From 085883d3a60acee45fc76d92e375ad0114247bfc Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Tue, 27 Sep 2022 18:08:36 +0530 Subject: [PATCH 01/12] UI: Add info box for "Scan Agent's networks" option in configuration --- .../configuration-components/UiSchema.js | 5 ++++- .../configuration/propagation/scanTarget.js | 18 ++++++++++-------- 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/monkey/monkey_island/cc/ui/src/components/configuration-components/UiSchema.js b/monkey/monkey_island/cc/ui/src/components/configuration-components/UiSchema.js index 67035f1f4..3256feeaa 100644 --- a/monkey/monkey_island/cc/ui/src/components/configuration-components/UiSchema.js +++ b/monkey/monkey_island/cc/ui/src/components/configuration-components/UiSchema.js @@ -60,7 +60,7 @@ export default function UiSchema(props) { }, network_scan: { targets: { - info_box: { + info_box_general: { 'ui:field': InfoBox }, blocked_ips: { @@ -73,6 +73,9 @@ export default function UiSchema(props) { classNames: 'config-template-no-header' } }, + info_box_scan_my_networks: { + 'ui:field': InfoBox + }, subnets: { items: { classNames: 'config-template-no-header' diff --git a/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js b/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js index 9b7aad256..b7071a395 100644 --- a/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js +++ b/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js @@ -2,9 +2,9 @@ const SCAN_TARGET_CONFIGURATION_SCHEMA = { 'title': 'Network', 'type': 'object', 'properties': { - 'info_box': { + 'info_box_general': { 'info': 'The Monkey scans for machines on each of the network interfaces of the ' + - 'machine it is running on if "Scan Agent\'s networks" is checked. ' + + 'machine it is running on, if "Scan Agent\'s networks" is checked. ' + 'Additionally, the Monkey scans machines according to "Scan target list". ' }, 'blocked_ips': { @@ -41,15 +41,17 @@ const SCAN_TARGET_CONFIGURATION_SCHEMA = { '\tDefine a segment using an subnet IP mask: "192.168.0.5/24"\n' + '\tDefine a single-host segment: "printer.example"' }, + 'info_box_scan_my_networks': { + 'info': 'If "Scan Agent\'s networks" is enabled, the Agent will go over all network ' + + 'interfaces and will scan their networks, ' + + 'in addition to the IPs that are configured manually in the "Scan target list". ' + + 'Note: If the Agent runs on a machine within a public network, ' + + 'this setting will cause scanning and exploitation attempts on that network.' + }, 'scan_my_networks': { 'title': 'Scan Agent\'s networks', 'type': 'boolean', - 'default': false, - 'description': 'If enabled, the Agent will go over all network interfaces and ' + - 'will scan their networks,' + - ' in addition to the IPs that are configured manually in the "Scan target list". ' + - 'Note: If the Agent runs on a machine within a public network,' + - ' this setting will cause scanning and exploitation attempts on that network.' + 'default': false }, 'subnets': { 'title': 'Scan target list', From bf7544c47a792e987ff904d7698e71a9b44fce3f Mon Sep 17 00:00:00 2001 From: Kekoa Kaaikala Date: Tue, 27 Sep 2022 15:43:43 +0000 Subject: [PATCH 02/12] Common: Disable scan_my_networks by default --- .../common/agent_configuration/default_agent_configuration.