forked from p34709852/monkey
Merge pull request #900 from mssalvatore/linux-deployment-scripts-tweaks
Linux deployment scripts tweaks
This commit is contained in:
commit
44fd1ab69c
|
@ -39,6 +39,7 @@ Your user must have root permissions; however, don't run the script as root!
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
wget https://raw.githubusercontent.com/guardicore/monkey/develop/deployment_scripts/deploy_linux.sh
|
wget https://raw.githubusercontent.com/guardicore/monkey/develop/deployment_scripts/deploy_linux.sh
|
||||||
|
chmod u+x ./deploy_linux.sh
|
||||||
```
|
```
|
||||||
|
|
||||||
This will download our deploy script. It's a good idea to read it quickly before executing it!
|
This will download our deploy script. It's a good idea to read it quickly before executing it!
|
||||||
|
@ -52,4 +53,13 @@ After downloading that script, execute it in a shell. The first argument should
|
||||||
- `./deploy_linux.sh "" "master"` (deploys master branch in script directory)
|
- `./deploy_linux.sh "" "master"` (deploys master branch in script directory)
|
||||||
- `./deploy_linux.sh "/home/user/new" "master"` (if directory "new" is not found creates it and clones master branch into it)
|
- `./deploy_linux.sh "/home/user/new" "master"` (if directory "new" is not found creates it and clones master branch into it)
|
||||||
|
|
||||||
You may also pass in an optional third `false` parameter to disable downloading the latest agent binaries.
|
You may also pass in an optional third `false` parameter to disable downloading the latest agent binaries.
|
||||||
|
|
||||||
|
### Run on Linux
|
||||||
|
|
||||||
|
After the `deploy_linux.sh` script completes, you can start the monkey island.
|
||||||
|
|
||||||
|
```sh
|
||||||
|
cd infection_monkey/monkey
|
||||||
|
./monkey_island/linux/run.sh
|
||||||
|
```
|
||||||
|
|
|
@ -4,41 +4,53 @@ export MONKEY_FOLDER_NAME="infection_monkey"
|
||||||
# Url of public git repository that contains monkey's source code
|
# Url of public git repository that contains monkey's source code
|
||||||
export MONKEY_GIT_URL="https://github.com/guardicore/monkey"
|
export MONKEY_GIT_URL="https://github.com/guardicore/monkey"
|
||||||
|
|
||||||
get_latest_release() {
|
exists() {
|
||||||
curl --silent "https://api.github.com/repos/$1/releases/latest" | # Get latest release from GitHub API
|
command -v "$1" >/dev/null 2>&1
|
||||||
grep '"tag_name":' | # Get tag line
|
|
||||||
sed -E 's/.*"([^"]+)".*/\1/' # Pluck JSON value
|
|
||||||
}
|
}
|
||||||
|
|
||||||
MONKEY_LATEST_RELEASE=$(get_latest_release "monkey/guardicore")
|
get_latest_release() {
|
||||||
|
RELEASE_URL="https://api.github.com/repos/$1/releases/latest"
|
||||||
|
|
||||||
|
if exists wget; then
|
||||||
|
RELEASE_INFO=$(wget --quiet -O - "$RELEASE_URL") # Get latest release from GitHub API
|
||||||
|
else
|
||||||
|
RELEASE_INFO=$(curl --silent "$RELEASE_URL") # Get latest release from GitHub API
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "$RELEASE_INFO" |
|
||||||
|
grep '"tag_name":' | # Get tag line
|
||||||
|
sed -E 's/.*"([^"]+)".*/\1/' # Pluck JSON value
|
||||||
|
}
|
||||||
|
|
||||||
|
MONKEY_LATEST_RELEASE=$(get_latest_release "guardicore/monkey")
|
||||||
|
|
||||||
# Monkey binaries
|
# Monkey binaries
|
||||||
LINUX_32_BINARY_NAME="monkey-linux-32"
|
LINUX_32_BINARY_NAME="monkey-linux-32"
|
||||||
LINUX_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/monkey-linux-32"
|
LINUX_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$MONKEY_LATEST_RELEASE/monkey-linux-32"
|
||||||
export LINUX_32_BINARY_URL
|
export LINUX_32_BINARY_URL
|
||||||
export LINUX_32_BINARY_NAME
|
export LINUX_32_BINARY_NAME
|
||||||
|
|
||||||
LINUX_64_BINARY_NAME="monkey-linux-64"
|
LINUX_64_BINARY_NAME="monkey-linux-64"
|
||||||
LINUX_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/monkey-linux-64"
