Merge branch '1576-simplify-server-config-json' into agent-refactor

CHANGELOG.md

@@ -12,6 +12,7 @@ Changelog](https://keepachangelog.com/en/1.0.0/).
 ### Changed
 - "Communicate as Backdoor User" PBA's HTTP requests to request headers only and
   include a timeout. #1577
+- The setup procedure for custom server_config.json files to be simpler. #1576
 
 ### Removed
 - The VSFTPD exploiter. #1533

build_scripts/docker/server_config.json

@@ -1,9 +1,5 @@
 {
   "data_dir": "/monkey_island_data",
-  "log_level": "DEBUG",
-  "environment": {
-    "server_config": "password"
-  },
   "mongodb": {
     "start_mongodb": false
   }

docs/content/FAQ/_index.md

@@ -16,9 +16,8 @@ Below are some of the most common questions we receive about the Infection Monke
 - [Should I run the Infection Monkey continuously?](#should-i-run-the-infection-monkey-continuously)
   - [Which queries does the Infection Monkey perform to the internet exactly?](#which-queries-does-the-infection-monkey-perform-to-the-internet-exactly)
 - [Logging and how to find logs](#logging-and-how-to-find-logs)
-  - [Monkey Island server](#monkey-island-server)
+  - [Monkey Island server logs](#monkey-island-server-logs)
-  - [Infection Monkey agent](#infection-monkey-agent)
+  - [Infection Monkey agent logs](#infection-monkey-agent-logs)
-  - [How do I change the log level of the Monkey Island logger?](#how-do-i-change-the-log-level-of-the-monkey-island-logger)
 - [Running the Infection Monkey in a production environment](#running-the-infection-monkey-in-a-production-environment)
   - [How much of a footprint does the Infection Monkey leave?](#how-much-of-a-footprint-does-the-infection-monkey-leave)
   - [What's the Infection Monkey Agent's impact on system resources usage?](#whats-the-infection-monkeys-impact-on-system-resources-usage)
@@ -174,6 +173,10 @@ The log enables you to see which requests were requested from the server and ext
 2019-07-23 10:52:24,027 - report.py:580 - get_domain_issues() - INFO - Domain issues generated for reporting
 ```
 
+It's also possible to change the default log level by editing `log_level` value in a [server configuration file](../../reference/server_configuration).
+`log_level` can be set to `info`(default, less verbose) or `debug`(more verbose).
+
+
 ### Infection Monkey agent logs
 
 The Infection Monkey agent log file can be found in the following paths on machines where it was executed:
@@ -197,26 +200,6 @@ The logs contain information about the internals of the Infection Monkey agent's
 2019-07-22 19:16:45,013 [77598:140654230214464:DEBUG] connectionpool._make_request.396: https://updates.infectionmonkey.com:443 "GET / HTTP/1.1" 200 61
 ```
 
-### How do I change the log level of the Monkey Island logger?
-
-The log level of the Monkey Island logger is set in the `log_level` field
-in the `server_config.json` file (located in the [data directory]({{< ref "/reference/data_directory" >}})).
-Make sure to leave everything else in `server_config.json` unchanged:
-
-```json
-{
-  ...
-  "log_level": "DEBUG",
-  ...
-}
-```
-
-Logging levels correspond to [the logging level constants in python](https://docs.python.org/3.7/library/logging.html#logging-levels).
-
-To apply the changes, reset the Monkey Island process.
-On Linux, use `sudo systemctl restart monkey-island.service`.
-On Windows, restart the program.
-
 ## Running the Infection Monkey in a production environment
 
 ### How much of a footprint does the Infection Monkey leave?

docs/content/reference/data_directory.md

@@ -22,7 +22,7 @@ On Windows, the default path is `%AppData%\monkey_island`.
 The location of the data directory is set in the `data_dir` field in the
 `server_config.json` file.
 
-1. Create a custom `server_config.json` file and set the `data_dir` field. Its
+1. [Create a custom server_config.json file](../server_configuration) and set the `data_dir` field. Its
    contents will look like:
 