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/monkey/common/agent_configuration/default_agent_configuration.py b/monkey/common/agent_configuration/default_agent_configuration.py index 3c90ce914..5be900531 100644 --- a/monkey/common/agent_configuration/default_agent_configuration.py +++ b/monkey/common/agent_configuration/default_agent_configuration.py @@ -78,7 +78,7 @@ FINGERPRINTERS = ( ) SCAN_TARGET_CONFIGURATION = ScanTargetConfiguration( - blocked_ips=tuple(), inaccessible_subnets=tuple(), scan_my_networks=True, subnets=tuple() + blocked_ips=tuple(), inaccessible_subnets=tuple(), scan_my_networks=False, subnets=tuple() ) NETWORK_SCAN_CONFIGURATION = NetworkScanConfiguration( tcp=TCP_SCAN_CONFIGURATION, From e32d5555fb2de0e88e954db5d0dba4dbef29ff69 Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Wed, 28 Sep 2022 12:36:12 +0530 Subject: [PATCH 03/12] UI: Move segmentation section in network configuration to the end --- .../configuration/propagation/scanTarget.js | 49 +++++++++---------- 1 file changed, 24 insertions(+), 25 deletions(-) diff --git a/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js b/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js index b7071a395..af15b7cef 100644 --- a/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js +++ b/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js @@ -18,29 +18,6 @@ const SCAN_TARGET_CONFIGURATION_SCHEMA = { 'default': [], 'description': 'List of IPs that the monkey will not scan.' }, - 'inaccessible_subnets': { - 'title': 'Network segmentation testing', - 'type': 'array', - 'uniqueItems': true, - 'items': { - 'type': 'string', - 'format': 'ip-range' - }, - 'default': [], - 'description': 'Test for network segmentation by providing a list of network segments that should NOT be accessible to each other.\n\n ' + - 'For example, if you configured the following three segments: ' + - '"10.0.0.0/24", "11.0.0.2/32" and "12.2.3.0/24",' + - 'a Monkey running on 10.0.0.5 will try to access machines in ' + - 'the following subnets: ' + - '11.0.0.2/32, 12.2.3.0/24. An alert on successful cross-segment connections ' + - 'will be shown in the reports. \n\n' + - 'Network segments can be IPs, subnets or hosts. Examples:\n' + - '\tDefine a single-IP segment: "192.168.0.1"\n' + - '\tDefine a segment using a network range: ' + - '"192.168.0.5-192.168.0.20"\n' + - '\tDefine a segment using an subnet IP mask: "192.168.0.5/24"\n' + - '\tDefine a single-host segment: "printer.example"' - }, 'info_box_scan_my_networks': { 'info': 'If "Scan Agent\'s networks" is enabled, the Agent will go over all network ' + 'interfaces and will scan their networks, ' + @@ -70,8 +47,30 @@ const SCAN_TARGET_CONFIGURATION_SCHEMA = { '"192.168.0.5-192.168.0.20"\n' + '\tTarget a subnet using an IP mask: "192.168.0.5/24"\n' + '\tTarget a specific host: "printer.example"' - } - + }, + 'inaccessible_subnets': { + 'title': 'Network segmentation testing', + 'type': 'array', + 'uniqueItems': true, + 'items': { + 'type': 'string', + 'format': 'ip-range' + }, + 'default': [], + 'description': 'Test for network segmentation by providing a list of network segments that should NOT be accessible to each other.\n\n ' + + 'For example, if you configured the following three segments: ' + + '"10.0.0.0/24", "11.0.0.2/32" and "12.2.3.0/24",' + + 'a Monkey running on 10.0.0.5 will try to access machines in ' + + 'the following subnets: ' + + '11.0.0.2/32, 12.2.3.0/24. An alert on successful cross-segment connections ' + + 'will be shown in the reports. \n\n' + + 'Network segments can be IPs, subnets or hosts. Examples:\n' + + '\tDefine a single-IP segment: "192.168.0.1"\n' + + '\tDefine a segment using a network range: ' + + '"192.168.0.5-192.168.0.20"\n' + + '\tDefine a segment using an subnet IP mask: "192.168.0.5/24"\n' + + '\tDefine a single-host segment: "printer.example"' + }, } } export default SCAN_TARGET_CONFIGURATION_SCHEMA; From 793a401a331cfbd51906fdb813bfde3cdff3369e Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Wed, 28 Sep 2022 12:43:01 +0530 Subject: [PATCH 04/12] UI: Move and reword description in SCAN_TARGET_CONFIGURATION_SCHEMA --- .../src/services/configuration/propagation/scanTarget.js | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js b/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js index af15b7cef..5aef48d8c 100644 --- a/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js +++ b/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js @@ -1,12 +1,10 @@ const SCAN_TARGET_CONFIGURATION_SCHEMA = { 'title': 'Network', 'type': 'object', + 'description': 'If "Scan Agent\'s networks" is checked, the Monkey scans for machines on each ' + + 'of the network interfaces of the machine it is running on.