-raid-example/armory.CCC_C03_TR03_T01 + value: null + changes: {} + badstatealert: false + CCC_C03_TR04: + passed: false + description: When an entity attempts to modify the service through an API endpoint, the authentication process MUST be limited to a specific allowed network. + message: strike did not return a result, and may still be under development + docsurl: "" + controlid: CCC.C03 + movements: + CCC_C03_TR04_T01: + passed: false + description: This movement is still under construction + message: "" + function: github.com/privateerproj/privateer-raid-example/armory.CCC_C03_TR04_T01 + value: null + changes: {} + badstatealert: false + CCC_C03_TR05: + passed: false + description: When an entity attempts to view information on the service through an API endpoint, the authentication process MUST be limited to a specific allowed network. + message: strike did not return a result, and may still be under development + docsurl: "" + controlid: CCC.C03 + movements: + CCC_C03_TR05_T01: + passed: false + description: This movement is still under construction + message: "" + function: github.com/privateerproj/privateer-raid-example/armory.CCC_C03_TR05_T01 + value: null + changes: {} + badstatealert: false + CCC_C03_TR06: + passed: false + description: When an entity attempts to modify the service through a user interface, the authentication process MUST require multiple identifying factors from the user. + message: strike did not return a result, and may still be under development + docsurl: "" + controlid: CCC.C03 + movements: + CCC_C03_TR06_T01: + passed: false + description: This movement is still under construction + message: "" + function: github.com/privateerproj/privateer-raid-example/armory.CCC_C03_TR06_T01 + value: null + changes: {} + badstatealert: false + CCC_C04_TR01: + passed: false + description: When any access attempt is made to the view sensitive information, the service MUST log the client identity, time, and result of the attempt. + message: strike did not return a result, and may still be under development + docsurl: "" + controlid: CCC.C04 + movements: + CCC_C04_TR01_T01: + passed: false + description: This movement is still under construction + message: "" + function: github.com/privateerproj/privateer-raid-example/armory.CCC_C04_TR01_T01 + value: null + changes: {} + badstatealert: false + CCC_C04_TR02: + passed: false + description: When any change is made to the service configuration, the service MUST log the change, including the client, time, previous state, and the new state following the change. + message: strike did not return a result, and may still be under development + docsurl: "" + controlid: CCC.C04 + movements: + CCC_C04_TR02_T01: + passed: false + description: This movement is still under construction + message: "" + function: github.com/privateerproj/privateer-raid-example/armory.CCC_C04_TR02_T01 + value: null + changes: {} + badstatealert: false + CCC_C05_TR01: + passed: false + description: When access to sensitive resources is attempted, the service MUST block requests from untrusted sources, including IP addresses, domains, or networks that are not explicitly included in a pre-approved allowlist. + message: strike did not return a result, and may still be under development + docsurl: "" + controlid: CCC.C05 + movements: + CCC_C05_TR01_T01: + passed: false + description: This movement is still under construction + message: "" + function: github.com/privateerproj/privateer-raid-example/armory.CCC_C05_TR01_T01 + value: null + changes: {} + badstatealert: false + CCC_C05_TR02: + passed: false + description: When administrative access is attempted, the service MUST validate that the request originates from an explicitly allowed source as defined in the allowlist. + message: strike did not return a result, and may still be under development + docsurl: "" + controlid: CCC.C05 + movements: + CCC_C05_TR02_T01: + passed: false + description: This movement is still under construction + message: "" + function: github.com/privateerproj/privateer-raid-example/armory.CCC_C05_TR02_T01 + value: null + changes: {} + badstatealert: false + CCC_C05_TR03: + passed: false + description: When resources are accessed in a multi-tenant environment, the service MUST enforce isolation by allowing access only to explicitly allowlisted tenants. + message: strike did not return a result, and may still be under development + docsurl: "" + controlid: CCC.C05 + movements: + CCC_C05_TR03_T01: + passed: false + description: This movement is still under construction + message: "" + function: github.com/privateerproj/privateer-raid-example/armory.CCC_C05_TR03_T01 + value: null + changes: {} + badstatealert: false + CCC_C05_TR04: + passed: false + description: When an access attempt from an untrusted source is blocked, the service MUST log the event, including the source details, time, and reason for denial. + message: strike did not return a result, and may still be under development + docsurl: "" + controlid: CCC.C05 + movements: + CCC_C05_TR04_T01: + passed: false + description: This movement is still under construction + message: "" + function: github.com/privateerproj/privateer-raid-example/armory.CCC_C05_TR04_T01 + value: null + changes: {} + badstatealert: false + CCC_C06_TR01: + passed: false + description: When a deployment request is made, the service MUST validate that the deployment region is not to a restricted or regions or availability zones. + message: strike did not return a result, and may still be under development + docsurl: "" + controlid: CCC.C06 + movements: + CCC_C06_TR01_T01: + passed: false + description: This movement is still under construction + message: "" + function: github.com/privateerproj/privateer-raid-example/armory.CCC_C06_TR01_T01 + value: null + changes: {} + badstatealert: false + CCC_C06_TR02: + passed: false + description: When a deployment request is made, the service MUST validate that replication of data, backups, and disaster recovery operations will not occur in restricted regions or availability zones. + message: strike did not return a result, and may still be under development + docsurl: "" + controlid: CCC.C06 + movements: + CCC_C06_TR02_T01: + passed: false + description: This movement is still under construction + message: "" + function: github.com/privateerproj/privateer-raid-example/armory.CCC_C06_TR02_T01 + value: null + changes: {} + badstatealert: false + CCC_C07_TR01: + passed: false + description: When suspicious enumeration activities are detected, the service MUST generate real-time alerts to notify security personnel. + message: strike did not return a result, and may still be under development + docsurl: "" + controlid: CCC.C07 + movements: + CCC_C07_TR01_T01: + passed: false + description: This movement is still under construction + message: "" + function: github.com/privateerproj/privateer-raid-example/armory.CCC_C07_TR01_T01 + value: null + changes: {} + badstatealert: false + CCC_C07_TR02: + passed: false + description: When suspicious enumeration activities are detected, the service MUST log the event, including the source details, time, and nature of the activity. + message: strike did not return a result, and may still be under development + docsurl: "" + controlid: CCC.C07 + movements: + CCC_C07_TR02_T01: + passed: false + description: This movement is still under construction + message: "" + function: github.com/privateerproj/privateer-raid-example/armory.CCC_C07_TR02_T01 + value: null + changes: {} + badstatealert: false + CCC_C08_TR01: + passed: false + description: When data is stored, the service MUST ensure that data is replicated across multiple availability zones or regions. + message: strike did not return a result, and may still be under development + docsurl: "" + controlid: CCC.C08 + movements: + CCC_C08_TR01_T01: + passed: false + description: This movement is still under construction + message: "" + function: github.com/privateerproj/privateer-raid-example/armory.CCC_C08_TR01_T01 + value: null + changes: {} + badstatealert: false + CCC_C08_TR02: + passed: false + description: When data is replicated across multiple zones or regions, the service MUST be able to verify the replication state, including