From bd22b7fbcc20fb6d43394b4f0836fded04588665 Mon Sep 17 00:00:00 2001 From: EliaOnceAgain Date: Mon, 4 Apr 2022 23:46:48 +0300 Subject: [PATCH 01/12] Deploy: Script to install appimage sysd service that runs on boot --- .../install-infection-monkey-service.sh | 138 ++++++++++++++++++ 1 file changed, 138 insertions(+) create mode 100755 deployment_scripts/install-infection-monkey-service.sh diff --git a/deployment_scripts/install-infection-monkey-service.sh b/deployment_scripts/install-infection-monkey-service.sh new file mode 100755 index 000000000..dd627f172 --- /dev/null +++ b/deployment_scripts/install-infection-monkey-service.sh @@ -0,0 +1,138 @@ +#!/bin/bash + +set -e + +SCRIPT_DIR="$(realpath $(dirname $BASH_SOURCE[0]))" +SYSTEMD_UNIT_FILENAME="monkey-appimage.service" +SYSTEMD_DIR="/lib/systemd/system" +MONKEY_BIN="/opt/infection-monkey/bin" +APPIMAGE_NAME="InfectionMonkey.appimage" + +echo_help() { + echo "usage: install-infection-monkey-service.sh [--user --appimage ] [--help] [--uninstall]" + echo "" + echo "Installs Infection Monkey AppImage and systemd unit to run on boot" + echo "--user User to run the AppImage as" + echo "--appimage Path to the AppImage" + echo "--uninstall Uninstall Infection Monkey AppImage systemd service" +} + +service_install() { + cat > "${SCRIPT_DIR}/${SYSTEMD_UNIT_FILENAME}" << EOF +[Unit] +Description=Infection Monkey AppImage Runner +After=network.target + +[Service] +User=$1 +Type=simple +ExecStart="${MONKEY_BIN}/${APPIMAGE_NAME}" + +[Install] +WantedBy=multi-user.target +EOF + + sudo mv "${SCRIPT_DIR}/${SYSTEMD_UNIT_FILENAME}" "${SYSTEMD_DIR}/${SYSTEMD_UNIT_FILENAME}" + + # Enable on boot + sudo systemctl enable "${SYSTEMD_UNIT_FILENAME}" &>/dev/null + sudo systemctl daemon-reload +} + +service_uninstall() { + echo "Uninstalling Infection Monkey AppImage systemd service..." + + if [ -f "${MONKEY_BIN}/${APPIMAGE_NAME}" ] ; then + sudo rm -f "${MONKEY_BIN}/${APPIMAGE_NAME}" + fi + + if [ -f "${SYSTEMD_DIR}/${SYSTEMD_UNIT_FILENAME}" ] ; then + sudo systemctl stop "${SYSTEMD_UNIT_FILENAME}" 2>/dev/null + sudo systemctl disable "${SYSTEMD_UNIT_FILENAME}" &>/dev/null + sudo rm "${SYSTEMD_DIR}/${SYSTEMD_UNIT_FILENAME}" + sudo systemctl daemon-reload + fi + + exit 0 +} + +has_sudo() { + # 0 true, 1 false + sudo -nv > /dev/null 2>&1 + return $? +} + +exit_if_missing_argument() { + if [ -z "$2" ] || [ "${2:0:1}" == "-" ]; then + echo "Error: Argument for $1 is missing" >&2 + exit 1 + fi +} + +uname="" +appimage_path="" + +while (( "$#" )); do + case "$1" in + --user) + exit_if_missing_argument "$1" "$2" + + uname=$2 + shift 2 + ;; + --appimage) + exit_if_missing_argument "$1" "$2" + + appimage_path=$2 + shift 2 + ;; + --uninstall) + service_uninstall + ;; + -h|--help) + echo_help + exit 0 + ;; + *) + echo "Error: Unsupported parameter $1" >&2 + exit 1 + ;; + esac +done + +if ! has_sudo; then + echo "Error: You need root permissions for some of this script operations. \ +Run \`sudo -v\`, enter your password, and then re-run this script." + exit 1 +fi + +# input sanity +if [ -z "$uname" ] || [ -z "$appimage_path" ] ; then + echo "Error: missing flags" + echo_help + exit 1 +fi + +# specified user exists +if ! id -u "$uname" &>/dev/null ; then + echo "Error: User does not exist '${uname}'" + exit 1 +fi + +# appimage path exists +if [ ! -f "${appimage_path}" ] ; then + if [ ! -f "${SCRIPT_DIR}/${appimage_path}" ] ; then + echo "Error: AppImage path does not exist: '${appimage_path}'" + exit 1 + fi + appimage_path="${SCRIPT_DIR}/${appimage_path}" +fi + +# move appimge to dst dir +sudo mkdir -p "${MONKEY_BIN}" +if [ "$appimage_path" != "${MONKEY_BIN}/${APPIMAGE_NAME}" ] ; then + sudo cp "$appimage_path" "${MONKEY_BIN}/${APPIMAGE_NAME}" +fi + +service_install "${uname}" +echo "Installation done. " From a671c11f7419d9bdf9d93aae9ed3983eab99db4a Mon Sep 17 00:00:00 2001 From: EliaOnceAgain Date: Fri, 8 Apr 2022 14:53:18 +0300 Subject: [PATCH 02/12] Deploy: Help msg format, func names, service name, validity checks --- .../install-infection-monkey-service.sh | 105 +++++++++++------- 1 file changed, 67 insertions(+), 38 deletions(-) diff --git a/deployment_scripts/install-infection-monkey-service.sh b/deployment_scripts/install-infection-monkey-service.sh index dd627f172..2d22501d4 100755 --- a/deployment_scripts/install-infection-monkey-service.sh +++ b/deployment_scripts/install-infection-monkey-service.sh @@ -2,25 +2,32 @@ set -e -SCRIPT_DIR="$(realpath $(dirname $BASH_SOURCE[0]))" -SYSTEMD_UNIT_FILENAME="monkey-appimage.service" +SCRIPT_DIR="$(realpath "$(dirname "${BASH_SOURCE[0]}")")" +SYSTEMD_UNIT_FILENAME="infection-monkey.service" SYSTEMD_DIR="/lib/systemd/system" MONKEY_BIN="/opt/infection-monkey/bin" APPIMAGE_NAME="InfectionMonkey.appimage" echo_help() { - echo "usage: install-infection-monkey-service.sh [--user --appimage ] [--help] [--uninstall]" + echo "Installs Infection Monkey service to run on boot" echo "" - echo "Installs Infection Monkey AppImage and systemd unit to run on boot" - echo "--user User to run the AppImage as" - echo "--appimage Path to the AppImage" - echo "--uninstall Uninstall Infection Monkey AppImage systemd service" + echo "Usage:" + echo " install-infection-monkey-service.sh --user --appimage " + echo " install-infection-monkey-service.sh --uninstall" + echo " install-infection-monkey-service.sh -h|--help" + echo "" + echo "Options:" + echo " --user User to run the service as" + echo " --appimage Path to AppImage" + echo " --uninstall Uninstall Infection Monkey service" } -service_install() { +install_service() { + move_appimage "$2" + cat > "${SCRIPT_DIR}/${SYSTEMD_UNIT_FILENAME}" << EOF [Unit] -Description=Infection Monkey AppImage Runner +Description=Infection Monkey Runner After=network.target [Service] @@ -33,15 +40,13 @@ WantedBy=multi-user.target EOF sudo mv "${SCRIPT_DIR}/${SYSTEMD_UNIT_FILENAME}" "${SYSTEMD_DIR}/${SYSTEMD_UNIT_FILENAME}" - - # Enable on boot sudo systemctl enable "${SYSTEMD_UNIT_FILENAME}" &>/dev/null - sudo systemctl daemon-reload + + echo -e "The Infection Monkey service has been installed and will start on boot.\n\ +Run 'systemctl start infection-monkey' to start the service now." } -service_uninstall() { - echo "Uninstalling Infection Monkey AppImage systemd service..." - +uninstall_service() { if [ -f "${MONKEY_BIN}/${APPIMAGE_NAME}" ] ; then sudo rm -f "${MONKEY_BIN}/${APPIMAGE_NAME}" fi @@ -53,7 +58,31 @@ service_uninstall() { sudo systemctl daemon-reload fi - exit 0 + echo "The Infection Monkey service has been uninstalled" +} + +user_can_execute() { + sudo -u "$1" test -x "$2" +} + +move_appimage() { + sudo mkdir -p "${MONKEY_BIN}" + + if [ "$1" != "${MONKEY_BIN}/${APPIMAGE_NAME}" ] ; then + sudo cp "$appimage_path" "${MONKEY_BIN}/${APPIMAGE_NAME}" + fi +} + +user_exists() { + id -u "$1" &>/dev/null +} + +assert_flag() { + if [ -z "$2" ] ; then + echo "Error: missing flag '$1'" + echo_help + exit 1 + fi } has_sudo() { @@ -69,6 +98,7 @@ exit_if_missing_argument() { fi } +do_uninstall=false uname="" appimage_path="" @@ -87,7 +117,8 @@ while (( "$#" )); do shift 2 ;; --uninstall) - service_uninstall + do_uninstall=true + shift ;; -h|--help) echo_help @@ -106,33 +137,31 @@ Run \`sudo -v\`, enter your password, and then re-run this script." exit 1 fi -# input sanity -if [ -z "$uname" ] || [ -z "$appimage_path" ] ; then - echo "Error: missing flags" - echo_help +if $do_uninstall ; then + uninstall_service + exit 0 +fi + +assert_flag "--user" "$uname" +assert_flag "--appimage" "$appimage_path" + +if ! user_exists "$uname" ; then + echo "Error: User '$uname' does not exist" exit 1 fi -# specified user exists -if ! id -u "$uname" &>/dev/null ; then - echo "Error: User does not exist '${uname}'" - exit 1 -fi - -# appimage path exists -if [ ! -f "${appimage_path}" ] ; then - if [ ! -f "${SCRIPT_DIR}/${appimage_path}" ] ; then - echo "Error: AppImage path does not exist: '${appimage_path}'" +if [ ! -f "$appimage_path" ] ; then + if [ ! -f "${SCRIPT_DIR}/$appimage_path" ] ; then + echo "Error: AppImage '$appimage_path' does not exist" exit 1 fi - appimage_path="${SCRIPT_DIR}/${appimage_path}" + appimage_path="${SCRIPT_DIR}/$appimage_path" fi -# move appimge to dst dir -sudo mkdir -p "${MONKEY_BIN}" -if [ "$appimage_path" != "${MONKEY_BIN}/${APPIMAGE_NAME}" ] ; then - sudo cp "$appimage_path" "${MONKEY_BIN}/${APPIMAGE_NAME}" +if ! user_can_execute "$uname" "$appimage_path" ; then + echo "Error: User '$uname' does not have execute permission on '$appimage_path'" + exit 1 fi -service_install "${uname}" -echo "Installation done. " +install_service "$uname" "$appimage_path" + From 4f3b2253d5dde4795dc64207b1478e93a4f34ee1 Mon Sep 17 00:00:00 2001 From: EliaOnceAgain Date: Sun, 10 Apr 2022 18:20:39 +0300 Subject: [PATCH 03/12] Deploy: Set appimage executable, rename assert_flag to assert_parameter_supplied --- .../install-infection-monkey-service.sh | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/deployment_scripts/install-infection-monkey-service.sh b/deployment_scripts/install-infection-monkey-service.sh index 2d22501d4..50660dd40 100755 --- a/deployment_scripts/install-infection-monkey-service.sh +++ b/deployment_scripts/install-infection-monkey-service.sh @@ -61,23 +61,21 @@ uninstall_service() { echo "The Infection Monkey service has been uninstalled" } -user_can_execute() { - sudo -u "$1" test -x "$2" -} - move_appimage() { sudo mkdir -p "${MONKEY_BIN}" if [ "$1" != "${MONKEY_BIN}/${APPIMAGE_NAME}" ] ; then sudo cp "$appimage_path" "${MONKEY_BIN}/${APPIMAGE_NAME}" fi + + sudo chmod a+x "${MONKEY_BIN}/${APPIMAGE_NAME}" } user_exists() { id -u "$1" &>/dev/null } -assert_flag() { +assert_parameter_supplied() { if [ -z "$2" ] ; then echo "Error: missing flag '$1'" echo_help @@ -142,8 +140,8 @@ if $do_uninstall ; then exit 0 fi -assert_flag "--user" "$uname" -assert_flag "--appimage" "$appimage_path" +assert_parameter_supplied "--user" "$uname" +assert_parameter_supplied "--appimage" "$appimage_path" if ! user_exists "$uname" ; then echo "Error: User '$uname' does not exist" @@ -158,10 +156,5 @@ if [ ! -f "$appimage_path" ] ; then appimage_path="${SCRIPT_DIR}/$appimage_path" fi -if ! user_can_execute "$uname" "$appimage_path" ; then - echo "Error: User '$uname' does not have execute permission on '$appimage_path'" - exit 1 -fi - install_service "$uname" "$appimage_path" From 149103e9ba27fab2f4e8110b16df84674e861980 Mon Sep 17 00:00:00 2001 From: EliaOnceAgain Date: Sun, 10 Apr 2022 18:30:14 +0300 Subject: [PATCH 04/12] Deploy: Don't chmod if appimage hasn't changed --- deployment_scripts/install-infection-monkey-service.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/deployment_scripts/install-infection-monkey-service.sh b/deployment_scripts/install-infection-monkey-service.sh index 50660dd40..bc9c36ae3 100755 --- a/deployment_scripts/install-infection-monkey-service.sh +++ b/deployment_scripts/install-infection-monkey-service.sh @@ -66,9 +66,8 @@ move_appimage() { if [ "$1" != "${MONKEY_BIN}/${APPIMAGE_NAME}" ] ; then sudo cp "$appimage_path" "${MONKEY_BIN}/${APPIMAGE_NAME}" + sudo chmod a+x "${MONKEY_BIN}/${APPIMAGE_NAME}" fi - - sudo chmod a+x "${MONKEY_BIN}/${APPIMAGE_NAME}" } user_exists() { From