p15693087
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Island, UT: Remove system info AWS Collector

This commit is contained in:
Ilija Lazoroski 2022-02-11 17:43:38 +01:00
parent 412a06fa9b
commit 7f6496b330
11 changed files with 1 additions and 128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
monkey/common/common_consts/system_info_collectors_names.py
View File

@ -1,3 +1,2 @@
AWS_COLLECTOR = "AwsCollector"
PROCESS_LIST_COLLECTOR = "ProcessListCollector" PROCESS_LIST_COLLECTOR = "ProcessListCollector"
MIMIKATZ_COLLECTOR = "MimikatzCollector" MIMIKATZ_COLLECTOR = "MimikatzCollector"

28
monkey/infection_monkey/system_info/collectors/aws_collector.py
View File

@ -1,28 +0,0 @@
import logging
from common.cloud.aws.aws_instance import AwsInstance
from common.common_consts.system_info_collectors_names import AWS_COLLECTOR
from infection_monkey.system_info.system_info_collector import SystemInfoCollector
logger = logging.getLogger(__name__)
class AwsCollector(SystemInfoCollector):
"""
Extract info from AWS machines.
"""
def __init__(self):
super().__init__(name=AWS_COLLECTOR)
def collect(self) -> dict:
logger.info("Collecting AWS info")
aws = AwsInstance()
info = {}
if aws.is_instance():
logger.info("Machine is an AWS instance")
info = {"instance_id": aws.get_instance_id()}
else:
logger.info("Machine is NOT an AWS instance")
return info

10
monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py
View File

@ -1,5 +1,4 @@
from common.common_consts.system_info_collectors_names import ( from common.common_consts.system_info_collectors_names import (
AWS_COLLECTOR,
MIMIKATZ_COLLECTOR, MIMIKATZ_COLLECTOR,
PROCESS_LIST_COLLECTOR, PROCESS_LIST_COLLECTOR,
) )
@ -17,15 +16,6 @@ SYSTEM_INFO_COLLECTOR_CLASSES = {
"info": "Collects credentials from Windows credential manager.", "info": "Collects credentials from Windows credential manager.",
"attack_techniques": ["T1003", "T1005"], "attack_techniques": ["T1003", "T1005"],
}, },
{
"type": "string",
"enum": [AWS_COLLECTOR],
"title": "AWS Collector",
"safe": True,
"info": "If on AWS, collects more information about the AWS instance "
"currently running on.",
"attack_techniques": ["T1082"],
},
{ {
"type": "string", "type": "string",
"enum": [PROCESS_LIST_COLLECTOR], "enum": [PROCESS_LIST_COLLECTOR],

2
monkey/monkey_island/cc/services/config_schema/monkey.py
View File

@ -1,5 +1,4 @@
from common.common_consts.system_info_collectors_names import ( from common.common_consts.system_info_collectors_names import (
AWS_COLLECTOR,
MIMIKATZ_COLLECTOR, MIMIKATZ_COLLECTOR,
PROCESS_LIST_COLLECTOR, PROCESS_LIST_COLLECTOR,
) )
@ -86,7 +85,6 @@ MONKEY = {
"uniqueItems": True, "uniqueItems": True,
"items": {"$ref": "#/definitions/system_info_collector_classes"}, "items": {"$ref": "#/definitions/system_info_collector_classes"},
"default": [ "default": [
AWS_COLLECTOR,
PROCESS_LIST_COLLECTOR, PROCESS_LIST_COLLECTOR,
MIMIKATZ_COLLECTOR, MIMIKATZ_COLLECTOR,
], ],

17
monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/aws.py
View File

@ -1,17 +0,0 @@
import logging
from monkey_island.cc.models.monkey import Monkey
logger = logging.getLogger(__name__)
def process_aws_telemetry(collector_results, monkey_guid):
relevant_monkey = Monkey.get_single_monkey_by_guid(monkey_guid)
if "instance_id" in collector_results:
instance_id = collector_results["instance_id"]
relevant_monkey.aws_instance_id = instance_id
relevant_monkey.save()
logger.debug(
"Updated Monkey {} with aws instance id {}".format(str(relevant_monkey), instance_id)
)

6
monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py
View File

@ -1,10 +1,7 @@
import logging import logging
import typing import typing
from common.common_consts.system_info_collectors_names import AWS_COLLECTOR, PROCESS_LIST_COLLECTOR from common.common_consts.system_info_collectors_names import PROCESS_LIST_COLLECTOR
from monkey_island.cc.services.telemetry.processing.system_info_collectors.aws import (
process_aws_telemetry,
)
from monkey_island.cc.services.telemetry.zero_trust_checks.antivirus_existence import ( from monkey_island.cc.services.telemetry.zero_trust_checks.antivirus_existence import (
check_antivirus_existence, check_antivirus_existence,
) )
@ -12,7 +9,6 @@ from monkey_island.cc.services.telemetry.zero_trust_checks.antivirus_existence i
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
SYSTEM_INFO_COLLECTOR_TO_TELEMETRY_PROCESSORS = { SYSTEM_INFO_COLLECTOR_TO_TELEMETRY_PROCESSORS = {
AWS_COLLECTOR: [process_aws_telemetry],
PROCESS_LIST_COLLECTOR: [check_antivirus_existence], PROCESS_LIST_COLLECTOR: [check_antivirus_existence],
} }

1
monkey/tests/data_for_tests/monkey_configs/automated_master_config.json
View File

