diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js b/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js index 9ac409e8e..364e77b77 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js @@ -18,38 +18,38 @@ import {faMinus} from '@fortawesome/free-solid-svg-icons/faMinus'; import guardicoreLogoImage from '../../images/guardicore-logo.png' import {faExclamationTriangle} from '@fortawesome/free-solid-svg-icons'; import '../../styles/App.css'; -import {generateSmbPasswordReport, generateSmbPthReport} from './security/issues/SmbIssue'; -import {Struts2IssueOverview, Struts2IssueReport} from './security/issues/Struts2Issue'; -import {WebLogicIssueOverview, WebLogicIssueReport} from './security/issues/WebLogicIssue'; -import {HadoopIssueOverview, HadoopIssueReport} from './security/issues/HadoopIssue'; -import {MssqlIssueOverview, MssqlIssueReport} from './security/issues/MssqlIssue'; -import {DrupalIssueOverview, DrupalIssueReport} from './security/issues/DrupalIssue'; -import {VsftpdIssueOverview, VsftpdIssueReport} from './security/issues/VsftpdIssue'; -import {generateWmiPasswordIssue, generateWmiPthIssue} from './security/issues/WmiIssue'; -import {generateSshKeysReport, ShhIssueReport, SshIssueOverview} from './security/issues/SshIssue'; -import {SambacryIssueOverview, SambacryIssueReport} from './security/issues/SambacryIssue'; -import {ElasticIssueOverview, ElasticIssueReport} from './security/issues/ElasticIssue'; -import {ShellShockIssueOverview, ShellShockIssueReport} from './security/issues/ShellShockIssue'; -import {MS08_067IssueOverview, MS08_067IssueReport} from './security/issues/MS08_067Issue'; +import {smbPasswordReport, smbPthReport} from './security/issues/SmbIssue'; +import {struts2IssueOverview, struts2IssueReport} from './security/issues/Struts2Issue'; +import {webLogicIssueOverview, webLogicIssueReport} from './security/issues/WebLogicIssue'; +import {hadoopIssueOverview, hadoopIssueReport} from './security/issues/HadoopIssue'; +import {mssqlIssueOverview, mssqlIssueReport} from './security/issues/MssqlIssue'; +import {drupalIssueOverview, drupalIssueReport} from './security/issues/DrupalIssue'; +import {vsftpdIssueOverview, vsftpdIssueReport} from './security/issues/VsftpdIssue'; +import {wmiPasswordIssueReport, wmiPthIssueReport} from './security/issues/WmiIssue'; +import {sshKeysReport, shhIssueReport, sshIssueOverview} from './security/issues/SshIssue'; +import {sambacryIssueOverview, sambacryIssueReport} from './security/issues/SambacryIssue'; +import {elasticIssueOverview, elasticIssueReport} from './security/issues/ElasticIssue'; +import {shellShockIssueOverview, shellShockIssueReport} from './security/issues/ShellShockIssue'; +import {ms08_067IssueOverview, ms08_067IssueReport} from './security/issues/MS08_067Issue'; import { crossSegmentIssueOverview, - generateCrossSegmentIssue, - generateIslandCrossSegmentIssue + crossSegmentIssueReport, + islandCrossSegmentIssueReport } from './security/issues/CrossSegmentIssue'; import { - generateSharedCredsDomainIssue, generateSharedCredsIssue, generateSharedLocalAdminsIssue, + sharedCredsDomainIssueReport, sharedCredsIssueReport, sharedLocalAdminsIssueReport, sharedAdminsDomainIssueOverview, sharedPasswordsIssueOverview } from './security/issues/SharedPasswordsIssue'; -import {generateTunnelIssue, generateTunnelIssueOverview} from './security/issues/TunnelIssue'; -import {StolenCredsIssueOverview} from './security/issues/StolenCredsIssue'; -import {WeakPasswordIssueOverview} from './security/issues/WeakPasswordIssue'; -import {AzurePasswordIssueOverview, AzurePasswordIssueReport} from './security/issues/AzurePasswordIssue'; -import {generateStrongUsersOnCritIssue} from './security/issues/StrongUsersOnCritIssue'; +import {tunnelIssueReport, tunnelIssueOverview} from './security/issues/TunnelIssue'; +import {stolenCredsIssueOverview} from './security/issues/StolenCredsIssue'; +import {weakPasswordIssueOverview} from './security/issues/WeakPasswordIssue'; +import {azurePasswordIssueOverview, azurePasswordIssueReport} from './security/issues/AzurePasswordIssue'; +import {strongUsersOnCritIssueReport} from './security/issues/StrongUsersOnCritIssue'; import { - ZerologonIssueOverview, - ZerologonIssueReport, - ZerologonOverviewWithFailedPassResetWarning + zerologonIssueOverview, + zerologonIssueReport, + zerologonOverviewWithFailedPassResetWarning } from './security/issues/ZerologonIssue'; @@ -76,123 +76,123 @@ class ReportPageComponent extends AuthComponent { { 'SmbExploiter': { [this.issueContentTypes.REPORT]: { - [this.credentialTypes.PASSWORD]: generateSmbPasswordReport, - [this.credentialTypes.HASH]: generateSmbPthReport + [this.credentialTypes.PASSWORD]: smbPasswordReport, + [this.credentialTypes.HASH]: smbPthReport }, [this.issueContentTypes.TYPE]: this.issueTypes.DANGER }, 'Struts2Exploiter': { - [this.issueContentTypes.OVERVIEW]: Struts2IssueOverview, - [this.issueContentTypes.REPORT]: Struts2IssueReport, + [this.issueContentTypes.OVERVIEW]: struts2IssueOverview, + [this.issueContentTypes.REPORT]: struts2IssueReport, [this.issueContentTypes.TYPE]: this.issueTypes.DANGER }, 'WebLogicExploiter': { - [this.issueContentTypes.OVERVIEW]: WebLogicIssueOverview, - [this.issueContentTypes.REPORT]: WebLogicIssueReport, + [this.issueContentTypes.OVERVIEW]: webLogicIssueOverview, + [this.issueContentTypes.REPORT]: webLogicIssueReport, [this.issueContentTypes.TYPE]: this.issueTypes.DANGER }, 'HadoopExploiter': { - [this.issueContentTypes.OVERVIEW]: HadoopIssueOverview, - [this.issueContentTypes.REPORT]: HadoopIssueReport, + [this.issueContentTypes.OVERVIEW]: hadoopIssueOverview, + [this.issueContentTypes.REPORT]: hadoopIssueReport, [this.issueContentTypes.TYPE]: this.issueTypes.DANGER }, 'MSSQLExploiter': { - [this.issueContentTypes.OVERVIEW]: MssqlIssueOverview, - [this.issueContentTypes.REPORT]: MssqlIssueReport, + [this.issueContentTypes.OVERVIEW]: mssqlIssueOverview, + [this.issueContentTypes.REPORT]: mssqlIssueReport, [this.issueContentTypes.TYPE]: this.issueTypes.DANGER }, 'DrupalExploiter': { - [this.issueContentTypes.OVERVIEW]: DrupalIssueOverview, - [this.issueContentTypes.REPORT]: DrupalIssueReport, + [this.issueContentTypes.OVERVIEW]: drupalIssueOverview, + [this.issueContentTypes.REPORT]: drupalIssueReport, [this.issueContentTypes.TYPE]: this.issueTypes.DANGER }, 'VSFTPDExploiter': { - [this.issueContentTypes.OVERVIEW]: VsftpdIssueOverview, - [this.issueContentTypes.REPORT]: VsftpdIssueReport, + [this.issueContentTypes.OVERVIEW]: vsftpdIssueOverview, + [this.issueContentTypes.REPORT]: vsftpdIssueReport, [this.issueContentTypes.TYPE]: this.issueTypes.DANGER }, 'WmiExploiter': { [this.issueContentTypes.REPORT]: { - [this.credentialTypes.PASSWORD]: generateWmiPasswordIssue, - [this.credentialTypes.HASH]: generateWmiPthIssue + [this.credentialTypes.PASSWORD]: wmiPasswordIssueReport, + [this.credentialTypes.HASH]: wmiPthIssueReport }, [this.issueContentTypes.TYPE]: this.issueTypes.DANGER }, 'SSHExploiter': { - [this.issueContentTypes.OVERVIEW]: SshIssueOverview, + [this.issueContentTypes.OVERVIEW]: sshIssueOverview, [this.issueContentTypes.REPORT]: { - [this.credentialTypes.PASSWORD]: ShhIssueReport, - [this.credentialTypes.KEY]: generateSshKeysReport + [this.credentialTypes.PASSWORD]: shhIssueReport, + [this.credentialTypes.KEY]: sshKeysReport }, [this.issueContentTypes.TYPE]: this.issueTypes.DANGER }, 'SambaCryExploiter': { - [this.issueContentTypes.OVERVIEW]: SambacryIssueOverview, - [this.issueContentTypes.REPORT]: SambacryIssueReport, + [this.issueContentTypes.OVERVIEW]: sambacryIssueOverview, + [this.issueContentTypes.REPORT]: sambacryIssueReport, [this.issueContentTypes.TYPE]: this.issueTypes.DANGER }, 'ElasticGroovyExploiter': { - [this.issueContentTypes.OVERVIEW]: ElasticIssueOverview, - [this.issueContentTypes.REPORT]: ElasticIssueReport, + [this.issueContentTypes.OVERVIEW]: elasticIssueOverview, + [this.issueContentTypes.REPORT]: elasticIssueReport, [this.issueContentTypes.TYPE]: this.issueTypes.DANGER }, 'ShellShockExploiter': { - [this.issueContentTypes.OVERVIEW]: ShellShockIssueOverview, - [this.issueContentTypes.REPORT]: ShellShockIssueReport, + [this.issueContentTypes.OVERVIEW]: shellShockIssueOverview, + [this.issueContentTypes.REPORT]: shellShockIssueReport, [this.issueContentTypes.TYPE]: this.issueTypes.DANGER }, 'Ms08_067_Exploiter': { - [this.issueContentTypes.OVERVIEW]: MS08_067IssueOverview, - [this.issueContentTypes.REPORT]: MS08_067IssueReport, + [this.issueContentTypes.OVERVIEW]: ms08_067IssueOverview, + [this.issueContentTypes.REPORT]: ms08_067IssueReport, [this.issueContentTypes.TYPE]: this.issueTypes.DANGER }, 'ZerologonExploiter': { - [this.issueContentTypes.OVERVIEW]: ZerologonIssueOverview, - [this.issueContentTypes.REPORT]: ZerologonIssueReport, + [this.issueContentTypes.OVERVIEW]: zerologonIssueOverview, + [this.issueContentTypes.REPORT]: zerologonIssueReport, [this.issueContentTypes.TYPE]: this.issueTypes.DANGER }, 'zerologon_pass_restore_failed': { - [this.issueContentTypes.OVERVIEW]: ZerologonOverviewWithFailedPassResetWarning, + [this.issueContentTypes.OVERVIEW]: zerologonOverviewWithFailedPassResetWarning, }, 'island_cross_segment': { [this.issueContentTypes.OVERVIEW]: crossSegmentIssueOverview, - [this.issueContentTypes.REPORT]: generateIslandCrossSegmentIssue, + [this.issueContentTypes.REPORT]: islandCrossSegmentIssueReport, [this.issueContentTypes.TYPE]: this.issueTypes.WARNING }, 'tunnel': { - [this.issueContentTypes.OVERVIEW]: generateTunnelIssueOverview, - [this.issueContentTypes.REPORT]: generateTunnelIssue, + [this.issueContentTypes.OVERVIEW]: tunnelIssueOverview, + [this.issueContentTypes.REPORT]: tunnelIssueReport, [this.issueContentTypes.TYPE]: this.issueTypes.WARNING }, 'shared_passwords': { [this.issueContentTypes.OVERVIEW]: sharedPasswordsIssueOverview, - [this.issueContentTypes.REPORT]: generateSharedCredsIssue, + [this.issueContentTypes.REPORT]: sharedCredsIssueReport, [this.issueContentTypes.TYPE]: this.issueTypes.WARNING }, 'shared_admins_domain': { [this.issueContentTypes.OVERVIEW]: sharedAdminsDomainIssueOverview, - [this.issueContentTypes.REPORT]: generateSharedLocalAdminsIssue, + [this.issueContentTypes.REPORT]: sharedLocalAdminsIssueReport, [this.issueContentTypes.TYPE]: this.issueTypes.WARNING }, 'shared_passwords_domain': { - [this.issueContentTypes.REPORT]: generateSharedCredsDomainIssue, + [this.issueContentTypes.REPORT]: sharedCredsDomainIssueReport, [this.issueContentTypes.TYPE]: this.issueTypes.WARNING }, 'strong_users_on_crit': { - [this.issueContentTypes.REPORT]: generateStrongUsersOnCritIssue, + [this.issueContentTypes.REPORT]: strongUsersOnCritIssueReport, [this.issueContentTypes.TYPE]: this.issueTypes.DANGER }, 'azure_password': { - [this.issueContentTypes.OVERVIEW]: AzurePasswordIssueOverview, - [this.issueContentTypes.REPORT]: AzurePasswordIssueReport, + [this.issueContentTypes.OVERVIEW]: azurePasswordIssueOverview, + [this.issueContentTypes.REPORT]: azurePasswordIssueReport, [this.issueContentTypes.TYPE]: this.issueTypes.DANGER }, 'weak_password': { - [this.issueContentTypes.OVERVIEW]: WeakPasswordIssueOverview, + [this.issueContentTypes.OVERVIEW]: weakPasswordIssueOverview, [this.issueContentTypes.TYPE]: this.issueTypes.DANGER }, 'stolen_creds': { - [this.issueContentTypes.OVERVIEW]: StolenCredsIssueOverview, + [this.issueContentTypes.OVERVIEW]: stolenCredsIssueOverview, [this.issueContentTypes.TYPE]: this.issueTypes.DANGER } } @@ -412,7 +412,7 @@ class ReportPageComponent extends AuthComponent {
