Merge pull request #609 from guardicore/bugfix/1.8.0-fix-deb-python-version

Bugfix/1.8.0 fix deb python version

monkey/monkey_island/deb-package/DEBIAN_MONGO/control

@@ -5,4 +5,4 @@ Homepage: https://www.infectionmonkey.com
 Priority: optional
 Version: 1.0
 Description: Guardicore Infection Monkey Island installation package
-Depends: openssl, python3-pip, python3-dev
+Depends: openssl, python3.7-dev, python3.7-venv, python3-venv, build-essential

monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst

@@ -1,20 +1,42 @@
 #!/bin/bash
 
+# See the "Depends" field of the control file for what packages this scripts depends on.
+# Here are the explanations for the current deps:
+# Dependency - Why is it required
+## openssl - Server certificate generation
+## python3.7-dev - Server runtime
+## python3.7-venv - For creating virtual env to install all the server pip deps (don't want to pollute system python)
+## python3-venv - python3.7-venv doesn't work without it since you need ensure-pip
+## build-essential - for compiling python dependencies that don't come in a pre-compiled wheel, like `netifaces`
+
+echo "Installing Monkey Island (Infection Monkey server)..."
+
 MONKEY_FOLDER=/var/monkey
 INSTALLATION_FOLDER=/var/monkey/monkey_island/installation
 PYTHON_FOLDER=/var/monkey/monkey_island/bin/python
+PYTHON_VERSION=python3.7
 
 # Prepare python virtualenv
-pip3 install virtualenv --no-index --find-links file://$INSTALLATION_FOLDER
+# This is using the apt package `python3.7-venv` which is listed in the `control` file as a dependency.
-python3 -m virtualenv -p python3 ${PYTHON_FOLDER}
+# See https://packages.debian.org/stable/python/python3.7-venv
+echo "Using $(command -v $PYTHON_VERSION) as the base for virtualenv creation"
+$PYTHON_VERSION -m venv ${PYTHON_FOLDER}
+# shellcheck disable=SC1090
+source ${PYTHON_FOLDER}/bin/activate
 
-# install pip requirements
+echo "Installing Python dependencies using $(command -v python) and $(command -v pip)..."
-${PYTHON_FOLDER}/bin/python -m pip install -r $MONKEY_FOLDER/monkey_island/requirements.txt --no-index --find-links file://$INSTALLATION_FOLDER
+# First, make sure that pip is updated
+python -m pip install --upgrade pip
+# Then install the dependecies from the pre-downloaded whl and tar.gz file
+python -m pip install -r $MONKEY_FOLDER/monkey_island/requirements.txt --no-index --find-links file://$INSTALLATION_FOLDER
+
+deactivate
 
 # remove installation folder and unnecessary files
 rm -rf ${INSTALLATION_FOLDER}
 rm -f ${MONKEY_FOLDER}/monkey_island/requirements.txt
 
+echo "Installing mongodb..."
 ${MONKEY_FOLDER}/monkey_island/install_mongo.sh ${MONKEY_FOLDER}/monkey_island/bin/mongodb
 
 if [ -d "/etc/systemd/network" ]; then
@@ -25,11 +47,17 @@ if [ -d "/etc/systemd/network" ]; then
     systemctl enable monkey-island
 fi
 
-${MONKEY_FOLDER}/monkey_island/create_certificate.sh ${MONKEY_FOLDER}/monkey_island/
+echo "Creating server certificate..."
+${MONKEY_FOLDER}/monkey_island/create_certificate.sh ${MONKEY_FOLDER}/monkey_island/cc
 
+echo "Starting services..."
 service monkey-island start
 service monkey-mongo start
 
-echo Monkey Island installation ended
+echo ""
+echo "Monkey Island installation ended."
+echo "The server should be accessible soon via https://<server_ip>:5000/"
+echo "To check the Island's status, run 'sudo service monkey-island status'"
+echo ""
 
 exit 0

monkey/monkey_island/linux/create_certificate.sh

@@ -2,8 +2,29 @@
 
 server_root=${1:-"./cc"}
 
+echo "Creating server cetificate. Server root: $server_root"
+# We override the RANDFILE determined by default openssl.cnf, if it doesn't exist.
+# This is a known issue with the current version of openssl on Ubuntu 18.04 - once they release
+# a new version, we can delete this command. See
+# https://github.com/openssl/openssl/commit/0f58220973a02248ca5c69db59e615378467b9c8#diff-8ce6aaad88b10ed2b3b4592fd5c8e03a
+# for more details.
+DEFAULT_RND_FILE_PATH=~/.rnd
+CREATED_RND_FILE=false
+if [ ! -f /tmp/foo.txt ]; then  # If the file already exists, assume that the contents are fine, and don't change them.
+  echo "Creating rand seed file in $DEFAULT_RND_FILE_PATH"
+  dd bs=1024 count=2 </dev/urandom >"$DEFAULT_RND_FILE_PATH"
+  chmod 666 "$DEFAULT_RND_FILE_PATH"
+  CREATED_RND_FILE=true
+fi
 
+echo "Generating key in $server_root/server.key..."
 openssl genrsa -out "$server_root"/server.key 2048
+echo "Generating csr in $server_root/server.csr..."
 openssl req -new -key "$server_root"/server.key -out "$server_root"/server.csr -subj "/C=GB/ST=London/L=London/O=Global Security/OU=Monkey Department/CN=monkey.com"
-openssl x509 -req -days 366 -in "$server_root"/server.csr -signkey "$server_root"/server.key -out $server_root/server.crt
+echo "Generating certificate in $server_root/server.crt..."
+openssl x509 -req -days 366 -in "$server_root"/server.csr -signkey "$server_root"/server.key -out "$server_root"/server.crt
 
+# Shove some new random data into the file to override the original seed we put in.
+if [ "$CREATED_RND_FILE" = true ] ; then
+  dd bs=1024 count=2 </dev/urandom >"$DEFAULT_RND_FILE_PATH"
+fi

monkey/monkey_island/requirements.txt

@@ -1,5 +1,4 @@
 pytest
-bson
 python-dateutil
 tornado
 werkzeug