     ```json

docs/content/reference/server_configuration.md

@@ -0,0 +1,47 @@
+---
+title: "Server configuration"
+date: 2021-11-26T12:00:19+02:00
+draft: true
+pre: '<i class="fas fa-cogs"></i> '
+weight: 1
+---
+
+## Configuring the Island
+
+The Island Server(C&C) is configured by creating a `server_config.json` file.
+
+### Creating a configuration file
+
+Here's an example `server_config.json` with all options specified:
+```json
+{
+  "log_level": "DEBUG",
+  "ssl_certificate": {
+    "ssl_certificate_file": "<PATH_TO_CRT_FILE>",
+    "ssl_certificate_key_file": "<PATH_TO_KEY_FILE>"
+  },
+  "mongodb": {
+    "start_mongodb": true
+  },
+  "data_dir": "/monkey_island_data"
+}
+```
+
+Only relevant options can be specified, for example:
+```json
+{
+  "ssl_certificate": {
+    "ssl_certificate_file": "<PATH_TO_CRT_FILE>",
+    "ssl_certificate_key_file": "<PATH_TO_KEY_FILE>"
+  }
+}
+```
+
+### Configuration options
+
+See setup instructions for your operating system to understand how to apply these.
+
+ - `log_level` - can be set to `"DEBUG"`(verbose), `"INFO"`(less verbose) or `"ERROR"`(silent, except errors).
+ - `ssl_certificate` - contains paths for files, required to run the Island server with custom certificate.
+ - `data_dir` - path to a writeable directory where the Island will store the database and other files.
+ - `mongodb` - options for MongoDB. Should not be changed unless you want to run your own instance of MongoDB.

docs/content/setup/docker.md

@@ -49,12 +49,12 @@ any MongoDB containers or volumes associated with the previous version.
         mongo:4.2
     ```
 
-### 3a. Start Monkey Island with default certificate
+### 3. Start Monkey Island with default certificate
 
 By default, Infection Monkey comes with a [self-signed SSL certificate](https://aboutssl.org/what-is-self-sign-certificate/). In
 enterprise or other security-sensitive environments, it is recommended that the
 user [provide Infection Monkey with a
-certificate](#3b-start-monkey-island-with-user-provided-certificate) that has
+certificate](#start-monkey-island-with-user-provided-certificate) that has
 been signed by a private certificate authority.
 
 1. Run the Monkey Island server
@@ -67,23 +67,57 @@ been signed by a private certificate authority.
         guardicore/monkey-island:VERSION
     ```
 
-### 3b. Start Monkey Island with user-provided certificate
+### 4. Accessing Monkey Island
-{{% notice info %}}
-If you are upgrading the Infection Monkey to a new version, be sure to remove
-any volumes associated with the previous version.
-{{% /notice %}}
 
-1. Create a directory named `monkey_island_data`. If you already have it,
+After the Monkey Island docker container starts, you can access Monkey Island by pointing your browser at `https://localhost:5000`.
-   **make sure it's empty**. This will serve as the location where Infection
-   Monkey stores its configuration and runtime artifacts.
 
+## Configuring the server
+
+You can configure the server by mounting a volume and specifying a
+ [server configuration file](../../reference/server_configuration):
+
+1. Create a directory for server configuration file, e.g. `monkey_island_data`:
     ```bash
     mkdir ./monkey_island_data
     chmod 700 ./monkey_island_data
     ```
+1. Move your `server_config.json` file to `./monkey_island_data` directory.
+1. Run the container with a mounted volume, specify the path to the `server_config.json`:
+```bash
+sudo docker run \
+    --rm \
+    --name monkey-island \
+    --network=host \
+    --user "$(id -u ${USER}):$(id -g ${USER})" \
+    --volume "$(realpath ./monkey_island_data)":/monkey_island_data \
+    guardicore/monkey-island:VERSION --setup-only --server-config="/monkey_island_data/server_config.json"
+```
 
-1. Run Monkey Island with the `--setup-only` flag to populate the `./monkey_island_data` directory with a default `server_config.json` file.
+### Start Monkey Island with user-provided certificate
 
+By default, Infection Monkey comes with a [self-signed SSL
+certificate](https://aboutssl.org/what-is-self-sign-certificate/). In
+enterprise or other security-sensitive environments, it is recommended that the
+user provide Infection Monkey with a certificate that has been signed by a
+private certificate authority.
+
+1. Terminate the docker container if it's already running.
+1. Move your `.crt` and `.key` files to `./monkey_island_data` (directory created for the volume).
+1. Make sure that your `.crt` and `.key` files are readable only by you.
+    ```bash
+    chmod 600 <PATH_TO_KEY_FILE>
+    chmod 600 <PATH_TO_CRT_FILE>
+    ```
+1. Modify the [server configuration file](../../reference/server_configuration) and add the following lines:
+    ```json
+    {
+        "ssl_certificate": {
+            "ssl_certificate_file": "/monkey_island_data/my_cert.crt",
+            "ssl_certificate_key_file": "/monkey_island_data/my_key.key"
+        }
+    }
+    ```
+1. Run the container with a mounted volume, specify the path to the `server_config.json`:
     ```bash
     sudo docker run \
         --rm \
@@ -91,55 +125,32 @@ any volumes associated with the previous version.
         --network=host \
         --user "$(id -u ${USER}):$(id -g ${USER})" \
         --volume "$(realpath ./monkey_island_data)":/monkey_island_data \
-        guardicore/monkey-island:VERSION --setup-only
+        guardicore/monkey-island:VERSION --setup-only --server-config="/monkey_island_data/server_config.json"
     ```
+1. Access the Monkey Island web UI by pointing your browser at
+   `https://localhost:5000`.
 
