Powershell - 18586 - Updated Dockerfile refresh in spec file | Update…

…d powershell version to 7.4.6

plugins/powershell/.CHECKSUM

@@ -1,5 +1,5 @@
 {
-	"spec": "9600a7e3e528b1c6e7ca8a7c49bea2a7",
+	"spec": "83aaad93d431da06ba5cb00715586576",
 	"manifest": "61de88b740ca64a1828d828542d76aeb",
 	"setup": "6e825188d75fce9536419c1f67bacd39",
 	"schemas": [

plugins/powershell/Dockerfile

@@ -1,12 +1,9 @@
-FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.2.2
+FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.2.3
 
 LABEL organization=rapid7
 LABEL sdk=python
-LABEL type=plugin
 
-ENV SSL_CERT_FILE /etc/ssl/certs/ca-certificates.crt
-ENV SSL_CERT_DIR /etc/ssl/certs
-ENV REQUESTS_CA_BUNDLE  /etc/ssl/certs/ca-certificates.crt
+WORKDIR /python/src
 
 # Add any package dependencies here
 ENV DEBIAN_FRONTEND noninteractive
@@ -33,14 +30,9 @@ RUN echo "deb http://security.ubuntu.com/ubuntu bionic-security main" | sudo tee
     wget http://mirrors.kernel.org/ubuntu/pool/main/i/icu/libicu52_52.1-3ubuntu0.8_amd64.deb && \
     sudo apt install -y ./libicu52_52.1-3ubuntu0.8_amd64.deb && \
     rm ./libicu52_52.1-3ubuntu0.8_amd64.deb && \
-    wget https://github.com/PowerShell/PowerShell/releases/download/v7.1.5/powershell_7.1.5-1.debian.9_amd64.deb && \
-    sudo apt install -y ./powershell_7.1.5-1.debian.9_amd64.deb && \
-    rm ./powershell_7.1.5-1.debian.9_amd64.deb
-
-ADD ./plugin.spec.yaml /plugin.spec.yaml
-ADD . /python/src
-
-WORKDIR /python/src
+    wget https://github.com/PowerShell/PowerShell/releases/download/v7.4.6/powershell_7.4.6-1.deb_amd64.deb && \
+    sudo apt install -y ./powershell_7.4.6-1.deb_amd64.deb && \
+    rm ./powershell_7.4.6-1.deb_amd64.deb
 
 ADD ./plugin.spec.yaml /plugin.spec.yaml
 ADD ./requirements.txt /python/src/requirements.txt

plugins/powershell/help.md

@@ -15,7 +15,7 @@
 
 # Supported Product Versions
 
-* PowerShell 6.1.2
+* PowerShell 7.4.6
 
 # Documentation
 
@@ -153,40 +153,30 @@ Example output:
 
 ## Troubleshooting
 
-The use of round-robin DNS lookups is not supported
-
-If Auth Type is set to "None" the PowerShell script will execute locally on the Komand host.
-This can also by accomplished by leaving the address field blank.
-
-The username supplied must have local admin privileges on the remote host Windows computer.
-When using a domain account with NTLM the username must be in the following format MYDOMAIN\username
-When using the Kerberos connection option the username must be a domain account that has permission to join computers to the domain.
+* The use of round-robin DNS lookups is not supported
+* If Auth Type is set to "None" the PowerShell script will execute locally on the Komand host. This can also be accomplished by leaving the address field blank.
+* The username supplied must have local admin privileges on the remote host Windows computer.
+* When using a domain account with NTLM the username must be in the following format MYDOMAIN\username
+* When using the Kerberos connection option the username must be a domain account that has permission to join computers to the domain.
+* This plugin can connect over HTTP, the default port for this is 5985.
+It should be noted that this type of connection is not secure as all information passed is in plain text. In addition, Windows will not allow HTTP connections by default.
 
-This plugin can connect over HTTP, the default port for this is 5985. It should be noted that this type of connection is
-not secure as all information passed is in plain text. In addition, Windows will not allow HTTP connections by default.
 The following commands must be run on the Windows computer that you want to connect to.
 
 For more information see [Compromising Yourself with WinRM's AllowUnencrypted = True](https://blogs.msdn.microsoft.com/PowerShell/2015/10/27/compromising-yourself-with-winrms-allowunencrypted-true/)
 
 ```
-
 winrm set winrm/config/client/auth '@{Basic="true"}'
 winrm set winrm/config/service/auth '@{Basic="true"}'
 winrm set winrm/config/service '@{AllowUnencrypted="true"}'
-
 ```
 
-When using the Kerberos connection option, the username should not include an @example.com or other domain identifier. These will be added by the plugin as needed.
-
+* When using the Kerberos connection option, the username should not include an @example.com or other domain identifier. These will be added by the plugin as needed.
 This plugin will join the Komand docker instance to the Windows domain as a computer if the Kerberos option is used.
-
-For the Execute Script action PowerShell code should be submitted as base64. This can be done by
-copying a `.txt` file with the PowerShell code into the plugin.
+For the Execute Script action PowerShell code should be submitted as base64. This can be done by copying a `.txt` file with the PowerShell code into the plugin.
 
 _This plugin does not validate the PowerShell code._
-
-Any errors generated on the remote computer by the PowerShell code
-are forwarded to the log file.
+Any errors generated on the remote computer by the PowerShell code are forwarded to the log file.
 
