From c9a53833e2b25fc638e752ed9c2365dfc658c17c Mon Sep 17 00:00:00 2001 From: Shreya Date: Wed, 2 Jun 2021 19:39:47 +0530 Subject: [PATCH] Add support for custom certificate (partially) --- monkey/common/utils/exceptions.py | 4 ++++ monkey/monkey_island/cc/server_setup.py | 5 ++-- .../monkey_island/cc/server_utils/consts.py | 3 +++ .../cc/setup/certificate/certificate_setup.py | 23 +++++++++++++++++++ .../cc/setup/island_config_options.py | 6 +++++ 5 files changed, 38 insertions(+), 3 deletions(-) create mode 100644 monkey/monkey_island/cc/setup/certificate/certificate_setup.py diff --git a/monkey/common/utils/exceptions.py b/monkey/common/utils/exceptions.py index 8396b423b..632c08991 100644 --- a/monkey/common/utils/exceptions.py +++ b/monkey/common/utils/exceptions.py @@ -52,3 +52,7 @@ class FindingWithoutDetailsError(Exception): class DomainControllerNameFetchError(FailedExploitationError): """ Raise on failed attempt to extract domain controller's name """ + + +class InsecurePermissionsError(Exception): + """ Raise when a file does not have permissions that are secure enough """ diff --git a/monkey/monkey_island/cc/server_setup.py b/monkey/monkey_island/cc/server_setup.py index 4eaa13131..faec1ec96 100644 --- a/monkey/monkey_island/cc/server_setup.py +++ b/monkey/monkey_island/cc/server_setup.py @@ -22,13 +22,13 @@ from monkey_island.cc.arg_parser import IslandCmdArgs # noqa: E402 from monkey_island.cc.arg_parser import parse_cli_args # noqa: E402 from monkey_island.cc.resources.monkey_download import MonkeyDownload # noqa: E402 from monkey_island.cc.server_utils.bootloader_server import BootloaderHttpServer # noqa: E402 -from monkey_island.cc.server_utils.consts import MONKEY_ISLAND_ABS_PATH # noqa: E402 from monkey_island.cc.server_utils.encryptor import initialize_encryptor # noqa: E402 from monkey_island.cc.server_utils.island_logger import reset_logger, setup_logging # noqa: E402 from monkey_island.cc.services.initialize import initialize_services # noqa: E402 from monkey_island.cc.services.reporting.exporter_init import populate_exporter_list # noqa: E402 from monkey_island.cc.services.utils.network_utils import local_ip_addresses # noqa: E402 from monkey_island.cc.setup.island_config_options import IslandConfigOptions # noqa: E402 +from monkey_island.cc.setup.certificate.certificate_setup import setup_certificate # noqa: E402 from monkey_island.cc.setup.mongo.database_initializer import init_collections # noqa: E402 from monkey_island.cc.setup.mongo.mongo_setup import ( # noqa: E402 MONGO_URL, @@ -83,8 +83,7 @@ def _start_island_server(should_setup_only, config_options: IslandConfigOptions) populate_exporter_list() app = init_app(MONGO_URL) - crt_path = str(Path(MONKEY_ISLAND_ABS_PATH, "cc", "server.crt")) - key_path = str(Path(MONKEY_ISLAND_ABS_PATH, "cc", "server.key")) + crt_path, key_path = setup_certificate(config_options) init_collections() diff --git a/monkey/monkey_island/cc/server_utils/consts.py b/monkey/monkey_island/cc/server_utils/consts.py index a14c69d0b..2a50e01aa 100644 --- a/monkey/monkey_island/cc/server_utils/consts.py +++ b/monkey/monkey_island/cc/server_utils/consts.py @@ -46,3 +46,6 @@ DEFAULT_DEVELOP_SERVER_CONFIG_PATH = os.path.join( DEFAULT_LOG_LEVEL = "INFO" DEFAULT_START_MONGO_DB = True + +DEFAULT_CRT_PATH = str(Path(MONKEY_ISLAND_ABS_PATH, "cc", "server.crt")) +DEFAULT_KEY_PATH = str(Path(MONKEY_ISLAND_ABS_PATH, "cc", "server.key")) diff --git a/monkey/monkey_island/cc/setup/certificate/certificate_setup.py b/monkey/monkey_island/cc/setup/certificate/certificate_setup.py new file mode 100644 index 000000000..959025e03 --- /dev/null +++ b/monkey/monkey_island/cc/setup/certificate/certificate_setup.py @@ -0,0 +1,23 @@ +import os + +from common.utils.exceptions import InsecurePermissionsError +from monkey_island.setup.island_config_options import IslandConfigOptions + + +def setup_certificate(config_options: IslandConfigOptions) -> (str, str): + crt_path = config_options.crt_path + key_path = config_options.key_path + + # check paths + for file in [crt_path, key_path]: + if not os.path.exists(file): + raise FileNotFoundError(f"File not found at {file}. Exiting.") + + if not has_sufficient_permissions(file): + raise InsecurePermissionsError(f"{file} has insecure permissions. Exiting.") + + return crt_path, key_path + + +def has_sufficient_permissions(): + pass diff --git a/monkey/monkey_island/cc/setup/island_config_options.py b/monkey/monkey_island/cc/setup/island_config_options.py index 5ce62ba2e..0df903587 100644 --- a/monkey/monkey_island/cc/setup/island_config_options.py +++ b/monkey/monkey_island/cc/setup/island_config_options.py @@ -3,7 +3,9 @@ from __future__ import annotations import os from monkey_island.cc.server_utils.consts import ( + DEFAULT_CRT_PATH, DEFAULT_DATA_DIR, + DEFAULT_KEY_PATH, DEFAULT_LOG_LEVEL, DEFAULT_START_MONGO_DB, ) @@ -14,8 +16,12 @@ class IslandConfigOptions: self.data_dir = os.path.expandvars( os.path.expanduser(config_contents.get("data_dir", DEFAULT_DATA_DIR)) ) + self.log_level = config_contents.get("log_level", DEFAULT_LOG_LEVEL) self.start_mongodb = config_contents.get( "mongodb", {"start_mongodb": DEFAULT_START_MONGO_DB} ).get("start_mongodb", DEFAULT_START_MONGO_DB) + + self.crt_path = config_contents.get("cert_path", DEFAULT_CRT_PATH) + self.key_path = config_contents.get("cert_path", DEFAULT_KEY_PATH)