Merge pull request #900 from mssalvatore/linux-deployment-scripts-tweaks

Linux deployment scripts tweaks
This commit is contained in:
Mike Salvatore 2020-12-09 09:02:50 -05:00 committed by GitHub
commit 44fd1ab69c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 56 additions and 27 deletions

View File

@ -39,6 +39,7 @@ Your user must have root permissions; however, don't run the script as root!
```sh ```sh
wget https://raw.githubusercontent.com/guardicore/monkey/develop/deployment_scripts/deploy_linux.sh wget https://raw.githubusercontent.com/guardicore/monkey/develop/deployment_scripts/deploy_linux.sh
chmod u+x ./deploy_linux.sh
``` ```
This will download our deploy script. It's a good idea to read it quickly before executing it! This will download our deploy script. It's a good idea to read it quickly before executing it!
@ -52,4 +53,13 @@ After downloading that script, execute it in a shell. The first argument should
- `./deploy_linux.sh "" "master"` (deploys master branch in script directory) - `./deploy_linux.sh "" "master"` (deploys master branch in script directory)
- `./deploy_linux.sh "/home/user/new" "master"` (if directory "new" is not found creates it and clones master branch into it) - `./deploy_linux.sh "/home/user/new" "master"` (if directory "new" is not found creates it and clones master branch into it)
You may also pass in an optional third `false` parameter to disable downloading the latest agent binaries. You may also pass in an optional third `false` parameter to disable downloading the latest agent binaries.
### Run on Linux
After the `deploy_linux.sh` script completes, you can start the monkey island.
```sh
cd infection_monkey/monkey
./monkey_island/linux/run.sh
```

View File

@ -4,41 +4,53 @@ export MONKEY_FOLDER_NAME="infection_monkey"
# Url of public git repository that contains monkey's source code # Url of public git repository that contains monkey's source code
export MONKEY_GIT_URL="https://github.com/guardicore/monkey" export MONKEY_GIT_URL="https://github.com/guardicore/monkey"
get_latest_release() { exists() {
curl --silent "https://api.github.com/repos/$1/releases/latest" | # Get latest release from GitHub API command -v "$1" >/dev/null 2>&1
grep '"tag_name":' | # Get tag line
sed -E 's/.*"([^"]+)".*/\1/' # Pluck JSON value
} }
MONKEY_LATEST_RELEASE=$(get_latest_release "monkey/guardicore") get_latest_release() {
RELEASE_URL="https://api.github.com/repos/$1/releases/latest"
if exists wget; then
RELEASE_INFO=$(wget --quiet -O - "$RELEASE_URL") # Get latest release from GitHub API
else
RELEASE_INFO=$(curl --silent "$RELEASE_URL") # Get latest release from GitHub API
fi
echo "$RELEASE_INFO" |
grep '"tag_name":' | # Get tag line
sed -E 's/.*"([^"]+)".*/\1/' # Pluck JSON value
}
MONKEY_LATEST_RELEASE=$(get_latest_release "guardicore/monkey")
# Monkey binaries # Monkey binaries
LINUX_32_BINARY_NAME="monkey-linux-32" LINUX_32_BINARY_NAME="monkey-linux-32"
LINUX_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/monkey-linux-32" LINUX_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$MONKEY_LATEST_RELEASE/monkey-linux-32"
export LINUX_32_BINARY_URL export LINUX_32_BINARY_URL
export LINUX_32_BINARY_NAME export LINUX_32_BINARY_NAME
LINUX_64_BINARY_NAME="monkey-linux-64" LINUX_64_BINARY_NAME="monkey-linux-64"
LINUX_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/monkey-linux-64" LINUX_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$MONKEY_LATEST_RELEASE/monkey-linux-64"
export LINUX_64_BINARY_URL export LINUX_64_BINARY_URL
export LINUX_64_BINARY_NAME export LINUX_64_BINARY_NAME
WINDOWS_32_BINARY_NAME="monkey-windows-32.exe" WINDOWS_32_BINARY_NAME="monkey-windows-32.exe"
WINDOWS_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/monkey-windows-32.exe" WINDOWS_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$MONKEY_LATEST_RELEASE/monkey-windows-32.exe"
export WINDOWS_32_BINARY_URL export WINDOWS_32_BINARY_URL
export WINDOWS_32_BINARY_NAME export WINDOWS_32_BINARY_NAME
WINDOWS_64_BINARY_NAME="monkey-windows-64.exe" WINDOWS_64_BINARY_NAME="monkey-windows-64.exe"
WINDOWS_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/monkey-windows-64.exe" WINDOWS_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$MONKEY_LATEST_RELEASE/monkey-windows-64.exe"
export WINDOWS_64_BINARY_URL export WINDOWS_64_BINARY_URL
export WINDOWS_64_BINARY_NAME export WINDOWS_64_BINARY_NAME
# Other binaries for monkey # Other binaries for monkey
TRACEROUTE_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/traceroute64" TRACEROUTE_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$MONKEY_LATEST_RELEASE/traceroute64"
export TRACEROUTE_64_BINARY_URL export TRACEROUTE_64_BINARY_URL
TRACEROUTE_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/traceroute32" TRACEROUTE_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$MONKEY_LATEST_RELEASE/traceroute32"
export TRACEROUTE_32_BINARY_URL export TRACEROUTE_32_BINARY_URL
SAMBACRY_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/sc_monkey_runner64.so" SAMBACRY_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$MONKEY_LATEST_RELEASE/sc_monkey_runner64.so"
export SAMBACRY_64_BINARY_URL export SAMBACRY_64_BINARY_URL
SAMBACRY_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/sc_monkey_runner32.so" SAMBACRY_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$MONKEY_LATEST_RELEASE/sc_monkey_runner32.so"
export SAMBACRY_32_BINARY_URL export SAMBACRY_32_BINARY_URL