 Run this PowerShell command on a Windows host first to set up a unsigned certificate for authentication:
 This will not be needed if the host already has a SSL certificate set up for Winrm

plugins/powershell/plugin.spec.yaml

@@ -15,16 +15,45 @@ requirements:
   - "The use of round-robin DNS lookups is not supported"
 sdk:
   type: slim
-  version: 6.2.2
+  version: 6.2.3
   user: root
+  custom_cmd:
+    - "# Add any package dependencies here"
+    - ENV DEBIAN_FRONTEND noninteractive
+    - "# Kerberos dependencies"
+    - "RUN apt-get update && apt-get install -y \\"
+    - "    apt-transport-https \\"
+    - "    curl \\"
+    - "    gcc python-dev libkrb5-dev \\"
+    - "    git \\"
+    - "    gnupg \\"
+    - "    krb5-user \\"
+    - "    libssl1.1 \\"
+    - "    ntp adcli sssd \\"
+    - "    samba-common \\"
+    - "    software-properties-common \\"
+    - "    sudo \\"
+    - "    realmd \\"
+    - "    wget"
+    - ""
+    - "# Local PowerShell dependencies"
+    - 'RUN echo "deb http://security.ubuntu.com/ubuntu bionic-security main" | sudo tee -a /etc/apt/sources.list.d/bionic.list && \'
+    - "    sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32 && sudo apt-get update && apt-cache policy libssl1.0-dev && \\"
+    - "    sudo apt-get install -y libssl1.0-dev && \\"
+    - "    wget http://mirrors.kernel.org/ubuntu/pool/main/i/icu/libicu52_52.1-3ubuntu0.8_amd64.deb && \\"
+    - "    sudo apt install -y ./libicu52_52.1-3ubuntu0.8_amd64.deb && \\"
+    - "    rm ./libicu52_52.1-3ubuntu0.8_amd64.deb && \\"
+    - "    wget https://github.com/PowerShell/PowerShell/releases/download/v7.4.6/powershell_7.4.6-1.deb_amd64.deb && \\"
+    - "    sudo apt install -y ./powershell_7.4.6-1.deb_amd64.deb && \\"
+    - "    rm ./powershell_7.4.6-1.deb_amd64.deb"
 links:
   - "[InsightConnect Powershell Plugin Guide](https://docs.rapid7.com/insightconnect/mass-delete-with-PowerShell/)"
 references:
   - "[pywinrm library](https://pypi.python.org/pypi/pywinrm)"
   - "[samba-common](https://packages.debian.org/sid/samba-common)"
   - "[krb5-user](https://packages.debian.org/search?keywords=krb5-user)"
   - "[realmd](https://packages.debian.org/jessie/admin/realmd)"
-supported_versions: ["PowerShell 6.1.2"]
+supported_versions: ["PowerShell 7.4.6"]
 vendor: rapid7
 support: community
 status: []
@@ -41,7 +70,13 @@ hub_tags:
   keywords: [powershell, microsoft]
   features: []
 troubleshooting:
-  - The use of round-robin DNS lookups is not supported.
+  - "The use of round-robin DNS lookups is not supported"
+  - "If Auth Type is set to \"None\" the PowerShell script will execute locally on the Komand host. This can also be accomplished by leaving the address field blank."
+  - "The username supplied must have local admin privileges on the remote host Windows computer."
+  - "When using a domain account with NTLM the username must be in the following format MYDOMAIN\\username"
+  - "When using the Kerberos connection option the username must be a domain account that has permission to join computers to the domain."
+  - "This plugin can connect over HTTP, the default port for this is 5985.\nIt should be noted that this type of connection is not secure as all information passed is in plain text. In addition, Windows will not allow HTTP connections by default.\n\nThe following commands must be run on the Windows computer that you want to connect to.\n\nFor more information see [Compromising Yourself with WinRM's AllowUnencrypted = True](https://blogs.msdn.microsoft.com/PowerShell/2015/10/27/compromising-yourself-with-winrms-allowunencrypted-true/)\n\n```\nwinrm set winrm/config/client/auth '@{Basic=\"true\"}'\nwinrm set winrm/config/service/auth '@{Basic=\"true\"}'\nwinrm set winrm/config/service '@{AllowUnencrypted=\"true\"}'\n```\n"
+  - "When using the Kerberos connection option, the username should not include an @example.com or other domain identifier. These will be added by the plugin as needed.\nThis plugin will join the Komand docker instance to the Windows domain as a computer if the Kerberos option is used.\nFor the Execute Script action PowerShell code should be submitted as base64. This can be done by copying a `.txt` file with the PowerShell code into the plugin.\n\n_This plugin does not validate the PowerShell code._\nAny errors generated on the remote computer by the PowerShell code are forwarded to the log file.\n\nRun this PowerShell command on a Windows host first to set up a unsigned certificate for authentication:\nThis will not be needed if the host already has a SSL certificate set up for Winrm\n\n```\nInvoke-Expression ((New-Object System.Net.Webclient).DownloadString('https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1'))\n```"
 version_history:
   - "3.0.7 - Updated dependencies | Updated SDK to the latest version"
   - "3.0.6 - Bump SDK to 6.2.0"