forked from p15670423/monkey
Merge pull request #2089 from guardicore/1662-remove-configservice-from-utils
Remove `services/configuration/utils.py`, use AgentConfiguration
This commit is contained in:
commit
6b94d5c04a
|
@ -1,5 +1,4 @@
|
||||||
SSH_KEYS_PATH = ["internal", "exploits", "exploit_ssh_keys"]
|
SSH_KEYS_PATH = ["internal", "exploits", "exploit_ssh_keys"]
|
||||||
INACCESSIBLE_SUBNETS_PATH = ["basic_network", "network_analysis", "inaccessible_subnets"]
|
|
||||||
USER_LIST_PATH = ["basic", "credentials", "exploit_user_list"]
|
USER_LIST_PATH = ["basic", "credentials", "exploit_user_list"]
|
||||||
PASSWORD_LIST_PATH = ["basic", "credentials", "exploit_password_list"]
|
PASSWORD_LIST_PATH = ["basic", "credentials", "exploit_password_list"]
|
||||||
LM_HASH_LIST_PATH = ["internal", "exploits", "exploit_lm_hash_list"]
|
LM_HASH_LIST_PATH = ["internal", "exploits", "exploit_lm_hash_list"]
|
||||||
|
|
|
@ -8,6 +8,7 @@ from flask import request
|
||||||
from monkey_island.cc.database import mongo
|
from monkey_island.cc.database import mongo
|
||||||
from monkey_island.cc.models.monkey import Monkey
|
from monkey_island.cc.models.monkey import Monkey
|
||||||
from monkey_island.cc.models.telemetries import get_telemetry_by_query
|
from monkey_island.cc.models.telemetries import get_telemetry_by_query
|
||||||
|
from monkey_island.cc.repository import IAgentConfigurationRepository
|
||||||
from monkey_island.cc.resources.AbstractResource import AbstractResource
|
from monkey_island.cc.resources.AbstractResource import AbstractResource
|
||||||
from monkey_island.cc.resources.request_authentication import jwt_required
|
from monkey_island.cc.resources.request_authentication import jwt_required
|
||||||
from monkey_island.cc.services.node import NodeService
|
from monkey_island.cc.services.node import NodeService
|
||||||
|
@ -20,6 +21,9 @@ class Telemetry(AbstractResource):
|
||||||
# API Spec: Resource name should be plural
|
# API Spec: Resource name should be plural
|
||||||
urls = ["/api/telemetry", "/api/telemetry/<string:monkey_guid>"]
|
urls = ["/api/telemetry", "/api/telemetry/<string:monkey_guid>"]
|
||||||
|
|
||||||
|
def __init__(self, agent_configuration_repository: IAgentConfigurationRepository):
|
||||||
|
self._agent_configuration_repository = agent_configuration_repository
|
||||||
|
|
||||||
@jwt_required
|
@jwt_required
|
||||||
def get(self, **kw):
|
def get(self, **kw):
|
||||||
monkey_guid = request.args.get("monkey_guid")
|
monkey_guid = request.args.get("monkey_guid")
|
||||||
|
@ -59,7 +63,8 @@ class Telemetry(AbstractResource):
|
||||||
monkey = NodeService.get_monkey_by_guid(telemetry_json["monkey_guid"])
|
monkey = NodeService.get_monkey_by_guid(telemetry_json["monkey_guid"])
|
||||||
NodeService.update_monkey_modify_time(monkey["_id"])
|
NodeService.update_monkey_modify_time(monkey["_id"])
|
||||||
|
|
||||||
process_telemetry(telemetry_json)
|
agent_configuration = self._agent_configuration_repository.get_configuration()
|
||||||
|
process_telemetry(telemetry_json, agent_configuration)
|
||||||
|
|
||||||
# API Spec: RESTful way is to return an identifier of the updated/newly created resource
|
# API Spec: RESTful way is to return an identifier of the updated/newly created resource
|
||||||
return {}, 201
|
return {}, 201
|
||||||
|
|
|
@ -1,6 +0,0 @@
|
||||||
from common.config_value_paths import INACCESSIBLE_SUBNETS_PATH
|
|
||||||
from monkey_island.cc.services.config import ConfigService
|
|
||||||
|
|
||||||
|
|
||||||
def get_config_network_segments_as_subnet_groups():
|
|
||||||
return [ConfigService.get_config_value(INACCESSIBLE_SUBNETS_PATH)]
|
|
|
@ -11,9 +11,6 @@ from monkey_island.cc.database import mongo
|
||||||
from monkey_island.cc.models import Monkey
|
