diff --git a/deployment_scripts/README.md b/deployment_scripts/README.md index 16b150852..4ee91b5b4 100644 --- a/deployment_scripts/README.md +++ b/deployment_scripts/README.md @@ -39,6 +39,7 @@ Your user must have root permissions; however, don't run the script as root! ```sh wget https://raw.githubusercontent.com/guardicore/monkey/develop/deployment_scripts/deploy_linux.sh +chmod u+x ./deploy_linux.sh ``` This will download our deploy script. It's a good idea to read it quickly before executing it! @@ -52,4 +53,13 @@ After downloading that script, execute it in a shell. The first argument should - `./deploy_linux.sh "" "master"` (deploys master branch in script directory) - `./deploy_linux.sh "/home/user/new" "master"` (if directory "new" is not found creates it and clones master branch into it) -You may also pass in an optional third `false` parameter to disable downloading the latest agent binaries. \ No newline at end of file +You may also pass in an optional third `false` parameter to disable downloading the latest agent binaries. + +### Run on Linux + +After the `deploy_linux.sh` script completes, you can start the monkey island. + +```sh +cd infection_monkey/monkey +./monkey_island/linux/run.sh +``` diff --git a/deployment_scripts/config b/deployment_scripts/config index bda54e390..f5e4e5d88 100644 --- a/deployment_scripts/config +++ b/deployment_scripts/config @@ -4,41 +4,53 @@ export MONKEY_FOLDER_NAME="infection_monkey" # Url of public git repository that contains monkey's source code export MONKEY_GIT_URL="https://github.com/guardicore/monkey" -get_latest_release() { - curl --silent "https://api.github.com/repos/$1/releases/latest" | # Get latest release from GitHub API - grep '"tag_name":' | # Get tag line - sed -E 's/.*"([^"]+)".*/\1/' # Pluck JSON value +exists() { + command -v "$1" >/dev/null 2>&1 } -MONKEY_LATEST_RELEASE=$(get_latest_release "monkey/guardicore") +get_latest_release() { + RELEASE_URL="https://api.github.com/repos/$1/releases/latest" + + if exists wget; then + RELEASE_INFO=$(wget --quiet -O - "$RELEASE_URL") # Get latest release from GitHub API + else + RELEASE_INFO=$(curl --silent "$RELEASE_URL") # Get latest release from GitHub API + fi + + echo "$RELEASE_INFO" | + grep '"tag_name":' | # Get tag line + sed -E 's/.*"([^"]+)".*/\1/' # Pluck JSON value +} + +MONKEY_LATEST_RELEASE=$(get_latest_release "guardicore/monkey") # Monkey binaries LINUX_32_BINARY_NAME="monkey-linux-32" -LINUX_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/monkey-linux-32" +LINUX_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$MONKEY_LATEST_RELEASE/monkey-linux-32" export LINUX_32_BINARY_URL export LINUX_32_BINARY_NAME LINUX_64_BINARY_NAME="monkey-linux-64" -LINUX_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/monkey-linux-64" +LINUX_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$MONKEY_LATEST_RELEASE/monkey-linux-64" export LINUX_64_BINARY_URL export LINUX_64_BINARY_NAME WINDOWS_32_BINARY_NAME="monkey-windows-32.exe" -WINDOWS_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/monkey-windows-32.exe" +WINDOWS_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$MONKEY_LATEST_RELEASE/monkey-windows-32.exe" export WINDOWS_32_BINARY_URL export WINDOWS_32_BINARY_NAME WINDOWS_64_BINARY_NAME="monkey-windows-64.exe" -WINDOWS_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/monkey-windows-64.exe" +WINDOWS_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$MONKEY_LATEST_RELEASE/monkey-windows-64.exe" export WINDOWS_64_BINARY_URL export WINDOWS_64_BINARY_NAME # Other binaries for monkey -TRACEROUTE_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/traceroute64" +TRACEROUTE_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$MONKEY_LATEST_RELEASE/traceroute64" export