Merge pull request #53 from guardicore/bugfix/expand-env-variables-in-config

Expand config env variables on demand
This commit is contained in:
Daniel Goldberg 2017-09-27 13:39:51 +03:00 committed by GitHub
commit 08aaed8eb3
5 changed files with 27 additions and 15 deletions

View File

@ -102,9 +102,9 @@ class Configuration(object):
###########################
use_file_logging = True
dropper_log_path_windows = os.path.expandvars("%temp%\~df1562.tmp")
dropper_log_path_windows = '%temp%\\~df1562.tmp'
dropper_log_path_linux = '/tmp/user-1562'
monkey_log_path_windows = os.path.expandvars("%temp%\~df1563.tmp")
monkey_log_path_windows = '%temp%\\~df1563.tmp'
monkey_log_path_linux = '/tmp/user-1563'
###########################
@ -113,14 +113,15 @@ class Configuration(object):
dropper_try_move_first = sys.argv[0].endswith(".exe")
dropper_set_date = True
dropper_date_reference_path = r"\windows\system32\kernel32.dll" if sys.platform == "win32" else '/bin/sh'
dropper_date_reference_path_windows = r"%windir%\system32\kernel32.dll"
dropper_date_reference_path_linux = '/bin/sh'
dropper_target_path = r"C:\Windows\monkey.exe"
dropper_target_path_linux = '/tmp/monkey'
###########################
# Kill file
###########################
kill_file_path_windows = os.path.expandvars("%windir%\monkey.not")
kill_file_path_windows = '%windir%\\monkey.not'
kill_file_path_linux = '/var/run/monkey.not'
###########################

View File

@ -83,11 +83,15 @@ class MonkeyDrops(object):
return False
if WormConfiguration.dropper_set_date:
if sys.platform == 'win32':
dropper_date_reference_path = os.path.expandvars(WormConfiguration.dropper_date_reference_path_windows)
else:
dropper_date_reference_path = WormConfiguration.dropper_date_reference_path_linux
try:
ref_stat = os.stat(WormConfiguration.dropper_date_reference_path)
ref_stat = os.stat(dropper_date_reference_path)
except:
LOG.warn("Cannot set reference date using '%s', file not found",
WormConfiguration.dropper_date_reference_path)
dropper_date_reference_path)
else:
try:
os.utime(self._config['destination_path'],

View File

@ -16,7 +16,8 @@
"collect_system_info": true,
"depth": 2,
"dropper_date_reference_path": "/bin/sh",
"dropper_date_reference_path_windows": "%windir%\\system32\\kernel32.dll",
"dropper_date_reference_path_linux": "/bin/sh",
"dropper_log_path_windows": "%temp%\\~df1562.tmp",
"dropper_log_path_linux": "/tmp/user-1562",
"dropper_set_date": true,

View File

@ -68,7 +68,7 @@ def main():
print "Loaded Configuration: %r" % WormConfiguration.as_dict()
# Make sure we're not in a machine that has the kill file
kill_path = WormConfiguration.kill_file_path_windows if sys.platform == "win32" else WormConfiguration.kill_file_path_linux
kill_path = os.path.expandvars(WormConfiguration.kill_file_path_windows) if sys.platform == "win32" else WormConfiguration.kill_file_path_linux
if os.path.exists(kill_path):
print "Kill path found, finished run"
return True

View File

@ -333,7 +333,7 @@ SCHEMA = {
"kill_file_path_windows": {
"title": "Kill file path on Windows",
"type": "string",
"default": "C:\\Windows\\monkey.not",
"default": "%windir%\\monkey.not",
"description": "Path of file which kills monkey if it exists (on Windows)"
},
"kill_file_path_linux": {
@ -354,11 +354,17 @@ SCHEMA = {
"default": True,
"description": "Determines whether the dropper should set the monkey's file date to be the same as another file"
},
"dropper_date_reference_path": {
"title": "Droper date reference path",
"dropper_date_reference_path_windows": {
"title": "Dropper date reference path (Windows)",
"type": "string",
"default": "\\windows\\system32\\kernel32.dll",
"description": "Determines which file the dropper should copy the date from if it's configured to do so (use fullpath)"
"default": "%windir%\\system32\\kernel32.dll",
"description": "Determines which file the dropper should copy the date from if it's configured to do so on Windows (use fullpath)"
},
"dropper_date_reference_path_linux": {
"title": "Dropper date reference path (Linux)",
"type": "string",
"default": "/bin/sh",
"description": "Determines which file the dropper should copy the date from if it's configured to do so on Linux (use fullpath)"
},
"dropper_target_path_linux": {
"title": "Dropper target path on Linux",
@ -393,7 +399,7 @@ SCHEMA = {
"dropper_log_path_windows": {
"title": "Dropper log file path on Windows",
"type": "string",
"default": "C:\\Users\\user\\AppData\\Local\\Temp\\~df1562.tmp",
"default": "%temp%\\~df1562.tmp",
"description": "The fullpath of the dropper log file on Windows"
},
"monkey_log_path_linux": {
@ -405,7 +411,7 @@ SCHEMA = {
"monkey_log_path_windows": {
"title": "Monkey log file path on Windows",
"type": "string",
"default":"C:\\Users\\user\\AppData\\Local\\Temp\\~df1563.tmp",
"default": "%temp%\\~df1563.tmp",
"description": "The fullpath of the monkey log file on Windows"
}
}