|
LINUX_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$MONKEY_LATEST_RELEASE/monkey-linux-64"
|
||||||
export LINUX_64_BINARY_URL
|
export LINUX_64_BINARY_URL
|
||||||
export LINUX_64_BINARY_NAME
|
export LINUX_64_BINARY_NAME
|
||||||
|
|
||||||
WINDOWS_32_BINARY_NAME="monkey-windows-32.exe"
|
WINDOWS_32_BINARY_NAME="monkey-windows-32.exe"
|
||||||
WINDOWS_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/monkey-windows-32.exe"
|
WINDOWS_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$MONKEY_LATEST_RELEASE/monkey-windows-32.exe"
|
||||||
export WINDOWS_32_BINARY_URL
|
export WINDOWS_32_BINARY_URL
|
||||||
export WINDOWS_32_BINARY_NAME
|
export WINDOWS_32_BINARY_NAME
|
||||||
|
|
||||||
WINDOWS_64_BINARY_NAME="monkey-windows-64.exe"
|
WINDOWS_64_BINARY_NAME="monkey-windows-64.exe"
|
||||||
WINDOWS_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/monkey-windows-64.exe"
|
WINDOWS_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$MONKEY_LATEST_RELEASE/monkey-windows-64.exe"
|
||||||
export WINDOWS_64_BINARY_URL
|
export WINDOWS_64_BINARY_URL
|
||||||
export WINDOWS_64_BINARY_NAME
|
export WINDOWS_64_BINARY_NAME
|
||||||
|
|
||||||
# Other binaries for monkey
|
# Other binaries for monkey
|
||||||
TRACEROUTE_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/traceroute64"
|
TRACEROUTE_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$MONKEY_LATEST_RELEASE/traceroute64"
|
||||||
export TRACEROUTE_64_BINARY_URL
|
export TRACEROUTE_64_BINARY_URL
|
||||||
TRACEROUTE_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/traceroute32"
|
TRACEROUTE_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$MONKEY_LATEST_RELEASE/traceroute32"
|
||||||
export TRACEROUTE_32_BINARY_URL
|
export TRACEROUTE_32_BINARY_URL
|
||||||
SAMBACRY_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/sc_monkey_runner64.so"
|
SAMBACRY_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$MONKEY_LATEST_RELEASE/sc_monkey_runner64.so"
|
||||||
export SAMBACRY_64_BINARY_URL
|
export SAMBACRY_64_BINARY_URL
|
||||||
SAMBACRY_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/sc_monkey_runner32.so"
|
SAMBACRY_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$MONKEY_LATEST_RELEASE/sc_monkey_runner32.so"
|
||||||
export SAMBACRY_32_BINARY_URL
|
export SAMBACRY_32_BINARY_URL
|
||||||
|
|
|
@ -10,7 +10,7 @@ is_root() {
|
||||||
|
|
||||||
has_sudo() {
|
has_sudo() {
|
||||||
# 0 true, 1 false
|
# 0 true, 1 false
|
||||||
timeout 1 sudo id && return 0 || return 1
|
return $(sudo -nv > /dev/null 2>&1)
|
||||||
}
|
}
|
||||||
|
|
||||||
handle_error() {
|
handle_error() {
|
||||||
|
@ -23,6 +23,11 @@ log_message() {
|
||||||
echo -e "DEPLOYMENT SCRIPT: $1"
|
echo -e "DEPLOYMENT SCRIPT: $1"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if is_root; then
|
||||||
|
log_message "Please don't run this script as root"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
config_branch=${2:-"develop"}
|
config_branch=${2:-"develop"}
|
||||||
config_url="https://raw.githubusercontent.com/guardicore/monkey/${config_branch}/deployment_scripts/config"
|
config_url="https://raw.githubusercontent.com/guardicore/monkey/${config_branch}/deployment_scripts/config"
|
||||||
|
|
||||||
|
@ -62,14 +67,9 @@ ISLAND_BINARIES_PATH="$ISLAND_PATH/cc/binaries"
|
||||||
INFECTION_MONKEY_DIR="$monkey_home/monkey/infection_monkey"
|
INFECTION_MONKEY_DIR="$monkey_home/monkey/infection_monkey"
|
||||||
MONKEY_BIN_DIR="$INFECTION_MONKEY_DIR/bin"
|
MONKEY_BIN_DIR="$INFECTION_MONKEY_DIR/bin"
|
||||||
|
|
||||||
if is_root; then
|
if ! has_sudo; then
|
||||||
log_message "Please don't run this script as root"
|
log_message "You need root permissions for some of this script operations. \
|
||||||
exit 1
|
Run \`sudo -v\`, enter your password, and then re-run this script."
