From e12d5080a522a863095737872e6d2ef82a39acf5 Mon Sep 17 00:00:00 2001 From: Joe Abbate Date: Wed, 7 Feb 2024 11:52:37 -0500 Subject: [PATCH 1/2] Add BSD Support --- implants/Cargo.toml | 2 +- implants/lib/eldritch/Cargo.toml | 2 +- implants/lib/eldritch/src/file/list_impl.rs | 2 ++ implants/lib/eldritch/src/process/netstat_impl.rs | 9 +++++++++ implants/lib/eldritch/src/sys/exec_impl.rs | 6 +++--- 5 files changed, 16 insertions(+), 5 deletions(-) diff --git a/implants/Cargo.toml b/implants/Cargo.toml index c00df43b1..fe02ca109 100644 --- a/implants/Cargo.toml +++ b/implants/Cargo.toml @@ -29,7 +29,7 @@ itertools = "0.10" lsp-types = "0.93.0" log = "0.4.20" md5 = "0.7.0" -netstat2 = "0.9.1" +#netstat2 = "0.9.1" network-interface = "1.0.1" nix = "0.26.1" notify = "6.1.1" diff --git a/implants/lib/eldritch/Cargo.toml b/implants/lib/eldritch/Cargo.toml index 3ee30108b..c8be1b7c5 100644 --- a/implants/lib/eldritch/Cargo.toml +++ b/implants/lib/eldritch/Cargo.toml @@ -25,7 +25,7 @@ hex-literal = { workspace = true } ipnetwork = { workspace = true } log = { workspace = true } md5 = { workspace = true } -netstat2 = { workspace = true } +#netstat2 = { workspace = true } nix = { workspace = true } notify = { workspace = true } object = { workspace = true } diff --git a/implants/lib/eldritch/src/file/list_impl.rs b/implants/lib/eldritch/src/file/list_impl.rs index f5451f490..4412789f3 100644 --- a/implants/lib/eldritch/src/file/list_impl.rs +++ b/implants/lib/eldritch/src/file/list_impl.rs @@ -16,6 +16,8 @@ use std::os::macos::fs::MetadataExt; use std::os::unix::fs::PermissionsExt; #[cfg(target_os = "windows")] use std::os::windows::fs::MetadataExt; +#[cfg(target_os = "freebsd")] +use std::os::freebsd::fs::MetadataExt; use sysinfo::{System, SystemExt, UserExt}; const UNKNOWN: &str = "UNKNOWN"; diff --git a/implants/lib/eldritch/src/process/netstat_impl.rs b/implants/lib/eldritch/src/process/netstat_impl.rs index 700efe040..db0de64cd 100644 --- a/implants/lib/eldritch/src/process/netstat_impl.rs +++ b/implants/lib/eldritch/src/process/netstat_impl.rs @@ -1,5 +1,8 @@ use super::super::insert_dict_kv; use anyhow::Result; +#[cfg(target_os = "freebsd")] +use anyhow::anyhow; +#[cfg(not(target_os = "freebsd"))] use netstat2::*; use starlark::{ collections::SmallMap, @@ -7,6 +10,12 @@ use starlark::{ values::{dict::Dict, Heap, Value}, }; +#[cfg(target_os = "freebsd")] +pub fn netstat(_: &Heap) -> Result> { + Err(anyhow!("Not implemented for FreeBSD")) +} + +#[cfg(not(target_os = "freebsd"))] pub fn netstat(starlark_heap: &Heap) -> Result> { let mut out: Vec = Vec::new(); let af_flags = AddressFamilyFlags::IPV4 | AddressFamilyFlags::IPV6; diff --git a/implants/lib/eldritch/src/sys/exec_impl.rs b/implants/lib/eldritch/src/sys/exec_impl.rs index 6578ac67a..1071bf3d7 100644 --- a/implants/lib/eldritch/src/sys/exec_impl.rs +++ b/implants/lib/eldritch/src/sys/exec_impl.rs @@ -1,7 +1,7 @@ use super::super::insert_dict_kv; use super::CommandOutput; use anyhow::{Context, Result}; -#[cfg(any(target_os = "linux", target_os = "macos"))] +#[cfg(any(target_os = "linux", target_os = "macos", target_os = "freebsd"))] use nix::{ sys::wait::waitpid, unistd::{fork, ForkResult}, @@ -11,7 +11,7 @@ use starlark::{ const_frozen_string, values::{dict::Dict, Heap}, }; -#[cfg(any(target_os = "linux", target_os = "macos"))] +#[cfg(any(target_os = "linux", target_os = "macos", target_os = "freebsd"))] use std::process::exit; use std::process::Command; // https://stackoverflow.com/questions/62978157/rust-how-to-spawn-child-process-that-continues-to-live-after-parent-receives-si#:~:text=You%20need%20to%20double%2Dfork,is%20not%20related%20to%20rust.&text=You%20must%20not%20forget%20to,will%20become%20a%20zombie%20process. @@ -54,7 +54,7 @@ fn handle_exec(path: String, args: Vec, disown: Option) -> Result< "Windows is not supported for disowned processes." )); - #[cfg(any(target_os = "linux", target_os = "macos"))] + #[cfg(any(target_os = "linux", target_os = "macos", target_os = "freebsd"))] match unsafe { fork()? } { ForkResult::Parent { child } => { // Wait for intermediate process to exit. From 3d7990bb217e30bfc7eb53e15ee3330416cbe19b Mon Sep 17 00:00:00 2001 From: Joe Abbate Date: Thu, 8 Feb 2024 15:45:59 -0500 Subject: [PATCH 2/2] Fix Netstat for non-BSD --- implants/Cargo.toml | 2 +- implants/lib/eldritch/Cargo.toml | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/implants/Cargo.toml b/implants/Cargo.toml index fe02ca109..c00df43b1 100644 --- a/implants/Cargo.toml +++ b/implants/Cargo.toml @@ -29,7 +29,7 @@ itertools = "0.10" lsp-types = "0.93.0" log = "0.4.20" md5 = "0.7.0" -#netstat2 = "0.9.1" +netstat2 = "0.9.1" network-interface = "1.0.1" nix = "0.26.1" notify = "6.1.1" diff --git a/implants/lib/eldritch/Cargo.toml b/implants/lib/eldritch/Cargo.toml index c8be1b7c5..05be47766 100644 --- a/implants/lib/eldritch/Cargo.toml +++ b/implants/lib/eldritch/Cargo.toml @@ -25,7 +25,6 @@ hex-literal = { workspace = true } ipnetwork = { workspace = true } log = { workspace = true } md5 = { workspace = true } -#netstat2 = { workspace = true } nix = { workspace = true } notify = { workspace = true } object = { workspace = true } @@ -70,6 +69,9 @@ winreg = { workspace = true } [target.'cfg(not(windows))'.dependencies] pnet = { workspace = true } +[target.'cfg(not(target_os = "freebsd"))'.dependencies] +netstat2 = { workspace = true } + [dev-dependencies] httptest = { workspace = true } uuid = { workspace = true, features = ["v4"] }