monkey/.swm/xYkxB76pK0peJj2tSxBJ.swm

44 lines
2.5 KiB
Plaintext
Raw Permalink Normal View History

{
"id": "xYkxB76pK0peJj2tSxBJ",
"name": "Define what your new PBA does",
"task": {
"dod": "You should add a new PBA const that defines what the PBA does.",
"tests": [],
"hints": [
"See the `Timestomping` PBA. How is the name of the PBA set?"
]
},
"content": [
{
"type": "text",
"text": "The name of your new PBA (which creates scheduled jobs on the machine) will be used in a few places, including the report. <br><br>\nYou should briefly define what your PBA does in a constant variable, such that it can be used by both the Monkey and the Monkey Island.\n\n## Manual test \nOnce you think you're done...\n- Run the Monkey Island\n- Make sure the \"Job scheduling\" PBA is enabled in the \"Monkey\" tab in the configuration — for this test, disable network scanning, exploiting, and all other PBAs\n- Run the Monkey\n- Check the PBA section in the Security report for the name you gave to the new PBA \n\n<img src=\"https://firebasestorage.googleapis.com/v0/b/swimmio-content/o/repositories%2F6Nlb99NtY5Fc3bSd8suH%2Fimg%2Ff0e53e6c-9dbe-41d8-9454-2b5761c3f53a.png?alt=media&token=21aa4bb8-7ebe-4dab-a739-c77e059144dd\" height=400>"
},
{
"firstLineNumber": 5,
"path": "monkey/common/common_consts/post_breach_consts.py",
"type": "snippet",
"lines": [
" POST_BREACH_HIDDEN_FILES = \"Hide files and directories\"",
" POST_BREACH_TRAP_COMMAND = \"Execute command when a particular signal is received\"",
" POST_BREACH_SETUID_SETGID = \"Setuid and Setgid\"",
"*POST_BREACH_JOB_SCHEDULING = \"Schedule jobs\"",
"+# Swimmer: PUT THE NEW CONST HERE!",
" POST_BREACH_TIMESTOMPING = \"Modify files' timestamps\"",
" POST_BREACH_SIGNED_SCRIPT_PROXY_EXEC = \"Signed script proxy execution\"",
" POST_BREACH_ACCOUNT_DISCOVERY = \"Account discovery\""
],
"comments": []
},
{
"type": "text",
"text": "- The name defined here for your PBA can be seen on the Monkey Island in the PBA section in the Security report.\n- The results of each PBA stored in the telemetry are also identified by the string defined here for that PBA."
}
],
"file_version": "2.0.0",
"meta": {
"app_version": "0.3.7-0",
"file_blobs": {
"monkey/common/common_consts/post_breach_consts.py": "25e6679cb1623aae1a732deb05cc011a452743e3"
}
}
}