\nAdditionally, the Monkey scans ' + + 'machines according to "Scan target list" and skips machines in "Blocked IPs".', 'properties': { - 'info_box_general': { - 'info': 'The Monkey scans for machines on each of the network interfaces of the ' + - 'machine it is running on, if "Scan Agent\'s networks" is checked. ' + - 'Additionally, the Monkey scans machines according to "Scan target list". ' - }, 'blocked_ips': { 'title': 'Blocked IPs', 'type': 'array', From 98d01b53241965692b2b2bfb684b85debe7ee706 Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Wed, 28 Sep 2022 12:52:39 +0530 Subject: [PATCH 05/12] UI: Reword in SCAN_TARGET_CONFIGURATION_SCHEMA's info_box_scan_my_networks --- .../cc/ui/src/services/configuration/propagation/scanTarget.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js b/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js index 5aef48d8c..ef532fc73 100644 --- a/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js +++ b/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js @@ -20,7 +20,7 @@ const SCAN_TARGET_CONFIGURATION_SCHEMA = { 'info': 'If "Scan Agent\'s networks" is enabled, the Agent will go over all network ' + 'interfaces and will scan their networks, ' + 'in addition to the IPs that are configured manually in the "Scan target list". ' + - 'Note: If the Agent runs on a machine within a public network, ' + + 'Note that if the Agent runs on a machine within a public network, ' + 'this setting will cause scanning and exploitation attempts on that network.' }, 'scan_my_networks': { From 8a96598d10aeedc83e2194b403b020c7c31ad530 Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Wed, 28 Sep 2022 13:08:03 +0530 Subject: [PATCH 06/12] UI: Remove trailing comma in SCAN_TARGET_CONFIGURATION_SCHEMA --- .../cc/ui/src/services/configuration/propagation/scanTarget.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js b/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js index ef532fc73..aa8ad101e 100644 --- a/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js +++ b/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js @@ -68,7 +68,7 @@ const SCAN_TARGET_CONFIGURATION_SCHEMA = { '"192.168.0.5-192.168.0.20"\n' + '\tDefine a segment using an subnet IP mask: "192.168.0.5/24"\n' + '\tDefine a single-host segment: "printer.example"' - }, + } } } export default SCAN_TARGET_CONFIGURATION_SCHEMA; From 05e9c2af626ec89226885b0c809a2aca80d69b9b Mon Sep 17 00:00:00 2001 From: Kekoa Kaaikala Date: Wed, 28 Sep 2022 17:40:56 +0000 Subject: [PATCH 07/12] UI: Add WarningBox --- .../configuration-components/UiSchema.js | 6 ++---- .../configuration-components/WarningBox.js | 17 +++++++++++++++++ 2 files changed, 19 insertions(+), 4 deletions(-) create mode 100644 monkey/monkey_island/cc/ui/src/components/configuration-components/WarningBox.js diff --git a/monkey/monkey_island/cc/ui/src/components/configuration-components/UiSchema.js b/monkey/monkey_island/cc/ui/src/components/configuration-components/UiSchema.js index 3256feeaa..5b96cdae6 100644 --- a/monkey/monkey_island/cc/ui/src/components/configuration-components/UiSchema.js +++ b/monkey/monkey_island/cc/ui/src/components/configuration-components/UiSchema.js @@ -1,6 +1,7 @@ import AdvancedMultiSelect from '../ui-components/AdvancedMultiSelect'; import InfoBox from './InfoBox'; import TextBox from './TextBox.js'; +import