|
||||||
fi
|
|
||||||
|
|
||||||
HAS_SUDO=$(has_sudo)
|
|
||||||
if [[ ! $HAS_SUDO ]]; then
|
|
||||||
log_message "You need root permissions for some of this script operations. Quiting."
|
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -110,13 +110,16 @@ if [[ ${python_cmd} == "" ]]; then
|
||||||
log_message "Python 3.7 command not found. Installing python 3.7."
|
log_message "Python 3.7 command not found. Installing python 3.7."
|
||||||
sudo add-apt-repository ppa:deadsnakes/ppa
|
sudo add-apt-repository ppa:deadsnakes/ppa
|
||||||
sudo apt-get update
|
sudo apt-get update
|
||||||
sudo apt install python3.7 python3.7-dev
|
sudo apt-get install -y python3.7 python3.7-dev
|
||||||
log_message "Python 3.7 is now available with command 'python3.7'."
|
log_message "Python 3.7 is now available with command 'python3.7'."
|
||||||
python_cmd="python3.7"
|
python_cmd="python3.7"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
log_message "Installing build-essential"
|
log_message "Installing build-essential"
|
||||||
sudo apt install build-essential
|
sudo apt-get install -y build-essential
|
||||||
|
|
||||||
|
log_message "Installing python3-distutils"
|
||||||
|
sudo apt-get install -y python3-distutils
|
||||||
|
|
||||||
log_message "Installing or updating pip"
|
log_message "Installing or updating pip"
|
||||||
# shellcheck disable=SC2086
|
# shellcheck disable=SC2086
|
||||||
|
@ -134,7 +137,7 @@ requirements_island="$ISLAND_PATH/requirements.txt"
|
||||||
${python_cmd} -m pip install -r "${requirements_island}" --user --upgrade || handle_error
|
${python_cmd} -m pip install -r "${requirements_island}" --user --upgrade || handle_error
|
||||||
|
|
||||||
log_message "Installing monkey requirements"
|
log_message "Installing monkey requirements"
|
||||||
sudo apt-get install libffi-dev upx libssl-dev libc++1
|
sudo apt-get install -y libffi-dev upx libssl-dev libc++1
|
||||||
requirements_monkey="$INFECTION_MONKEY_DIR/requirements.txt"
|
requirements_monkey="$INFECTION_MONKEY_DIR/requirements.txt"
|
||||||
${python_cmd} -m pip install -r "${requirements_monkey}" --user --upgrade || handle_error
|
${python_cmd} -m pip install -r "${requirements_monkey}" --user --upgrade || handle_error
|
||||||
|
|
||||||
|
@ -162,15 +165,19 @@ chmod a+x "$ISLAND_BINARIES_PATH/$LINUX_64_BINARY_NAME"
|
||||||
|
|
||||||
# If a user haven't installed mongo manually check if we can install it with our script
|
# If a user haven't installed mongo manually check if we can install it with our script
|
||||||
if ! exists mongod; then
|
if ! exists mongod; then
|
||||||
|
log_message "Installing libcurl4"
|
||||||
|
sudo apt-get install -y libcurl4
|
||||||
|
|
||||||
log_message "Installing MongoDB"
|
log_message "Installing MongoDB"
|
||||||
"${ISLAND_PATH}"/linux/install_mongo.sh ${MONGO_PATH} || handle_error
|
"${ISLAND_PATH}"/linux/install_mongo.sh ${MONGO_PATH} || handle_error
|
||||||
fi
|
fi
|
||||||
log_message "Installing openssl"
|
log_message "Installing openssl"
|
||||||
sudo apt-get install openssl
|
sudo apt-get install -y openssl
|
||||||
|
|
||||||
# Generate SSL certificate
|
# Generate SSL certificate
|
||||||
log_message "Generating certificate"
|
log_message "Generating certificate"
|
||||||
|
|
||||||
|
chmod u+x "${ISLAND_PATH}"/linux/create_certificate.sh
|
||||||
"${ISLAND_PATH}"/linux/create_certificate.sh ${ISLAND_PATH}/cc
|
"${ISLAND_PATH}"/linux/create_certificate.sh ${ISLAND_PATH}/cc
|
||||||
|
|
||||||
# Update node
|
# Update node
|
||||||
|
|
Loading…
Reference in New Issue