From 71328ea2b14148386306648515419829a6ed023c Mon Sep 17 00:00:00 2001 From: Ilija Lazoroski Date: Wed, 9 Mar 2022 12:21:03 +0100 Subject: [PATCH 01/11] Agent, Island: User friendly log name * Configurable log directories * Random component to the log file * 'infection-monkey---.log' --- monkey/infection_monkey/config.py | 8 ++--- monkey/infection_monkey/example.conf | 8 ++--- .../infection_monkey/utils/monkey_log_path.py | 29 ++++++++++++++--- .../cc/services/config_schema/internal.py | 32 +++++++++---------- .../monkey_configs/flat_config.json | 8 ++--- .../monkey_config_standard.json | 8 ++--- 6 files changed, 57 insertions(+), 36 deletions(-) diff --git a/monkey/infection_monkey/config.py b/monkey/infection_monkey/config.py index 63c8c5c3b..60799e938 100644 --- a/monkey/infection_monkey/config.py +++ b/monkey/infection_monkey/config.py @@ -71,10 +71,10 @@ class Configuration(object): # logging config ########################### - dropper_log_path_windows = "%temp%\\~df1562.tmp" - dropper_log_path_linux = "/tmp/user-1562" - monkey_log_path_windows = "%temp%\\~df1563.tmp" - monkey_log_path_linux = "/tmp/user-1563" + dropper_log_directory_linux = "/tmp/" + dropper_log_directory_windows = "%temp%\\" + monkey_log_directory_linux = "/tmp/" + monkey_log_directory_windows = "%temp%\\" ########################### # dropper config diff --git a/monkey/infection_monkey/example.conf b/monkey/infection_monkey/example.conf index f370e5fdd..2aaafa728 100644 --- a/monkey/infection_monkey/example.conf +++ b/monkey/infection_monkey/example.conf @@ -16,8 +16,8 @@ "dropper_date_reference_path_windows": "%windir%\\system32\\kernel32.dll", "dropper_date_reference_path_linux": "/bin/sh", - "dropper_log_path_windows": "%temp%\\~df1562.tmp", - "dropper_log_path_linux": "/tmp/user-1562", + "dropper_log_directory_linux": "/tmp/", + "dropper_log_directory_windows": "%temp%\\", "dropper_set_date": true, "dropper_target_path_win_64": "C:\\Windows\\temp\\monkey64.exe", "dropper_target_path_linux": "/tmp/monkey", @@ -38,8 +38,8 @@ "MSSQLFingerprint", "ElasticFinger" ], - "monkey_log_path_windows": "%temp%\\~df1563.tmp", - "monkey_log_path_linux": "/tmp/user-1563", + "monkey_log_directory_windows": "%temp%\\", + "monkey_log_directory_linux": "/tmp/", "ping_scan_timeout": 10000, "smb_download_timeout": 300, "smb_service_name": "InfectionMonkey", diff --git a/monkey/infection_monkey/utils/monkey_log_path.py b/monkey/infection_monkey/utils/monkey_log_path.py index 0b97f83b9..3c5e7e327 100644 --- a/monkey/infection_monkey/utils/monkey_log_path.py +++ b/monkey/infection_monkey/utils/monkey_log_path.py @@ -1,20 +1,41 @@ import os +import string import sys +import time +from random import SystemRandom from infection_monkey.config import WormConfiguration def get_monkey_log_path(): return ( - os.path.expandvars(WormConfiguration.monkey_log_path_windows) + os.path.expandvars( + _generate_random_log_filepath(WormConfiguration.monkey_log_directory_windows, "agent") + ) if sys.platform == "win32" - else WormConfiguration.monkey_log_path_linux + else _generate_random_log_filepath(WormConfiguration.monkey_log_directory_linux, "agent") ) def get_dropper_log_path(): return ( - os.path.expandvars(WormConfiguration.dropper_log_path_windows) + os.path.expandvars( + _generate_random_log_filepath( + WormConfiguration.dropper_log_directory_windows, "dropper" + ) + ) if sys.platform == "win32" - else WormConfiguration.dropper_log_path_linux + else _generate_random_log_filepath(WormConfiguration.dropper_log_directory_linux, "dropper") ) + + +def _generate_random_log_filepath(log_directory: str, monkey_arg: str) -> str: + safe_random = SystemRandom() + random_string = "".join( + [safe_random.choice(string.ascii_lowercase + string.digits) for _ in range(8)] + ) + prefix = f"infection-monkey-{monkey_arg}-" + suffix = f"-{time.strftime('%Y-%m-%d-%H-%M-%S', time.gmtime())}.log" + log_file_path = os.path.join(log_directory, prefix + random_string + suffix) + + return log_file_path diff --git a/monkey/monkey_island/cc/services/config_schema/internal.py b/monkey/monkey_island/cc/services/config_schema/internal.py index 45b76dd23..c492d7904 100644 --- a/monkey/monkey_island/cc/services/config_schema/internal.py +++ b/monkey/monkey_island/cc/services/config_schema/internal.py @@ -188,29 +188,29 @@ INTERNAL = { "title": "Logging", "type": "object", "properties": { - "dropper_log_path_linux": { - "title": "Dropper log file path on Linux", + "dropper_log_directory_linux": { + "title": "Dropper log directory path on Linux", "type": "string", - "default": "/tmp/user-1562", - "description": "The fullpath of the dropper log file on Linux", + "default": "/tmp/", + "description": "The directory path of the dropper log file on Linux", }, - "dropper_log_path_windows": { - "title": "Dropper log file path on Windows", + "dropper_log_directory_windows": { + "title": "Dropper log directory path on Windows", "type": "string", - "default": "%temp%\\~df1562.tmp", - "description": "The fullpath of the dropper log file on Windows", + "default": "%temp%\\", + "description": "The directory path of the dropper log file on Windows", }, - "monkey_log_path_linux": { - "title": "Monkey log file path on Linux", + "monkey_log_directory_linux": { + "title": "Monkey log directory path on Linux", "type": "string", - "default": "/tmp/user-1563", - "description": "The fullpath of the monkey log file on Linux", + "default": "/tmp/", + "description": "The directory path of the monkey log file on Linux", }, - "monkey_log_path_windows": { - "title": "Monkey log file path on Windows", + "monkey_log_directory_windows": { + "title": "Monkey log directory path on Windows", "type": "string", - "default": "%temp%\\~df1563.tmp", - "description": "The fullpath of the monkey log file on Windows", + "default": "%temp%\\", + "description": "The directory path of the monkey log file on Windows", }, }, }, diff --git a/monkey/tests/data_for_tests/monkey_configs/flat_config.json b/monkey/tests/data_for_tests/monkey_configs/flat_config.json index fdac570f5..d7cc0734a 100644 --- a/monkey/tests/data_for_tests/monkey_configs/flat_config.json +++ b/monkey/tests/data_for_tests/monkey_configs/flat_config.json @@ -23,8 +23,8 @@ "depth": 2, "dropper_date_reference_path_linux": "/bin/sh", "dropper_date_reference_path_windows": "%windir%\\system32\\kernel32.dll", - "dropper_log_path_linux": "/tmp/user-1562", - "dropper_log_path_windows": "%temp%\\~df1562.tmp", + "dropper_log_directory_linux": "/tmp/", + "dropper_log_directory_windows": "%temp%\\", "dropper_set_date": true, "dropper_target_path_linux": "/tmp/monkey", "dropper_target_path_win_64": "C:\\Windows\\temp\\monkey64.exe", @@ -71,8 +71,8 @@ "keep_tunnel_open_time": 60, "local_network_scan": true, "max_depth": null, - "monkey_log_path_linux": "/tmp/user-1563", - "monkey_log_path_windows": "%temp%\\~df1563.tmp", + "monkey_log_directory_linux": "/tmp/", + "monkey_log_directory_windows": "%temp%\\", "ping_scan_timeout": 1000, "post_breach_actions": [ "CommunicateAsBackdoorUser", diff --git a/monkey/tests/data_for_tests/monkey_configs/monkey_config_standard.json b/monkey/tests/data_for_tests/monkey_configs/monkey_config_standard.json index 9891fef0c..447a775b6 100644 --- a/monkey/tests/data_for_tests/monkey_configs/monkey_config_standard.json +++ b/monkey/tests/data_for_tests/monkey_configs/monkey_config_standard.json @@ -107,10 +107,10 @@ "dropper_target_path_win_64": "C:\\Windows\\temp\\monkey64.exe" }, "logging": { - "dropper_log_path_linux": "/tmp/user-1562", - "dropper_log_path_windows": "%temp%\\~df1562.tmp", - "monkey_log_path_linux": "/tmp/user-1563", - "monkey_log_path_windows": "%temp%\\~df1563.tmp" + "dropper_log_directory_linux": "/tmp/", + "dropper_log_directory_windows": "%temp%\\", + "monkey_log_directory_linux": "/tmp/", + "monkey_log_directory_windows": "%temp%\\" }, "exploits": { "exploit_lm_hash_list": [], From 