Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Switch Atomic Runner to use a Service instead of a Scheduled Task #188

Merged
merged 22 commits into from
Jun 19, 2024
Merged

Switch Atomic Runner to use a Service instead of a Scheduled Task #188

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
863d1c7
poc: atomic runner service
clr2of8 Mar 19, 2024
9f4139f
poc: atomic runner service
clr2of8 Mar 19, 2024
10265d5
add service setup
clr2of8 Mar 22, 2024
6e4b0fc
add comments
clr2of8 Mar 22, 2024
03f8d84
remove old cred file reference
clr2of8 Mar 22, 2024
42d592c
remove old cred file reference
clr2of8 Mar 23, 2024
be0f807
add logging mutex
clr2of8 Mar 23, 2024
da6d4c9
kill runner process on service stop
clr2of8 Mar 25, 2024
095898b
skip service setup option
clr2of8 Mar 26, 2024
a360fde
serviceInstallDir option
clr2of8 Mar 26, 2024
8020d40
log process IDs
clr2of8 Mar 26, 2024
2166a09
out-null
clr2of8 Mar 26, 2024
17f6f2f
runner showdetails supports anyOS flag
clr2of8 Mar 28, 2024
ca9ba90
merge from master
clr2of8 Mar 28, 2024
e25f2e0
merge from master
clr2of8 Mar 28, 2024
f741b47
create profile folder & file if needed
clr2of8 Mar 28, 2024
1e70f7b
add cleanup flag
clr2of8 Apr 1, 2024
2c6fb69
computer rename retries
clr2of8 Apr 2, 2024
2a6b59c
fix linting issues
cyberbuff Apr 14, 2024
0667f35
add scheduled task option back in
clr2of8 Jun 19, 2024
11e06f7
merge conflicts
clr2of8 Jun 19, 2024
15e10ce
Merge branch 'master' into atomic-runner-service
clr2of8 Jun 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
197 changes: 99 additions & 98 deletions Invoke-AtomicRedTeam.psd1
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,98 +1,99 @@
@{

# Script module or binary module file associated with this manifest.
RootModule = 'Invoke-AtomicRedTeam.psm1'

# Version number of this module.
ModuleVersion = '2.1.0'

# ID used to uniquely identify this module
GUID = '8f492621-18f8-432e-9532-b1d54d3e90bd'

# Author of this module
Author = 'Casey Smith @subTee, Josh Rickard @MSAdministrator, Carrie Roberts @OrOneEqualsOne, Matt Graeber @mattifestation'

# Company or vendor of this module
CompanyName = 'Red Canary, Inc.'

# Copyright statement for this module
Copyright = '(c) 2021 Red Canary. All rights reserved.'

# Description of the functionality provided by this module
Description = 'A PowerShell module that runs Atomic Red Team tests from yaml definition files.'

# Minimum version of the Windows PowerShell engine required by this module
PowerShellVersion = '5.0'

# Modules that must be imported into the global environment prior to importing this module
RequiredModules = @('powershell-yaml')

# Script files (.ps1) that are run in the caller's environment prior to importing this module.
# AtomicClassSchema.ps1 needs to be present in the caller's scope in order for the built-in classes to surface properly.
ScriptsToProcess = @('Private\AtomicClassSchema.ps1', 'Public\config.ps1')

# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
FunctionsToExport = @(
'Invoke-AtomicTest',
'Get-AtomicTechnique',
'New-AtomicTechnique',
'New-AtomicTest',
'New-AtomicTestInputArgument',
'New-AtomicTestDependency',
'Start-AtomicGUI',
'Stop-AtomicGUI',
'Invoke-SetupAtomicRunner',
'Invoke-GenerateNewSchedule',
'Invoke-RefreshExistingSchedule',
'Invoke-AtomicRunner',
'Get-Schedule',
'Invoke-KickoffAtomicRunner',
'Get-PreferredIPAddress'
)

# Variables to export from this module
VariablesToExport = '*'

NestedModules = @(
"Public\Default-ExecutionLogger.psm1",
"Public\Attire-ExecutionLogger.psm1",
"Public\Syslog-ExecutionLogger.psm1",
"Public\WinEvent-ExecutionLogger.psm1"
)

# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
PrivateData = @{

PSData = @{

# Tags applied to this module. These help with module discovery in online galleries.
Tags = @('Security', 'Defense')

# A URL to the license for this module.
LicenseUri = 'https://github.com/redcanaryco/invoke-atomicredteam/blob/master/LICENSE.txt'