-1. Move your `.crt` and `.key` files to `./monkey_island_data`.
+### Change logging level
 
-1. Make sure that your `.crt` and `.key` files are readable and writeable only by you.
+1. Stop the docker container if it's already running.
-
+1. Modify the [server configuration file](../../reference/server_configuration) by adding the following lines:
-    ```bash
+    ```json
-    chmod 600 ./monkey_island_data/<KEY_FILE>
-    chmod 600 ./monkey_island_data/<CRT_FILE>
-    ```
-
-1.  Edit `./monkey_island_data/server_config.json` to configure Monkey Island
-    to use your certificate. Your config should look something like this:
-
-    ```json {linenos=inline,hl_lines=["11-14"]}
     {
-      "data_dir": "/monkey_island_data",
+        "log_level": "INFO"
-      "log_level": "DEBUG",
-      "environment": {
-        "server_config": "password",
-        "deployment": "docker"
-      },
-      "mongodb": {
-        "start_mongodb": false
-     },
-      "ssl_certificate": {
-        "ssl_certificate_file": "/monkey_island_data/<CRT_FILE>",
-        "ssl_certificate_key_file": "/monkey_island_data/<KEY_FILE>"
-      }
     }
     ```
-
+1. Run the container with a mounted volume, specify the path to the `server_config.json`:
-1. Start the Monkey Island server:
-
     ```bash
     sudo docker run \
-        --tty \
+        --rm \
-        --interactive \
         --name monkey-island \
         --network=host \
         --user "$(id -u ${USER}):$(id -g ${USER})" \
         --volume "$(realpath ./monkey_island_data)":/monkey_island_data \
-        guardicore/monkey-island:VERSION
+        guardicore/monkey-island:VERSION --setup-only --server-config="/monkey_island_data/server_config.json"
     ```
-
+1. Access the Monkey Island web UI by pointing your browser at
-### 4. Accessing Monkey Island
+   `https://localhost:5000`.
-
-After the Monkey Island docker container starts, you can access Monkey Island by pointing your browser at `https://localhost:5000`.
 
 ## Upgrading
 

docs/content/setup/linux.md

@@ -46,6 +46,14 @@ do, see the [FAQ]({{< ref
 >}}) for more information.
 {{% /notice %}}
 
+## Configuring the server
+
+You can configure the server by creating
+a [server configuration file](../../reference/server_configuration) and
+providing a path to it via command line parameters:
+
+`./InfectionMonkey-v1.12.0.AppImage --server-config="/path/to/server_config.json"`
+
 ### Start Monkey Island with user-provided certificate
 
 By default, Infection Monkey comes with a [self-signed SSL
@@ -54,13 +62,7 @@ enterprise or other security-sensitive environments, it is recommended that the
 user provide Infection Monkey with a certificate that has been signed by a
 private certificate authority.
 
-1. Run the Infection Monkey AppImage package with the `--setup-only` flag to
+1. Terminate the Island process if it's already running.
-   populate the `$HOME/.monkey_island` directory with a default
-   `server_config.json` file.
-
-    ```bash
-    ./InfectionMonkey-v1.12.0.AppImage --setup-only
-    ```
 
 1. (Optional but recommended) Move your `.crt` and `.key` files to
    `$HOME/.monkey_island`.
@@ -72,30 +74,42 @@ private certificate authority.
     chmod 600 <PATH_TO_CRT_FILE>
     ```
 
-1.  Edit `$HOME/.monkey_island/server_config.json` to configure Monkey Island
+1. Create a [server configuration file and provide the path to the certificate](../../reference/server_configuration).
-    to use your certificate. Your config should look something like this:
+The server configuration file should look something like:
 
