From d584890dca5c9e8c0f6b99ba6013718e9ba262ce Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Mon, 20 Jan 2020 15:58:28 +0200 Subject: [PATCH] Added hostname collector + moved collector names to common file --- .../common/data/system_info_collectors_names.py | 3 +++ .../system_info/collectors/hostname_collector.py | 16 ++++++++++++++++ .../monkey_island/cc/services/config_schema.py | 13 +++++++++++-- .../services/telemetry/processing/system_info.py | 6 ------ .../system_info_collectors/hostname.py | 9 +++++++++ .../system_info_telemetry_dispatcher.py | 7 +++++-- 6 files changed, 44 insertions(+), 10 deletions(-) create mode 100644 monkey/common/data/system_info_collectors_names.py create mode 100644 monkey/infection_monkey/system_info/collectors/hostname_collector.py create mode 100644 monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/hostname.py diff --git a/monkey/common/data/system_info_collectors_names.py b/monkey/common/data/system_info_collectors_names.py new file mode 100644 index 000000000..8bdf757c7 --- /dev/null +++ b/monkey/common/data/system_info_collectors_names.py @@ -0,0 +1,3 @@ +AWS_COLLECTOR = "AwsCollector" +HOSTNAME_COLLECTOR = "HostnameCollector" +ENVIRONMENT_COLLECTOR = "EnvironmentCollector" diff --git a/monkey/infection_monkey/system_info/collectors/hostname_collector.py b/monkey/infection_monkey/system_info/collectors/hostname_collector.py new file mode 100644 index 000000000..92a522bf9 --- /dev/null +++ b/monkey/infection_monkey/system_info/collectors/hostname_collector.py @@ -0,0 +1,16 @@ +import logging +import socket + +from common.data.system_info_collectors_names import HOSTNAME_COLLECTOR +from infection_monkey.system_info.system_info_collector import SystemInfoCollector + + +logger = logging.getLogger(__name__) + + +class HostnameCollector(SystemInfoCollector): + def __init__(self): + super(HostnameCollector, self).__init__(name=HOSTNAME_COLLECTOR) + + def collect(self) -> dict: + return {"hostname": socket.getfqdn()} diff --git a/monkey/monkey_island/cc/services/config_schema.py b/monkey/monkey_island/cc/services/config_schema.py index d5e015866..86e6225e0 100644 --- a/monkey/monkey_island/cc/services/config_schema.py +++ b/monkey/monkey_island/cc/services/config_schema.py @@ -108,7 +108,7 @@ SCHEMA = { "enum": [ "EnvironmentCollector" ], - "title": "Which Environment this machine is on (on prem/cloud)", + "title": "Collect which environment this machine is on (on prem/cloud)", "attack_techniques": [] }, { @@ -119,6 +119,14 @@ SCHEMA = { "title": "If on AWS, collect more information about the instance", "attack_techniques": [] }, + { + "type": "string", + "enum": [ + "HostnameCollector" + ], + "title": "Collect the machine's hostname", + "attack_techniques": [] + }, ], }, "post_breach_acts": { @@ -464,7 +472,8 @@ SCHEMA = { }, "default": [ "EnvironmentCollector", - "AwsCollector" + "AwsCollector", + "HostnameCollector" ], "description": "Determines which system information collectors will collect information." }, diff --git a/monkey/monkey_island/cc/services/telemetry/processing/system_info.py b/monkey/monkey_island/cc/services/telemetry/processing/system_info.py index d4368469e..c490b1d69 100644 --- a/monkey/monkey_island/cc/services/telemetry/processing/system_info.py +++ b/monkey/monkey_island/cc/services/telemetry/processing/system_info.py @@ -1,7 +1,6 @@ import logging from monkey_island.cc.encryptor import encryptor -from monkey_island.cc.models import Monkey from monkey_island.cc.services import mimikatz_utils from monkey_island.cc.services.config import ConfigService from monkey_island.cc.services.node import NodeService @@ -19,7 +18,6 @@ def process_system_info_telemetry(telemetry_json): process_ssh_info, process_credential_info, process_mimikatz_and_wmi_info, - update_db_with_new_hostname, test_antivirus_existence, dispatcher.dispatch_to_relevant_collectors ] @@ -115,7 +113,3 @@ def process_mimikatz_and_wmi_info(telemetry_json): wmi_handler = WMIHandler(monkey_id, telemetry_json['data']['wmi'], users_secrets) wmi_handler.process_and_handle_wmi_info() - -def update_db_with_new_hostname(telemetry_json): - if 'hostname' in telemetry_json['data']: - Monkey.get_single_monkey_by_guid(telemetry_json['monkey_guid']).set_hostname(telemetry_json['data']['hostname']) diff --git a/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/hostname.py b/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/hostname.py new file mode 100644 index 000000000..e2de4519c --- /dev/null +++ b/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/hostname.py @@ -0,0 +1,9 @@ +import logging + +from monkey_island.cc.models.monkey import Monkey + +logger = logging.getLogger(__name__) + + +def process_hostname_telemetry(collector_results, monkey_guid): + Monkey.get_single_monkey_by_guid(monkey_guid).set_hostname(collector_results["hostname"]) diff --git a/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py b/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py index 64fb146ab..6a3890491 100644 --- a/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py +++ b/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py @@ -1,13 +1,16 @@ import logging +from common.data.system_info_collectors_names import AWS_COLLECTOR, ENVIRONMENT_COLLECTOR, HOSTNAME_COLLECTOR from monkey_island.cc.services.telemetry.processing.system_info_collectors.aws import process_aws_telemetry from monkey_island.cc.services.telemetry.processing.system_info_collectors.environment import process_environment_telemetry +from monkey_island.cc.services.telemetry.processing.system_info_collectors.hostname import process_hostname_telemetry logger = logging.getLogger(__name__) SYSTEM_INFO_COLLECTOR_TO_TELEMETRY_PROCESSOR = { - "AwsCollector": process_aws_telemetry, - "EnvironmentCollector": process_environment_telemetry, + AWS_COLLECTOR: process_aws_telemetry, + ENVIRONMENT_COLLECTOR: process_environment_telemetry, + HOSTNAME_COLLECTOR: process_hostname_telemetry, }