3c745f697fe9d0748d56c94e90cc6243d41c35ff Mon Sep 17 00:00:00 2001 From: Ilija Lazoroski Date: Wed, 9 Mar 2022 16:02:36 +0100 Subject: [PATCH 02/11] Agent, UI: Remove internal-logging from config The config is called after the log path is set, so the logging config had no affect on the log path. --- monkey/infection_monkey/config.py | 9 ----- monkey/infection_monkey/example.conf | 4 -- monkey/infection_monkey/main.py | 6 +-- monkey/infection_monkey/monkey.py | 4 +- .../infection_monkey/utils/monkey_log_path.py | 38 +++++-------------- .../cc/services/config_schema/internal.py | 30 --------------- .../InternalConfig.js | 1 - .../monkey_configs/flat_config.json | 4 -- .../monkey_config_standard.json | 6 --- 9 files changed, 15 insertions(+), 87 deletions(-) diff --git a/monkey/infection_monkey/config.py b/monkey/infection_monkey/config.py index 60799e938..8feb3f3f7 100644 --- a/monkey/infection_monkey/config.py +++ b/monkey/infection_monkey/config.py @@ -67,15 +67,6 @@ class Configuration(object): return result - ########################### - # logging config - ########################### - - dropper_log_directory_linux = "/tmp/" - dropper_log_directory_windows = "%temp%\\" - monkey_log_directory_linux = "/tmp/" - monkey_log_directory_windows = "%temp%\\" - ########################### # dropper config ########################### diff --git a/monkey/infection_monkey/example.conf b/monkey/infection_monkey/example.conf index 2aaafa728..ebadf1429 100644 --- a/monkey/infection_monkey/example.conf +++ b/monkey/infection_monkey/example.conf @@ -16,8 +16,6 @@ "dropper_date_reference_path_windows": "%windir%\\system32\\kernel32.dll", "dropper_date_reference_path_linux": "/bin/sh", - "dropper_log_directory_linux": "/tmp/", - "dropper_log_directory_windows": "%temp%\\", "dropper_set_date": true, "dropper_target_path_win_64": "C:\\Windows\\temp\\monkey64.exe", "dropper_target_path_linux": "/tmp/monkey", @@ -38,8 +36,6 @@ "MSSQLFingerprint", "ElasticFinger" ], - "monkey_log_directory_windows": "%temp%\\", - "monkey_log_directory_linux": "/tmp/", "ping_scan_timeout": 10000, "smb_download_timeout": 300, "smb_service_name": "InfectionMonkey", diff --git a/monkey/infection_monkey/main.py b/monkey/infection_monkey/main.py index 9388d5431..f3e6b0a01 100644 --- a/monkey/infection_monkey/main.py +++ b/monkey/infection_monkey/main.py @@ -16,7 +16,7 @@ from infection_monkey.config import EXTERNAL_CONFIG_FILE, WormConfiguration from infection_monkey.dropper import MonkeyDrops from infection_monkey.model import DROPPER_ARG, MONKEY_ARG from infection_monkey.monkey import InfectionMonkey -from infection_monkey.utils.monkey_log_path import get_dropper_log_path, get_monkey_log_path +from infection_monkey.utils.monkey_log_path import get_log_path logger = None @@ -80,10 +80,10 @@ def main(): try: if MONKEY_ARG == monkey_mode: - log_path = get_monkey_log_path() + log_path = get_log_path("agent") monkey_cls = InfectionMonkey elif DROPPER_ARG == monkey_mode: - log_path = get_dropper_log_path() + log_path = get_log_path("dropper") monkey_cls = MonkeyDrops else: return True diff --git a/monkey/infection_monkey/monkey.py b/monkey/infection_monkey/monkey.py index 218b0e92a..0035b5cf6 100644 --- a/monkey/infection_monkey/monkey.py +++ b/monkey/infection_monkey/monkey.py @@ -52,7 +52,7 @@ from infection_monkey.utils.monkey_dir import ( get_monkey_dir_path, remove_monkey_dir, ) -from infection_monkey.utils.monkey_log_path import get_monkey_log_path +from infection_monkey.utils.monkey_log_path import get_log_path from infection_monkey.utils.signal_handler import register_signal_handlers, reset_signal_handlers logger = logging.getLogger(__name__) @@ -288,7 +288,7 @@ class InfectionMonkey: @staticmethod def _send_log(): - monkey_log_path = get_monkey_log_path() + monkey_log_path = get_log_path("agent") if