from monkey_island.cc.models import Monkey
|
||||||
from monkey_island.cc.models.report import get_report, save_report
|
from monkey_island.cc.models.report import get_report, save_report
|
||||||
from monkey_island.cc.repository import IAgentConfigurationRepository, ICredentialsRepository
|
from monkey_island.cc.repository import IAgentConfigurationRepository, ICredentialsRepository
|
||||||
from monkey_island.cc.services.configuration.utils import (
|
|
||||||
get_config_network_segments_as_subnet_groups,
|
|
||||||
)
|
|
||||||
from monkey_island.cc.services.node import NodeService
|
from monkey_island.cc.services.node import NodeService
|
||||||
from monkey_island.cc.services.reporting.exploitations.manual_exploitation import get_manual_monkeys
|
from monkey_island.cc.services.reporting.exploitations.manual_exploitation import get_manual_monkeys
|
||||||
from monkey_island.cc.services.reporting.exploitations.monkey_exploitation import (
|
from monkey_island.cc.services.reporting.exploitations.monkey_exploitation import (
|
||||||
|
@ -325,8 +322,8 @@ class ReportService:
|
||||||
|
|
||||||
return cross_segment_issues
|
return cross_segment_issues
|
||||||
|
|
||||||
@staticmethod
|
@classmethod
|
||||||
def get_cross_segment_issues():
|
def get_cross_segment_issues(cls):
|
||||||
scans = mongo.db.telemetry.find(
|
scans = mongo.db.telemetry.find(
|
||||||
{"telem_category": "scan"},
|
{"telem_category": "scan"},
|
||||||
{
|
{
|
||||||
|
@ -340,7 +337,8 @@ class ReportService:
|
||||||
cross_segment_issues = []
|
cross_segment_issues = []
|
||||||
|
|
||||||
# For now the feature is limited to 1 group.
|
# For now the feature is limited to 1 group.
|
||||||
subnet_groups = get_config_network_segments_as_subnet_groups()
|
agent_configuration = cls._agent_configuration_repository.get_configuration()
|
||||||
|
subnet_groups = agent_configuration.propagation.network_scan.targets.inaccessible_subnets
|
||||||
|
|
||||||
for subnet_group in subnet_groups:
|
for subnet_group in subnet_groups:
|
||||||
cross_segment_issues += ReportService.get_cross_segment_issues_per_subnet_group(
|
cross_segment_issues += ReportService.get_cross_segment_issues_per_subnet_group(
|
||||||
|
|
|
@ -5,7 +5,7 @@ from monkey_island.cc.models.monkey import Monkey
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
def process_aws_telemetry(telemetry_json):
|
def process_aws_telemetry(telemetry_json, _):
|
||||||
relevant_monkey = Monkey.get_single_monkey_by_guid(telemetry_json["monkey_guid"])
|
relevant_monkey = Monkey.get_single_monkey_by_guid(telemetry_json["monkey_guid"])
|
||||||
|
|
||||||
if "instance_id" in telemetry_json["data"]:
|
if "instance_id" in telemetry_json["data"]:
|
||||||
|
|
|
@ -14,7 +14,7 @@ from monkey_island.cc.services.telemetry.zero_trust_checks.machine_exploited imp
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
def process_exploit_telemetry(telemetry_json):
|
def process_exploit_telemetry(telemetry_json, _):
|
||||||
encrypt_exploit_creds(telemetry_json)
|
encrypt_exploit_creds(telemetry_json)
|
||||||
edge = get_edge_by_scan_or_exploit_telemetry(telemetry_json)
|
edge = get_edge_by_scan_or_exploit_telemetry(telemetry_json)
|
||||||
update_network_with_exploit(edge, telemetry_json)
|
update_network_with_exploit(edge, telemetry_json)
|
||||||
|
|
|
@ -32,7 +32,7 @@ POST_BREACH_TELEMETRY_PROCESSING_FUNCS = {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
def process_post_breach_telemetry(telemetry_json):
|
def process_post_breach_telemetry(telemetry_json, _):
|
||||||
def convert_telem_data_to_list(data):
|
def convert_telem_data_to_list(data):
|
||||||
modified_data = [data]
|
modified_data = [data]
|
||||||
if type(data["result"][0]) is list: # multiple results in one pba
|
if type(data["result"][0]) is list: # multiple results in one pba