TRACEROUTE_64_BINARY_URL -TRACEROUTE_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/traceroute32" +TRACEROUTE_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$MONKEY_LATEST_RELEASE/traceroute32" export TRACEROUTE_32_BINARY_URL -SAMBACRY_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/sc_monkey_runner64.so" +SAMBACRY_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$MONKEY_LATEST_RELEASE/sc_monkey_runner64.so" export SAMBACRY_64_BINARY_URL -SAMBACRY_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/sc_monkey_runner32.so" +SAMBACRY_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$MONKEY_LATEST_RELEASE/sc_monkey_runner32.so" export SAMBACRY_32_BINARY_URL diff --git a/deployment_scripts/deploy_linux.sh b/deployment_scripts/deploy_linux.sh index d13478018..728e2f52d 100755 --- a/deployment_scripts/deploy_linux.sh +++ b/deployment_scripts/deploy_linux.sh @@ -10,7 +10,7 @@ is_root() { has_sudo() { # 0 true, 1 false - timeout 1 sudo id && return 0 || return 1 + return $(sudo -nv > /dev/null 2>&1) } handle_error() { @@ -23,6 +23,11 @@ log_message() { echo -e "DEPLOYMENT SCRIPT: $1" } +if is_root; then + log_message "Please don't run this script as root" + exit 1 +fi + config_branch=${2:-"develop"} config_url="https://raw.githubusercontent.com/guardicore/monkey/${config_branch}/deployment_scripts/config" @@ -62,14 +67,9 @@ ISLAND_BINARIES_PATH="$ISLAND_PATH/cc/binaries" INFECTION_MONKEY_DIR="$monkey_home/monkey/infection_monkey" MONKEY_BIN_DIR="$INFECTION_MONKEY_DIR/bin" -if is_root; then - log_message "Please don't run this script as root" - exit 1 -fi - -HAS_SUDO=$(has_sudo) -if [[ ! $HAS_SUDO ]]; then - log_message "You need root permissions for some of this script operations. Quiting." +if ! has_sudo; then + log_message "You need root permissions for some of this script operations. \ +Run \`sudo -v\`, enter your password, and then re-run this script." exit 1 fi @@ -110,13 +110,16 @@ if [[ ${python_cmd} == "" ]]; then log_message "Python 3.7 command not found. Installing python 3.7." sudo add-apt-repository ppa:deadsnakes/ppa sudo apt-get update - sudo apt install python3.7 python3.7-dev + sudo apt-get install -y python3.7 python3.7-dev log_message "Python 3.7 is now available with command 'python3.7'." python_cmd="python3.7" fi log_message "Installing build-essential" -sudo apt install build-essential +sudo apt-get install -y build-essential + +log_message "Installing python3-distutils" +sudo apt-get install -y python3-distutils log_message "Installing or updating pip" # shellcheck disable=SC2086 @@ -134,7 +137,7 @@ requirements_island="$ISLAND_PATH/requirements.txt" ${python_cmd} -m pip install -r "${requirements_island}" --user --upgrade || handle_error log_message "Installing monkey requirements" -sudo apt-get install libffi-dev upx libssl-dev libc++1 +sudo apt-get install -y libffi-dev upx libssl-dev libc++1 requirements_monkey="$INFECTION_MONKEY_DIR/requirements.txt" ${python_cmd} -m pip install -r "${requirements_monkey}" --user --upgrade || handle_error @@ -162,15 +165,19 @@ chmod a+x "$ISLAND_BINARIES_PATH/$LINUX_64_BINARY_NAME" # If a user haven't installed mongo manually check if we can install it with our script if ! exists mongod; then + log_message "Installing libcurl4" + sudo apt-get install -y libcurl4 + log_message "Installing MongoDB" "${ISLAND_PATH}"/linux/install_mongo.sh ${MONGO_PATH} || handle_error fi log_message "Installing openssl" -sudo apt-get install openssl +sudo apt-get install -y openssl # Generate SSL certificate log_message "Generating certificate" +chmod u+x "${ISLAND_PATH}"/linux/create_certificate.sh "${ISLAND_PATH}"/linux/create_certificate.sh ${ISLAND_PATH}/cc # Update node