the replication locations and data synchronization status. + message: strike did not return a result, and may still be under development + docsurl: "" + controlid: CCC.C08 + movements: + CCC_C08_TR02_T01: + passed: false + description: This movement is still under construction + message: "" + function: github.com/privateerproj/privateer-raid-example/armory.CCC_C08_TR02_T01 + value: null + changes: {} + badstatealert: false + CCC_C09_TR01: + passed: false + description: When access logs are stored, the service MUST ensure that access logs cannot be accessed without proper authorization. + message: strike did not return a result, and may still be under development + docsurl: "" + controlid: CCC.C09 + movements: + CCC_C09_TR01_T01: + passed: false + description: This movement is still under construction + message: "" + function: github.com/privateerproj/privateer-raid-example/armory.CCC_C09_TR01_T01 + value: null + changes: {} + badstatealert: false + CCC_C09_TR02: + passed: false + description: When access logs are stored, the service MUST ensure that access logs cannot be modified without proper authorization. + message: strike did not return a result, and may still be under development + docsurl: "" + controlid: CCC.C09 + movements: + CCC_C09_TR02_T01: + passed: false + description: This movement is still under construction + message: "" + function: github.com/privateerproj/privateer-raid-example/armory.CCC_C09_TR02_T01 + value: null + changes: {} + badstatealert: false + CCC_C09_TR03: + passed: false + description: When access logs are stored, the service MUST ensure that access logs cannot be deleted without proper authorization. + message: strike did not return a result, and may still be under development + docsurl: "" + controlid: CCC.C09 + movements: + CCC_C09_TR03_T01: + passed: false + description: This movement is still under construction + message: "" + function: github.com/privateerproj/privateer-raid-example/armory.CCC_C09_TR03_T01 + value: null + changes: {} + badstatealert: false + CCC_C10_TR01: + passed: false + description: When data is replicated, the service MUST ensure that replication is restricted to explicitly trusted destinations. + message: strike did not return a result, and may still be under development + docsurl: "" + controlid: CCC.C10 + movements: + CCC_C10_TR01_T01: + passed: false + description: This movement is still under construction + message: "" + function: github.com/privateerproj/privateer-raid-example/armory.CCC_C10_TR01_T01 + value: null + changes: {} + badstatealert: false + CCC_C11_TR01: + passed: false + description: When encryption keys are used, the service MUST verify that all encryption keys use approved cryptographic algorithms as per organizational standards. + message: strike did not return a result, and may still be under development + docsurl: "" + controlid: CCC.C11 + movements: + CCC_C11_TR01_T01: + passed: false + description: This movement is still under construction + message: "" + function: github.com/privateerproj/privateer-raid-example/armory.CCC_C11_TR01_T01 + value: null + changes: {} + badstatealert: false + CCC_C11_TR02: + passed: false + description: When encryption keys are used, the service MUST verify that encryption keys are rotated at a frequency compliant with organizational policies. + message: strike did not return a result, and may still be under development + docsurl: "" + controlid: CCC.C11 + movements: + CCC_C11_TR02_T01: + passed: false + description: This movement is still under construction + message: "" + function: github.com/privateerproj/privateer-raid-example/armory.CCC_C11_TR02_T01 + value: null + changes: {} + badstatealert: false + CCC_C11_TR03: + passed: false + description: When encrypting data, the service MUST verify that customer-managed encryption keys (CMEKs) are used. + message: strike did not return a result, and may still be under development + docsurl: "" + controlid: CCC.C11 + movements: + CCC_C11_TR03_T01: + passed: false + description: This movement is still under construction + message: "" + function: github.com/privateerproj/privateer-raid-example/armory.CCC_C11_TR03_T01 + value: null + changes: {} + badstatealert: false + CCC_C11_TR04: + passed: false + description: When encryption keys are accessed, the service MUST verify that access to encryption keys is restricted to authorized personnel and services, following the principle of least privilege. + message: strike did not return a result, and may still be under development + docsurl: "" + controlid: CCC.C11 + movements: + CCC_C11_TR04_T01: + passed: false + description: This movement is still under construction + message: "" + function: github.com/privateerproj/privateer-raid-example/armory.CCC_C11_TR04_T01 + value: null + changes: {} + badstatealert: false + CCC_VPC_C01_TR01: + passed: false + description: When a subscription is created, the subscription MUST NOT contain default network resources. + message: strike did not return a result, and may still be under development + docsurl: "" + controlid: CCC.VPC.C01 + movements: + CCC_VPC_C01_TR01_T01: + passed: false + description: This movement is still under construction + message: "" + function: github.com/privateerproj/privateer-raid-example/armory.CCC_VPC_C01_TR01_T01 + value: null + changes: {} + badstatealert: false + CCC_VPC_C02_TR01: + passed: false + description: When a resource is created in a public subnet, that resource MUST NOT be assigned an external IP address by default. + message: strike did not return a result, and may still be under development + docsurl: "" + controlid: CCC.VPC.C02 + movements: + CCC_VPC_C02_TR01_T01: + passed: false + description: This movement is still under construction + message: "" + function: github.com/privateerproj/privateer-raid-example/armory.CCC_VPC_C02_TR01_T01 + value: null + changes: {} + badstatealert: false + CCC_VPC_C03_TR01: + passed: false + description: When a VPC peering connection is requested, the service MUST prevent connections from VPCs that are not explicitly allowed. + message: strike did not return a result, and may still be under development + docsurl: "" + controlid: CCC.VPC.C03 + movements: + CCC_VPC_C03_TR01_T01: + passed: false + description: This movement is still under construction + message: "" + function: github.com/privateerproj/privateer-raid-example/armory.CCC_VPC_C03_TR01_T01 + value: null + changes: {} + badstatealert: false + CCC_VPC_C04_TR01: + passed: false + description: When any network traffic goes to or from an interface in the VPC, the service MUST capture and log all relevant information. + message: strike did not return a result, and may still be under development + docsurl: "" + controlid: CCC.VPC.C04 + movements: + CCC_VPC_C04_TR01_T01: + passed: false + description: This movement is still under construction + message: "" + function: github.com/privateerproj/privateer-raid-example/armory.CCC_VPC_C04_TR01_T01 + value: null + changes: {} + badstatealert: false +passed: false +badstatealert: false diff --git a/sample_test_output/SVC-CCC_OS_Security/results.json b/sample_test_output/SVC-CCC_OS_Security/results.json deleted file mode 100644 index a3a4bc8..0000000 --- a/sample_test_output/SVC-CCC_OS_Security/results.json +++ /dev/null @@ -1 +0,0 @@ -{"TacticName":"SVC-CCC_OS_Security","StartTime":"2024-08-14 17:45:26.879565 -0500 CDT m=+0.007635293","EndTime":"2024-08-14 17:45:26.88001 -0500 CDT m=+0.008080585","StrikeResults":{"CCC_OS_C1_TR01":{"Passed":false,"Description":"All supported network data protocols must be running on secure channels.","Message":"Strike did not return a result, and may still be under development.","DocsURL":"https://maintainer.com/docs/raids/SVC","ControlID":"CCC-Taxonomy-1","Movements":{"CCC_OS_C1_TR01_T01":{"Passed":false,"Description":"JokerName must be found in the runtime configuration.","Message":"","Function":"github.com/privateerproj/privateer-pack-SVC/armory.CCC_OS_C1_TR01_T01","Value":null}}},"CCC_OS_C1_TR02":{"Passed":false,"Description":"All clear text channels should be disabled.","Message":"Strike did not return a result, and may still be under development.","DocsURL":"https://maintainer.com/docs/raids/SVC","ControlID":"CCC-Taxonomy-1","Movements":{"CCC_OS_C1_TR02_T01":{"Passed":false,"Description":"JokerName