diff --git a/monkey/common/agent_configuration/default_agent_configuration.py b/monkey/common/agent_configuration/default_agent_configuration.py index 3c90ce914..5be900531 100644 --- a/monkey/common/agent_configuration/default_agent_configuration.py +++ b/monkey/common/agent_configuration/default_agent_configuration.py @@ -78,7 +78,7 @@ FINGERPRINTERS = ( ) SCAN_TARGET_CONFIGURATION = ScanTargetConfiguration( - blocked_ips=tuple(), inaccessible_subnets=tuple(), scan_my_networks=True, subnets=tuple() + blocked_ips=tuple(), inaccessible_subnets=tuple(), scan_my_networks=False, subnets=tuple() ) NETWORK_SCAN_CONFIGURATION = NetworkScanConfiguration( tcp=TCP_SCAN_CONFIGURATION, diff --git a/monkey/monkey_island/cc/ui/src/components/configuration-components/UiSchema.js b/monkey/monkey_island/cc/ui/src/components/configuration-components/UiSchema.js index 67035f1f4..5b96cdae6 100644 --- a/monkey/monkey_island/cc/ui/src/components/configuration-components/UiSchema.js +++ b/monkey/monkey_island/cc/ui/src/components/configuration-components/UiSchema.js @@ -1,6 +1,7 @@ import AdvancedMultiSelect from '../ui-components/AdvancedMultiSelect'; import InfoBox from './InfoBox'; import TextBox from './TextBox.js'; +import WarningBox from './WarningBox'; import PbaInput from './PbaInput'; import { API_PBA_LINUX, API_PBA_WINDOWS } from '../pages/ConfigurePage'; import SensitiveTextInput from '../ui-components/SensitiveTextInput'; @@ -60,9 +61,6 @@ export default function UiSchema(props) { }, network_scan: { targets: { - info_box: { - 'ui:field': InfoBox - }, blocked_ips: { items: { classNames: 'config-template-no-header' @@ -73,6 +71,9 @@ export default function UiSchema(props) { classNames: 'config-template-no-header' } }, + info_box_scan_my_networks: { + 'ui:field': WarningBox + }, subnets: { items: { classNames: 'config-template-no-header' diff --git a/monkey/monkey_island/cc/ui/src/components/configuration-components/WarningBox.js b/monkey/monkey_island/cc/ui/src/components/configuration-components/WarningBox.js new file mode 100644 index 000000000..de5b352b4 --- /dev/null +++ b/monkey/monkey_island/cc/ui/src/components/configuration-components/WarningBox.js @@ -0,0 +1,17 @@ +import * as React from 'react'; +import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; +import { faExclamationTriangle } from '@fortawesome/free-solid-svg-icons/faExclamationTriangle'; + +class WarningBox extends React.Component { + + render() { + return ( +
+ + {this.props.schema.info} +
+ ); + } +} + +export default WarningBox; diff --git a/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js b/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js index 9b7aad256..bb9c6a8a0 100644 --- a/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js +++ b/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js @@ -1,12 +1,10 @@ const SCAN_TARGET_CONFIGURATION_SCHEMA = { 'title': 'Network', 'type': 'object', + 'description': 'If "Scan Agent\'s networks" is checked, the Monkey scans for machines on each ' + + 'of the network interfaces of the machine it is running on.\nAdditionally, the Monkey scans ' + + 'machines according to "Scan target list" and skips machines in "Blocked IPs".', 'properties': { - 'info_box': { - 'info': 'The Monkey scans for machines on each of the network interfaces of the ' + - 'machine it is running on if "Scan Agent\'s networks" is checked. ' + - 'Additionally, the Monkey scans machines according to "Scan target list". ' - }, 'blocked_ips': { 'title': 'Blocked IPs', 'type': 'array', @@ -18,6 +16,33 @@ const SCAN_TARGET_CONFIGURATION_SCHEMA = { 'default': [], 'description': 'List of IPs that the monkey will not scan.' }, + 'info_box_scan_my_networks': { + 'info': 'If the agent runs on a machine that has a publicly-facing network