f00ebef9f3eb68660dfcaa940204e9c243dd458e Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Sun, 10 Apr 2022 09:58:50 -0400 Subject: [PATCH 05/12] Deploy: Fix minor issues in Usage of install-infection-monkey-service.sh --- deployment_scripts/install-infection-monkey-service.sh | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/deployment_scripts/install-infection-monkey-service.sh b/deployment_scripts/install-infection-monkey-service.sh index bc9c36ae3..4fa8e2aba 100755 --- a/deployment_scripts/install-infection-monkey-service.sh +++ b/deployment_scripts/install-infection-monkey-service.sh @@ -9,17 +9,17 @@ MONKEY_BIN="/opt/infection-monkey/bin" APPIMAGE_NAME="InfectionMonkey.appimage" echo_help() { - echo "Installs Infection Monkey service to run on boot" + echo "Installs the Infection Monkey service to run on boot." echo "" echo "Usage:" - echo " install-infection-monkey-service.sh --user --appimage " + echo " install-infection-monkey-service.sh --user --appimage " echo " install-infection-monkey-service.sh --uninstall" echo " install-infection-monkey-service.sh -h|--help" echo "" echo "Options:" echo " --user User to run the service as" - echo " --appimage Path to AppImage" - echo " --uninstall Uninstall Infection Monkey service" + echo " --appimage Path to AppImage" + echo " --uninstall Uninstall the Infection Monkey service" } install_service() { @@ -156,4 +156,3 @@ if [ ! -f "$appimage_path" ] ; then fi install_service "$uname" "$appimage_path" - From 176e91f5331d4c09978cdf2a3e24186294941cbe Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Sun, 10 Apr 2022 14:31:51 -0400 Subject: [PATCH 06/12] Deploy: Set permissions of deployed AppImage to 755 --- deployment_scripts/install-infection-monkey-service.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/deployment_scripts/install-infection-monkey-service.sh b/deployment_scripts/install-infection-monkey-service.sh index 4fa8e2aba..fe2789426 100755 --- a/deployment_scripts/install-infection-monkey-service.sh +++ b/deployment_scripts/install-infection-monkey-service.sh @@ -65,8 +65,9 @@ move_appimage() { sudo mkdir -p "${MONKEY_BIN}" if [ "$1" != "${MONKEY_BIN}/${APPIMAGE_NAME}" ] ; then + umask 022 sudo cp "$appimage_path" "${MONKEY_BIN}/${APPIMAGE_NAME}" - sudo chmod a+x "${MONKEY_BIN}/${APPIMAGE_NAME}" + sudo chmod 755 "${MONKEY_BIN}/${APPIMAGE_NAME}" fi } From f42a3bdaad121d9c00beeca672165f4e6569d764 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Sun, 10 Apr 2022 14:32:38 -0400 Subject: [PATCH 07/12] Deploy: Improve missing argument error message --- deployment_scripts/install-infection-monkey-service.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deployment_scripts/install-infection-monkey-service.sh b/deployment_scripts/install-infection-monkey-service.sh index fe2789426..2bc8ec1f1 100755 --- a/deployment_scripts/install-infection-monkey-service.sh +++ b/deployment_scripts/install-infection-monkey-service.sh @@ -77,7 +77,7 @@ user_exists() { assert_parameter_supplied() { if [ -z "$2" ] ; then - echo "Error: missing flag '$1'" + echo "Error: missing required parameter '$1'" echo_help exit 1 fi @@ -91,7 +91,7 @@ has_sudo() { exit_if_missing_argument() { if [ -z "$2" ] || [ "${2:0:1}" == "-" ]; then - echo "Error: Argument for $1 is missing" >&2 + echo "Error: Argument for parameter '$1' is missing" >&2 exit 1 fi } From 3aa6d4a1197d8c3c5a2b6aad157c2a051c59a6bb Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Sun, 10 Apr 2022 14:34:10 -0400 Subject: [PATCH 08/12] Deploy: Set `umask 077` before deploying systemd unit --- deployment_scripts/install-infection-monkey-service.