From d76fad9e1760cdf37ac8e63a5d8d3f3ff395414d Mon Sep 17 00:00:00 2001 From: Ilija Lazoroski Date: Mon, 13 Jun 2022 16:36:09 +0200 Subject: [PATCH] Island: Remove current_server and command_servers from config * It removes whole island_server section from internal config --- monkey/common/config_value_paths.py | 1 - .../attack/technique_reports/T1065.py | 6 ++--- monkey/monkey_island/cc/services/config.py | 16 -------------- .../cc/services/config_schema/internal.py | 22 ------------------- .../InternalConfig.js | 1 - .../automated_master_config.json | 2 -- .../monkey_configs/flat_config.json | 4 ---- .../monkey_config_standard.json | 8 ------- .../monkey_island/cc/services/test_config.py | 17 -------------- 9 files changed, 2 insertions(+), 75 deletions(-) diff --git a/monkey/common/config_value_paths.py b/monkey/common/config_value_paths.py index e65444147..c6bcf0dc0 100644 --- a/monkey/common/config_value_paths.py +++ b/monkey/common/config_value_paths.py @@ -1,4 +1,3 @@ -CURRENT_SERVER_PATH = ["internal", "island_server", "current_server"] SSH_KEYS_PATH = ["internal", "exploits", "exploit_ssh_keys"] INACCESSIBLE_SUBNETS_PATH = ["basic_network", "network_analysis", "inaccessible_subnets"] USER_LIST_PATH = ["basic", "credentials", "exploit_user_list"] diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1065.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1065.py index 7615a46c2..bb71365d3 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/T1065.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1065.py @@ -1,7 +1,6 @@ -from common.config_value_paths import CURRENT_SERVER_PATH from common.utils.attack_utils import ScanStatus +from monkey_island.cc.server_utils.consts import ISLAND_PORT from monkey_island.cc.services.attack.technique_reports import AttackTechnique -from monkey_island.cc.services.config import ConfigService class T1065(AttackTechnique): @@ -14,6 +13,5 @@ class T1065(AttackTechnique): @staticmethod def get_report_data(): - port = ConfigService.get_config_value(CURRENT_SERVER_PATH).split(":")[1] - T1065.used_msg = T1065.message % port + T1065.used_msg = T1065.message % ISLAND_PORT return T1065.get_base_data_by_status(ScanStatus.USED.value) diff --git a/monkey/monkey_island/cc/services/config.py b/monkey/monkey_island/cc/services/config.py index 2220bf38b..46bdaf91c 100644 --- a/monkey/monkey_island/cc/services/config.py +++ b/monkey/monkey_island/cc/services/config.py @@ -18,7 +18,6 @@ from common.config_value_paths import ( USER_LIST_PATH, ) from monkey_island.cc.database import mongo -from monkey_island.cc.server_utils.consts import ISLAND_PORT from monkey_island.cc.server_utils.encryption import ( SensitiveField, StringEncryptor, @@ -30,7 +29,6 @@ from monkey_island.cc.services.config_manipulator import update_config_per_mode from monkey_island.cc.services.config_schema.config_schema import SCHEMA from monkey_island.cc.services.mode.island_mode_service import ModeNotSetError, get_mode from monkey_island.cc.services.post_breach_files import PostBreachFilesService -from monkey_island.cc.services.utils.network_utils import local_ip_addresses logger = logging.getLogger(__name__) @@ -255,7 +253,6 @@ class ConfigService: def reset_config(): PostBreachFilesService.remove_PBA_files() config = ConfigService.get_default_config(True) - ConfigService.set_server_ips_in_config(config) try: mode = get_mode() update_config_per_mode(mode, config, should_encrypt=False) @@ -263,17 +260,6 @@ class ConfigService: ConfigService.update_config(config, should_encrypt=False) logger.info("Monkey config reset was called") - @staticmethod - def set_server_ips_in_config(config): - ips = local_ip_addresses() - config["internal"]["island_server"]["command_servers"] = [ - "%s:%d" % (ip, ISLAND_PORT) for ip in ips - ] - config["internal"]["island_server"]["current_server"] = "%s:%d" % ( - ips[0], - ISLAND_PORT, - ) - @staticmethod def _extend_config_with_default(validator_class): validate_properties = validator_class.VALIDATORS["properties"] @@ -407,8 +393,6 @@ class ConfigService: "linux_filename": config.get(flat_linux_filename_field, ""), "windows_command": config.get(flat_windows_command_field, ""), "windows_filename": config.get(flat_windows_filename_field, ""), - # Current server is used for attack telemetry - "current_server": config.get("current_server"), } config["post_breach_actions"] = formatted_pbas_config diff --git a/monkey/monkey_island/cc/services/config_schema/internal.py b/monkey/monkey_island/cc/services/config_schema/internal.py index b54370ac9..e0575ab36 100644 --- a/monkey/monkey_island/cc/services/config_schema/internal.py +++ b/monkey/monkey_island/cc/services/config_schema/internal.py @@ -15,28 +15,6 @@ INTERNAL = { }, }, }, - "island_server": { - "title": "Island server", - "type": "object", - "properties": { - "command_servers": { - "title": "Island server's IP's", - "type": "array", - "uniqueItems": True, - "items": {"type": "string"}, - "default": ["192.0.2.0:5000"], - "description": "List of command servers/network interfaces to try to " - "communicate with " - "(format is :)", - }, - "current_server": { - "title": "Current server", - "type": "string", - "default": "192.0.2.0:5000", - "description": "The current command server the monkey is communicating with", - }, - }, - }, "network": { "title": "Network", "type": "object", diff --git a/monkey/monkey_island/cc/ui/src/components/configuration-components/InternalConfig.js b/monkey/monkey_island/cc/ui/src/components/configuration-components/InternalConfig.js index 89632d926..5fe9913cc 100644 --- a/monkey/monkey_island/cc/ui/src/components/configuration-components/InternalConfig.js +++ b/monkey/monkey_island/cc/ui/src/components/configuration-components/InternalConfig.js @@ -4,7 +4,6 @@ import {Nav} from 'react-bootstrap'; const sectionOrder = [ 'network', - 'island_server', 'exploits', 'classes', 'general', diff --git a/monkey/tests/data_for_tests/monkey_configs/automated_master_config.json b/monkey/tests/data_for_tests/monkey_configs/automated_master_config.json index 0a98d0cbb..7fcc2285d 100644 --- a/monkey/tests/data_for_tests/monkey_configs/automated_master_config.json +++ b/monkey/tests/data_for_tests/monkey_configs/automated_master_config.json @@ -62,8 +62,6 @@ }, "PBA_linux_filename": "", "PBA_windows_filename": "", - "command_servers": ["10.197.94.72:5000"], - "current_server": "localhost:5000", "custom_pbas": { "linux_command": "", "windows_command": "" diff --git a/monkey/tests/data_for_tests/monkey_configs/flat_config.json b/monkey/tests/data_for_tests/monkey_configs/flat_config.json index 59f8602ed..33bf50da1 100644 --- a/monkey/tests/data_for_tests/monkey_configs/flat_config.json +++ b/monkey/tests/data_for_tests/monkey_configs/flat_config.json @@ -11,10 +11,6 @@ "PBA_windows_filename": "test.ps1", "alive": true, "blocked_ips": ["192.168.1.1", "192.168.1.100"], - "command_servers": [ - "10.197.94.72:5000" - ], - "current_server": "10.197.94.72:5000", "custom_PBA_linux_cmd": "bash test.sh", "custom_PBA_windows_cmd": "powershell test.ps1", "depth": 2, diff --git a/monkey/tests/data_for_tests/monkey_configs/monkey_config_standard.json b/monkey/tests/data_for_tests/monkey_configs/monkey_config_standard.json index 0abd3924b..678023ebb 100644 --- a/monkey/tests/data_for_tests/monkey_configs/monkey_config_standard.json +++ b/monkey/tests/data_for_tests/monkey_configs/monkey_config_standard.json @@ -41,14 +41,6 @@ "general": { "keep_tunnel_open_time": 60 }, - "island_server": { - "command_servers": [ - "192.168.1.37:5000", - "10.0.3.1:5000", - "172.17.0.1:5000" - ], - "current_server": "192.168.1.37:5000" - }, "network": { "tcp_scanner": { "HTTP_PORTS": [ diff --git a/monkey/tests/unit_tests/monkey_island/cc/services/test_config.py b/monkey/tests/unit_tests/monkey_island/cc/services/test_config.py index bc804c68a..404bb0dde 100644 --- a/monkey/tests/unit_tests/monkey_island/cc/services/test_config.py +++ b/monkey/tests/unit_tests/monkey_island/cc/services/test_config.py @@ -18,22 +18,6 @@ def mock_flat_config(monkeypatch, flat_monkey_config): ) -@pytest.mark.slow -@pytest.mark.usefixtures("uses_encryptor") -def test_set_server_ips_in_config_command_servers(config, IPS, PORT): - ConfigService.set_server_ips_in_config(config) - expected_config_command_servers = [f"{ip}:{PORT}" for ip in IPS] - assert config["internal"]["island_server"]["command_servers"] == expected_config_command_servers - - -@pytest.mark.slow -@pytest.mark.usefixtures("uses_encryptor") -def test_set_server_ips_in_config_current_server(config, IPS, PORT): - ConfigService.set_server_ips_in_config(config) - expected_config_current_server = f"{IPS[0]}:{PORT}" - assert config["internal"]["island_server"]["current_server"] == expected_config_current_server - - def test_format_config_for_agent__credentials_removed(): flat_monkey_config = ConfigService.format_flat_config_for_agent() @@ -91,7 +75,6 @@ def test_format_config_for_custom_pbas(): "windows_command": "powershell test.ps1", "linux_filename": "test.sh", "windows_filename": "test.ps1", - "current_server": "10.197.94.72:5000", } flat_monkey_config = ConfigService.format_flat_config_for_agent()