Make this repo, the repo for just the csirt site (#417)

* Cleanup up step 1

* Fixing little things

* Fixing CIrcleCI

.circleci/config.yml

@@ -10,26 +10,18 @@ jobs:
       - run:
           name: Build and check
           command: |
-            for site in csirt.divd.nl www.divd.nl; do
-              ( 
-                echo "*** Building and checking $site ***"; 
-                cd $site;
-                gem install -N jekyll-secinfo jekyll-last-modified-at
-                ./update.sh
-                # Removing some stubs
-                rm -f _cves/CVE-3000-*
-                rm -rf _cases/DIVD-3000-0000*
-                jekyll build 2>&1| tee jekyll-build.log;
-                ./proof_html.sh 
-              ) 
-            done
+            echo "*** Building and checking $site ***"; 
+            gem install -N jekyll-secinfo jekyll-last-modified-at
+            ./update.sh
+            # Removing some stubs
+            rm -f _cves/CVE-3000-*
+            rm -rf _cases/DIVD-3000-0000*
+            jekyll build 2>&1| tee jekyll-build.log;
+            ./proof_html.sh 
       - save_cache:
           key: jekyll-{{ .Environment.CIRCLE_SHA1 }}
           paths:
-            - "/root/project/www.divd.nl/_site"
-            - "/root/project/csirt.divd.nl/_site"
-            - "/root/project/.htaccess"
-
+            - "/root/project/_site"
 
   upload:
     docker:
@@ -51,12 +43,8 @@ jobs:
           command: |
             mkdir -p ~/.ssh;
             echo  "upload.bit.nl,213.136.12.217 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIVx+0N0LECcGHPywPCk9uz4/l3kNUVNe5QQRleIkMCTarkYauvRrPNPl49x3LIjF6cZsmQZX7jwgsJqEzfcF98=" > ~/.ssh/known_hosts;
-            cd /root/project/;
-            rsync -av .htaccess [email protected]:htdocs;
-            cd /root/project/csirt.divd.nl/_site;
+            cd /root/project/_site;
             rsync -av --delete . [email protected]:htdocs/csirt-divd-nl;
-            cd /root/project/www.divd.nl/_site;
-            rsync -av "--exclude=data/*" --delete . [email protected]:htdocs/divd-nl;
 
 workflows:
   version: 2
@@ -69,4 +57,4 @@ workflows:
           filters:
             branches:
               only:
-                - master
+                - main

.gitignore

@@ -7,12 +7,9 @@
 Gemfile.lock
 _site/
 .env
-csirt.divd.nl/_team/
-www.divd.nl/_cases/
-www.divd.nl/_csirt_posts/
-www.divd.nl/_cves/
-www.divd.nl/_data/scanners.yml
+_team/
+www.divd.nl/
 *.bak
 *.log
-*/_config_livereload.yml
+_config_livereload.yml
 *:Zone.Identifier

