* Added another configuration endpoint for the island specific fields

2018-11-27 11:08:43 +02:00 · 2018-11-27 11:08:43 +02:00 · c47572cd53
parent 4365ed2a14
commit c47572cd53
4 changed files with 37 additions and 10 deletions
--- a/monkey/monkey_island/cc/app.py
+++ b/monkey/monkey_island/cc/app.py
@ -18,6 +18,7 @@ from cc.resources.log import Log
 from cc.resources.island_logs import IslandLog
 from cc.resources.monkey import Monkey
 from cc.resources.monkey_configuration import MonkeyConfiguration
+from cc.resources.island_configuration import IslandConfiguration
 from cc.resources.monkey_download import MonkeyDownload
 from cc.resources.netmap import NetMap
 from cc.resources.node import Node
@ -104,6 +105,7 @@ def init_app(mongo_url):
    api.add_resource(ClientRun, '/api/client-monkey', '/api/client-monkey/')
    api.add_resource(Telemetry, '/api/telemetry', '/api/telemetry/', '/api/telemetry/<string:monkey_guid>')
    api.add_resource(MonkeyConfiguration, '/api/configuration', '/api/configuration/')
+    api.add_resource(IslandConfiguration, '/api/configuration/island', '/api/configuration/island/')
    api.add_resource(MonkeyDownload, '/api/monkey/download', '/api/monkey/download/',
                     '/api/monkey/download/<string:path>')
    api.add_resource(NetMap, '/api/netmap', '/api/netmap/')
--- a/monkey/monkey_island/cc/resources/island_configuration.py
+++ b/monkey/monkey_island/cc/resources/island_configuration.py
@ -0,0 +1,24 @@
+import json
+
+import flask_restful
+from flask import request, jsonify, abort
+
+from cc.auth import jwt_required
+from cc.services.config import ConfigService
+
+
+class IslandConfiguration(flask_restful.Resource):
+    @jwt_required()
+    def get(self):
+        return jsonify(schema=ConfigService.get_config_schema(),
+                       configuration=ConfigService.get_config(False, True, True))
+
+    @jwt_required()
+    def post(self):
+        config_json = json.loads(request.data)
+        if 'reset' in config_json:
+            ConfigService.reset_config()
+        else:
+            if not ConfigService.update_config(config_json, should_encrypt=True):
+                abort(400)
+        return self.get()
--- a/monkey/monkey_island/cc/services/config.py
+++ b/monkey/monkey_island/cc/services/config.py
@ -648,17 +648,20 @@ SCHEMA = {
                        'aws_account_id': {
                            'title': 'AWS account ID',
                            'type': 'string',
-                            'description': 'Your AWS account ID that is subscribed to security hub feeds'
+                            'description': 'Your AWS account ID that is subscribed to security hub feeds',
+                            'default': " "
                        },
                        'aws_access_key_id': {
                            'title': 'AWS access key ID',
                            'type': 'string',
-                            'description': 'Your AWS public access key ID, can be found in the IAM user interface in the AWS console.'
+                            'description': 'Your AWS public access key ID, can be found in the IAM user interface in the AWS console.',
+                            'default': " "
                        },
                        'aws_secret_access_key': {
                            'title': 'AWS secret access key',
                            'type': 'string',
-                            'description': 'Your AWS secret access key id, you can get this after creating a public access key in the console.'
+                            'description': 'Your AWS secret access key id, you can get this after creating a public access key in the console.',
+                            'default': " "
                        }
                    }
                }
@ -897,16 +900,14 @@ ENCRYPTED_CONFIG_ARRAYS = \
        ['basic', 'credentials', 'exploit_password_list'],
        ['internal', 'exploits', 'exploit_lm_hash_list'],
        ['internal', 'exploits', 'exploit_ntlm_hash_list'],
-        ['internal', 'exploits', 'exploit_ssh_keys'],
-        # ['cnc', 'aws_config', 'iam_role_id'],
-        # ['cnc', 'aws_config', 'aws_access_key_id'],
-        # ['cnc', 'aws_config', 'aws_secret_access_key'],
+        ['internal', 'exploits', 'exploit_ssh_keys']
    ]

 # This should be used for config values of string type
 ENCRYPTED_CONFIG_STRINGS = \
    [
-        
+        ['cnc', 'aws_config', 'aws_access_key_id'],
+        ['cnc', 'aws_config', 'aws_secret_access_key']
    ]


@ -931,7 +932,7 @@ class ConfigService:
        if should_decrypt and len(config) > 0:
            ConfigService.decrypt_config(config)
        if not is_island:
-            config['cnc'].pop('aws_config', None)
+            config.get('cnc', {}).pop('aws_config', None)
        return config

    @staticmethod
--- a/monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js
+++ b/monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js
@ -24,7 +24,7 @@ class ConfigurePageComponent extends AuthComponent {
  }

  componentDidMount() {
-    this.authFetch('/api/configuration')
+    this.authFetch('/api/configuration/island')
      .then(res => res.json())
      .then(res => {
        let sections = [];