The Monkey uncovered the following set of segmentation issues:
diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/AzurePasswordIssue.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/AzurePasswordIssue.js index f572347dc..78afa599b 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/AzurePasswordIssue.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/AzurePasswordIssue.js @@ -1,13 +1,13 @@ import React from 'react'; import CollapsibleWellComponent from '../CollapsibleWell'; -export function AzurePasswordIssueOverview() { +export function azurePasswordIssueOverview() { return (
  • Azure machines expose plaintext passwords. (More info)
    • ) } -export function AzurePasswordIssueReport(issue) { +export function azurePasswordIssueReport(issue) { return ( <> Delete VM Access plugin configuration files. diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/CrossSegmentIssue.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/CrossSegmentIssue.js index f1d84950d..6c1ece1ea 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/CrossSegmentIssue.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/CrossSegmentIssue.js @@ -7,7 +7,7 @@ export function crossSegmentIssueOverview() { different segments are able to communicate.) } -export function generateCrossSegmentIssue(crossSegmentIssue) { +export function crossSegmentIssueReport(crossSegmentIssue) { let crossSegmentIssueOverview = 'Communication possible from ' + `${crossSegmentIssue['source_subnet']} to ${crossSegmentIssue['target_subnet']}`; @@ -17,7 +17,7 @@ export function generateCrossSegmentIssue(crossSegmentIssue) { @@ -25,15 +25,15 @@ export function generateCrossSegmentIssue(crossSegmentIssue) { ); } -export function generateCrossSegmentIssueListItem(issue) { +export function getCrossSegmentIssueListItem(issue) { if (issue['is_self']) { - return generateCrossSegmentSingleHostMessage(issue); + return getCrossSegmentSingleHostMessage(issue); } - return generateCrossSegmentMultiHostMessage(issue); + return getCrossSegmentMultiHostMessage(issue); } -export function generateCrossSegmentSingleHostMessage(issue) { +export function getCrossSegmentSingleHostMessage(issue) { return (
  • {`Machine ${issue['hostname']} has both ips: ${issue['source']} and ${issue['target']}`} @@ -41,20 +41,20 @@ export function generateCrossSegmentSingleHostMessage(issue) { ); } -export function generateCrossSegmentMultiHostMessage(issue) { +export function getCrossSegmentMultiHostMessage(issue) { return (
  • IP {issue['source']} ({issue['hostname']}) was able to communicate with IP {issue['target']} using:
    • ); } -export function generateCrossSegmentServiceListItems(issue) { +export function getCrossSegmentServiceListItems(issue) { let service_list_items = []; for (const [service, info] of Object.entries(issue['services'])) { @@ -68,7 +68,7 @@ export function generateCrossSegmentServiceListItems(issue) { return service_list_items; } -export function generateIslandCrossSegmentIssue(issue) { +export function islandCrossSegmentIssueReport(issue) { return ( <> Segment your network and make sure there is no communication between machines from different segments. diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/DrupalIssue.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/DrupalIssue.js index 15d00feb2..d5cc068bb 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/DrupalIssue.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/DrupalIssue.js @@ -1,12 +1,12 @@ import React from 'react'; import CollapsibleWellComponent from '../CollapsibleWell'; -export function DrupalIssueOverview() { +export function drupalIssueOverview() { return (
  • Drupal server/s are vulnerable to CVE-2019-6340.