-    ```json {linenos=inline,hl_lines=["11-14"]}
+    ```json
     {
-      "data_dir": "~/.monkey_island",
+        "ssl_certificate": {
-      "log_level": "DEBUG",
+            "ssl_certificate_file": "$HOME/.monkey_island/my_cert.crt",
-      "environment": {
+            "ssl_certificate_key_file": "$HOME/.monkey_island/my_key.key"
-        "server_config": "password",
+        }
-        "deployment": "linux"
-      },
-      "mongodb": {
-        "start_mongodb": true
-     },
-      "ssl_certificate": {
-        "ssl_certificate_file": "<PATH_TO_CRT_FILE>",
-        "ssl_certificate_key_file": "<PATH_TO_KEY_FILE>"
-      }
     }
     ```
 
 1. Start Monkey Island by running the Infection Monkey AppImage package:
     ```bash
-    ./InfectionMonkey-v1.12.0.AppImage
+    ./InfectionMonkey-v1.12.0.AppImage --server-config="/path/to/server_config.json"
+    ```
+
+1. Access the Monkey Island web UI by pointing your browser at
+   `https://localhost:5000`.
+
+### Change logging level
+
+1. Terminate the Island process if it's already running.
+
+1. Create a [server configuration file](../../reference/server_configuration).
+The server configuration file should look something like:
+
+    ```json
+    {
+        "log_level": "INFO"
+    }
+    ```
+
+1. Start Monkey Island by running the Infection Monkey AppImage package:
+    ```bash
+    ./InfectionMonkey-v1.12.0.AppImage --server-config="/path/to/server_config.json"
     ```
 
 1. Access the Monkey Island web UI by pointing your browser at

docs/content/setup/windows.md

@@ -26,6 +26,13 @@ do, see the [FAQ]({{< ref
 "/faq/#i-updated-to-a-new-version-of-the-infection-monkey-and-im-being-asked-to-delete-my-existing-data-directory-why"
 >}}) for more information.
 {{% /notice %}}
+>
+## Configuring the server
+
+You can configure the server by editing [the configuration
+file](../../reference/server_configuration) located in installation directory.
+The default path is
+`C:\Program Files\Guardicore\Monkey Island\monkey\monkey_island\cc\server_config.json`.
 
 ### Start Monkey Island with user-provided certificate
 
@@ -34,32 +41,35 @@ enterprise or other security-sensitive environments, it is recommended that the
 user provide Infection Monkey with a certificate that has been signed by a
 private certificate authority.
 
-1. If you haven't already, run the Monkey Island by clicking on the desktop
-   shortcut. This will populate MongoDB, as well as create and populate
-   `%AppData%\monkey_island`.
 1. Stop the Monkey Island process.
 1. (Optional but recommended) Move your `.crt` and `.key` files to `%AppData%\monkey_island`.
-1. Edit `%AppData%\monkey_island\server_config.json` to configure Monkey Island
+1. Modify the `server_config.json` (by default located in `C:\Program Files\Guardicore\Monkey Island\monkey\monkey_island\cc\server_config.json`) by adding the following lines:
-   to use your certificate. Your config should look something like this:
+    ```json
-
-    ```json {linenos=inline,hl_lines=["11-14"]}
     {
-      "log_level": "DEBUG",
+      ...
-      "environment": {
-        "server_config": "password",
-        "deployment": "windows"
-      },
-      "mongodb": {
-        "start_mongodb": true
-     },
       "ssl_certificate": {
-        "ssl_certificate_file": "<PATH_TO_CRT_FILE>",
+            "ssl_certificate_file": "%AppData%\\monkey_island\\my_cert.crt",
-        "ssl_certificate_key_file": "<PATH_TO_KEY_FILE>"
+            "ssl_certificate_key_file": "%AppData%\\monkey_island\\my_key.key"
-      }
+      },
+      ...
     }
     ```
 1. Run the Monkey Island by clicking on the desktop shortcut.
+1. Access the Monkey Island web UI by pointing your browser at
+   `https://localhost:5000`.
 
+### Change logging level
+
+1. Stop the Island server.
+1. Modify the `server_config.json` (by default located in `C:\Program Files\Guardicore\Monkey Island\monkey\monkey_island\cc\server_config.json`) by adding the following lines:
+    ```json
+    {
+        ...
+        "log_level": "INFO",
+        ...
+    }
+    ```
+1. Run the Monkey Island by clicking on the desktop shortcut.
 1. Access the Monkey Island web UI by pointing your browser at
    `https://localhost:5000`.
 