.htaccess

@@ -1,84 +1,7 @@
-RewriteEngine On
 Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
-# Redirect http -> https
-RewriteCond %{HTTP:X-HTTPS-SESSION} !^yes$
-RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
-
-SetEnvIfNoCase X-HTTPS-Session Yes is_ssl=yes
-SetEnvIfNoCase X-HTTPS-Session Yes is_https=yes
-SetEnvIfNoCase X-HTTPS-Session Yes HTTPS=on
-
-# recirect divd.nl to www
-RewriteCond %{HTTP_HOST} ^divd\.nl [NC]
-RewriteRule (.*) https://www.divd.nl/$1 [r=301,L]
-
-# Serve www from divd-nl
-RewriteCond %{HTTP_HOST} ^www\.divd\.nl [NC]
-RewriteCond %{REQUEST_URI} !^/divd-nl [NC]
-RewriteRule (.*) divd-nl/$1 [L]
-
-# Redirect when I summon a directory without a trailing slash
-RewriteCond %{HTTP_HOST} ^www\.divd\.nl [NC]
-RewriteCond %{REQUEST_URI} ^/divd-nl.*[^/]$ [NC]
-RewriteCond %{REQUEST_FILENAME} -d [NC]
-RewriteRule ^divd-nl/(.*) /$1/ [L,r=301]
-
-# Serve csirt from csirt-divd-nl
-RewriteCond %{HTTP_HOST} ^csirt\.divd\.nl [NC]
-RewriteCond %{REQUEST_URI} !^/csirt-divd-nl [NC]
-RewriteRule (.*) csirt-divd-nl/$1 [L]
-
-# Redirect when I summon a directory without a trailing slash
-RewriteCond %{HTTP_HOST} ^csirt\.divd\.nl [NC]
-RewriteCond %{REQUEST_URI} ^/csirt-divd-nl.*[^/]$ [NC]
-RewriteCond %{REQUEST_FILENAME} -d [NC]
-RewriteRule ^csirt-divd-nl/(.*) /$1/ [L,r=301]
-
-# recirect divd.club to www
-RewriteCond %{HTTP_HOST} ^divd\.club [NC]
-RewriteRule (.*) https://www.divd.club/$1 [r=301,L]
-
-# Serve divd.club from divd-club
-RewriteCond %{HTTP_HOST} ^www\.divd\.club [NC]
-RewriteCond %{REQUEST_URI} !^/divd-club [NC]
-RewriteRule (.*) divd-club/$1 [L]
-
-# Redirect when I summon a directory without a trailing slash
-RewriteCond %{HTTP_HOST} ^www\.divd\.club [NC]
-RewriteCond %{REQUEST_URI} ^/divd-club.*[^/]$ [NC]
-RewriteCond %{REQUEST_FILENAME} -d [NC]
-RewriteRule ^divd-club/(.*) /$1/ [L,r=301]
-
-# cyber-wear.nl 
-
-# recirect cyber-wear.nl to www
-RewriteCond %{HTTP_HOST} ^cyber-wear\.nl [NC]
-RewriteRule (.*) https://www.cyber-wear.nl/$1 [r=301,L]
-
-# Serve cyber-wear.nl from cyber-wear-nl
-RewriteCond %{HTTP_HOST} ^www\.cyber-wear\.nl [NC]
-RewriteCond %{REQUEST_URI} !^/cyber-wear-nl [NC]
-RewriteRule (.*) cyber-wear-nl/$1 [L]
-
-# Redirect when I summon a directory without a trailing slash
-RewriteCond %{HTTP_HOST} ^www\.cyber-wear\.nl [NC]
-RewriteCond %{REQUEST_URI} ^/cyber-wear-nl.*[^/]$ [NC]
-RewriteCond %{REQUEST_FILENAME} -d [NC]
-RewriteRule ^cyber-wear-nl/(.*) /$1/ [L,r=301]
-
-# divd.fund
-
-# recirect divd.fund to www
-RewriteCond %{HTTP_HOST} ^divd\.fund [NC]
-RewriteRule (.*) https://www.divd.fund/$1 [r=301,L]
-
-# Serve divd.fund from divd.fund
-RewriteCond %{HTTP_HOST} ^www\.divd\.fund [NC]
-RewriteCond %{REQUEST_URI} !^/divd.fund [NC]
-RewriteRule (.*) divd.fund/$1 [L]
-
-# Redirect when I summon a directory without a trailing slash
-RewriteCond %{HTTP_HOST} ^www\.divd\.fund [NC]
-RewriteCond %{REQUEST_URI} ^/divd\.fund.*[^/]$ [NC]
-RewriteCond %{REQUEST_FILENAME} -d [NC]
-RewriteRule ^divd.fund/(.*) /$1/ [L,r=301]
+Header always append X-Frame-Options DENY
+Header set X-Content-Type-Options nosniff
+Header set X-XSS-Protection "1; mode=block"
+Header set Content-Security-Policy "default-src 'none'; font-src 'self'; img-src 'self'; script-src 'self' ; style-src 'self'"
+Header always set Referrer-Policy "same-origin"
+ErrorDocument 404 /404.html

README.md

@@ -1,8 +1,23 @@
-www.divd.nl and csirt.divd.nl websites
-====
-a
-This repo holds these websites:
-* www.divd.nl
-* [csirt.divd.nl](https://csirt.divd.nl)
-
-Each in their own subdirectory
+## Adding new news items
+1. Create a new file in the `_posts` folder with filename `<year>-<month>-<day>-<title>.md`
+2. Start the file with the following template configuration:
+```markdown
+---
+layout: news
+title: <-- title-- >
+author: <-- your name -->
+excerpt: <-- one line summary in Dutch / And English will show on blog page -->
+---
+```
+
+## Development
+The site is easiest deployed locally with [Docker](https://docker.com). 
+
+1. Install Docker
+2. Clone this repository
+3. Run `./serve`
+4. Open your favorite Internet Explorer and go to `http://localhost:4000`
+
+## Markdown
+
+See: https://github.com/adam-p/markdown-here/wiki/Markdown-Cheatsheet

csirt.divd.nl/_config.yml → _config.yml

@@ -64,3 +64,4 @@ exclude:
   - "*.conf"
   - "*:Zone.Identifier"
   - "_config_livereload.yml"
+  - "www.divd.nl"

csirt.divd.nl/_cves/CVE-3000-6666.md → _cves/CVE-3000-6666.md

@@ -141,7 +141,7 @@ json : {
           ]
         },
         {
-          "url": "https://csirt.divd.nl/DIVD-3000-0001",
+          "url": "https://csirt.divd.nl/DIVD-3000-00001",
           "tags": [
             "third-party-advisory"
           ]
@@ -263,7 +263,7 @@ json : {
         }
       ],
       "source": {
-        "advisory": "DIVD-3000-0001",
+        "advisory": "DIVD-3000-00001",
         "discovery": "INTERNAL"
       },
       "x_generator": {

