From 4e0afc82b9eb18ec949731de7a030f6bc854540a Mon Sep 17 00:00:00 2001
From: Justin Travis <justin@kasmweb.com>
Date: Tue, 26 Dec 2023 16:44:31 -0500
Subject: [PATCH] KASM-5299 Nessus

---
 ci-scripts/template-vars.yaml               |  9 +++
 dockerfile-kasm-nessus                      | 35 +++++++++
 docs/nessus/README.md                       | 11 +++
 docs/nessus/demo.txt                        |  9 +++
 docs/nessus/description.txt                 |  1 +
 src/ubuntu/install/nessus/custom_startup.sh | 85 +++++++++++++++++++++
 src/ubuntu/install/nessus/install_nessus.sh | 28 +++++++
 7 files changed, 178 insertions(+)
 create mode 100644 dockerfile-kasm-nessus
 create mode 100644 docs/nessus/README.md
 create mode 100644 docs/nessus/demo.txt
 create mode 100644 docs/nessus/description.txt
 create mode 100644 src/ubuntu/install/nessus/custom_startup.sh
 create mode 100644 src/ubuntu/install/nessus/install_nessus.sh

diff --git a/ci-scripts/template-vars.yaml b/ci-scripts/template-vars.yaml
index fe446cc..5e7e50c 100644
--- a/ci-scripts/template-vars.yaml
+++ b/ci-scripts/template-vars.yaml
@@ -75,6 +75,15 @@ multiImages:
     changeFiles:
       - dockerfile-kasm-libre-office
       - src/ubuntu/install/libre_office/**
+  - name: nessus
+    base: core-ubuntu-focal
+    dockerfile: dockerfile-kasm-nessus
+    changeFiles:
+      - dockerfile-kasm-nessus
+      - src/ubuntu/install/chromium/**
+      - src/ubuntu/install/nessus/**
+      - src/ubuntu/install/tools/**
+      - src/ubuntu/install/cleanup/**
   - name: opensuse-15-desktop
     base: core-opensuse-15
     dockerfile: dockerfile-kasm-opensuse-15-desktop
diff --git a/dockerfile-kasm-nessus b/dockerfile-kasm-nessus
new file mode 100644
index 0000000..5f7116b
--- /dev/null
+++ b/dockerfile-kasm-nessus
@@ -0,0 +1,35 @@
+ARG BASE_TAG="develop"
+ARG BASE_IMAGE="core-ubuntu-focal"
+FROM kasmweb/$BASE_IMAGE:$BASE_TAG
+USER root
+
+ENV HOME /home/kasm-default-profile
+ENV STARTUPDIR /dockerstartup
+ENV INST_SCRIPTS $STARTUPDIR/install
+WORKDIR $HOME
+
+######### Customize Container Here ###########
+
+
+# Install Google Chrome
+COPY ./src/ubuntu/install/chromium $INST_SCRIPTS/chromium/
+RUN bash $INST_SCRIPTS/chromium/install_chromium.sh  && rm -rf $INST_SCRIPTS/chromium/
+
+COPY ./src/ubuntu/install/nessus $INST_SCRIPTS/nessus/
+RUN bash $INST_SCRIPTS/nessus/install_nessus.sh  && rm -rf $INST_SCRIPTS/nessus/
+
+COPY ./src/ubuntu/install/nessus/custom_startup.sh $STARTUPDIR/custom_startup.sh
+RUN chmod +x $STARTUPDIR/custom_startup.sh
+RUN chmod 755 $STARTUPDIR/custom_startup.sh
+
+RUN cp /usr/share/extra/backgrounds/bg_kasm.png /usr/share/extra/backgrounds/bg_default.png
+
+######### End Customizations ###########
+
+RUN chown 1000:0 $HOME
+
+ENV HOME /home/kasm-user
+WORKDIR $HOME
+RUN mkdir -p $HOME && chown -R 1000:0 $HOME
+
+USER 1000
diff --git a/docs/nessus/README.md b/docs/nessus/README.md
new file mode 100644
index 0000000..6d9ba24
--- /dev/null
+++ b/docs/nessus/README.md
@@ -0,0 +1,11 @@
+# About This Image
+
+This Image contains a browser-accessible version of [Tennable Nessus](https://www.tenable.com/products/nessus).
+
+![Screenshot][Image_Screenshot]
+
+[Image_Screenshot]: https://5856039.fs1.hubspotusercontent-na1.net/hubfs/5856039/dockerhub/deluge.png "Image Screenshot"
+
+# Environment Variables
+
+* `APP_ARGS` - Additional arguments to pass to the application when launched.
diff --git a/docs/nessus/demo.txt b/docs/nessus/demo.txt
new file mode 100644
index 0000000..86dc6f7
--- /dev/null
+++ b/docs/nessus/demo.txt
@@ -0,0 +1,9 @@
+# Live Demo
+
+<a href="https://app.kasmweb.com/#/cast/8801410682" target="_blank"><img src="https://info.kasmweb.com/hubfs/dockerhub/GIFs/deluge.gif" width="640" height="360"></a>
+
+**Launch a real-time demo in a new browser window:** <a href="https://app.kasmweb.com/#/cast/8801410682" target="_blank">Live Demo</a>.