monkey/monkey_island/cc/environment/server_config_handler.py

@@ -1,27 +0,0 @@
-import json
-import os
-from pathlib import Path
-
-from monkey_island.cc.server_utils.consts import DEFAULT_SERVER_CONFIG_PATH, SERVER_CONFIG_FILENAME
-from monkey_island.cc.setup.island_config_options import IslandConfigOptions
-
-
-def create_default_server_config_file(data_dir: str) -> str:
-    config_file_path = os.path.join(data_dir, SERVER_CONFIG_FILENAME)
-    if not os.path.isfile(config_file_path):
-        write_default_server_config_to_file(config_file_path)
-
-    return config_file_path
-
-
-def write_default_server_config_to_file(path: str) -> None:
-    default_config = Path(DEFAULT_SERVER_CONFIG_PATH).read_text()
-    Path(path).write_text(default_config)
-
-
-def load_server_config_from_file(server_config_path) -> IslandConfigOptions:
-    with open(server_config_path, "r") as f:
-        config_content = f.read()
-        config = json.loads(config_content)
-
-        return IslandConfigOptions(config)

monkey/monkey_island/cc/server_config.json

@@ -1,8 +1,5 @@
 {
   "log_level": "DEBUG",
-  "environment": {
-    "server_config": "password"
-  },
   "mongodb": {
         "start_mongodb": true
   }

monkey/monkey_island/cc/server_setup.py

@@ -3,14 +3,13 @@ import json
 import logging
 import sys
 from pathlib import Path
-from sys import exit
 from threading import Thread
-from typing import Tuple
 
 import gevent.hub
 from gevent.pywsgi import WSGIServer
 
 from monkey_island.cc.server_utils.consts import ISLAND_PORT
+from monkey_island.cc.setup.config_setup import get_server_config
 
 # Add the monkey_island directory to the path, to make sure imports that don't start with
 # "monkey_island." work.
@@ -18,7 +17,6 @@ MONKEY_ISLAND_DIR_BASE_PATH = str(Path(__file__).parent.parent)
 if str(MONKEY_ISLAND_DIR_BASE_PATH) not in sys.path:
     sys.path.insert(0, MONKEY_ISLAND_DIR_BASE_PATH)
 
-import monkey_island.cc.setup.config_setup as config_setup  # noqa: E402
 from common.version import get_version  # noqa: E402
 from monkey_island.cc.app import init_app  # noqa: E402
 from monkey_island.cc.arg_parser import IslandCmdArgs  # noqa: E402
@@ -34,7 +32,7 @@ from monkey_island.cc.services.initialize import initialize_services  # noqa: E4
 from monkey_island.cc.services.reporting.exporter_init import populate_exporter_list  # noqa: E402
 from monkey_island.cc.services.utils.network_utils import local_ip_addresses  # noqa: E402
 from monkey_island.cc.setup import island_config_options_validator  # noqa: E402
-from monkey_island.cc.setup.data_dir import IncompatibleDataDirectory  # noqa: E402
+from monkey_island.cc.setup.data_dir import IncompatibleDataDirectory, setup_data_dir  # noqa: E402
 from monkey_island.cc.setup.gevent_hub_error_handler import GeventHubErrorHandler  # noqa: E402
 from monkey_island.cc.setup.island_config_options import IslandConfigOptions  # noqa: E402
 from monkey_island.cc.setup.mongo import mongo_setup  # noqa: E402
@@ -45,12 +43,13 @@ logger = logging.getLogger(__name__)
 
 def run_monkey_island():
     island_args = parse_cli_args()
-    config_options, server_config_path = _setup_data_dir(island_args)
+    config_options = _extract_config(island_args)
+    _setup_data_dir(config_options.data_dir)
 
     _exit_on_invalid_config_options(config_options)
 
     _configure_logging(config_options)
-    _initialize_globals(config_options, server_config_path)
+    _initialize_globals(config_options.data_dir)
 
     mongo_db_process = None
     if config_options.start_mongodb:
@@ -58,22 +57,24 @@ def run_monkey_island():
 
     _connect_to_mongodb(mongo_db_process)
 
-    _configure_gevent_exception_handling(Path(config_options.data_dir))
+    _configure_gevent_exception_handling(config_options.data_dir)
     _start_island_server(island_args.setup_only, config_options)
 
 
-def _setup_data_dir(island_args: IslandCmdArgs) -> Tuple[IslandConfigOptions, str]:
+def _extract_config(island_args: IslandCmdArgs) -> IslandConfigOptions:
     try:
-        return config_setup.setup_server_config(island_args)
+        return get_server_config(island_args)
-    except OSError as ex:
-        print(f"Error opening server config file: {ex}")
-        exit(1)
     except json.JSONDecodeError as ex:
