diff --git a/monkey/monkey_island/cc/services/config.py b/monkey/monkey_island/cc/services/config.py
index 52bafa36f..1fb26cb1c 100644
--- a/monkey/monkey_island/cc/services/config.py
+++ b/monkey/monkey_island/cc/services/config.py
@@ -891,6 +891,7 @@ SCHEMA = {
}
}
+# This should be used for config values of array type (array of strings only)
ENCRYPTED_CONFIG_ARRAYS = \
[
['basic', 'credentials', 'exploit_password_list'],
@@ -902,6 +903,12 @@ ENCRYPTED_CONFIG_ARRAYS = \
# ['cnc', 'aws_config', 'aws_secret_access_key'],
]
+# This should be used for config values of string type
+ENCRYPTED_CONFIG_STRINGS = \
+ [
+
+ ]
+
class ConfigService:
default_config = None
@@ -941,8 +948,11 @@ class ConfigService:
config = mongo.db.config.find_one({'name': 'initial' if is_initial_config else 'newconfig'}, {config_key: 1})
for config_key_part in config_key_as_arr:
config = config[config_key_part]
- if should_decrypt and (config_key_as_arr in ENCRYPTED_CONFIG_ARRAYS):
- config = [encryptor.dec(x) for x in config]
+ if should_decrypt:
+ if config_key_as_arr in ENCRYPTED_CONFIG_ARRAYS:
+ config = [encryptor.dec(x) for x in config]
+ elif config_key_as_arr in ENCRYPTED_CONFIG_STRINGS:
+ config = encryptor.dec(config)
return config
@staticmethod
@@ -1099,7 +1109,7 @@ class ConfigService:
"""
Same as decrypt_config but for a flat configuration
"""
- keys = [config_arr_as_array[2] for config_arr_as_array in ENCRYPTED_CONFIG_ARRAYS]
+ keys = [config_arr_as_array[2] for config_arr_as_array in (ENCRYPTED_CONFIG_ARRAYS + ENCRYPTED_CONFIG_STRINGS)]
for key in keys:
if isinstance(flat_config[key], collections.Sequence) and not isinstance(flat_config[key], string_types):
# Check if we are decrypting ssh key pair
@@ -1113,18 +1123,26 @@ class ConfigService:
@staticmethod
def _encrypt_or_decrypt_config(config, is_decrypt=False):
- for config_arr_as_array in ENCRYPTED_CONFIG_ARRAYS:
+ for config_arr_as_array in (ENCRYPTED_CONFIG_ARRAYS + ENCRYPTED_CONFIG_STRINGS):
config_arr = config
+ parent_config_arr = None
+
+ # Because the config isn't flat, this for-loop gets the actual config value out of the config
for config_key_part in config_arr_as_array:
+ parent_config_arr = config_arr
config_arr = config_arr[config_key_part]
- for i in range(len(config_arr)):
- # Check if array of shh key pairs and then decrypt
- if isinstance(config_arr[i], dict) and 'public_key' in config_arr[i]:
- config_arr[i] = ConfigService.decrypt_ssh_key_pair(config_arr[i]) if is_decrypt else \
- ConfigService.decrypt_ssh_key_pair(config_arr[i], True)
- else:
- config_arr[i] = encryptor.dec(config_arr[i]) if is_decrypt else encryptor.enc(config_arr[i])
+ if isinstance(config_arr, collections.Sequence) and not isinstance(config_arr, string_types):
+ for i in range(len(config_arr)):
+ # Check if array of shh key pairs and then decrypt
+ if isinstance(config_arr[i], dict) and 'public_key' in config_arr[i]:
+ config_arr[i] = ConfigService.decrypt_ssh_key_pair(config_arr[i]) if is_decrypt else \
+ ConfigService.decrypt_ssh_key_pair(config_arr[i], True)
+ else:
+ config_arr[i] = encryptor.dec(config_arr[i]) if is_decrypt else encryptor.enc(config_arr[i])
+ else:
+ parent_config_arr[config_arr_as_array[-1]] =\
+ encryptor.dec(config_arr) if is_decrypt else encryptor.enc(config_arr)
@staticmethod
def decrypt_ssh_key_pair(pair, encrypt=False):
diff --git a/monkey/monkey_island/cc/ui/src/components/pages/ReportPage.js b/monkey/monkey_island/cc/ui/src/components/pages/ReportPage.js
index f88df4831..61e80737b 100644
--- a/monkey/monkey_island/cc/ui/src/components/pages/ReportPage.js
+++ b/monkey/monkey_island/cc/ui/src/components/pages/ReportPage.js
@@ -837,7 +837,7 @@ class ReportPageComponent extends AuthComponent {
return (
<li>
Install Oracle <a href="http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html">
- critical patch updates.</a> Or change server version. Vulnerable versions are
+ critical patch updates.</a> Or update to the latest version. Vulnerable versions are
10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0.
<CollapsibleWellComponent>
Oracle WebLogic server at <span className="label label-primary">{issue.machine}</span> (<span
@@ -857,7 +857,7 @@ class ReportPageComponent extends AuthComponent {
Run Hadoop in secure mode (<a href="http://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/SecureMode.html">
add Kerberos authentication</a>).
<CollapsibleWellComponent>
- Oracle WebLogic server at <span className="label label-primary">{issue.machine}</span> (<span
+ The Hadoop server at <span className="label label-primary">{issue.machine}</span> (<span
className="label label-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to <span
className="label label-danger">remote code execution</span> attack.
<br/>
diff --git a/monkey/monkey_island/cc/ui/src/styles/App.css b/monkey/monkey_island/cc/ui/src/styles/App.css
index 7f487694c..1b857a1ec 100644
--- a/monkey/monkey_island/cc/ui/src/styles/App.css
+++ b/monkey/monkey_island/cc/ui/src/styles/App.css
@@ -138,12 +138,11 @@ body {
padding-left: 40px;
}
}
+
.main .page-header {
margin-top: 0;
}
-
-
.index img {
margin: 40px auto;
border-radius: 4px;
@@ -172,6 +171,9 @@ body {
display: none;
}
+.nav-tabs > li > a {
+ height: 63px
+}
/*
* Run Monkey Page
*/
@@ -491,4 +493,5 @@ body {
.label-danger {
background-color: #d9534f !important;
}
+
}