p15693087
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Agent: Remove known_hosts from SSH Credential Collector 

It is not used anywhere.
This commit is contained in:
Ilija Lazoroski 2022-02-15 19:54:05 +01:00
parent e9e5e95f49
commit a03a5145a7
3 changed files with 8 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
monkey/infection_monkey/credential_collectors/ssh_collector/SSH_credentials_collector.py
View File

@ -35,7 +35,7 @@ class SSHCollector(ICredentialCollector):
credentials_obj.identities.append(Username(info["name"])) credentials_obj.identities.append(Username(info["name"]))
ssh_keypair = {} ssh_keypair = {}
for key in ["public_key", "private_key", "known_hosts"]: for key in ["public_key", "private_key"]:
if key in info and info.get(key) is not None: if key in info and info.get(key) is not None:
ssh_keypair[key] = info[key] ssh_keypair[key] = info[key]

20
monkey/infection_monkey/credential_collectors/ssh_collector/ssh_handler.py
View File

@ -31,12 +31,10 @@ def _get_home_dirs() -> Iterable[Dict]:
def _get_ssh_struct(name: str, home_dir: str) -> Dict: def _get_ssh_struct(name: str, home_dir: str) -> Dict:
""" """
Construct the SSH info. It consisted of: name, home_dir, Construct the SSH info. It consisted of: name, home_dir,
public_key, private_key and known_hosts. public_key and private_key.
public_key: contents of *.pub file (public key) public_key: contents of *.pub file (public key)
private_key: contents of * file (private key) private_key: contents of * file (private key)
known_hosts: contents of known_hosts file(all the servers keys are good for,
possibly hashed)
:param name: username of user, for whom the keys belong :param name: username of user, for whom the keys belong
:param home_dir: users home directory :param home_dir: users home directory
@ -49,7 +47,6 @@ def _get_ssh_struct(name: str, home_dir: str) -> Dict:
"home_dir": home_dir, "home_dir": home_dir,
"public_key": None, "public_key": None,
"private_key": None, "private_key": None,
"known_hosts": None,
} }
@ -88,15 +85,6 @@ def _get_ssh_files(usr_info: Iterable[Dict]) -> Iterable[Dict]:
continue continue
except (IOError, OSError): except (IOError, OSError):
pass pass
# By default, known hosts file is called 'known_hosts'
known_hosts = os.path.join(current_path, "known_hosts")
if os.path.exists(known_hosts):
try:
with open(known_hosts) as f:
info["known_hosts"] = f.read()
logger.info("Found known_hosts in %s" % known_hosts)
except (IOError, OSError):
pass
# If private key found don't search more # If private key found don't search more
if info["private_key"]: if info["private_key"]:
break break
@ -104,9 +92,5 @@ def _get_ssh_files(usr_info: Iterable[Dict]) -> Iterable[Dict]:
pass pass
except OSError: except OSError:
pass pass
usr_info = [ usr_info = [info for info in usr_info if info["private_key"] or info["public_key"]]
info
for info in usr_info
if info["private_key"] or info["known_hosts"] or info["public_key"]
]
return usr_info return usr_info

24
monkey/tests/unit_tests/infection_monkey/credential_collectors/linux_credentials_collector/test_ssh_credentials_collector.py
View File

@ -14,9 +14,7 @@ def test_ssh_credentials_empty_results(monkeypatch):
collected = SSHCollector().collect_credentials() collected = SSHCollector().collect_credentials()
assert [] == collected assert [] == collected
ssh_creds = [ ssh_creds = [{"name": "", "home_dir": "", "public_key": None, "private_key": None}]
{"name": "", "home_dir": "", "public_key": None, "private_key": None, "known_hosts": None}
]
patch_ssh_handler(ssh_creds, monkeypatch) patch_ssh_handler(ssh_creds, monkeypatch)
expected = [] expected = []
collected = SSHCollector().collect_credentials() collected = SSHCollector().collect_credentials()
@ -31,45 +29,33 @@ def test_ssh_info_result_parsing(monkeypatch):
"home_dir": "/home/ubuntu", "home_dir": "/home/ubuntu",
"public_key": "SomePublicKeyUbuntu", "public_key": "SomePublicKeyUbuntu",
"private_key": "ExtremelyGoodPrivateKey", "private_key": "ExtremelyGoodPrivateKey",
"known_hosts": "MuchKnownHosts",
}, },
{ {
"name": "mcus", "name": "mcus",
"home_dir": "/home/mcus", "home_dir": "/home/mcus",
"public_key": "AnotherPublicKey", "public_key": "AnotherPublicKey",
"private_key": "NotSoGoodPrivateKey",
"known_hosts": None,
},
{
"name": "",
"home_dir": "/",
"public_key": None,
"private_key": None, "private_key": None,
"known_hosts": "VeryGoodHosts1",
}, },
{"name": "guest", "home_dir": "/", "public_key": None, "private_key": None},
] ]
patch_ssh_handler(ssh_creds, monkeypatch) patch_ssh_handler(ssh_creds, monkeypatch)
# Expected credentials # Expected credentials
username = Username("ubuntu") username = Username("ubuntu")
username2 = Username("mcus") username2 = Username("mcus")
username3 = Username("guest")
ssh_keypair1 = SSHKeypair( ssh_keypair1 = SSHKeypair(
{ {"public_key": "SomePublicKeyUbuntu", "private_key": "ExtremelyGoodPrivateKey"}
"public_key": "SomePublicKeyUbuntu",
"private_key": "ExtremelyGoodPrivateKey",
"known_hosts": "MuchKnownHosts",
}
) )
ssh_keypair2 = SSHKeypair( ssh_keypair2 = SSHKeypair(
{"public_key": "AnotherPublicKey", "private_key": "NotSoGoodPrivateKey"} {"public_key": "AnotherPublicKey", "private_key": "NotSoGoodPrivateKey"}
) )
ssh_keypair3 = SSHKeypair({"known_hosts": "VeryGoodHosts"})
expected = [ expected = [
Credentials(identities=[username], secrets=[ssh_keypair1]), Credentials(identities=[username], secrets=[ssh_keypair1]),
Credentials(identities=[username2], secrets=[ssh_keypair2]), Credentials(identities=[username2], secrets=[ssh_keypair2]),
Credentials(identities=[], secrets=[ssh_keypair3]), Credentials(identities=[username3], secrets=[]),
] ]
collected = SSHCollector().collect_credentials() collected = SSHCollector().collect_credentials()
assert expected == collected assert expected == collected