From 71328ea2b14148386306648515419829a6ed023c Mon Sep 17 00:00:00 2001 From: Ilija Lazoroski Date: Wed, 9 Mar 2022 12:21:03 +0100 Subject: [PATCH] Agent, Island: User friendly log name * Configurable log directories * Random component to the log file * 'infection-monkey---.log' --- monkey/infection_monkey/config.py | 8 ++--- monkey/infection_monkey/example.conf | 8 ++--- .../infection_monkey/utils/monkey_log_path.py | 29 ++++++++++++++--- .../cc/services/config_schema/internal.py | 32 +++++++++---------- .../monkey_configs/flat_config.json | 8 ++--- .../monkey_config_standard.json | 8 ++--- 6 files changed, 57 insertions(+), 36 deletions(-) diff --git a/monkey/infection_monkey/config.py b/monkey/infection_monkey/config.py index 63c8c5c3b..60799e938 100644 --- a/monkey/infection_monkey/config.py +++ b/monkey/infection_monkey/config.py @@ -71,10 +71,10 @@ class Configuration(object): # logging config ########################### - dropper_log_path_windows = "%temp%\\~df1562.tmp" - dropper_log_path_linux = "/tmp/user-1562" - monkey_log_path_windows = "%temp%\\~df1563.tmp" - monkey_log_path_linux = "/tmp/user-1563" + dropper_log_directory_linux = "/tmp/" + dropper_log_directory_windows = "%temp%\\" + monkey_log_directory_linux = "/tmp/" + monkey_log_directory_windows = "%temp%\\" ########################### # dropper config diff --git a/monkey/infection_monkey/example.conf b/monkey/infection_monkey/example.conf index f370e5fdd..2aaafa728 100644 --- a/monkey/infection_monkey/example.conf +++ b/monkey/infection_monkey/example.conf @@ -16,8 +16,8 @@ "dropper_date_reference_path_windows": "%windir%\\system32\\kernel32.dll", "dropper_date_reference_path_linux": "/bin/sh", - "dropper_log_path_windows": "%temp%\\~df1562.tmp", - "dropper_log_path_linux": "/tmp/user-1562", + "dropper_log_directory_linux": "/tmp/", + "dropper_log_directory_windows": "%temp%\\", "dropper_set_date": true, "dropper_target_path_win_64": "C:\\Windows\\temp\\monkey64.exe", "dropper_target_path_linux": "/tmp/monkey", @@ -38,8 +38,8 @@ "MSSQLFingerprint", "ElasticFinger" ], - "monkey_log_path_windows": "%temp%\\~df1563.tmp", - "monkey_log_path_linux": "/tmp/user-1563", + "monkey_log_directory_windows": "%temp%\\", + "monkey_log_directory_linux": "/tmp/", "ping_scan_timeout": 10000, "smb_download_timeout": 300, "smb_service_name": "InfectionMonkey", diff --git a/monkey/infection_monkey/utils/monkey_log_path.py b/monkey/infection_monkey/utils/monkey_log_path.py index 0b97f83b9..3c5e7e327 100644 --- a/monkey/infection_monkey/utils/monkey_log_path.py +++ b/monkey/infection_monkey/utils/monkey_log_path.py @@ -1,20 +1,41 @@ import os +import string import sys +import time +from random import SystemRandom from infection_monkey.config import WormConfiguration def get_monkey_log_path(): return ( - os.path.expandvars(WormConfiguration.monkey_log_path_windows) + os.path.expandvars( + _generate_random_log_filepath(WormConfiguration.monkey_log_directory_windows, "agent") + ) if sys.platform == "win32" - else WormConfiguration.monkey_log_path_linux + else _generate_random_log_filepath(WormConfiguration.monkey_log_directory_linux, "agent") ) def get_dropper_log_path(): return ( - os.path.expandvars(WormConfiguration.dropper_log_path_windows) + os.path.expandvars( + _generate_random_log_filepath( + WormConfiguration.dropper_log_directory_windows, "dropper" + ) + ) if sys.platform == "win32" - else WormConfiguration.dropper_log_path_linux + else _generate_random_log_filepath(WormConfiguration.dropper_log_directory_linux, "dropper") ) + + +def _generate_random_log_filepath(log_directory: str, monkey_arg: str) -> str: + safe_random = SystemRandom() + random_string = "".join( + [safe_random.choice(string.ascii_lowercase + string.digits) for _ in range(8)] + ) + prefix = f"infection-monkey-{monkey_arg}-" + suffix = f"-{time.strftime('%Y-%m-%d-%H-%M-%S', time.gmtime())}.log" + log_file_path = os.path.join(log_directory, prefix + random_string + suffix) + + return log_file_path diff --git a/monkey/monkey_island/cc/services/config_schema/internal.py b/monkey/monkey_island/cc/services/config_schema/internal.py index 45b76dd23..c492d7904 100644 --- a/monkey/monkey_island/cc/services/config_schema/internal.py +++ b/monkey/monkey_island/cc/services/config_schema/internal.py @@ -188,29 +188,29 @@ INTERNAL = { "title": "Logging", "type": "object", "properties": { - "dropper_log_path_linux": { - "title": "Dropper log file path on Linux", + "dropper_log_directory_linux": { + "title": "Dropper log directory path on Linux", "type": "string", - "default": "/tmp/user-1562", - "description": "The fullpath of the dropper log file on Linux", + "default": "/tmp/", + "description": "The directory path of the dropper log file on Linux", }, - "dropper_log_path_windows": { - "title": "Dropper log file path on Windows", + "dropper_log_directory_windows": { + "title": "Dropper log directory path on Windows", "type": "string", - "default": "%temp%\\~df1562.tmp", - "description": "The fullpath of the dropper log file on Windows", + "default": "%temp%\\", + "description": "The directory path of the dropper log file on Windows", }, - "monkey_log_path_linux": { - "title": "Monkey log file path on Linux", + "monkey_log_directory_linux": { + "title": "Monkey log directory path on Linux", "type": "string", - "default": "/tmp/user-1563", - "description": "The fullpath of the monkey log file on Linux", + "default": "/tmp/", + "description": "The directory path of the monkey log file on Linux", }, - "monkey_log_path_windows": { - "title": "Monkey log file path on Windows", + "monkey_log_directory_windows": { + "title": "Monkey log directory path on Windows", "type": "string", - "default": "%temp%\\~df1563.tmp", - "description": "The fullpath of the monkey log file on Windows", + "default": "%temp%\\", + "description": "The directory path of the monkey log file on Windows", }, }, }, diff --git a/monkey/tests/data_for_tests/monkey_configs/flat_config.json b/monkey/tests/data_for_tests/monkey_configs/flat_config.json index fdac570f5..d7cc0734a 100644 --- a/monkey/tests/data_for_tests/monkey_configs/flat_config.json +++ b/monkey/tests/data_for_tests/monkey_configs/flat_config.json @@ -23,8 +23,8 @@ "depth": 2, "dropper_date_reference_path_linux": "/bin/sh", "dropper_date_reference_path_windows": "%windir%\\system32\\kernel32.dll", - "dropper_log_path_linux": "/tmp/user-1562", - "dropper_log_path_windows": "%temp%\\~df1562.tmp", + "dropper_log_directory_linux": "/tmp/", + "dropper_log_directory_windows": "%temp%\\", "dropper_set_date": true, "dropper_target_path_linux": "/tmp/monkey", "dropper_target_path_win_64": "C:\\Windows\\temp\\monkey64.exe", @@ -71,8 +71,8 @@ "keep_tunnel_open_time": 60, "local_network_scan": true, "max_depth": null, - "monkey_log_path_linux": "/tmp/user-1563", - "monkey_log_path_windows": "%temp%\\~df1563.tmp", + "monkey_log_directory_linux": "/tmp/", + "monkey_log_directory_windows": "%temp%\\", "ping_scan_timeout": 1000, "post_breach_actions": [ "CommunicateAsBackdoorUser", diff --git a/monkey/tests/data_for_tests/monkey_configs/monkey_config_standard.json b/monkey/tests/data_for_tests/monkey_configs/monkey_config_standard.json index 9891fef0c..447a775b6 100644 --- a/monkey/tests/data_for_tests/monkey_configs/monkey_config_standard.json +++ b/monkey/tests/data_for_tests/monkey_configs/monkey_config_standard.json @@ -107,10 +107,10 @@ "dropper_target_path_win_64": "C:\\Windows\\temp\\monkey64.exe" }, "logging": { - "dropper_log_path_linux": "/tmp/user-1562", - "dropper_log_path_windows": "%temp%\\~df1562.tmp", - "monkey_log_path_linux": "/tmp/user-1563", - "monkey_log_path_windows": "%temp%\\~df1563.tmp" + "dropper_log_directory_linux": "/tmp/", + "dropper_log_directory_windows": "%temp%\\", + "monkey_log_directory_linux": "/tmp/", + "monkey_log_directory_windows": "%temp%\\" }, "exploits": { "exploit_lm_hash_list": [],