WarningBox from './WarningBox'; import PbaInput from './PbaInput'; import { API_PBA_LINUX, API_PBA_WINDOWS } from '../pages/ConfigurePage'; import SensitiveTextInput from '../ui-components/SensitiveTextInput'; @@ -60,9 +61,6 @@ export default function UiSchema(props) { }, network_scan: { targets: { - info_box_general: { - 'ui:field': InfoBox - }, blocked_ips: { items: { classNames: 'config-template-no-header' @@ -74,7 +72,7 @@ export default function UiSchema(props) { } }, info_box_scan_my_networks: { - 'ui:field': InfoBox + 'ui:field': WarningBox }, subnets: { items: { diff --git a/monkey/monkey_island/cc/ui/src/components/configuration-components/WarningBox.js b/monkey/monkey_island/cc/ui/src/components/configuration-components/WarningBox.js new file mode 100644 index 000000000..89b1c4534 --- /dev/null +++ b/monkey/monkey_island/cc/ui/src/components/configuration-components/WarningBox.js @@ -0,0 +1,17 @@ +import * as React from 'react'; +import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; +import { faExclamationTriangle } from '@fortawesome/free-solid-svg-icons/faExclamationTriangle'; + +class WarningBox extends React.Component { + + render() { + return ( +
+ + {this.props.schema.info} +
+ ); + } +} + +export default WarningBox; From 4038622e8361e25d5a1fb36f5bb6953e8e1770fd Mon Sep 17 00:00:00 2001 From: Kekoa Kaaikala Date: Wed, 28 Sep 2022 17:55:53 +0000 Subject: [PATCH 08/12] UI: Remove redundant info from info box --- .../ui/src/services/configuration/propagation/scanTarget.js | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js b/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js index aa8ad101e..2cea44fbf 100644 --- a/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js +++ b/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js @@ -17,10 +17,7 @@ const SCAN_TARGET_CONFIGURATION_SCHEMA = { 'description': 'List of IPs that the monkey will not scan.' }, 'info_box_scan_my_networks': { - 'info': 'If "Scan Agent\'s networks" is enabled, the Agent will go over all network ' + - 'interfaces and will scan their networks, ' + - 'in addition to the IPs that are configured manually in the "Scan target list". ' + - 'Note that if the Agent runs on a machine within a public network, ' + + 'info': 'If the Agent runs on a machine within a public network, ' + 'this setting will cause scanning and exploitation attempts on that network.' }, 'scan_my_networks': { From 09cf2762f9a3ab5c344e74312bd37c0c05bee317 Mon Sep 17 00:00:00 2001 From: Kekoa Kaaikala Date: Wed, 28 Sep 2022 18:07:31 +0000 Subject: [PATCH 09/12] UI: Use yellow warning icon --- .../ui/src/components/configuration-components/WarningBox.js | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/monkey/monkey_island/cc/ui/src/components/configuration-components/WarningBox.js b/monkey/monkey_island/cc/ui/src/components/configuration-components/WarningBox.js index 89b1c4534..5192cac5e 100644 --- a/monkey/monkey_island/cc/ui/src/components/configuration-components/WarningBox.js +++ b/monkey/monkey_island/cc/ui/src/components/configuration-components/WarningBox.js @@ -1,13 +1,12 @@ import * as React from 'react'; -import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; -import { faExclamationTriangle } from '@fortawesome/free-solid-svg-icons/faExclamationTriangle'; +import WarningIcon from '../ui-components/WarningIcon'; class WarningBox extends React.Component { render() { return (
- + {this.props.schema.info}