csirt.divd.nl/_layouts/cve-json-50.html → _layouts/cve-json-50.html

@@ -121,56 +121,56 @@ <h1>{{ page.cve | escape }} - {{ page.title | escape }}</h1>
 										<td>
 											{% if v.status == "affected" %}
 												{% if v.lessThan or v.lessThanOrEqual %}
-													>=
+													&gt;=
 												{% else %}
 													=
 												{% endif %}
 												{{ v.versionType }} {{ v.version }}
 												{% if v.lessThan or v.lessThanOrEqual %}
 													to
 													{% if v.lessThan %}
-														< {{ v.lessThan }}
+														&lt; {{ v.lessThan }}
 													{% endif %}
 													{% if v.lessThanOrEqual %}
-														< {{ v.lessThanOrEqual }}
+														&lt; {{ v.lessThanOrEqual }}
 													{% endif %}
 												{% endif %}
 											{% endif %}
 										</td>
 										<td>
 											{% if v.status == "unaffected" %}
 												{% if v.lessThan or v.lessThanOrEqual %}
-													>=
+													&gt;=
 												{% else %}
 													=
 												{% endif %}
 												{{ v.versionType }} {{ v.version }}
 												{% if v.lessThan or v.lessThanOrEqual %}
 													to
 													{% if v.lessThan %}
-														< {{ v.lessThan }}
+														&lt; {{ v.lessThan }}
 													{% endif %}
 													{% if v.lessThanOrEqual %}
-														< {{ v.lessThanOrEqual }}
+														&lt; {{ v.lessThanOrEqual }}
 													{% endif %}
 												{% endif %}
 											{% endif %}
 										</td>
 										<td>
 											{% if v.status == "unknown" %}
 												{% if v.lessThan or v.lessThanOrEqual %}
-													>=
+													&gt;=
 												{% else %}
 													=
 												{% endif %}
 												{{ v.versionType }} {{ v.version }}
 												{% if v.lessThan or v.lessThanOrEqual %}
 													to
 													{% if v.lessThan %}
-														< {{ v.lessThan }}
+														&lt; {{ v.lessThan }}
 													{% endif %}
 													{% if v.lessThanOrEqual %}
-														< {{ v.lessThanOrEqual }}
+														&lt; {{ v.lessThanOrEqual }}
 													{% endif %}
 												{% endif %}
 											{% endif %}

csirt.divd.nl/proof_html.sh → proof_html.sh

@@ -6,7 +6,7 @@ apt-get install python3-pip libcurl4 -y
 pip3 install html5validator 
 
 TEAMCOUNT_HERE=$( ls _team|wc -l )
-TEAMCOUNT_THERE=$( ls ../www.divd.nl/_team|wc -l )
+TEAMCOUNT_THERE=$( ls www.divd.nl/_team|wc -l )
 if [[ $TEAMCOUNT_HERE -le 0 || $TEAMCOUNT_HERE -ne $TEAMCOUNT_THERE ]]; then
 	echo "_team directory is not updated, run ./update.sh"
 	exit 1

csirt.divd.nl/serve → serve

@@ -23,21 +23,22 @@ grep Content-Security-Policy _config.yml | \
 	sed "s#connect-src #connect-src * #" \
 		>> _config_livereload.yml
 docker run \
-	--volume="$PWD/../:/root/project:delegated" \
+	--volume="$PWD:/root/project:delegated" \
 	--entrypoint /bin/bash \
 	--publish $PORT:4000 \
 	--publish 35729:35729 \
 	-ti mrseccubus/github-pages \
 	-c "
 		gem install -N jekyll-secinfo jekyll-paginate jekyll-last-modified-at;
-		cd /root/project/csirt.divd.nl;
+		cd /root/project/;
 		if [[ -e Gemfile ]]; then
 			echo \"*** Installing Gems in Gemfile ***\"
 			bundle install 
 			EXEC=\"bundle exec\"
 		fi
 
 		while [ 1 ] ; do
+			git config --global --add safe.directory /root/project/www.divd.nl
 			./update.sh
 			rm -rf _site/*;
 			$EXEC jekyll serve --incremental --livereload --host=0.0.0.0 --future --config=_config.yml,_config_livereload.yml 2>&1 

csirt.divd.nl/test_it.sh → test_it.sh

@@ -1,9 +1,10 @@
 #!/bin/bash
 
 docker pull mrseccubus/github-pages:latest
-docker run --volume="$PWD/..:/root/project:delegated" --entrypoint /bin/bash -ti mrseccubus/github-pages \
+docker run --volume="$PWD:/root/project:delegated" --entrypoint /bin/bash -ti mrseccubus/github-pages \
 -c "
-	cd /root/project/csirt.divd.nl;
+	cd /root/project/;
+	git config --global --add safe.directory /root/project/www.divd.nl
 	./update.sh;
 	rm -rf _site/* jekyll-build.log;
 	jekyll build  --future 2>&1 |grep -Ev 'rb:[0-9]+: warning' 2>&1 | tee jekyll-build.log

update.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+
+if [[ ! -e serve ]]; then
+	echo "It looks like you are not in the root directory because I don;t see the serve script"
+	echo "I'm cowardly quitting"
+	exit 1
+fi
+if [[ ! -d www.divd.nl ]]; then
+	git clone https://github.com/DIVD-NL/web-www.git www.divd.nl
+else
+	( cd www.divd.nl ; git pull )
+fi
+
+
+echo "Updating team"
+(
+	cd _team
+	rm -f *.html
+	cp ../www.divd.nl/_team/*.html .
+)