+
+<a href="https://app.kasmweb.com/#/cast/8801410682" target="_blank"><img src="https://5856039.fs1.hubspotusercontent-na1.net/hub/5856039/hubfs/dockerhub/casting-buttons/Deluge.png" width="300" height="104"></a>
+
+&lowast;*Note: Demo is limited to 3 minutes and has upload/downloads restricted for security purposes.*
diff --git a/docs/nessus/description.txt b/docs/nessus/description.txt
new file mode 100644
index 0000000..08d1651
--- /dev/null
+++ b/docs/nessus/description.txt
@@ -0,0 +1 @@
+Nessus Vulnerability Scanner for Kasm Workspaces
diff --git a/src/ubuntu/install/nessus/custom_startup.sh b/src/ubuntu/install/nessus/custom_startup.sh
new file mode 100644
index 0000000..696e5fe
--- /dev/null
+++ b/src/ubuntu/install/nessus/custom_startup.sh
@@ -0,0 +1,85 @@
+#!/usr/bin/env bash
+set -ex
+START_COMMAND="/opt/nessus/sbin/nessusd start"
+PGREP="nessusd"
+DEFAULT_ARGS=""
+ARGS=${APP_ARGS:-$DEFAULT_ARGS}
+
+options=$(getopt -o gau: -l go,assign,url: -n "$0" -- "$@") || exit
+eval set -- "$options"
+
+while [[ $1 != -- ]]; do
+    case $1 in
+        -g|--go) GO='true'; shift 1;;
+        -a|--assign) ASSIGN='true'; shift 1;;
+        -u|--url) OPT_URL=$2; shift 2;;
+        *) echo "bad option: $1" >&2; exit 1;;
+    esac
+done
+shift
+
+# Process non-option arguments.
+for arg; do
+    echo "arg! $arg"
+done
+
+FORCE=$2
+
+kasm_exec() {
+    if [ -n "$OPT_URL" ] ; then
+        URL=$OPT_URL
+    elif [ -n "$1" ] ; then
+        URL=$1
+    fi 
+    
+    # Since we are execing into a container that already has the browser running from startup, 
+    #  when we don't have a URL to open we want to do nothing. Otherwise a second browser instance would open. 
+    if [ -n "$URL" ] ; then
+        /usr/bin/filter_ready
+        /usr/bin/desktop_ready
+        bash ${MAXIMIZE_SCRIPT} &
+        $START_COMMAND $ARGS $OPT_URL &
+        sleep 3
+        chromium-browser https://localhost:8834 --start-maximized
+    else
+        echo "No URL specified for exec command. Doing nothing."
+    fi
+}
+
+kasm_startup() {
+    if [ -n "$KASM_URL" ] ; then
+        URL=$KASM_URL
+    elif [ -z "$URL" ] ; then
+        URL=$LAUNCH_URL
+    fi
+
+    if [ -z "$DISABLE_CUSTOM_STARTUP" ] ||  [ -n "$FORCE" ] ; then
+
+        echo "Entering process startup loop"
+        set +x
+        while true
+        do
+            if ! pgrep -x $PGREP > /dev/null
+            then
+                /usr/bin/filter_ready
+                /usr/bin/desktop_ready
+                set +e
+                bash ${MAXIMIZE_SCRIPT} &
+                $START_COMMAND $ARGS $URL &
+                sleep 3
+                chromium-browser https://localhost:8834 --start-maximized &
+                set -e
+            fi
+            sleep 1
+        done
+        set -x
+    
+    fi
+
+} 
+
+if [ -n "$GO" ] || [ -n "$ASSIGN" ] ; then
+    kasm_exec
+else
+    kasm_startup
+fi
diff --git a/src/ubuntu/install/nessus/install_nessus.sh b/src/ubuntu/install/nessus/install_nessus.sh
new file mode 100644
index 0000000..260a230
--- /dev/null
+++ b/src/ubuntu/install/nessus/install_nessus.sh
@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+set -ex
+
+ARCH=$(arch  | sed 's/x86_64/amd64/g')
+
+apt-get update
+apt-get install -y jq
+
+NESSUS_URL=$(curl --request GET --url https://www.tenable.com/downloads/api/v2/pages/nessus --header 'accept: application/json' | jq -r '.releases.latest[][] | select(.file_url | contains("ubuntu1404")) | .file_url' | grep $ARCH)
+NESSUS_UPDATES_URL=$(curl --request GET --url https://www.tenable.com/downloads/api/v2/pages/nessus --header 'accept: application/json' | jq -r '.releases.latest[][] | select(.file_url | contains("nessus-updates-latest")) | .file_url')
+
+cd /tmp
+
+curl --request GET \
+  --url "${NESSUS_URL}" \
+  --output 'nessus.deb'
+
+curl --request GET \
+  --url ${NESSUS_UPDATES_URL} \
+  --output 'nessus-updates-latest.tar.gz'
+
+apt-get install -y ./nessus.deb
+
+rm nessus.deb
+
+/opt/nessus/sbin/nessuscli update /tmp/nessus-updates-latest.tar.gz
+
+rm nessus-updates-latest.tar.gz