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
import logging
|
import logging
|
||||||
|
|
||||||
from common.common_consts.telem_categories import TelemCategoryEnum
|
from common.common_consts.telem_categories import TelemCategoryEnum
|
||||||
|
from common.configuration import AgentConfiguration
|
||||||
from monkey_island.cc.models.telemetries import save_telemetry
|
from monkey_island.cc.models.telemetries import save_telemetry
|
||||||
from monkey_island.cc.services.telemetry.processing.aws_info import process_aws_telemetry
|
from monkey_island.cc.services.telemetry.processing.aws_info import process_aws_telemetry
|
||||||
from monkey_island.cc.services.telemetry.processing.exploit import process_exploit_telemetry
|
from monkey_island.cc.services.telemetry.processing.exploit import process_exploit_telemetry
|
||||||
|
@ -29,11 +30,13 @@ TELEMETRY_CATEGORY_TO_PROCESSING_FUNC = {
|
||||||
UNSAVED_TELEMETRIES = [TelemCategoryEnum.CREDENTIALS]
|
UNSAVED_TELEMETRIES = [TelemCategoryEnum.CREDENTIALS]
|
||||||
|
|
||||||
|
|
||||||
def process_telemetry(telemetry_json):
|
def process_telemetry(telemetry_json, agent_configuration: AgentConfiguration):
|
||||||
try:
|
try:
|
||||||
telem_category = telemetry_json.get("telem_category")
|
telem_category = telemetry_json.get("telem_category")
|
||||||
if telem_category in TELEMETRY_CATEGORY_TO_PROCESSING_FUNC:
|
if telem_category in TELEMETRY_CATEGORY_TO_PROCESSING_FUNC:
|
||||||
TELEMETRY_CATEGORY_TO_PROCESSING_FUNC[telem_category](telemetry_json)
|
TELEMETRY_CATEGORY_TO_PROCESSING_FUNC[telem_category](
|
||||||
|
telemetry_json, agent_configuration
|
||||||
|
)
|
||||||
else:
|
else:
|
||||||
logger.info("Got unknown type of telemetry: %s" % telem_category)
|
logger.info("Got unknown type of telemetry: %s" % telem_category)
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
from typing import Mapping
|
from typing import Mapping
|
||||||
|
|
||||||
|
from common.configuration import AgentConfiguration
|
||||||
from monkey_island.cc.database import mongo
|
from monkey_island.cc.database import mongo
|
||||||
from monkey_island.cc.models import Monkey
|
from monkey_island.cc.models import Monkey
|
||||||
from monkey_island.cc.services.node import NodeService
|
from monkey_island.cc.services.node import NodeService
|
||||||
|
@ -14,7 +15,7 @@ from monkey_island.cc.services.telemetry.zero_trust_checks.segmentation import (
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
def process_scan_telemetry(telemetry_json):
|
def process_scan_telemetry(telemetry_json, agent_configuration: AgentConfiguration):
|
||||||
if not _host_responded(telemetry_json["data"]["machine"]):
|
if not _host_responded(telemetry_json["data"]["machine"]):
|
||||||
return
|
return
|
||||||
|
|
||||||
|
@ -23,7 +24,7 @@ def process_scan_telemetry(telemetry_json):
|
||||||
|
|
||||||
current_monkey = Monkey.get_single_monkey_by_guid(telemetry_json["monkey_guid"])
|
current_monkey = Monkey.get_single_monkey_by_guid(telemetry_json["monkey_guid"])
|
||||||
target_ip = telemetry_json["data"]["machine"]["ip_addr"]
|
target_ip = telemetry_json["data"]["machine"]["ip_addr"]
|
||||||
check_segmentation_violation(current_monkey, target_ip)
|
check_segmentation_violation(current_monkey, target_ip, agent_configuration)
|
||||||
|
|
||||||
|
|
||||||
def update_edges_and_nodes_based_on_scan_telemetry(telemetry_json):
|
def update_edges_and_nodes_based_on_scan_telemetry(telemetry_json):
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
import logging
|
import logging
|
||||||
|
|
||||||
|
from common.configuration import AgentConfiguration
|
||||||
from monkey_island.cc.models import Monkey
|
from monkey_island.cc.models import Monkey
|
||||||
from monkey_island.cc.services.node import NodeService