    • ) } -export function DrupalIssueReport(issue) { +export function drupalIssueReport(issue) { return ( <> Upgrade Drupal server to versions 8.5.11, 8.6.10, or later. diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/ElasticIssue.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/ElasticIssue.js index 04198a309..4d389bf2b 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/ElasticIssue.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/ElasticIssue.js @@ -1,13 +1,13 @@ import React from 'react'; import CollapsibleWellComponent from '../CollapsibleWell'; -export function ElasticIssueOverview() { +export function elasticIssueOverview() { return (
  • Elasticsearch servers are vulnerable to CVE-2015-1427.
    • ) } -export function ElasticIssueReport(issue) { +export function elasticIssueReport(issue) { return ( <> Update your Elastic Search server to version 1.4.3 and up. diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/HadoopIssue.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/HadoopIssue.js index e63e541ef..ff126ef8a 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/HadoopIssue.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/HadoopIssue.js @@ -1,11 +1,11 @@ import React from 'react'; import CollapsibleWellComponent from '../CollapsibleWell'; -export function HadoopIssueOverview() { +export function hadoopIssueOverview() { return (
  • Hadoop/Yarn servers are vulnerable to remote code execution.
    • ) } -export function HadoopIssueReport(issue) { +export function hadoopIssueReport(issue) { return ( <> Run Hadoop in secure mode (Machines are vulnerable to ‘Conficker’ (MS08-067). ) } -export function MS08_067IssueReport(issue) { +export function ms08_067IssueReport(issue) { return ( <> Install the latest Windows updates or upgrade to a newer operating system. diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/MssqlIssue.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/MssqlIssue.js index c1ff6e9ec..e8e1bb162 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/MssqlIssue.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/MssqlIssue.js @@ -1,11 +1,11 @@ import React from 'react'; import CollapsibleWellComponent from '../CollapsibleWell'; -export function MssqlIssueOverview() { +export function mssqlIssueOverview() { return (
  • MS-SQL servers are vulnerable to remote code execution via xp_cmdshell command.
    • ) } -export function MssqlIssueReport(issue) { +export function mssqlIssueReport(issue) { return ( <> Disable the xp_cmdshell option. diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/PthCriticalServiceIssue.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/PthCriticalServiceIssue.js index 3a78c3008..73589715b 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/PthCriticalServiceIssue.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/PthCriticalServiceIssue.js @@ -1,6 +1,6 @@ import React from 'react'; -export function PthCriticalServiceIssueOverview() { +export function pthCriticalServiceIssueOverview() { return (
  • Mimikatz found login credentials of a user who has admin access to a server defined as critical.
    • ) } diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/SambacryIssue.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/SambacryIssue.js index c07fcce7f..05bcb6850 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/SambacryIssue.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/SambacryIssue.js @@ -1,13 +1,13 @@ import React from 'react'; import CollapsibleWellComponent from '../CollapsibleWell'; -export function SambacryIssueOverview() { +export function sambacryIssueOverview() { return (
  • Samba servers are vulnerable to ‘SambaCry’ (CVE-2017-7494).