os.path.exists(monkey_log_path): with open(monkey_log_path, "r") as f: log = f.read() diff --git a/monkey/infection_monkey/utils/monkey_log_path.py b/monkey/infection_monkey/utils/monkey_log_path.py index 3c5e7e327..bad203542 100644 --- a/monkey/infection_monkey/utils/monkey_log_path.py +++ b/monkey/infection_monkey/utils/monkey_log_path.py @@ -1,41 +1,23 @@ import os -import string import sys +import tempfile import time -from random import SystemRandom - -from infection_monkey.config import WormConfiguration +from functools import lru_cache -def get_monkey_log_path(): +@lru_cache(maxsize=None) +def get_log_path(monkey_arg: str): return ( - os.path.expandvars( - _generate_random_log_filepath(WormConfiguration.monkey_log_directory_windows, "agent") - ) + os.path.expandvars(_generate_random_log_filepath(monkey_arg)) if sys.platform == "win32" - else _generate_random_log_filepath(WormConfiguration.monkey_log_directory_linux, "agent") + else _generate_random_log_filepath(monkey_arg) ) -def get_dropper_log_path(): - return ( - os.path.expandvars( - _generate_random_log_filepath( - WormConfiguration.dropper_log_directory_windows, "dropper" - ) - ) - if sys.platform == "win32" - else _generate_random_log_filepath(WormConfiguration.dropper_log_directory_linux, "dropper") - ) - - -def _generate_random_log_filepath(log_directory: str, monkey_arg: str) -> str: - safe_random = SystemRandom() - random_string = "".join( - [safe_random.choice(string.ascii_lowercase + string.digits) for _ in range(8)] - ) +def _generate_random_log_filepath(monkey_arg: str) -> str: prefix = f"infection-monkey-{monkey_arg}-" suffix = f"-{time.strftime('%Y-%m-%d-%H-%M-%S', time.gmtime())}.log" - log_file_path = os.path.join(log_directory, prefix + random_string + suffix) - return log_file_path + _, monkey_log_path = tempfile.mkstemp(suffix=suffix, prefix=prefix) + + return monkey_log_path diff --git a/monkey/monkey_island/cc/services/config_schema/internal.py b/monkey/monkey_island/cc/services/config_schema/internal.py index c492d7904..98ab8b95e 100644 --- a/monkey/monkey_island/cc/services/config_schema/internal.py +++ b/monkey/monkey_island/cc/services/config_schema/internal.py @@ -184,36 +184,6 @@ INTERNAL = { }, }, }, - "logging": { - "title": "Logging", - "type": "object", - "properties": { - "dropper_log_directory_linux": { - "title": "Dropper log directory path on Linux", - "type": "string", - "default": "/tmp/", - "description": "The directory path of the dropper log file on Linux", - }, - "dropper_log_directory_windows": { - "title": "Dropper log directory path on Windows", - "type": "string", - "default": "%temp%\\", - "description": "The directory path of the dropper log file on Windows", - }, - "monkey_log_directory_linux": { - "title": "Monkey log directory path on Linux", - "type": "string", - "default": "/tmp/", - "description": "The directory path of the monkey log file on Linux", - }, - "monkey_log_directory_windows": { - "title": "Monkey log directory path on Windows", - "type": "string", - "default": "%temp%\\", - "description": "The directory path of the monkey log file on Windows", - }, - }, - }, "exploits": { "title": "Exploits", "type": "object", diff --git a/monkey/monkey_island/cc/ui/src/components/configuration-components/InternalConfig.js b/monkey/monkey_island/cc/ui/src/components/configuration-components/InternalConfig.js index d7d13db54..42a86dbff 100644 --- a/monkey/monkey_island/cc/ui/src/components/configuration-components/InternalConfig.js +++ b/monkey/monkey_island/cc/ui/src/components/configuration-components/InternalConfig.js @@ -5,7 +5,6 @@ import {Nav} from 'react-bootstrap'; const sectionOrder = [ 'network', 'island_server', - 'logging', 'exploits', 'dropper', 'classes', diff --git a/monkey/tests/data_for_tests/monkey_configs/flat_config.json b/monkey/tests/data_for_tests/monkey_configs/flat_config.json index d7cc0734a..1f82c5499 100644 --- a/monkey/tests/data_for_tests/monkey_configs/flat_config.json +++ b/monkey/tests/data_for_tests/monkey_configs/flat_config.json @@ -23,8 +23,6 @@ "depth": 2, "dropper_date_reference_path_linux": "/bin/sh", "dropper_date_reference_path_windows": "%windir%\\system32\\kernel32.dll", - "dropper_log_directory_linux": "/tmp/", - "dropper_log_directory_windows": "%temp%\\", "dropper_set_date": true, "dropper_target_path_linux": "/tmp/monkey", "dropper_target_path_win_64": "C:\\Windows\\temp\\monkey64.exe", @@ -71,8 +69,6 @@ "keep_tunnel_open_time": 60, "local_network_scan": true, "max_depth": null, - "monkey_log_directory_linux": "/tmp/", - "monkey_log_directory_windows": "%temp%\\", "ping_scan_timeout": 1000, "post_breach_actions": [ "CommunicateAsBackdoorUser", diff --git a/monkey/tests/data_for_tests/monkey_configs/monkey_config_standard.json b/monkey/tests/data_for_tests/monkey_configs/monkey_config_standard.json index 447a775b6..f0c95e5b3 100644 --- a/monkey/tests/data_for_tests/monkey_configs/monkey_config_standard.json +++ b/monkey/tests/data_for_tests/monkey_configs/monkey_config_standard.json @@ -106,12 +106,6 @@ "dropper_target_path_linux": "/tmp/monkey", "dropper_target_path_win_64": "C:\\Windows\\temp\\monkey64.exe" }, - "logging": { - "dropper_log_directory_linux": "/tmp/", - "dropper_log_directory_windows": "%temp%\\", - "monkey_log_directory_linux": "/tmp/", - "monkey_log_directory_windows": "%temp%\\" - }, "exploits": { "exploit_lm_hash_list": [], "exploit_ntlm_hash_list": [], From 52617cfcdcdfd07b62353b94a3a53d8b564a3a64 Mon Sep 17 00:00:00 2001 From: Ilija Lazoroski Date: Wed, 9 Mar 2022 16:22:47 +0100 Subject: [PATCH 03/11] Docs: Change monkey log filename --- docs/content/FAQ/_index.md | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/docs/content/FAQ/_index.md b/docs/content/FAQ/_index.md index 76fedf3a4..1725079a5 100644 --- a/docs/content/FAQ/_index.md +++ b/docs/content/FAQ/_index.md @@ -179,10 +179,18 @@ It's also possible to change the default log level by editing `log_level` value ### Infection Monkey agent logs -The Infection Monkey agent log file can be found in the following paths on machines where it was executed: +The Infection Monkey agent log file can be found under directories specified for temporary files on the machines where it was executed. +The list of directories that the log file can be find in are: -- Path on Linux: `/tmp/user-1563` -- Path on Windows: `%temp%\\~df1563.tmp` +1. The directory named by the TMPDIR environment variable. +2. The directory named by the TEMP environment variable. +3. The directory named by the TMP environment variable. +4. A platform-specific location: + - On Windows, the directories `C:\TEMP`, `C:\TMP`, `\TEMP`, and `\TMP`, in that order. + - On all other platforms, the directories `/tmp`, `/var/tmp`, and `/usr/tmp`, in that order. +5. As a last resort, the current working directory. + +Infection Monkey log file name is constructed to the following pattern: `infection-monkey-agent--.log` The logs contain information about the internals of the Infection Monkey agent's execution. The log will contain entries like these: @@ -206,9 +214,9 @@ The logs contain information about the internals of the Infection Monkey agent's The Infection Monkey leaves hardly any trace on the target system. It will leave: -- Log files in the following locations: - - Path on Linux: `/tmp/user-1563` - - Path on Windows: `%temp%\\~df1563.tmp` +- Log files under [directories]({{< ref "/faq/#infection-monkey-agent-logs">}}) for temporary files: + - Path on Linux: `/tmp/infection-monky-agent--.log` + - Path on Windows: `%temp%\\infection-monky-agent--.log` ### What's the Infection Monkey Agent's impact on system resources usage? From 0947e41ea99ed9bca8fd901806d7c060f1572f50 Mon Sep 17 00:00:00 2001 From: Ilija Lazoroski Date: Wed, 9 Mar 2022 16:35:48 +0100 Subject: [PATCH 04/11] Changelog: Add entry