Commit Graph

5589 Commits

Author SHA1 Message Date
Mike Salvatore d5a26ca6eb agent: Refactor BatchingTelemetryMessenger tests to destroy threads 2021-06-29 07:48:18 -04:00
Mike Salvatore 8cf316b64a agent: Refactor telemetry processing in BatchingTelemetryMessenger
We need to ensure when a BatchingTelemetryMessenger stops, all remaining
telemetries in its queue are sent. The existing logic does this, but
this commit improves the readability and intent of the code, as well as
adds a test for this condition.
2021-06-29 07:36:49 -04:00
Mike Salvatore 9d3d4611dc agent: Define _manage_telemetry_batches_thread in __init_() 2021-06-29 06:38:56 -04:00
Mike Salvatore 60c12127e3
Merge pull request #1271 from guardicore/ransomware-logging
Ransomware logging
2021-06-29 06:19:49 -04:00
VakarisZ a454449cca Do small readability changes in batching_telemetry_messenger.py 2021-06-29 12:09:26 +03:00
Shreya 949a52741b docs: Add link to ransomware simulations's README.txt file 2021-06-29 13:58:01 +05:30
Shreya 5b05e6224d docs: Modify ransomware page to include info about README.txt file 2021-06-29 13:58:02 +05:30
VakarisZ e34599779b Add keywords to arguments that create RansomwarePayload in monkey.py 2021-06-29 09:14:43 +03:00
Mike Salvatore 04b2ac6bd9 Don't normalize line endings in ransomware_targets test data
On Windows, git will normalize the line endings of .txt (and other)
files to crlf instead of lf. This is useful for many files, but the
ransomware_target files need unmodified when they are checked out.

By adding an exception in .gitattributes, the files in
monkey/tests/data_for_tests/ransomware_targets are not modified on
windows.
2021-06-28 20:52:42 -04:00
Mike Salvatore f7f60be632 Merge branch 'ransomware_readme_config_option' into develop 2021-06-28 14:57:18 -04:00
Mike Salvatore f8411d3c92 Island: Rename ransomware config "notifications" section 2021-06-28 13:50:45 -04:00
Mike Salvatore d7991eb06b
Merge pull request #1270 from guardicore/secure-custom-pba-dir
Create secure custom PBA directory on Windows
2021-06-28 13:48:17 -04:00
Mike Salvatore dbd6dedb95 agent: Add explicit "success" field to FileEncryptionTelem 2021-06-28 13:37:00 -04:00
Mike Salvatore c1af3f8165 agent: Fix failing ransomware test on Windows 2021-06-28 13:31:28 -04:00
Mike Salvatore df1f3cda78 agent: Add explicit fields to FileEncryptionTelem 2021-06-28 13:30:53 -04:00
Mike Salvatore 49eb1cd996 agent: Rename RansomwareTelem -> FileEncryptionTelem
Ransomware will soon do more than just encrypt files. We should give the
telemetry that's related to encrypting files a more descriptive name
that better describes what it is reporting.
2021-06-28 13:20:30 -04:00
shreyamalviya 37a73440af tests: Add extra line in tests/monkey_island/utils.py to pass formatting checks 2021-06-28 22:43:25 +05:30
Mike Salvatore 543f0031a2 agent: Fully flush BatchingTelemetryMessenger queue before stopping 2021-06-28 12:34:24 -04:00
Mike Salvatore 7e3eef90cb agent: Rename get_telemetry_entries() -> get_telemetry_batch() 2021-06-28 12:27:32 -04:00
Mike Salvatore 2f62a14fbf agent: Remove start/stop from BatchingTelemetryMessenger
My original plan was to start a thread in __init__() and stop the thread
when __del__() was called. Since the running thread (object) contains a
reference to the BatchingTelemetryMessenger object that launched it, the
destructor will not be called until the thread is stopped. This
resulted in adding a stop() method (fadd978) followed by adding a
start() method (1d066c8e).