    • ) } -export function SambacryIssueReport(issue) { +export function sambacryIssueReport(issue) { return ( <> Change {issue.username}'s password to a complex one-use password diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/SharedPasswordsIssue.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/SharedPasswordsIssue.js index 8308a6357..2a09dbb83 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/SharedPasswordsIssue.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/SharedPasswordsIssue.js @@ -11,7 +11,7 @@ export function sharedAdminsDomainIssueOverview() { administrator.) } -export function generateSharedCredsDomainIssue(issue) { +export function sharedCredsDomainIssueReport(issue) { return ( <> Some domain users are sharing passwords, this should be fixed by changing passwords. @@ -23,7 +23,7 @@ export function generateSharedCredsDomainIssue(issue) { ); } -export function generateSharedCredsIssue(issue) { +export function sharedCredsIssueReport(issue) { return ( <> Some users are sharing passwords, this should be fixed by changing passwords. @@ -35,7 +35,7 @@ export function generateSharedCredsIssue(issue) { ); } -export function generateSharedLocalAdminsIssue(issue) { +export function sharedLocalAdminsIssueReport(issue) { return ( <> Make sure the right administrator accounts are managing the right machines, and that there isn’t an diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/ShellShockIssue.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/ShellShockIssue.js index 02daa292c..b2496fb21 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/ShellShockIssue.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/ShellShockIssue.js @@ -1,18 +1,18 @@ import React from 'react'; import CollapsibleWellComponent from '../CollapsibleWell'; -export function ShellShockIssueOverview() { +export function shellShockIssueOverview() { return (
  • Machines are vulnerable to ‘Shellshock’ (CVE-2014-6271).
    • ) } -function generateShellshockPathListBadges(paths) { +function getShellshockPathListBadges(paths) { return paths.map(path => {path}); } -export function ShellShockIssueReport(issue) { +export function shellShockIssueReport(issue) { return ( <> Update your Bash to a ShellShock-patched version. @@ -23,7 +23,7 @@ export function ShellShockIssueReport(issue) {
    The attack was made possible because the HTTP server running on TCP port {issue.port} was vulnerable to a shell injection attack on the - paths: {generateShellshockPathListBadges(issue.paths)}. + paths: {getShellshockPathListBadges(issue.paths)}. ); diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/SmbIssue.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/SmbIssue.js index eec516a3e..66e2117ff 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/SmbIssue.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/SmbIssue.js @@ -1,7 +1,7 @@ import React from 'react'; import CollapsibleWellComponent from '../CollapsibleWell'; -export function generateSmbPasswordReport(issue) { +export function smbPasswordReport(issue) { return ( <> Change {issue.username}'s password to a complex one-use password @@ -18,7 +18,7 @@ export function generateSmbPasswordReport(issue) { ); } -export function generateSmbPthReport(issue) { +export function smbPthReport(issue) { return ( <> Change {issue.username}'s password to a complex one-use password diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/SshIssue.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/SshIssue.js index d13862372..cb74018d8 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/SshIssue.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/SshIssue.js @@ -1,11 +1,11 @@ import React from 'react'; import CollapsibleWellComponent from '../CollapsibleWell'; -export function SshIssueOverview() { +export function sshIssueOverview() { return (
  • Stolen SSH keys are used to exploit other machines.
    • ) } -export function ShhIssueReport(issue) { +export function shhIssueReport(issue) { return ( <> Change {issue.username}'s password to a complex one-use password @@ -22,7 +22,7 @@ export function ShhIssueReport(issue) { ); } -export function generateSshKeysReport(issue) { +export function sshKeysReport(issue) { return ( <> Protect {issue.ssh_key} private key with a pass phrase. diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/StolenCredsIssue.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/StolenCredsIssue.js index 62d92ccc3..a0b0c037b 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/StolenCredsIssue.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/StolenCredsIssue.js @@ -1,5 +1,5 @@ import React from 'react'; -export function StolenCredsIssueOverview() { +export function stolenCredsIssueOverview() { return (
  • Stolen credentials are used to exploit other machines.
    • ) } diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/StrongUsersOnCritIssue.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/StrongUsersOnCritIssue.js index 7f87e72c1..328207710 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/StrongUsersOnCritIssue.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/StrongUsersOnCritIssue.js @@ -1,7 +1,7 @@ import React from 'react'; import CollapsibleWellComponent from '../CollapsibleWell'; -export function generateStrongUsersOnCritIssue(issue) { +export function strongUsersOnCritIssueReport(issue) { return ( <> This critical machine is open to attacks via strong users with access to it. diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/Struts2Issue.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/Struts2Issue.js index 7a590ba3c..ca4c2b2b9 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/Struts2Issue.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/Struts2Issue.js @@ -1,13 +1,13 @@ import React from 'react'; import CollapsibleWellComponent from '../CollapsibleWell'; -export function Struts2IssueOverview() { +export function struts2IssueOverview() { return (
  • Struts2 servers are vulnerable to remote code execution. ( CVE-2017-5638)
    • ) } -export function Struts2IssueReport(issue) { +export function struts2IssueReport(issue) { return ( <> Upgrade Struts2 to version 2.3.32 or 2.5.10.1 or any later versions. diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/TunnelIssue.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/TunnelIssue.js index 09ed635c5..c4d52751a 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/TunnelIssue.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/TunnelIssue.js @@ -1,11 +1,11 @@ import React from 'react'; import CollapsibleWellComponent from '../CollapsibleWell'; -export function generateTunnelIssueOverview(){ +export function tunnelIssueOverview(){ return (
  • Weak segmentation - Machines were able to communicate over unused ports.