|
from monkey_island.cc.services.node import NodeService
|
||||||
from monkey_island.cc.services.telemetry.zero_trust_checks.segmentation import (
|
from monkey_island.cc.services.telemetry.zero_trust_checks.segmentation import (
|
||||||
|
@ -9,7 +10,7 @@ from monkey_island.cc.services.telemetry.zero_trust_checks.segmentation import (
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
def process_state_telemetry(telemetry_json):
|
def process_state_telemetry(telemetry_json, agent_configuration: AgentConfiguration):
|
||||||
monkey = NodeService.get_monkey_by_guid(telemetry_json["monkey_guid"])
|
monkey = NodeService.get_monkey_by_guid(telemetry_json["monkey_guid"])
|
||||||
NodeService.add_communication_info(monkey, telemetry_json["command_control_channel"])
|
NodeService.add_communication_info(monkey, telemetry_json["command_control_channel"])
|
||||||
if telemetry_json["data"]["done"]:
|
if telemetry_json["data"]["done"]:
|
||||||
|
@ -19,7 +20,7 @@ def process_state_telemetry(telemetry_json):
|
||||||
|
|
||||||
if telemetry_json["data"]["done"]:
|
if telemetry_json["data"]["done"]:
|
||||||
current_monkey = Monkey.get_single_monkey_by_guid(telemetry_json["monkey_guid"])
|
current_monkey = Monkey.get_single_monkey_by_guid(telemetry_json["monkey_guid"])
|
||||||
check_passed_findings_for_unreached_segments(current_monkey)
|
check_passed_findings_for_unreached_segments(current_monkey, agent_configuration)
|
||||||
|
|
||||||
if telemetry_json["data"]["version"]:
|
if telemetry_json["data"]["version"]:
|
||||||
logger.info(
|
logger.info(
|
||||||
|
|
|
@ -5,7 +5,7 @@ from monkey_island.cc.services.telemetry.zero_trust_checks.tunneling import (
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
def process_tunnel_telemetry(telemetry_json):
|
def process_tunnel_telemetry(telemetry_json, _):
|
||||||
check_tunneling_violation(telemetry_json)
|
check_tunneling_violation(telemetry_json)
|
||||||
monkey_id = NodeService.get_monkey_by_guid(telemetry_json["monkey_guid"])["_id"]
|
monkey_id = NodeService.get_monkey_by_guid(telemetry_json["monkey_guid"])["_id"]
|
||||||
if telemetry_json["data"]["proxy"] is not None:
|
if telemetry_json["data"]["proxy"] is not None:
|
||||||
|
|
|
@ -1,13 +1,11 @@
|
||||||
import itertools
|
import itertools
|
||||||
|
|
||||||
import common.common_consts.zero_trust_consts as zero_trust_consts
|
import common.common_consts.zero_trust_consts as zero_trust_consts
|
||||||
|
from common.configuration import AgentConfiguration
|
||||||
from common.network.network_range import NetworkRange
|
from common.network.network_range import NetworkRange
|
||||||
from common.network.segmentation_utils import get_ip_if_in_subnet, get_ip_in_src_and_not_in_dst
|
from common.network.segmentation_utils import get_ip_if_in_subnet, get_ip_in_src_and_not_in_dst
|
||||||
from monkey_island.cc.models import Monkey
|
from monkey_island.cc.models import Monkey
|
||||||
from monkey_island.cc.models.zero_trust.event import Event
|
from monkey_island.cc.models.zero_trust.event import Event
|
||||||
from monkey_island.cc.services.configuration.utils import (
|
|
||||||
get_config_network_segments_as_subnet_groups,
|
|
||||||
)
|
|
||||||
from monkey_island.cc.services.zero_trust.monkey_findings.monkey_zt_finding_service import (
|
from monkey_island.cc.services.zero_trust.monkey_findings.monkey_zt_finding_service import (
|
||||||
MonkeyZTFindingService,
|
MonkeyZTFindingService,
|
||||||
)
|
)
|
||||||
|
@ -24,9 +22,11 @@ SEGMENTATION_VIOLATION_EVENT_TEXT = (
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
def check_segmentation_violation(current_monkey, target_ip):
|
def check_segmentation_violation(
|
||||||
|
current_monkey, target_ip, agent_configuration: AgentConfiguration
|
||||||
|
):