interface, ' + + 'this setting could cause scanning and exploitation of systems outside your organization.' + }, + 'scan_my_networks': { + 'title': 'Scan Agent\'s networks', + 'type': 'boolean', + 'default': false + }, + 'subnets': { + 'title': 'Scan target list', + 'type': 'array', + 'uniqueItems': true, + 'items': { + 'type': 'string', + 'format': 'ip-range' + }, + 'default': [], + 'description': 'List of targets the Monkey will try to scan. Targets can be ' + + 'IPs, subnets or hosts. ' + + 'Examples:\n' + + '\tTarget a specific IP: "192.168.0.1"\n' + + '\tTarget a subnet using a network range: ' + + '"192.168.0.5-192.168.0.20"\n' + + '\tTarget a subnet using an IP mask: "192.168.0.5/24"\n' + + '\tTarget a specific host: "printer.example"' + }, 'inaccessible_subnets': { 'title': 'Network segmentation testing', 'type': 'array', @@ -40,36 +65,7 @@ const SCAN_TARGET_CONFIGURATION_SCHEMA = { '"192.168.0.5-192.168.0.20"\n' + '\tDefine a segment using an subnet IP mask: "192.168.0.5/24"\n' + '\tDefine a single-host segment: "printer.example"' - }, - 'scan_my_networks': { - 'title': 'Scan Agent\'s networks', - 'type': 'boolean', - 'default': false, - 'description': 'If enabled, the Agent will go over all network interfaces and ' + - 'will scan their networks,' + - ' in addition to the IPs that are configured manually in the "Scan target list". ' + - 'Note: If the Agent runs on a machine within a public network,' + - ' this setting will cause scanning and exploitation attempts on that network.' - }, - 'subnets': { - 'title': 'Scan target list', - 'type': 'array', - 'uniqueItems': true, - 'items': { - 'type': 'string', - 'format': 'ip-range' - }, - 'default': [], - 'description': 'List of targets the Monkey will try to scan. Targets can be ' + - 'IPs, subnets or hosts. ' + - 'Examples:\n' + - '\tTarget a specific IP: "192.168.0.1"\n' + - '\tTarget a subnet using a network range: ' + - '"192.168.0.5-192.168.0.20"\n' + - '\tTarget a subnet using an IP mask: "192.168.0.5/24"\n' + - '\tTarget a specific host: "printer.example"' } - } } export default SCAN_TARGET_CONFIGURATION_SCHEMA; diff --git a/monkey/monkey_island/cc/ui/src/styles/pages/ConfigurationPage.scss b/monkey/monkey_island/cc/ui/src/styles/pages/ConfigurationPage.scss index 22f396b56..330b2fee7 100644 --- a/monkey/monkey_island/cc/ui/src/styles/pages/ConfigurationPage.scss +++ b/monkey/monkey_island/cc/ui/src/styles/pages/ConfigurationPage.scss @@ -1,25 +1,26 @@ -.config-nav > li > a{ +.config-nav>li>a { height: 50px !important; } -.config-nav .nav-link.tab-primary{ +.config-nav .nav-link.tab-primary { color: $monkey-alt; font-weight: bold; } -.config-nav .nav-item > a{ +.config-nav .nav-item>a { color: $black; padding: 15px 10px 15px 10px; } -.config-nav .nav-item > a.active{ +.config-nav .nav-item>a.active { font-weight: bold; color: $black; } -.config-nav .nav-item > a:hover:not(.active), .config-nav .nav-item > a:focus:not(.active){ - text-decoration: none; - background-color: $light-gray; +.config-nav .nav-item>a:hover:not(.active), +.config-nav .nav-item>a:focus:not(.active) { + text-decoration: none; + background-color: $light-gray; } .config-form legend { @@ -35,15 +36,15 @@ display: none; } -.config-template-no-header > p { +.config-template-no-header>p { display: none; } -.config-template-no-header > label { +.config-template-no-header>label { display: none; } -.config-form .form-group.field > label { +.config-form .form-group.field>label { margin-top: 10px; margin-bottom: 5px; font-size: 1.2em; @@ -54,7 +55,13 @@ } .warning-icon { - text-transform: uppercase; - color: #FFC107; - margin-left: .75em; + text-transform: uppercase; + color: #FFC107; + margin-left: .75em; +} + +.alert-info .warning-icon { + text-transform: uppercase; + color: #FFC107; + margin-right: .5em; }