# A URL to the main website for this project.
ProjectUri = 'https://github.com/redcanaryco/invoke-atomicredteam'

# A URL to an icon representing this module.
# IconUri = ''

# ReleaseNotes of this module
ReleaseNotes = @'
1.0.2
-----
* Add support for custom execution loggers

1.0.1
-----
* Adding 'powershell-yaml' to RequiredModules in the module manifest

1.0.0
-----
* Initial release for submission to the PowerShell Gallery
'@

} # End of PSData hashtable

} # End of PrivateData hashtable
}
@{

# Script module or binary module file associated with this manifest.
RootModule = 'Invoke-AtomicRedTeam.psm1'

# Version number of this module.
ModuleVersion = '2.1.0'

# ID used to uniquely identify this module
GUID = '8f492621-18f8-432e-9532-b1d54d3e90bd'

# Author of this module
Author = 'Casey Smith @subTee, Josh Rickard @MSAdministrator, Carrie Roberts @OrOneEqualsOne, Matt Graeber @mattifestation'

# Company or vendor of this module
CompanyName = 'Red Canary, Inc.'

# Copyright statement for this module
Copyright = '(c) 2021 Red Canary. All rights reserved.'

# Description of the functionality provided by this module
Description = 'A PowerShell module that runs Atomic Red Team tests from yaml definition files.'

# Minimum version of the Windows PowerShell engine required by this module
PowerShellVersion = '5.0'

# Modules that must be imported into the global environment prior to importing this module
RequiredModules = @('powershell-yaml')

# Script files (.ps1) that are run in the caller's environment prior to importing this module.
# AtomicClassSchema.ps1 needs to be present in the caller's scope in order for the built-in classes to surface properly.
ScriptsToProcess = @('Private\AtomicClassSchema.ps1', 'Public\config.ps1')

# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
FunctionsToExport = @(
'Invoke-AtomicTest',
'Get-AtomicTechnique',
'New-AtomicTechnique',
'New-AtomicTest',
'New-AtomicTestInputArgument',
'New-AtomicTestDependency',
'Start-AtomicGUI',
'Stop-AtomicGUI',
'Invoke-SetupAtomicRunner',
'Invoke-GenerateNewSchedule',
'Invoke-RefreshExistingSchedule',
'Invoke-AtomicRunner',
'Get-Schedule',
'Invoke-KickoffAtomicRunner',
'Get-PreferredIPAddress',
'Invoke-KillProcessTree'
)

# Variables to export from this module
VariablesToExport = '*'

NestedModules = @(
"Public\Default-ExecutionLogger.psm1",
"Public\Attire-ExecutionLogger.psm1",
"Public\Syslog-ExecutionLogger.psm1",
"Public\WinEvent-ExecutionLogger.psm1"
)

# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
PrivateData = @{

PSData = @{

# Tags applied to this module. These help with module discovery in online galleries.
Tags = @('Security', 'Defense')

# A URL to the license for this module.
LicenseUri = 'https://github.com/redcanaryco/invoke-atomicredteam/blob/master/LICENSE.txt'

# A URL to the main website for this project.
ProjectUri = 'https://github.com/redcanaryco/invoke-atomicredteam'

# A URL to an icon representing this module.
# IconUri = ''

# ReleaseNotes of this module
ReleaseNotes = @'
1.0.2
-----
* Add support for custom execution loggers

1.0.1
-----
* Adding 'powershell-yaml' to RequiredModules in the module manifest

1.0.0
-----
* Initial release for submission to the PowerShell Gallery
'@

} # End of PSData hashtable

} # End of PrivateData hashtable
}
2 changes: 1 addition & 1 deletion Invoke-AtomicRedTeam.psm1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ if([bool]$artConfig.absb -and ($artConfig.OS -eq "windows")){
}

#Get public and private function definition files.
$Public = @( Get-ChildItem -Path $PSScriptRoot\Public\*.ps1 -Recurse -ErrorAction SilentlyContinue )
$Public = @( Get-ChildItem -Path $PSScriptRoot\Public\*.ps1 -Recurse -Exclude AtomicRunnerService.ps1 -ErrorAction SilentlyContinue )
$Private = @( Get-ChildItem -Path $PSScriptRoot\Private\*.ps1 -Recurse -Exclude "AtomicClassSchema.ps1" -ErrorAction SilentlyContinue )

# Make sure the Atomic Class Schema is available first (a workaround so PSv5.0 doesn't give errors)
Expand Down
Loading
Loading