By using an inner class to run the thread, we enable the class to be
used as originally intended, reducing the burden on the user of this
class. The thread is now started on construction and stopped on
destruction. The user can remain blissfully unaware that anything
resembling threading is going in, and can use the
BatchingTelemetryMessenger just like any other ITelemetryMessenger.
2021-06-28 12:21:57 -04:00
Mike Salvatore 1d066c8e6d agent: Add explicit start to BatchingTelemetryMessenger
My original plan was to start a thread in __init__() and stop the thread
when __del__() was called. Since the running thread (object) contains a
reference to the BatchingTelemetryMessenger object that launched it, the
destructor will not be called until the thread is stopped. Therefore, a
stop() was added to allow the BatchingTelemetryMessenger to be stopped.
Since it has an explicit stop, it should also have an explicit start,
rather than starting the thread in the constructor.
2021-06-28 12:05:57 -04:00
Mike Salvatore 0a9c98f061 agent: Rename _run_batch_thread -> _should_run_batch_thread 2021-06-28 11:33:06 -04:00
Mike Salvatore be6e76757d agent: Move telemetry messenger construction out of "try" 2021-06-28 11:25:13 -04:00
Mike Salvatore 13c9e41a4c agent: Extract default period to constant 2021-06-28 11:15:46 -04:00
shreyamalviya 3bea4bb86f tests: Refactor duplicate code for checking secure Windows permissions 2021-06-28 20:23:03 +05:30
Mike Salvatore 85c91f55bb agent: Use BatchingTelemetryMessenger in RansomewarePayload
We don't want the ransomware payload to encrypt all files and then send
telemetry to the island. This could lead to a long period of time where
the user has no insight into what the monkey is doing on a node. We also
don't want to flood the island with telemetries. By using the
BatchingTelemetryMessenger, ransomware encryption telemetries are
batched together and periodically sent to the island.
2021-06-28 09:48:54 -04:00
Mike Salvatore fadd978050 agent: Add BatchedTelemetryMessenger
This telemetry messenger is a decorator that aggregates batchable
telemetries and sends them to the island periodically.
2021-06-28 09:34:18 -04:00
Mike Salvatore 691e01e9c1 tests: Move telemetry_messenger_spy to infection_monkey/conftest.py 2021-06-28 09:34:18 -04:00
Mike Salvatore e549a4f8f4 agent: Rename TelemetryMessengerWrapper
The term "wrapper" is sometimes used as synonym for the decorator
pattern, whereas this class is a textbook adapter. Use the term
"adapter" instead of "wrapper" and rename "TelemetryMessengerWrapper" to
"LegacyTelemetryMessengerAdapter", as this class servers as an adapter
between the new ITelemetryMessenger interface and the (soon to be) legacy way of
sending telemetry.
2021-06-28 09:34:09 -04:00
Mike Salvatore a0b43a17a2 agent: Implement IBatchableTelem in RansomwareTelem
This allows encryption attempt telmetries to be batched into one
telemetry object so they can be sent to the island in batches.
2021-06-28 09:33:33 -04:00
Mike Salvatore 8e40e44263 agent: Add BatchableTelemMixin
Adds an implementation as a mixin of the two methods specified by
IBatchableTelem.
2021-06-28 09:33:33 -04:00
Mike Salvatore f2a940a4e0 agent: Add IBatchableTelem
IBatchableTelem adds two methods to the ITelem interface. These methods allow
a telemetry object to mange batches of telemetry entries, rather than
just one.
2021-06-28 09:33:33 -04:00
Mike Salvatore 2ec020f276 agent: Add logging to ransomware payload 2021-06-28 09:29:48 -04:00
Mike Salvatore 59efaabd50 agent: Catch and log exceptions thrown by the ransomware payload 2021-06-28 09:28:43 -04:00
VakarisZ b7c8006f94 Add readme to ransomware section of configuration schema 2021-06-28 14:43:51 +03:00
Shreya 7afe0818e5 tests: Use `is_windows_os()` while skipping tests in test_post_breach_files.py 2021-06-28 14:07:06 +05:30
Shreya 7211d59a38 tests: Add unit test for custom PBA dir permissions on Windows 2021-06-28 14:05:41 +05:30
Shreya 75a2f1b12e island: Use `create_secure_directory()` for custom PBA directory creation 2021-06-28 11:56:40 +05:30
Mike Salvatore 33a6e72df5
Merge pull request #1265 from guardicore/ransomware-encryption-documentation
Add documentation for ransomware
2021-06-27 17:32:14 -04:00
Mike Salvatore 3d403a92e8 agent: Fix incorrect config in ransomware payload 2021-06-25 10:21:08 -04:00
Mike Salvatore 1294e38f6e
Merge pull request #1259 from guardicore/ransomware-telemetry
Ransomware telemetry
2021-06-25 10:16:42 -04:00
Shreya 954cc469cf docs: Reword paragaraph about why ransomware simulation is sufficient 2021-06-25 19:07:32 +05:30
Mike Salvatore 76cf8a1bb4 agent: Wrap ransomware payload build/run in run_ransomware() 2021-06-25 09:19:15 -04:00
Shreya 61d95f52e1 docs: Reword the paragraph describing why the ransomware simulation is good enough 2021-06-25 16:37:50 +05:30
Shreya 32026f64a4 docs: Change "relevant extensions" to "targeted extensions" in ransomware docs 2021-06-25 16:27:35 +05:30
Shreya f77d0c28c2 docs: Add note about why ransomware encryption is not recursive and ignores shortcuts and symlinks 2021-06-25 16:22:59 +05:30
Shreya Malviya 3ddde83b5c
docs: Reword ransomware introductory description
Add "only" to clarify that encryption will only take place if a directory is specified.

Co-authored-by: Mike Salvatore <mike.s.salvatore@gmail.com>
2021-06-25 16:00:49 +05:30
Mike Salvatore 6773f695ba agent: Use ITelem in send_telemetry() typehint 2021-06-24 15:57:10 -04:00
Mike Salvatore 7b9c39edc6 Remove RansomwareTelem from vulture_allowlist 2021-06-24 15:55:17 -04:00
Mike Salvatore 76da583420 agent: Send telemetry from ransomware payload 2021-06-24 15:49:19 -04:00