Powershell - 18586 - Updated Dockerfile refresh in spec file

plugins/powershell/.CHECKSUM

@@ -1,5 +1,5 @@
 {
-	"spec": "9600a7e3e528b1c6e7ca8a7c49bea2a7",
+	"spec": "75bcf90b2118a3bd43494814d7ca6537",
 	"manifest": "61de88b740ca64a1828d828542d76aeb",
 	"setup": "6e825188d75fce9536419c1f67bacd39",
 	"schemas": [

plugins/powershell/Dockerfile

@@ -2,11 +2,8 @@ FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.2.2
 
 LABEL organization=rapid7
 LABEL sdk=python
-LABEL type=plugin
 
-ENV SSL_CERT_FILE /etc/ssl/certs/ca-certificates.crt
-ENV SSL_CERT_DIR /etc/ssl/certs
-ENV REQUESTS_CA_BUNDLE  /etc/ssl/certs/ca-certificates.crt
+WORKDIR /python/src
 
 # Add any package dependencies here
 ENV DEBIAN_FRONTEND noninteractive
@@ -37,11 +34,6 @@ RUN echo "deb http://security.ubuntu.com/ubuntu bionic-security main" | sudo tee
     sudo apt install -y ./powershell_7.1.5-1.debian.9_amd64.deb && \
     rm ./powershell_7.1.5-1.debian.9_amd64.deb
 
-ADD ./plugin.spec.yaml /plugin.spec.yaml
-ADD . /python/src
-
-WORKDIR /python/src
-
 ADD ./plugin.spec.yaml /plugin.spec.yaml
 ADD ./requirements.txt /python/src/requirements.txt
 

plugins/powershell/help.md

@@ -169,11 +169,9 @@ The following commands must be run on the Windows computer that you want to conn
 For more information see [Compromising Yourself with WinRM's AllowUnencrypted = True](https://blogs.msdn.microsoft.com/PowerShell/2015/10/27/compromising-yourself-with-winrms-allowunencrypted-true/)
 
 ```
-
 winrm set winrm/config/client/auth '@{Basic="true"}'
 winrm set winrm/config/service/auth '@{Basic="true"}'
 winrm set winrm/config/service '@{AllowUnencrypted="true"}'
-
 ```
 
 When using the Kerberos connection option, the username should not include an @example.com or other domain identifier. These will be added by the plugin as needed.

plugins/powershell/plugin.spec.yaml

@@ -17,6 +17,35 @@ sdk:
   type: slim
   version: 6.2.2
   user: root
+  custom_cmd:
+    - "# Add any package dependencies here"
+    - ENV DEBIAN_FRONTEND noninteractive
+    - "# Kerberos dependencies"
+    - "RUN apt-get update && apt-get install -y \\"
+    - "    apt-transport-https \\"
+    - "    curl \\"
+    - "    gcc python-dev libkrb5-dev \\"
+    - "    git \\"
+    - "    gnupg \\"
+    - "    krb5-user \\"
+    - "    libssl1.1 \\"
+    - "    ntp adcli sssd \\"
+    - "    samba-common \\"
+    - "    software-properties-common \\"
+    - "    sudo \\"
+    - "    realmd \\"
+    - "    wget"
+    - ""
+    - "# Local PowerShell dependencies"
+    - 'RUN echo "deb http://security.ubuntu.com/ubuntu bionic-security main" | sudo tee -a /etc/apt/sources.list.d/bionic.list && \'
+    - "    sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32 && sudo apt-get update && apt-cache policy libssl1.0-dev && \\"
+    - "    sudo apt-get install -y libssl1.0-dev && \\"
+    - "    wget http://mirrors.kernel.org/ubuntu/pool/main/i/icu/libicu52_52.1-3ubuntu0.8_amd64.deb && \\"
+    - "    sudo apt install -y ./libicu52_52.1-3ubuntu0.8_amd64.deb && \\"
+    - "    rm ./libicu52_52.1-3ubuntu0.8_amd64.deb && \\"
+    - "    wget https://github.com/PowerShell/PowerShell/releases/download/v7.1.5/powershell_7.1.5-1.debian.9_amd64.deb && \\"
+    - "    sudo apt install -y ./powershell_7.1.5-1.debian.9_amd64.deb && \\"
+    - "    rm ./powershell_7.1.5-1.debian.9_amd64.deb"
 links:
   - "[InsightConnect Powershell Plugin Guide](https://docs.rapid7.com/insightconnect/mass-delete-with-PowerShell/)"
 references:
@@ -41,7 +70,9 @@ hub_tags:
   keywords: [powershell, microsoft]
   features: []
 troubleshooting:
-  - The use of round-robin DNS lookups is not supported.
+  - "The use of round-robin DNS lookups is not supported"
+  - "If Auth Type is set to \"None\" the PowerShell script will execute locally on the Komand host. This can also by accomplished by leaving the address field blank."
+  - The username supplied must have local admin privileges on the remote host Windows computer.When using a domain account with NTLM the username must be in the following format MYDOMAIN\usernameWhen using the Kerberos connection option the username must be a domain account that has permission to join computers to the domain.This plugin can connect over HTTP, the default port for this is 5985. It should be noted that this type of connection isnot secure as all information passed is in plain text. In addition, Windows will not allow HTTP connections by default.The following commands must be run on the Windows computer that you want to connect to.For more information see [Compromising Yourself with WinRM's AllowUnencrypted = True](https://blogs.msdn.microsoft.com/PowerShell/2015/10/27/compromising-yourself-with-winrms-allowunencrypted-true/)```winrm set winrm/config/client/auth '@{Basic=\"true\"}'winrm set winrm/config/service/auth '@{Basic=\"true\"}'winrm set winrm/config/service '@{AllowUnencrypted=\"true\"}'```When using the Kerberos connection option, the username should not include an @example.com or other domain identifier. These will be added by the plugin as needed.This plugin will join the Komand docker instance to the Windows domain as a computer if the Kerberos option is used.For the Execute Script action PowerShell code should be submitted as base64. This can be done bycopying a `.txt` file with the PowerShell code into the plugin._This plugin does not validate the PowerShell code._Any errors generated on the remote computer by the PowerShell codeare forwarded to the log file.Run this PowerShell command on a Windows host first to set up a unsigned certificate for authentication:This will not be needed if the host already has a SSL certificate set up for Winrm```Invoke-Expression ((New-Object System.Net.Webclient).DownloadString('https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1'))```"
 version_history:
   - "3.0.7 - Updated dependencies | Updated SDK to the latest version"
   - "3.0.6 - Bump SDK to 6.2.0"