); From 2f7f4fef9c02151eb23d84115feacb3359ff9ddb Mon Sep 17 00:00:00 2001 From: Kekoa Kaaikala Date: Wed, 28 Sep 2022 18:18:35 +0000 Subject: [PATCH 10/12] UI: Fix warning icon spacing --- .../src/styles/pages/ConfigurationPage.scss | 33 +++++++++++-------- 1 file changed, 20 insertions(+), 13 deletions(-) diff --git a/monkey/monkey_island/cc/ui/src/styles/pages/ConfigurationPage.scss b/monkey/monkey_island/cc/ui/src/styles/pages/ConfigurationPage.scss index 22f396b56..330b2fee7 100644 --- a/monkey/monkey_island/cc/ui/src/styles/pages/ConfigurationPage.scss +++ b/monkey/monkey_island/cc/ui/src/styles/pages/ConfigurationPage.scss @@ -1,25 +1,26 @@ -.config-nav > li > a{ +.config-nav>li>a { height: 50px !important; } -.config-nav .nav-link.tab-primary{ +.config-nav .nav-link.tab-primary { color: $monkey-alt; font-weight: bold; } -.config-nav .nav-item > a{ +.config-nav .nav-item>a { color: $black; padding: 15px 10px 15px 10px; } -.config-nav .nav-item > a.active{ +.config-nav .nav-item>a.active { font-weight: bold; color: $black; } -.config-nav .nav-item > a:hover:not(.active), .config-nav .nav-item > a:focus:not(.active){ - text-decoration: none; - background-color: $light-gray; +.config-nav .nav-item>a:hover:not(.active), +.config-nav .nav-item>a:focus:not(.active) { + text-decoration: none; + background-color: $light-gray; } .config-form legend { @@ -35,15 +36,15 @@ display: none; } -.config-template-no-header > p { +.config-template-no-header>p { display: none; } -.config-template-no-header > label { +.config-template-no-header>label { display: none; } -.config-form .form-group.field > label { +.config-form .form-group.field>label { margin-top: 10px; margin-bottom: 5px; font-size: 1.2em; @@ -54,7 +55,13 @@ } .warning-icon { - text-transform: uppercase; - color: #FFC107; - margin-left: .75em; + text-transform: uppercase; + color: #FFC107; + margin-left: .75em; +} + +.alert-info .warning-icon { + text-transform: uppercase; + color: #FFC107; + margin-right: .5em; } From ab919f6d5784e3a57cf1928207c8f01b24b46aa2 Mon Sep 17 00:00:00 2001 From: Kekoa Kaaikala Date: Wed, 28 Sep 2022 19:21:09 +0000 Subject: [PATCH 11/12] UI: Use colors from existing warning theme --- .../src/components/configuration-components/WarningBox.js | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/monkey/monkey_island/cc/ui/src/components/configuration-components/WarningBox.js b/monkey/monkey_island/cc/ui/src/components/configuration-components/WarningBox.js index 5192cac5e..de5b352b4 100644 --- a/monkey/monkey_island/cc/ui/src/components/configuration-components/WarningBox.js +++ b/monkey/monkey_island/cc/ui/src/components/configuration-components/WarningBox.js @@ -1,12 +1,13 @@ import * as React from 'react'; -import WarningIcon from '../ui-components/WarningIcon'; +import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; +import { faExclamationTriangle } from '@fortawesome/free-solid-svg-icons/faExclamationTriangle'; class WarningBox extends React.Component { render() { return ( -
- +
+ {this.props.schema.info}
); From e8449817ad6f31f253d408928913e0913cd4bde1 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Wed, 28 Sep 2022 15:37:40 -0400 Subject: [PATCH 12/12] Island: Reword Scan Agent's networks tool tip wording --- .../ui/src/services/configuration/propagation/scanTarget.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js b/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js index 2cea44fbf..bb9c6a8a0 100644 --- a/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js +++ b/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js @@ -17,8 +17,8 @@ const SCAN_TARGET_CONFIGURATION_SCHEMA = { 'description': 'List of IPs that the monkey will not scan.' }, 'info_box_scan_my_networks': { - 'info': 'If the Agent runs on a machine within a public network, ' + - 'this setting will cause scanning and exploitation attempts on that network.' + 'info': 'If the agent runs on a machine that has a publicly-facing network interface, ' + + 'this setting could cause scanning and exploitation of systems outside your organization.' }, 'scan_my_networks': { 'title': 'Scan Agent\'s networks',