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/deployment_scripts/install-infection-monkey-service.sh b/deployment_scripts/install-infection-monkey-service.sh index 2bc8ec1f1..76f0bc453 100755 --- a/deployment_scripts/install-infection-monkey-service.sh +++ b/deployment_scripts/install-infection-monkey-service.sh @@ -39,6 +39,7 @@ ExecStart="${MONKEY_BIN}/${APPIMAGE_NAME}" WantedBy=multi-user.target EOF + umask 077 sudo mv "${SCRIPT_DIR}/${SYSTEMD_UNIT_FILENAME}" "${SYSTEMD_DIR}/${SYSTEMD_UNIT_FILENAME}" sudo systemctl enable "${SYSTEMD_UNIT_FILENAME}" &>/dev/null From c8e4a4f0ef40f094d4227865db6ec35c07034e5b Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Sun, 10 Apr 2022 14:38:24 -0400 Subject: [PATCH 09/12] Deploy: Display help if missing arguments --- deployment_scripts/install-infection-monkey-service.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/deployment_scripts/install-infection-monkey-service.sh b/deployment_scripts/install-infection-monkey-service.sh index 76f0bc453..d1cea9d64 100755 --- a/deployment_scripts/install-infection-monkey-service.sh +++ b/deployment_scripts/install-infection-monkey-service.sh @@ -93,6 +93,7 @@ has_sudo() { exit_if_missing_argument() { if [ -z "$2" ] || [ "${2:0:1}" == "-" ]; then echo "Error: Argument for parameter '$1' is missing" >&2 + echo_help exit 1 fi } From 1be6de0bd831f44642c58bd03dbd825f357ee6be Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Sun, 10 Apr 2022 14:45:58 -0400 Subject: [PATCH 10/12] Deploy: Set mode=0755 when creating /opt/infection-monkey/bin/ --- deployment_scripts/install-infection-monkey-service.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment_scripts/install-infection-monkey-service.sh b/deployment_scripts/install-infection-monkey-service.sh index d1cea9d64..99a73a3af 100755 --- a/deployment_scripts/install-infection-monkey-service.sh +++ b/deployment_scripts/install-infection-monkey-service.sh @@ -63,7 +63,7 @@ uninstall_service() { } move_appimage() { - sudo mkdir -p "${MONKEY_BIN}" + sudo mkdir --mode=0755 -p "${MONKEY_BIN}" if [ "$1" != "${MONKEY_BIN}/${APPIMAGE_NAME}" ] ; then umask 022 From 420e99a902045b6755c86644b6a78adc15c71a00 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Sun, 10 Apr 2022 14:55:42 -0400 Subject: [PATCH 11/12] Changelog: Add a changelog entry for install-infection-monkey-service.sh --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 089bf8930..57ceae925 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,8 @@ Changelog](https://keepachangelog.com/en/1.0.0/). - "GET /api/propagation-credentials/" endpoint for agents to retrieve updated credentials from the Island. #1538 - SSHCollector as a configurable System info Collector. #1606 +- deployment_scrips/install-infection-monkey-service.sh to install an AppImage + as a service. #1552 ### Changed - "Communicate as Backdoor User" PBA's HTTP requests to request headers only and From 151df34ec8bc202eaa90dc1b89463924c48a0816 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Sun, 10 Apr 2022 14:57:13 -0400 Subject: [PATCH 12/12] Deploy: Fix capitalization of .AppImage --- deployment_scripts/install-infection-monkey-service.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment_scripts/install-infection-monkey-service.sh b/deployment_scripts/install-infection-monkey-service.sh index 99a73a3af..e2c9a926f 100755 --- a/deployment_scripts/install-infection-monkey-service.sh +++ b/deployment_scripts/install-infection-monkey-service.sh @@ -6,7 +6,7 @@ SCRIPT_DIR="$(realpath "$(dirname "${BASH_SOURCE[0]}")")" SYSTEMD_UNIT_FILENAME="infection-monkey.service" SYSTEMD_DIR="/lib/systemd/system" MONKEY_BIN="/opt/infection-monkey/bin" -APPIMAGE_NAME="InfectionMonkey.appimage" +APPIMAGE_NAME="InfectionMonkey.AppImage" echo_help() { echo "Installs the Infection Monkey service to run on boot."