must be found in the runtime configuration.","Message":"","Function":"github.com/privateerproj/privateer-pack-SVC/armory.CCC_OS_C1_TR02_T01","Value":null}}},"CCC_OS_C1_TR03":{"Passed":false,"Description":"The cipher suite implemented for ensuring the integrity and confidentiality of data should conform with the latest suggested cipher suites. [NIST proposed latest standard cipher suites](\u0026lt;[#](https://csrc.nist.gov/pubs/sp/800/52/r2/final)\u0026gt;).","Message":"Strike did not return a result, and may still be under development.","DocsURL":"https://maintainer.com/docs/raids/SVC","ControlID":"CCC-Taxonomy-1","Movements":{"CCC_OS_C1_TR03_T01":{"Passed":false,"Description":"JokerName must be found in the runtime configuration.","Message":"","Function":"github.com/privateerproj/privateer-pack-SVC/armory.CCC_OS_C1_TR03_T01","Value":null}}},"CCC_OS_C2_TR01":{"Passed":false,"Description":"Verify that data stored in the object storage bucket is encrypted using industry-standard algorithms.","Message":"Strike did not return a result, and may still be under development.","DocsURL":"https://maintainer.com/docs/raids/SVC","ControlID":"CCC-Taxonomy-1","Movements":{"CCC_OS_C2_TR01_T01":{"Passed":false,"Description":"JokerName must be found in the runtime configuration.","Message":"","Function":"github.com/privateerproj/privateer-pack-SVC/armory.CCC_OS_C2_TR01_T01","Value":null}}},"CCC_OS_C2_TR02":{"Passed":false,"Description":"Ensure that encryption keys are managed securely and rotated periodically.","Message":"Strike did not return a result, and may still be under development.","DocsURL":"https://maintainer.com/docs/raids/SVC","ControlID":"CCC-Taxonomy-1","Movements":{"CCC_OS_C2_TR02_T01":{"Passed":false,"Description":"JokerName must be found in the runtime configuration.","Message":"","Function":"github.com/privateerproj/privateer-pack-SVC/armory.CCC_OS_C2_TR02_T01","Value":null}}},"CCC_OS_C2_TR03":{"Passed":false,"Description":"Confirm that decryption is only possible through authorized access mechanisms.","Message":"Strike did not return a result, and may still be under development.","DocsURL":"https://maintainer.com/docs/raids/SVC","ControlID":"CCC-Taxonomy-1","Movements":{"CCC_OS_C2_TR03_T01":{"Passed":false,"Description":"JokerName must be found in the runtime configuration.","Message":"","Function":"github.com/privateerproj/privateer-pack-SVC/armory.CCC_OS_C2_TR03_T01","Value":null}}},"CCC_OS_C3_TR01":{"Passed":false,"Description":"Verify that MFA is enforced for all access attempts to the object storage bucket.","Message":"Strike did not return a result, and may still be under development.","DocsURL":"https://maintainer.com/docs/raids/SVC","ControlID":"CCC-Taxonomy-1","Movements":{"CCC_OS_C3_TR01_T01":{"Passed":false,"Description":"JokerName must be found in the runtime configuration.","Message":"","Function":"github.com/privateerproj/privateer-pack-SVC/armory.CCC_OS_C3_TR01_T01","Value":null}}},"CCC_OS_C3_TR02":{"Passed":false,"Description":"Ensure that MFA is required for all administrative access to the storage management interface.","Message":"Strike did not return a result, and may still be under development.","DocsURL":"https://maintainer.com/docs/raids/SVC","ControlID":"CCC-Taxonomy-1","Movements":{"CCC_OS_C3_TR02_T01":{"Passed":false,"Description":"JokerName must be found in the runtime configuration.","Message":"","Function":"github.com/privateerproj/privateer-pack-SVC/armory.CCC_OS_C3_TR02_T01","Value":null}}},"CCC_OS_C3_TR03":{"Passed":false,"Description":"Confirm that users are unable to access the object storage bucket without completing MFA.","Message":"Strike did not return a result, and may still be under development.","DocsURL":"https://maintainer.com/docs/raids/SVC","ControlID":"CCC-Taxonomy-1","Movements":{"CCC_OS_C3_TR03_T01":{"Passed":false,"Description":"JokerName must be found in the runtime configuration.","Message":"","Function":"github.com/privateerproj/privateer-pack-SVC/armory.CCC_OS_C3_TR03_T01","Value":null}}},"CCC_OS_C4_TR01":{"Passed":false,"Description":"Verify