         print(f"Error loading server config: {ex}")
-        exit(1)
+        sys.exit(1)
+
+
+def _setup_data_dir(data_dir_path: Path):
+    try:
+        setup_data_dir(data_dir_path)
     except IncompatibleDataDirectory as ex:
         print(f"Incompatible data directory: {ex}")
-        exit(1)
+        sys.exit(1)
 
 
 def _exit_on_invalid_config_options(config_options: IslandConfigOptions):
@@ -81,7 +82,7 @@ def _exit_on_invalid_config_options(config_options: IslandConfigOptions):
         island_config_options_validator.raise_on_invalid_options(config_options)
     except Exception as ex:
         print(f"Configuration error: {ex}")
-        exit(1)
+        sys.exit(1)
 
 
 def _configure_logging(config_options):
@@ -89,8 +90,8 @@ def _configure_logging(config_options):
     setup_logging(config_options.data_dir, config_options.log_level)
 
 
-def _initialize_globals(config_options: IslandConfigOptions, server_config_path: str):
+def _initialize_globals(data_dir: Path):
-    initialize_services(config_options.data_dir)
+    initialize_services(data_dir)
 
 
 def _start_mongodb(data_dir: Path) -> MongoDbProcess:

monkey/monkey_island/cc/server_utils/consts.py

@@ -36,8 +36,6 @@ MONGO_EXECUTABLE_PATH = (
 )
 MONGO_CONNECTION_TIMEOUT = 15
 
-DEFAULT_SERVER_CONFIG_PATH = str(Path(MONKEY_ISLAND_ABS_PATH, "cc", SERVER_CONFIG_FILENAME))
-
 DEFAULT_LOG_LEVEL = "INFO"
 
 DEFAULT_START_MONGO_DB = True

monkey/monkey_island/cc/setup/config_setup.py

@@ -1,42 +1,39 @@
-from typing import Tuple
+import json
+from logging import getLogger
+from pathlib import Path
 
 from common.utils.file_utils import expand_path
 from monkey_island.cc.arg_parser import IslandCmdArgs
-from monkey_island.cc.environment import server_config_handler
+from monkey_island.cc.server_utils.consts import MONKEY_ISLAND_ABS_PATH, SERVER_CONFIG_FILENAME
-from monkey_island.cc.server_utils.consts import DEFAULT_SERVER_CONFIG_PATH
-from monkey_island.cc.setup.data_dir import setup_data_dir
 from monkey_island.cc.setup.island_config_options import IslandConfigOptions
 
+logger = getLogger(__name__)
+
+PACKAGE_CONFIG_PATH = Path(MONKEY_ISLAND_ABS_PATH, "cc", SERVER_CONFIG_FILENAME)
+
+
+def get_server_config(island_args: IslandCmdArgs) -> IslandConfigOptions:
+    config = IslandConfigOptions()
+
+    _update_config_from_file(config, PACKAGE_CONFIG_PATH)
 
-def setup_server_config(island_args: IslandCmdArgs) -> Tuple[IslandConfigOptions, str]:
     if island_args.server_config_path:
-        return _setup_config_by_cmd_arg(island_args.server_config_path)
+        path_to_config = expand_path(island_args.server_config_path)
+        _update_config_from_file(config, path_to_config)
 
-    return _setup_default_config()
+    return config
 
 
-def _setup_config_by_cmd_arg(server_config_path) -> Tuple[IslandConfigOptions, str]:
+def _update_config_from_file(config: IslandConfigOptions, config_path: Path):
-    server_config_path = expand_path(server_config_path)
+    try:
-    config = server_config_handler.load_server_config_from_file(server_config_path)
+        config_from_file = _load_server_config_from_file(config_path)
-
+        config.update(config_from_file)
-    # TODO refactor like in https://github.com/guardicore/monkey/pull/1528 because
+        logger.info(f"Server config updated from {config_path}")
-    # there's absolutely no reason to be exposed to IslandConfigOptions extraction logic
+    except OSError:
-    # if you want to modify data directory related code.
+        logger.warn(f"Server config not found in path {config_path}")
-    setup_data_dir(config.data_dir)
-
-    return config, server_config_path
 
 
-def _setup_default_config() -> Tuple[IslandConfigOptions, str]:
+def _load_server_config_from_file(server_config_path) -> dict:
-    default_config = server_config_handler.load_server_config_from_file(DEFAULT_SERVER_CONFIG_PATH)
+    with open(server_config_path, "r") as f:
-    default_data_dir = default_config.data_dir
+        config_content = f.read()
-
+        return json.loads(config_content)
-    # TODO refactor like in https://github.com/guardicore/monkey/pull/1528 because
-    # there's absolutely no reason to be exposed to IslandConfigOptions extraction logic