@ -104,7 +104,6 @@
} }
}, },
"system_info_collector_classes": [ "system_info_collector_classes": [
"AwsCollector",
"ProcessListCollector", "ProcessListCollector",
"MimikatzCollector" "MimikatzCollector"
] ]

1
monkey/tests/data_for_tests/monkey_configs/flat_config.json
View File

@ -101,7 +101,6 @@
"smb_service_name": "InfectionMonkey", "smb_service_name": "InfectionMonkey",
"subnet_scan_list": ["192.168.1.50", "192.168.56.0/24", "10.0.33.0/30"], "subnet_scan_list": ["192.168.1.50", "192.168.56.0/24", "10.0.33.0/30"],
"system_info_collector_classes": [ "system_info_collector_classes": [
"AwsCollector",
"ProcessListCollector", "ProcessListCollector",
"MimikatzCollector" "MimikatzCollector"
], ],

1
monkey/tests/data_for_tests/monkey_configs/monkey_config_standard.json
View File

@ -147,7 +147,6 @@
"system_info": { "system_info": {
"system_info_collector_classes": [ "system_info_collector_classes": [
"environmentcollector", "environmentcollector",
"awscollector",
"hostnamecollector", "hostnamecollector",
"processlistcollector", "processlistcollector",
"mimikatzcollector" "mimikatzcollector"

61
monkey/tests/unit_tests/monkey_island/cc/services/telemetry/processing/system_info_collectors/test_system_info_telemetry_dispatcher.py
View File

@ -1,61 +0,0 @@
import uuid
import pytest
from monkey_island.cc.models import Monkey
from monkey_island.cc.services.telemetry.processing.system_info_collectors.system_info_telemetry_dispatcher import ( # noqa: E501
SystemInfoTelemetryDispatcher,
process_aws_telemetry,
)
TEST_SYS_INFO_TO_PROCESSING = {
"AwsCollector": [process_aws_telemetry],
}
class TestSystemInfoTelemetryDispatcher:
def test_dispatch_to_relevant_collector_bad_inputs(self):
dispatcher = SystemInfoTelemetryDispatcher(TEST_SYS_INFO_TO_PROCESSING)
# Bad format telem JSONs - throws
bad_empty_telem_json = {}
with pytest.raises(KeyError):
dispatcher.dispatch_collector_results_to_relevant_processors(bad_empty_telem_json)
bad_no_data_telem_json = {"monkey_guid": "bla"}
with pytest.raises(KeyError):
dispatcher.dispatch_collector_results_to_relevant_processors(bad_no_data_telem_json)
bad_no_monkey_telem_json = {"data": {"collectors": {"AwsCollector": "Bla"}}}
with pytest.raises(KeyError):
dispatcher.dispatch_collector_results_to_relevant_processors(bad_no_monkey_telem_json)
# Telem JSON with no collectors - nothing gets dispatched
good_telem_no_collectors = {"monkey_guid": "bla", "data": {"bla": "bla"}}
good_telem_empty_collectors = {
"monkey_guid": "bla",
"data": {"bla": "bla", "collectors": {}},
}
dispatcher.dispatch_collector_results_to_relevant_processors(good_telem_no_collectors)
dispatcher.dispatch_collector_results_to_relevant_processors(good_telem_empty_collectors)
def test_dispatch_to_relevant_collector(self):
a_monkey = Monkey(guid=str(uuid.uuid4()))
a_monkey.save()
dispatcher = SystemInfoTelemetryDispatcher()
# JSON with results - make sure functions are called
instance_id = "i-0bd2c14bd4c7d703f"
telem_json = {
"data": {
"collectors": {
"AwsCollector": {"instance_id": instance_id},
}
},
"monkey_guid": a_monkey.guid,
}
dispatcher.dispatch_collector_results_to_relevant_processors(telem_json)
assert Monkey.get_single_monkey_by_guid(a_monkey.guid).aws_instance_id == instance_id

1
vulture_allowlist.py
View File

@ -96,7 +96,6 @@ AccountDiscovery # unused class (monkey/infection_monkey/post_breach/actions/di
ModifyShellStartupFiles # unused class (monkey/infection_monkey/post_breach/actions/modify_shell_startup_files.py:11) ModifyShellStartupFiles # unused class (monkey/infection_monkey/post_breach/actions/modify_shell_startup_files.py:11)
Timestomping # unused class (monkey/infection_monkey/post_breach/actions/timestomping.py:6) Timestomping # unused class (monkey/infection_monkey/post_breach/actions/timestomping.py:6)
SignedScriptProxyExecution # unused class (monkey/infection_monkey/post_breach/actions/use_signed_scripts.py:15) SignedScriptProxyExecution # unused class (monkey/infection_monkey/post_breach/actions/use_signed_scripts.py:15)
AwsCollector # unused class (monkey/infection_monkey/system_info/collectors/aws_collector.py:15)
EnvironmentCollector # unused class (monkey/infection_monkey/system_info/collectors/environment_collector.py:19) EnvironmentCollector # unused class (monkey/infection_monkey/system_info/collectors/environment_collector.py:19)
HostnameCollector # unused class (monkey/infection_monkey/system_info/collectors/hostname_collector.py:10) HostnameCollector # unused class (monkey/infection_monkey/system_info/collectors/hostname_collector.py:10)
ProcessListCollector # unused class (monkey/infection_monkey/system_info/collectors/process_list_collector.py:18) ProcessListCollector # unused class (monkey/infection_monkey/system_info/collectors/process_list_collector.py:18)