that data in the object storage bucket is protected by immutability settings.","Message":"Strike did not return a result, and may still be under development.","DocsURL":"https://maintainer.com/docs/raids/SVC","ControlID":"CCC-Taxonomy-1","Movements":{"CCC_OS_C4_TR01_T01":{"Passed":false,"Description":"JokerName must be found in the runtime configuration.","Message":"","Function":"github.com/privateerproj/privateer-pack-SVC/armory.CCC_OS_C4_TR01_T01","Value":null}}},"CCC_OS_C4_TR02":{"Passed":false,"Description":"Ensure that attempts to modify or delete data within the immutability period are denied.","Message":"Strike did not return a result, and may still be under development.","DocsURL":"https://maintainer.com/docs/raids/SVC","ControlID":"CCC-Taxonomy-1","Movements":{"CCC_OS_C4_TR02_T01":{"Passed":false,"Description":"JokerName must be found in the runtime configuration.","Message":"","Function":"github.com/privateerproj/privateer-pack-SVC/armory.CCC_OS_C4_TR02_T01","Value":null}}},"CCC_OS_C4_TR03":{"Passed":false,"Description":"Confirm that immutable data remains unchanged throughout the defined retention period.","Message":"Strike did not return a result, and may still be under development.","DocsURL":"https://maintainer.com/docs/raids/SVC","ControlID":"CCC-Taxonomy-1","Movements":{"CCC_OS_C4_TR03_T01":{"Passed":false,"Description":"JokerName must be found in the runtime configuration.","Message":"","Function":"github.com/privateerproj/privateer-pack-SVC/armory.CCC_OS_C4_TR03_T01","Value":null}}},"CCC_OS_C5_TR01":{"Passed":false,"Description":"Verify that all access attempts to the object storage bucket are logged.","Message":"Strike did not return a result, and may still be under development.","DocsURL":"https://maintainer.com/docs/raids/SVC","ControlID":"CCC-Taxonomy-1","Movements":{"CCC_OS_C5_TR01_T01":{"Passed":false,"Description":"JokerName must be found in the runtime configuration.","Message":"","Function":"github.com/privateerproj/privateer-pack-SVC/armory.CCC_OS_C5_TR01_T01","Value":null}}},"CCC_OS_C5_TR02":{"Passed":false,"Description":"Ensure that all changes to the object storage bucket configurations are logged.","Message":"Strike did not return a result, and may still be under development.","DocsURL":"https://maintainer.com/docs/raids/SVC","ControlID":"CCC-Taxonomy-1","Movements":{"CCC_OS_C5_TR02_T01":{"Passed":false,"Description":"JokerName must be found in the runtime configuration.","Message":"","Function":"github.com/privateerproj/privateer-pack-SVC/armory.CCC_OS_C5_TR02_T01","Value":null}}},"CCC_OS_C5_TR03":{"Passed":false,"Description":"Confirm that logs are protected against unauthorized access and tampering.","Message":"Strike did not return a result, and may still be under development.","DocsURL":"https://maintainer.com/docs/raids/SVC","ControlID":"CCC-Taxonomy-1","Movements":{"CCC_OS_C5_TR03_T01":{"Passed":false,"Description":"JokerName must be found in the runtime configuration.","Message":"","Function":"github.com/privateerproj/privateer-pack-SVC/armory.CCC_OS_C5_TR03_T01","Value":null}}}}} \ No newline at end of file diff --git a/sample_test_output/SVC-CCC_OS_Security/results.yaml b/sample_test_output/SVC-CCC_OS_Security/results.yaml deleted file mode 100644 index 2f44791..0000000 --- a/sample_test_output/SVC-CCC_OS_Security/results.yaml +++ /dev/null @@ -1,199 +0,0 @@ -tacticname: SVC-CCC_OS_Security -starttime: 2024-08-14 17:45:26.879565 -0500 CDT m=+0.007635293 -endtime: 2024-08-14 17:45:26.88001 -0500 CDT m=+0.008080585 -strikeresults: - CCC_OS_C1_TR01: - passed: false - description: All supported network data protocols must be running on secure channels. - message: Strike did not return a result, and may still be under development. - docsurl: https://maintainer.com/docs/raids/SVC - controlid: CCC-Taxonomy-1 - movements: - CCC_OS_C1_TR01_T01: - passed: false - description: JokerName must be found in the runtime configuration. - message: "" - function: github.com/privateerproj/privateer-pack-SVC/armory.CCC_OS_C1_TR01_T01 - value: null - CCC_OS_C1_TR02: - passed: false - description: All