for changing log file name --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7ff3116df..8978c4b5d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,6 +21,7 @@ Changelog](https://keepachangelog.com/en/1.0.0/). - The process list collection system info collector to now be a post-breach action. #1697 - The "/api/monkey/download" endpoint to accept an OS and return a file. #1675 - Log messages to contain human-readable thread names. #1766 +- The log file name to `infection-monkey-agent--.log`. #1761 ### Removed - VSFTPD exploiter. #1533 @@ -51,6 +52,7 @@ Changelog](https://keepachangelog.com/en/1.0.0/). - ElasticGroovy exploiter. #1732 - T1082 attack technique report. #1754 - 32-bit agents. #1675 +- Logging config options. #1761 ### Fixed - A bug in network map page that caused delay of telemetry log loading. #1545 From 96069d3ae69a8dc35c5f7dceabcb4e8d40ea259a Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Thu, 10 Mar 2022 08:32:54 -0500 Subject: [PATCH 05/11] Agent: Wrap get_log_path() with easier to use functions --- monkey/infection_monkey/main.py | 6 +++--- monkey/infection_monkey/monkey.py | 4 ++-- monkey/infection_monkey/utils/monkey_log_path.py | 9 +++++++-- 3 files changed, 12 insertions(+), 7 deletions(-) diff --git a/monkey/infection_monkey/main.py b/monkey/infection_monkey/main.py index f3e6b0a01..d6523bbcd 100644 --- a/monkey/infection_monkey/main.py +++ b/monkey/infection_monkey/main.py @@ -16,7 +16,7 @@ from infection_monkey.config import EXTERNAL_CONFIG_FILE, WormConfiguration from infection_monkey.dropper import MonkeyDrops from infection_monkey.model import DROPPER_ARG, MONKEY_ARG from infection_monkey.monkey import InfectionMonkey -from infection_monkey.utils.monkey_log_path import get_log_path +from infection_monkey.utils.monkey_log_path import get_agent_log_path, get_dropper_log_path logger = None @@ -80,10 +80,10 @@ def main(): try: if MONKEY_ARG == monkey_mode: - log_path = get_log_path("agent") + log_path = get_agent_log_path() monkey_cls = InfectionMonkey elif DROPPER_ARG == monkey_mode: - log_path = get_log_path("dropper") + log_path = get_dropper_log_path() monkey_cls = MonkeyDrops else: return True diff --git a/monkey/infection_monkey/monkey.py b/monkey/infection_monkey/monkey.py index 0035b5cf6..a62547ebc 100644 --- a/monkey/infection_monkey/monkey.py +++ b/monkey/infection_monkey/monkey.py @@ -52,7 +52,7 @@ from infection_monkey.utils.monkey_dir import ( get_monkey_dir_path, remove_monkey_dir, ) -from infection_monkey.utils.monkey_log_path import get_log_path +from infection_monkey.utils.monkey_log_path import get_agent_log_path from infection_monkey.utils.signal_handler import register_signal_handlers, reset_signal_handlers logger = logging.getLogger(__name__) @@ -288,7 +288,7 @@ class InfectionMonkey: @staticmethod def _send_log(): - monkey_log_path = get_log_path("agent") + monkey_log_path = get_agent_log_path() if os.path.exists(monkey_log_path): with open(monkey_log_path, "r") as f: log = f.read() diff --git a/monkey/infection_monkey/utils/monkey_log_path.py b/monkey/infection_monkey/utils/monkey_log_path.py index bad203542..4708213fa 100644 --- a/monkey/infection_monkey/utils/monkey_log_path.py +++ b/monkey/infection_monkey/utils/monkey_log_path.py @@ -2,11 +2,12 @@ import os import sys import tempfile import time -from functools import lru_cache +from functools import lru_cache, partial +# Cache the result of the call so that subsequent calls always return the same result @lru_cache(maxsize=None) -def get_log_path(monkey_arg: str): +def _get_log_path(monkey_arg: str) -> str: return ( os.path.expandvars(_generate_random_log_filepath(monkey_arg)) if sys.platform == "win32" @@ -21,3 +22,7 @@ def _generate_random_log_filepath(monkey_arg: str) -> str: _, monkey_log_path = tempfile.mkstemp(suffix=suffix, prefix=prefix) return monkey_log_path + + +get_agent_log_path = partial(_get_log_path, "monkey") +get_dropper_log_path = partial(_get_log_path, "dropper") From 17c3fa02b3ca7e2cfb572778bbe54c2f1e373282 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Thu, 10 Mar 2022 08:42:50 -0500 Subject: [PATCH 06/11] Agent: Return agent/dropper log path as a Path instead of str --- monkey/infection_monkey/monkey.py | 2 +- monkey/infection_monkey/utils/monkey_log_path.py | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/monkey/infection_monkey/monkey.py b/monkey/infection_monkey/monkey.py index a62547ebc..983e2dd2b 100644 --- a/monkey/infection_monkey/monkey.py +++ b/monkey/infection_monkey/monkey.py @@ -289,7 +289,7 @@ class InfectionMonkey: @staticmethod def _send_log(): monkey_log_path = get_agent_log_path() - if os.path.exists(monkey_log_path): + if monkey_log_path.is_file(): with open(monkey_log_path, "r") as f: log = f.read() else: diff --git a/monkey/infection_monkey/utils/monkey_log_path.py b/monkey/infection_monkey/utils/monkey_log_path.py index 4708213fa..a92891f24 100644 --- a/monkey/infection_monkey/utils/monkey_log_path.py +++ b/monkey/infection_monkey/utils/monkey_log_path.py @@ -3,12 +3,13 @@ import sys import tempfile import time from functools import lru_cache, partial +from pathlib import Path # Cache the result of the call so that subsequent calls always return the same result @lru_cache(maxsize=None) -def _get_log_path(monkey_arg: str) -> str: - return ( +def _get_log_path(monkey_arg: str) -> Path: + return Path( os.path.expandvars(_generate_random_log_filepath(monkey_arg)) if sys.platform == "win32" else _generate_random_log_filepath(monkey_arg) From 02accde812d8913ad0ea3473208258812579823d Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Thu, 10 Mar 2022 08:48:42 -0500 Subject: [PATCH 07/11] UT: Add tests for get_{agent,dropper}_log_path() --- .../utils/test_monkey_log_path.py | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 monkey/tests/unit_tests/infection_monkey/utils/test_monkey_log_path.py diff --git a/monkey/tests/unit_tests/infection_monkey/utils/test_monkey_log_path.py b/monkey/tests/unit_tests/infection_monkey/utils/test_monkey_log_path.py new file mode 100644 index 000000000..339b0f37a --- /dev/null +++ b/monkey/tests/unit_tests/infection_monkey/utils/test_monkey_log_path.py @@ -0,0 +1,28 @@ +import pytest + +from infection_monkey.utils.monkey_log_path import get_agent_log_path, get_dropper_log_path + +def delete_log_file(log_path): + if log_path.is_file(): + log_path.unlink() + + +@pytest.mark.parametrize("get_log_path", [get_agent_log_path, get_dropper_log_path]) +def test_subsequent_calls_return_same_path(get_log_path): + log_path_1 = get_log_path() + assert log_path_1.is_file() + + log_path_2 = get_log_path() + assert log_path_1 == log_path_2 + + delete_log_file(log_path_1) + + +def test_agent_dropper_paths_differ(): + agent_log_path = get_agent_log_path() + dropper_log_path = get_dropper_log_path() + + assert agent_log_path != dropper_log_path + + for log_path in [agent_log_path, dropper_log_path]: + delete_log_file(log_path) From 2d2338f1f64efa179786e1b1aa17ea79347948e6 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Thu, 10 Mar 2022 08:56:05 -0500 Subject: [PATCH 08/11] Agent: Log the path of the log file to stdout --- monkey/infection_monkey/main.py | 1 + 1 file changed, 1 insertion(+) diff --git a/monkey/infection_monkey/main.py b/monkey/infection_monkey/main.py index d6523bbcd..74961e0ad 100644 --- a/monkey/infection_monkey/main.py +++ b/monkey/infection_monkey/main.py @@ -116,6 +116,7 @@ def main(): ) logger.info(f"version: {get_version()}") + logger.info(f"writing log file to {log_path}") monkey = monkey_cls(monkey_args) From 45936c2f793397045984797a158c0f5c5e52ff41 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Thu, 10 Mar 2022 08:56:34 -0500 Subject: [PATCH 09/11] Agent: Remove unnecessary expandvars() in _get_log_path() --- monkey/infection_monkey/utils/monkey_log_path.py | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/monkey/infection_monkey/utils/monkey_log_path.py b/monkey/infection_monkey/utils/monkey_log_path.py index a92891f24..4fd418f50 100644 --- a/monkey/infection_monkey/utils/monkey_log_path.py +++ b/monkey/infection_monkey/utils/monkey_log_path.py @@ -1,5 +1,3 @@ -import os -import sys import tempfile import time from functools import lru_cache, partial @@ -9,20 +7,12 @@ from pathlib import Path # Cache the result of the call so that subsequent calls always return the same result @lru_cache(maxsize=None) def _get_log_path(monkey_arg: str) -> Path: - return Path( - os.path.expandvars(_generate_random_log_filepath(monkey_arg)) - if sys.platform == "win32" - else _generate_random_log_filepath(monkey_arg) - ) - - -def _generate_random_log_filepath(monkey_arg: str) -> str: prefix = f"infection-monkey-{monkey_arg}-" suffix = f"-{time.strftime('%Y-%m-%d-%H-%M-%S', time.gmtime())}.log" _, monkey_log_path = tempfile.mkstemp(suffix=suffix, prefix=prefix) - return monkey_log_path + return Path(monkey_log_path) get_agent_log_path = partial(_get_log_path, "monkey") From 8b4d1d084e5ff2677726ea91c3c27173a65c16d2 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Thu, 10 Mar 2022 09:11:06 -0500 Subject: [PATCH 10/11] Changelog: Improve message for removing log path config options --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8978c4b5d..4af0e245b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -52,7 +52,7 @@ Changelog](https://keepachangelog.com/en/1.0.0/). - ElasticGroovy exploiter. #1732 - T1082 attack technique report. #1754 - 32-bit agents. #1675 -- Logging config options. #1761 +- Log path config options. #1761 ### Fixed - A bug in network map page that caused delay of telemetry log loading. #1545 From 452252c5c9542a6f4f3b1e1792af8a2aca397c3b Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Thu, 10 Mar 2022 09:23:30 -0500 Subject: [PATCH 11/11] Docs: Update information about agent log storage locations --- docs/content/FAQ/_index.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/docs/content/FAQ/_index.md b/docs/content/FAQ/_index.md index 1725079a5..1c5760549 100644 --- a/docs/content/FAQ/_index.md +++ b/docs/content/FAQ/_index.md @@ -179,12 +179,14 @@ It's also possible to change the default log level by editing `log_level` value ### Infection Monkey agent logs -The Infection Monkey agent log file can be found under directories specified for temporary files on the machines where it was executed. -The list of directories that the log file can be find in are: +The Infection Monkey agent log file can be found in directories specified for +temporary files on the machines where it was executed. In most cases, this will +be `/tmp` on Linux and `%temp%` on Windows. The agent searches a standard list +of directories to find an appropriate place to store the log: -1. The directory named by the TMPDIR environment variable. -2. The directory named by the TEMP environment variable. -3. The directory named by the TMP environment variable. +1. The directory named by the `TMPDIR` environment variable. +2. The directory named by the `TEMP` environment variable. +3. The directory named by the `TMP` environment variable. 4. A platform-specific location: - On Windows, the directories `C:\TEMP`, `C:\TMP`, `\TEMP`, and `\TMP`, in that order. - On all other platforms, the directories `/tmp`, `/var/tmp`, and `/usr/tmp`, in that order. @@ -214,7 +216,7 @@ The logs contain information about the internals of the Infection Monkey agent's The Infection Monkey leaves hardly any trace on the target system. It will leave: -- Log files under [directories]({{< ref "/faq/#infection-monkey-agent-logs">}}) for temporary files: +- Log files in [temporary directories]({{< ref "/faq/#infection-monkey-agent-logs">}}): - Path on Linux: `/tmp/infection-monky-agent--.log` - Path on Windows: `%temp%\\infection-monky-agent--.log`