    • ) } -export function generateTunnelIssue(issue) { +export function tunnelIssueReport(issue) { return ( <> Use micro-segmentation policies to disable communication other than the required. diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/VsftpdIssue.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/VsftpdIssue.js index 214c1896b..e5419a9c2 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/VsftpdIssue.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/VsftpdIssue.js @@ -1,13 +1,13 @@ import React from 'react'; import CollapsibleWellComponent from '../CollapsibleWell'; -export function VsftpdIssueOverview() { +export function vsftpdIssueOverview() { return (
  • VSFTPD is vulnerable to CVE-2011-2523.
    • ) } -export function VsftpdIssueReport(issue) { +export function vsftpdIssueReport(issue) { return ( <> Update your VSFTPD server to the latest version vsftpd-3.0.3. diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/WeakPasswordIssue.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/WeakPasswordIssue.js index 0a7ba30b1..ee3c6c04f 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/WeakPasswordIssue.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/WeakPasswordIssue.js @@ -1,6 +1,6 @@ import React from 'react'; -export function WeakPasswordIssueOverview() { +export function weakPasswordIssueOverview() { return (
  • Machines are accessible using passwords supplied by the user during the Monkey’s configuration.
    • ) } diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/WebLogicIssue.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/WebLogicIssue.js index 0bd5e200f..e7678c448 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/WebLogicIssue.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/WebLogicIssue.js @@ -1,11 +1,11 @@ import React from 'react'; import CollapsibleWellComponent from '../CollapsibleWell'; -export function WebLogicIssueOverview() { +export function webLogicIssueOverview() { return (
  • Oracle WebLogic servers are susceptible to a remote code execution vulnerability.
    • ) } -export function WebLogicIssueReport(issue) { +export function webLogicIssueReport(issue) { return ( <> Update Oracle WebLogic server to the latest supported version. diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/WmiIssue.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/WmiIssue.js index 401f8a9d9..cce631274 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/WmiIssue.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/WmiIssue.js @@ -1,7 +1,7 @@ import React from 'react'; import CollapsibleWellComponent from '../CollapsibleWell'; -export function generateWmiPasswordIssue(issue) { +export function wmiPasswordIssueReport(issue) { return ( <> Change {issue.username}'s password to a complex one-use password @@ -18,7 +18,7 @@ export function generateWmiPasswordIssue(issue) { ); } -export function generateWmiPthIssue(issue) { +export function wmiPthIssueReport(issue) { return ( <> Change {issue.username}'s password to a complex one-use password diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/ZerologonIssue.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/ZerologonIssue.js index f125d67ec..771aecf6c 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/ZerologonIssue.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/ZerologonIssue.js @@ -3,7 +3,7 @@ import CollapsibleWellComponent from '../CollapsibleWell'; import WarningIcon from '../../../ui-components/WarningIcon'; import {Button} from 'react-bootstrap'; -export function ZerologonIssueOverview() { +export function zerologonIssueOverview() { return (
  • Some Windows domain controllers are vulnerable to 'Zerologon' ( @@ -17,8 +17,8 @@ export function ZerologonIssueOverview() { ) } -export function ZerologonOverviewWithFailedPassResetWarning() { - let overview = [ZerologonIssueOverview()]; +export function zerologonOverviewWithFailedPassResetWarning() { + let overview = [zerologonIssueOverview()]; overview.push(
  • @@ -36,7 +36,7 @@ export function ZerologonOverviewWithFailedPassResetWarning() { return overview; } -export function ZerologonIssueReport(issue) { +export function zerologonIssueReport(issue) { return ( <> Install Windows security updates.