View File

@ -10,7 +10,7 @@ is_root() {
has_sudo() { has_sudo() {
# 0 true, 1 false # 0 true, 1 false
timeout 1 sudo id && return 0 || return 1 return $(sudo -nv > /dev/null 2>&1)
} }
handle_error() { handle_error() {
@ -23,6 +23,11 @@ log_message() {
echo -e "DEPLOYMENT SCRIPT: $1" echo -e "DEPLOYMENT SCRIPT: $1"
} }
if is_root; then
log_message "Please don't run this script as root"
exit 1
fi
config_branch=${2:-"develop"} config_branch=${2:-"develop"}
config_url="https://raw.githubusercontent.com/guardicore/monkey/${config_branch}/deployment_scripts/config" config_url="https://raw.githubusercontent.com/guardicore/monkey/${config_branch}/deployment_scripts/config"
@ -62,14 +67,9 @@ ISLAND_BINARIES_PATH="$ISLAND_PATH/cc/binaries"
INFECTION_MONKEY_DIR="$monkey_home/monkey/infection_monkey" INFECTION_MONKEY_DIR="$monkey_home/monkey/infection_monkey"
MONKEY_BIN_DIR="$INFECTION_MONKEY_DIR/bin" MONKEY_BIN_DIR="$INFECTION_MONKEY_DIR/bin"
if is_root; then if ! has_sudo; then
log_message "Please don't run this script as root" log_message "You need root permissions for some of this script operations. \
exit 1 Run \`sudo -v\`, enter your password, and then re-run this script."
fi
HAS_SUDO=$(has_sudo)
if [[ ! $HAS_SUDO ]]; then
log_message "You need root permissions for some of this script operations. Quiting."
exit 1 exit 1
fi fi
@ -110,13 +110,16 @@ if [[ ${python_cmd} == "" ]]; then
log_message "Python 3.7 command not found. Installing python 3.7." log_message "Python 3.7 command not found. Installing python 3.7."
sudo add-apt-repository ppa:deadsnakes/ppa sudo add-apt-repository ppa:deadsnakes/ppa
sudo apt-get update sudo apt-get update
sudo apt install python3.7 python3.7-dev sudo apt-get install -y python3.7 python3.7-dev
log_message "Python 3.7 is now available with command 'python3.7'." log_message "Python 3.7 is now available with command 'python3.7'."
python_cmd="python3.7" python_cmd="python3.7"
fi fi
log_message "Installing build-essential" log_message "Installing build-essential"
sudo apt install build-essential sudo apt-get install -y build-essential
log_message "Installing python3-distutils"
sudo apt-get install -y python3-distutils
log_message "Installing or updating pip" log_message "Installing or updating pip"
# shellcheck disable=SC2086 # shellcheck disable=SC2086
@ -134,7 +137,7 @@ requirements_island="$ISLAND_PATH/requirements.txt"
${python_cmd} -m pip install -r "${requirements_island}" --user --upgrade || handle_error ${python_cmd} -m pip install -r "${requirements_island}" --user --upgrade || handle_error
log_message "Installing monkey requirements" log_message "Installing monkey requirements"
sudo apt-get install libffi-dev upx libssl-dev libc++1 sudo apt-get install -y libffi-dev upx libssl-dev libc++1
requirements_monkey="$INFECTION_MONKEY_DIR/requirements.txt" requirements_monkey="$INFECTION_MONKEY_DIR/requirements.txt"
${python_cmd} -m pip install -r "${requirements_monkey}" --user --upgrade || handle_error ${python_cmd} -m pip install -r "${requirements_monkey}" --user --upgrade || handle_error
@ -162,15 +165,19 @@ chmod a+x "$ISLAND_BINARIES_PATH/$LINUX_64_BINARY_NAME"
# If a user haven't installed mongo manually check if we can install it with our script # If a user haven't installed mongo manually check if we can install it with our script
if ! exists mongod; then if ! exists mongod; then
log_message "Installing libcurl4"
sudo apt-get install -y libcurl4
log_message "Installing MongoDB" log_message "Installing MongoDB"
"${ISLAND_PATH}"/linux/install_mongo.sh ${MONGO_PATH} || handle_error "${ISLAND_PATH}"/linux/install_mongo.sh ${MONGO_PATH} || handle_error
fi fi
log_message "Installing openssl" log_message "Installing openssl"
sudo apt-get install openssl sudo apt-get install -y openssl
# Generate SSL certificate # Generate SSL certificate
log_message "Generating certificate" log_message "Generating certificate"
chmod u+x "${ISLAND_PATH}"/linux/create_certificate.sh
"${ISLAND_PATH}"/linux/create_certificate.sh ${ISLAND_PATH}/cc "${ISLAND_PATH}"/linux/create_certificate.sh ${ISLAND_PATH}/cc
# Update node # Update node