diff --git a/monkey/monkey_island/deb-package/DEBIAN_MONGO/control b/monkey/monkey_island/deb-package/DEBIAN_MONGO/control index a47371005..a7bc2373e 100644 --- a/monkey/monkey_island/deb-package/DEBIAN_MONGO/control +++ b/monkey/monkey_island/deb-package/DEBIAN_MONGO/control @@ -5,4 +5,4 @@ Homepage: https://www.infectionmonkey.com Priority: optional Version: 1.0 Description: Guardicore Infection Monkey Island installation package -Depends: openssl, python3-pip, python3-dev +Depends: openssl, python3.7-dev, python3.7-venv, python3-venv, build-essential diff --git a/monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst b/monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst index f79a71913..f12b31b73 100644 --- a/monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst +++ b/monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst @@ -1,20 +1,42 @@ #!/bin/bash +# See the "Depends" field of the control file for what packages this scripts depends on. +# Here are the explanations for the current deps: +# Dependency - Why is it required +## openssl - Server certificate generation +## python3.7-dev - Server runtime +## python3.7-venv - For creating virtual env to install all the server pip deps (don't want to pollute system python) +## python3-venv - python3.7-venv doesn't work without it since you need ensure-pip +## build-essential - for compiling python dependencies that don't come in a pre-compiled wheel, like `netifaces` + +echo "Installing Monkey Island (Infection Monkey server)..." + MONKEY_FOLDER=/var/monkey INSTALLATION_FOLDER=/var/monkey/monkey_island/installation PYTHON_FOLDER=/var/monkey/monkey_island/bin/python +PYTHON_VERSION=python3.7 # Prepare python virtualenv -pip3 install virtualenv --no-index --find-links file://$INSTALLATION_FOLDER -python3 -m virtualenv -p python3 ${PYTHON_FOLDER} +# This is using the apt package `python3.7-venv` which is listed in the `control` file as a dependency. +# See https://packages.debian.org/stable/python/python3.7-venv +echo "Using $(command -v $PYTHON_VERSION) as the base for virtualenv creation" +$PYTHON_VERSION -m venv ${PYTHON_FOLDER} +# shellcheck disable=SC1090 +source ${PYTHON_FOLDER}/bin/activate -# install pip requirements -${PYTHON_FOLDER}/bin/python -m pip install -r $MONKEY_FOLDER/monkey_island/requirements.txt --no-index --find-links file://$INSTALLATION_FOLDER +echo "Installing Python dependencies using $(command -v python) and $(command -v pip)..." +# First, make sure that pip is updated +python -m pip install --upgrade pip +# Then install the dependecies from the pre-downloaded whl and tar.gz file +python -m pip install -r $MONKEY_FOLDER/monkey_island/requirements.txt --no-index --find-links file://$INSTALLATION_FOLDER + +deactivate # remove installation folder and unnecessary files rm -rf ${INSTALLATION_FOLDER} rm -f ${MONKEY_FOLDER}/monkey_island/requirements.txt +echo "Installing mongodb..." ${MONKEY_FOLDER}/monkey_island/install_mongo.sh ${MONKEY_FOLDER}/monkey_island/bin/mongodb if [ -d "/etc/systemd/network" ]; then @@ -25,11 +47,17 @@ if [ -d "/etc/systemd/network" ]; then systemctl enable monkey-island fi -${MONKEY_FOLDER}/monkey_island/create_certificate.sh ${MONKEY_FOLDER}/monkey_island/ +echo "Creating server certificate..." +${MONKEY_FOLDER}/monkey_island/create_certificate.sh ${MONKEY_FOLDER}/monkey_island/cc +echo "Starting services..." service monkey-island start service monkey-mongo start -echo Monkey Island installation ended +echo "" +echo "Monkey Island installation ended." +echo "The server should be accessible soon via https://:5000/" +echo "To check the Island's status, run 'sudo service monkey-island status'" +echo "" -exit 0 \ No newline at end of file +exit 0 diff --git a/monkey/monkey_island/linux/create_certificate.sh b/monkey/monkey_island/linux/create_certificate.sh index 7e306a822..985f607bc 100644 --- a/monkey/monkey_island/linux/create_certificate.sh +++ b/monkey/monkey_island/linux/create_certificate.sh @@ -2,8 +2,29 @@ server_root=${1:-"./cc"} +echo "Creating server cetificate. Server root: $server_root" +# We override the RANDFILE determined by default openssl.cnf, if it doesn't exist. +# This is a known issue with the current version of openssl on Ubuntu 18.04 - once they release +# a new version, we can delete this command. See +# https://github.com/openssl/openssl/commit/0f58220973a02248ca5c69db59e615378467b9c8#diff-8ce6aaad88b10ed2b3b4592fd5c8e03a +# for more details. +DEFAULT_RND_FILE_PATH=~/.rnd +CREATED_RND_FILE=false +if [ ! -f /tmp/foo.txt ]; then # If the file already exists, assume that the contents are fine, and don't change them. + echo "Creating rand seed file in $DEFAULT_RND_FILE_PATH" + dd bs=1024 count=2 "$DEFAULT_RND_FILE_PATH" + chmod 666 "$DEFAULT_RND_FILE_PATH" + CREATED_RND_FILE=true +fi +echo "Generating key in $server_root/server.key..." openssl genrsa -out "$server_root"/server.key 2048 +echo "Generating csr in $server_root/server.csr..." openssl req -new -key "$server_root"/server.key -out "$server_root"/server.csr -subj "/C=GB/ST=London/L=London/O=Global Security/OU=Monkey Department/CN=monkey.com" -openssl x509 -req -days 366 -in "$server_root"/server.csr -signkey "$server_root"/server.key -out $server_root/server.crt +echo "Generating certificate in $server_root/server.crt..." +openssl x509 -req -days 366 -in "$server_root"/server.csr -signkey "$server_root"/server.key -out "$server_root"/server.crt +# Shove some new random data into the file to override the original seed we put in. +if [ "$CREATED_RND_FILE" = true ] ; then + dd bs=1024 count=2 "$DEFAULT_RND_FILE_PATH" +fi diff --git a/monkey/monkey_island/requirements.txt b/monkey/monkey_island/requirements.txt index cad53d1c8..b5baed7f4 100644 --- a/monkey/monkey_island/requirements.txt +++ b/monkey/monkey_island/requirements.txt @@ -1,5 +1,4 @@ pytest -bson python-dateutil tornado werkzeug