-    # if you want to modify data directory related code.
-    setup_data_dir(default_data_dir)
-
-    server_config_path = server_config_handler.create_default_server_config_file(default_data_dir)
-    config = server_config_handler.load_server_config_from_file(server_config_path)
-
-    return config, server_config_path

monkey/monkey_island/cc/setup/data_dir.py

@@ -15,14 +15,14 @@ class IncompatibleDataDirectory(Exception):
     pass
 
 
-def setup_data_dir(data_dir_path: Path) -> None:
+def setup_data_dir(data_dir_path: Path):
     logger.info(f"Setting up data directory at {data_dir_path}.")
     if _is_data_dir_old(data_dir_path):
         logger.info("Version in data directory does not match the Island's version.")
         _handle_old_data_directory(data_dir_path)
     create_secure_directory(str(data_dir_path))
     write_version(data_dir_path)
-    logger.info("Data directory set up.")
+    logger.info(f"Data directory set up in {data_dir_path}.")
 
 
 def _is_data_dir_old(data_dir_path: Path) -> bool:

monkey/monkey_island/cc/setup/island_config_options.py

@@ -10,24 +10,41 @@ from monkey_island.cc.server_utils.consts import (
     DEFAULT_START_MONGO_DB,
 )
 
+_DATA_DIR = "data_dir"
+_SSL_CERT = "ssl_certificate"
+_SSL_CERT_FILE = "ssl_certificate_file"
+_SSL_CERT_KEY = "ssl_certificate_key_file"
+_MONGODB = "mongodb"
+_START_MONGODB = "start_mongodb"
+_LOG_LEVEL = "log_level"
+
 
 class IslandConfigOptions:
-    def __init__(self, config_contents: dict):
+    def __init__(self, config_contents: dict = None):
-        self.data_dir = expand_path(config_contents.get("data_dir", DEFAULT_DATA_DIR))
+        if not config_contents:
+            config_contents = {}
+        self.data_dir = config_contents.get(_DATA_DIR, DEFAULT_DATA_DIR)
 
-        self.log_level = config_contents.get("log_level", DEFAULT_LOG_LEVEL)
+        self.log_level = config_contents.get(_LOG_LEVEL, DEFAULT_LOG_LEVEL)
 
         self.start_mongodb = config_contents.get(
-            "mongodb", {"start_mongodb": DEFAULT_START_MONGO_DB}
+            _MONGODB, {_START_MONGODB: DEFAULT_START_MONGO_DB}
-        ).get("start_mongodb", DEFAULT_START_MONGO_DB)
+        ).get(_START_MONGODB, DEFAULT_START_MONGO_DB)
 
-        self.crt_path = expand_path(
+        self.crt_path = config_contents.get(_SSL_CERT, DEFAULT_CERTIFICATE_PATHS).get(
-            config_contents.get("ssl_certificate", DEFAULT_CERTIFICATE_PATHS).get(
+            _SSL_CERT_FILE, DEFAULT_CRT_PATH
-                "ssl_certificate_file", DEFAULT_CRT_PATH
-            )
         )
-        self.key_path = expand_path(
+        self.key_path = config_contents.get(_SSL_CERT, DEFAULT_CERTIFICATE_PATHS).get(
-            config_contents.get("ssl_certificate", DEFAULT_CERTIFICATE_PATHS).get(
+            _SSL_CERT_KEY, DEFAULT_KEY_PATH
-                "ssl_certificate_key_file", DEFAULT_KEY_PATH
-            )
         )
+
+        self._expand_paths()
+
+    def _expand_paths(self):
+        self.data_dir = expand_path(str(self.data_dir))
+        self.crt_path = expand_path(str(self.crt_path))
+        self.key_path = expand_path(str(self.key_path))
+
+    def update(self, target: dict):
+        self.__dict__.update(target)
+        self._expand_paths()

monkey/monkey_island/main.py

@@ -1,8 +1,10 @@
 # This import patches other imports and needs to be first
-import monkey_island.setup.gevent_setup  # noqa: F401 isort:skip
+import sys
 
 from monkey_island.cc.server_utils.island_logger import setup_default_failsafe_logging
 
+import monkey_island.setup.gevent_setup  # noqa: F401 isort:skip
+
 
 def main():
     # This is here in order to catch EVERYTHING, some functions are being called on
@@ -11,7 +13,7 @@ def main():
         setup_default_failsafe_logging()
     except Exception as ex:
         print(f"Error configuring logging: {ex}")
-        exit(1)
+        sys.exit(1)
 
     from monkey_island.cc.server_setup import run_monkey_island  # noqa: E402
 

monkey/tests/unit_tests/monkey_island/cc/server_utils/test_consts.py

@@ -1,5 +1,4 @@
 import os
-import platform
 
 from monkey_island.cc.server_utils import consts
 
@@ -7,12 +6,3 @@ from monkey_island.cc.server_utils import consts
 def test_monkey_island_abs_path():
     assert consts.MONKEY_ISLAND_ABS_PATH.endswith("monkey_island")