clear text channels should be disabled. - message: Strike did not return a result, and may still be under development. - docsurl: https://maintainer.com/docs/raids/SVC - controlid: CCC-Taxonomy-1 - movements: - CCC_OS_C1_TR02_T01: - passed: false - description: JokerName must be found in the runtime configuration. - message: "" - function: github.com/privateerproj/privateer-pack-SVC/armory.CCC_OS_C1_TR02_T01 - value: null - CCC_OS_C1_TR03: - passed: false - description: The cipher suite implemented for ensuring the integrity and confidentiality of data should conform with the latest suggested cipher suites. [NIST proposed latest standard cipher suites](<[#](https://csrc.nist.gov/pubs/sp/800/52/r2/final)>). - message: Strike did not return a result, and may still be under development. - docsurl: https://maintainer.com/docs/raids/SVC - controlid: CCC-Taxonomy-1 - movements: - CCC_OS_C1_TR03_T01: - passed: false - description: JokerName must be found in the runtime configuration. - message: "" - function: github.com/privateerproj/privateer-pack-SVC/armory.CCC_OS_C1_TR03_T01 - value: null - CCC_OS_C2_TR01: - passed: false - description: Verify that data stored in the object storage bucket is encrypted using industry-standard algorithms. - message: Strike did not return a result, and may still be under development. - docsurl: https://maintainer.com/docs/raids/SVC - controlid: CCC-Taxonomy-1 - movements: - CCC_OS_C2_TR01_T01: - passed: false - description: JokerName must be found in the runtime configuration. - message: "" - function: github.com/privateerproj/privateer-pack-SVC/armory.CCC_OS_C2_TR01_T01 - value: null - CCC_OS_C2_TR02: - passed: false - description: Ensure that encryption keys are managed securely and rotated periodically. - message: Strike did not return a result, and may still be under development. - docsurl: https://maintainer.com/docs/raids/SVC - controlid: CCC-Taxonomy-1 - movements: - CCC_OS_C2_TR02_T01: - passed: false - description: JokerName must be found in the runtime configuration. - message: "" - function: github.com/privateerproj/privateer-pack-SVC/armory.CCC_OS_C2_TR02_T01 - value: null - CCC_OS_C2_TR03: - passed: false - description: Confirm that decryption is only possible through authorized access mechanisms. - message: Strike did not return a result, and may still be under development. - docsurl: https://maintainer.com/docs/raids/SVC - controlid: CCC-Taxonomy-1 - movements: - CCC_OS_C2_TR03_T01: - passed: false - description: JokerName must be found in the runtime configuration. - message: "" - function: github.com/privateerproj/privateer-pack-SVC/armory.CCC_OS_C2_TR03_T01 - value: null - CCC_OS_C3_TR01: - passed: false - description: Verify that MFA is enforced for all access attempts to the object storage bucket. - message: Strike did not return a result, and may still be under development. - docsurl: https://maintainer.com/docs/raids/SVC - controlid: CCC-Taxonomy-1 - movements: - CCC_OS_C3_TR01_T01: - passed: false - description: JokerName must be found in the runtime configuration. - message: "" - function: github.com/privateerproj/privateer-pack-SVC/armory.CCC_OS_C3_TR01_T01 - value: null - CCC_OS_C3_TR02: - passed: false - description: Ensure that MFA is required for all administrative access to the storage management interface. - message: Strike did not return a result, and may still be under development. - docsurl: https://maintainer.com/docs/raids/SVC - controlid: CCC-Taxonomy-1 - movements: - CCC_OS_C3_TR02_T01: - passed: false - description: JokerName must be found in the runtime configuration. - message: "" - function: github.com/privateerproj/privateer-pack-SVC/armory.CCC_OS_C3_TR02_T01 - value: null - CCC_OS_C3_TR03: - passed: false - description: Confirm that users are unable to access the object storage bucket without completing MFA. - message: Strike did not return a result, and may still be under development. - docsurl: https://maintainer.com/docs/raids/SVC - controlid: CCC-Taxonomy-1 - movements: - CCC_OS_C3_TR03_T01: - passed: false - description: JokerName must be found in the runtime