|
||||||
# TODO - lower code duplication between this and report.py.
|
# TODO - lower code duplication between this and report.py.
|
||||||
subnet_groups = get_config_network_segments_as_subnet_groups()
|
subnet_groups = _get_config_network_segments_as_subnet_groups(agent_configuration)
|
||||||
for subnet_group in subnet_groups:
|
for subnet_group in subnet_groups:
|
||||||
subnet_pairs = itertools.product(subnet_group, subnet_group)
|
subnet_pairs = itertools.product(subnet_group, subnet_group)
|
||||||
for subnet_pair in subnet_pairs:
|
for subnet_pair in subnet_pairs:
|
||||||
|
@ -84,13 +84,21 @@ def get_segmentation_violation_event(current_monkey, source_subnet, target_ip, t
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
def check_passed_findings_for_unreached_segments(current_monkey):
|
def check_passed_findings_for_unreached_segments(
|
||||||
|
current_monkey, agent_configuration: AgentConfiguration
|
||||||
|
):
|
||||||
flat_all_subnets = [
|
flat_all_subnets = [
|
||||||
item for sublist in get_config_network_segments_as_subnet_groups() for item in sublist
|
item
|
||||||
|
for sublist in _get_config_network_segments_as_subnet_groups(agent_configuration)
|
||||||
|
for item in sublist
|
||||||
]
|
]
|
||||||
create_or_add_findings_for_all_pairs(flat_all_subnets, current_monkey)
|
create_or_add_findings_for_all_pairs(flat_all_subnets, current_monkey)
|
||||||
|
|
||||||
|
|
||||||
|
def _get_config_network_segments_as_subnet_groups(agent_configuration: AgentConfiguration):
|
||||||
|
return agent_configuration.propagation.network_scan.targets.inaccessible_subnets
|
||||||
|
|
||||||
|
|
||||||
def create_or_add_findings_for_all_pairs(all_subnets, current_monkey):
|
def create_or_add_findings_for_all_pairs(all_subnets, current_monkey):
|
||||||
# Filter the subnets that this monkey is part of.
|
# Filter the subnets that this monkey is part of.
|
||||||
this_monkey_subnets = []
|
this_monkey_subnets = []
|
||||||
|
|
|
@ -69,8 +69,8 @@ expected_telem_single_result = {
|
||||||
def test_process_post_breach_telemetry():
|
def test_process_post_breach_telemetry():
|
||||||
post_breach.update_data = Mock() # actual behavior of update_data() is to access mongodb
|
post_breach.update_data = Mock() # actual behavior of update_data() is to access mongodb
|
||||||
# multiple results in PBA
|
# multiple results in PBA
|
||||||
post_breach.process_post_breach_telemetry(original_telem_multiple_results)
|
post_breach.process_post_breach_telemetry(original_telem_multiple_results, None)
|
||||||
assert original_telem_multiple_results == expected_telem_multiple_results
|
assert original_telem_multiple_results == expected_telem_multiple_results
|
||||||
# single result in PBA
|
# single result in PBA
|
||||||
post_breach.process_post_breach_telemetry(original_telem_single_result)
|
post_breach.process_post_breach_telemetry(original_telem_single_result, None)
|
||||||
assert original_telem_single_result == expected_telem_single_result
|
assert original_telem_single_result == expected_telem_single_result
|
||||||
|
|
Loading…
Reference in New Issue