     assert os.path.isdir(consts.MONKEY_ISLAND_ABS_PATH)
-
-
-def test_default_server_config_file_path():
-    if platform.system() == "Windows":
-        server_file_path = f"{consts.MONKEY_ISLAND_ABS_PATH}\\cc\\{consts.SERVER_CONFIG_FILENAME}"
-    else:
-        server_file_path = f"{consts.MONKEY_ISLAND_ABS_PATH}/cc/{consts.SERVER_CONFIG_FILENAME}"
-
-    assert consts.DEFAULT_SERVER_CONFIG_PATH == server_file_path

monkey/tests/unit_tests/monkey_island/cc/setup/test_config_setup.py

@@ -0,0 +1,96 @@
+import json
+from json import dumps
+from pathlib import Path
+
+import pytest
+
+import monkey_island.cc.setup.config_setup  # noqa: F401
+from monkey_island.cc.arg_parser import IslandCmdArgs
+from monkey_island.cc.server_utils.file_utils import is_windows_os
+from monkey_island.cc.setup.config_setup import get_server_config
+from monkey_island.cc.setup.island_config_options import IslandConfigOptions
+
+
+@pytest.fixture
+def cmd_server_config_path(tmp_path) -> Path:
+    # Represents the config that user can provide via cmd arguments
+    return tmp_path / "fake_server_config.json"
+
+
+@pytest.fixture
+def deployment_server_config_path(tmp_path) -> Path:
+    # Represents the config that is built in, deployment specific
+    return tmp_path / "fake_server_config3.json"
+
+
+def create_server_config(config_contents: str, server_config_path: Path):
+    with open(server_config_path, "w") as file:
+        file.write(config_contents)
+
+
+@pytest.fixture(autouse=True)
+def mock_deployment_config_path(monkeypatch, deployment_server_config_path):
+    monkeypatch.setattr(
+        "monkey_island.cc.setup.config_setup.PACKAGE_CONFIG_PATH",
+        deployment_server_config_path,
+    )
+
+
+@pytest.fixture
+def empty_cmd_args():
+    return IslandCmdArgs(setup_only=False, server_config_path=None)
+
+
+@pytest.fixture
+def cmd_args_with_server_config(cmd_server_config_path):
+    return IslandCmdArgs(setup_only=False, server_config_path=cmd_server_config_path)
+
+
+def test_extract_config_defaults(empty_cmd_args):
+    expected = IslandConfigOptions({})
+    assert expected.__dict__ == get_server_config(empty_cmd_args).__dict__
+
+
+def test_deployment_config_overrides_defaults(deployment_server_config_path, empty_cmd_args):
+    expected = IslandConfigOptions({"log_level": "/log_level_2"})
+    create_server_config(dumps({"log_level": "/log_level_2"}), deployment_server_config_path)
+    assert expected.__dict__ == get_server_config(empty_cmd_args).__dict__
+
+
+def test_cmd_config_overrides_everything(
+    deployment_server_config_path, cmd_server_config_path, cmd_args_with_server_config
+):
+    expected = IslandConfigOptions({"log_level": "/log_level_3"})
+    create_server_config(dumps({"log_level": "/log_level_2"}), deployment_server_config_path)
+    create_server_config(dumps({"log_level": "/log_level_3"}), cmd_server_config_path)
+    extracted_config = get_server_config(cmd_args_with_server_config)
+    assert expected.__dict__ == extracted_config.__dict__
+
+
+def test_not_overriding_unspecified_values(
+    deployment_server_config_path, cmd_server_config_path, cmd_args_with_server_config
+):
+    expected = IslandConfigOptions({"log_level": "/log_level_2", "data_dir": "/data_dir1"})
+    create_server_config(dumps({"data_dir": "/data_dir1"}), deployment_server_config_path)
+    create_server_config(dumps({"log_level": "/log_level_2"}), cmd_server_config_path)
+    extracted_config = get_server_config(cmd_args_with_server_config)
+    assert expected.__dict__ == extracted_config.__dict__
+
+
+def test_paths_get_expanded(deployment_server_config_path, empty_cmd_args):
+    if is_windows_os():
+        path = "%temp%/path"
+    else:
+        path = "$HOME/path"
+    create_server_config(dumps({"data_dir": path}), deployment_server_config_path)
+    extracted_config = get_server_config(empty_cmd_args)
+    assert not extracted_config.data_dir == path
+
+
+BAD_JSON = '{"data_dir": "C:\\test\\test"'
+
+
+def test_malformed_json(cmd_server_config_path, cmd_args_with_server_config):
+    create_server_config(BAD_JSON, cmd_server_config_path)
+    with pytest.raises(json.JSONDecodeError):
+        get_server_config(cmd_args_with_server_config)