configuration. - message: "" - function: github.com/privateerproj/privateer-pack-SVC/armory.CCC_OS_C3_TR03_T01 - value: null - CCC_OS_C4_TR01: - passed: false - description: Verify that data in the object storage bucket is protected by immutability settings. - message: Strike did not return a result, and may still be under development. - docsurl: https://maintainer.com/docs/raids/SVC - controlid: CCC-Taxonomy-1 - movements: - CCC_OS_C4_TR01_T01: - passed: false - description: JokerName must be found in the runtime configuration. - message: "" - function: github.com/privateerproj/privateer-pack-SVC/armory.CCC_OS_C4_TR01_T01 - value: null - CCC_OS_C4_TR02: - passed: false - description: Ensure that attempts to modify or delete data within the immutability period are denied. - message: Strike did not return a result, and may still be under development. - docsurl: https://maintainer.com/docs/raids/SVC - controlid: CCC-Taxonomy-1 - movements: - CCC_OS_C4_TR02_T01: - passed: false - description: JokerName must be found in the runtime configuration. - message: "" - function: github.com/privateerproj/privateer-pack-SVC/armory.CCC_OS_C4_TR02_T01 - value: null - CCC_OS_C4_TR03: - passed: false - description: Confirm that immutable data remains unchanged throughout the defined retention period. - message: Strike did not return a result, and may still be under development. - docsurl: https://maintainer.com/docs/raids/SVC - controlid: CCC-Taxonomy-1 - movements: - CCC_OS_C4_TR03_T01: - passed: false - description: JokerName must be found in the runtime configuration. - message: "" - function: github.com/privateerproj/privateer-pack-SVC/armory.CCC_OS_C4_TR03_T01 - value: null - CCC_OS_C5_TR01: - passed: false - description: Verify that all access attempts to the object storage bucket are logged. - message: Strike did not return a result, and may still be under development. - docsurl: https://maintainer.com/docs/raids/SVC - controlid: CCC-Taxonomy-1 - movements: - CCC_OS_C5_TR01_T01: - passed: false - description: JokerName must be found in the runtime configuration. - message: "" - function: github.com/privateerproj/privateer-pack-SVC/armory.CCC_OS_C5_TR01_T01 - value: null - CCC_OS_C5_TR02: - passed: false - description: Ensure that all changes to the object storage bucket configurations are logged. - message: Strike did not return a result, and may still be under development. - docsurl: https://maintainer.com/docs/raids/SVC - controlid: CCC-Taxonomy-1 - movements: - CCC_OS_C5_TR02_T01: - passed: false - description: JokerName must be found in the runtime configuration. - message: "" - function: github.com/privateerproj/privateer-pack-SVC/armory.CCC_OS_C5_TR02_T01 - value: null - CCC_OS_C5_TR03: - passed: false - description: Confirm that logs are protected against unauthorized access and tampering. - message: Strike did not return a result, and may still be under development. - docsurl: https://maintainer.com/docs/raids/SVC - controlid: CCC-Taxonomy-1 - movements: - CCC_OS_C5_TR03_T01: - passed: false - description: JokerName must be found in the runtime configuration. - message: "" - function: github.com/privateerproj/privateer-pack-SVC/armory.CCC_OS_C5_TR03_T01 - value: null diff --git a/sample_test_output/SVC-CCC_OS_Taxonomy/results.json b/sample_test_output/SVC-CCC_OS_Taxonomy/results.json deleted file mode 100644 index 43ed992..0000000 --- a/sample_test_output/SVC-CCC_OS_Taxonomy/results.json +++ /dev/null @@ -1 +0,0 @@ -{"TacticName":"SVC-CCC_OS_Taxonomy","StartTime":"2024-08-14 17:45:26.878801 -0500 CDT m=+0.006871293","EndTime":"2024-08-14 17:45:26.878807 -0500 CDT m=+0.006876960","StrikeResults":null} \ No newline at end of file diff --git a/sample_test_output/SVC-CCC_OS_Taxonomy/results.yaml b/sample_test_output/SVC-CCC_OS_Taxonomy/results.yaml deleted file mode 100644 index 7348353..0000000 --- a/sample_test_output/SVC-CCC_OS_Taxonomy/results.yaml +++ /dev/null @@ -1,4 +0,0 @@ -tacticname: SVC-CCC_OS_Taxonomy -starttime: 2024-08-14 17:45:26.878801 -0500 CDT m=+0.006871293 -endtime: 2024-08-14 17:45:26.878807 -0500 CDT m=+0.006876960 -strikeresults: {}