Island: Log agent binary hashes on initialization

This commit is contained in:
Ilija Lazoroski 2022-06-07 19:55:06 +02:00
parent 0a8cbbc771
commit ea95a14daf
3 changed files with 34 additions and 22 deletions

View File

@ -1,4 +1,3 @@
import hashlib
import logging import logging
from pathlib import Path from pathlib import Path
@ -31,23 +30,6 @@ class AgentBinaries(AbstractResource):
logger.error(ex) logger.error(ex)
return make_response({"error": str(ex)}, 404) return make_response({"error": str(ex)}, 404)
@staticmethod
def log_executable_hashes():
"""
Logs all the hashes of the monkey executables for debugging ease (can check what Monkey
version you have etc.).
"""
filenames = set(AGENTS.values())
for filename in filenames:
filepath = get_executable_full_path(filename)
if filepath.is_file():
with open(filepath, "rb") as monkey_exec_file:
file_contents = monkey_exec_file.read()
file_sha256_hash = hashlib.sha256(file_contents).hexdigest()
logger.debug(f"{filename} SHA-256 hash: {file_sha256_hash}")
else:
logger.debug(f"No monkey executable for {filepath}")
def get_agent_executable_path(os: str) -> Path: def get_agent_executable_path(os: str) -> Path:
try: try:

View File

@ -21,7 +21,6 @@ from common.version import get_version # noqa: E402
from monkey_island.cc.app import init_app # noqa: E402 from monkey_island.cc.app import init_app # noqa: E402
from monkey_island.cc.arg_parser import IslandCmdArgs # noqa: E402 from monkey_island.cc.arg_parser import IslandCmdArgs # noqa: E402
from monkey_island.cc.arg_parser import parse_cli_args # noqa: E402 from monkey_island.cc.arg_parser import parse_cli_args # noqa: E402
from monkey_island.cc.resources import AgentBinaries # noqa: E402
from monkey_island.cc.server_utils.consts import ( # noqa: E402 from monkey_island.cc.server_utils.consts import ( # noqa: E402
GEVENT_EXCEPTION_LOG, GEVENT_EXCEPTION_LOG,
MONGO_CONNECTION_TIMEOUT, MONGO_CONNECTION_TIMEOUT,
@ -154,8 +153,6 @@ def _start_island_server(
def _log_init_info(): def _log_init_info():
AgentBinaries.log_executable_hashes()
logger.info("Monkey Island Server is running!") logger.info("Monkey Island Server is running!")
logger.info(f"version: {get_version()}") logger.info(f"version: {get_version()}")

View File

@ -1,9 +1,12 @@
import logging
from pathlib import Path from pathlib import Path
from common import DIContainer from common import DIContainer
from common.aws import AWSInstance from common.aws import AWSInstance
from common.utils.file_utils import get_binary_io_sha256_hash
from monkey_island.cc.repository import ( from monkey_island.cc.repository import (
AgentBinaryRepository, AgentBinaryRepository,
AgentRetrievalError,
IAgentBinaryRepository, IAgentBinaryRepository,
IFileRepository, IFileRepository,
LocalStorageFileRepository, LocalStorageFileRepository,
@ -16,6 +19,8 @@ from monkey_island.cc.services.run_local_monkey import LocalMonkeyRunService
from . import AuthenticationService, JsonFileUserDatastore from . import AuthenticationService, JsonFileUserDatastore
from .reporting.report import ReportService from .reporting.report import ReportService
logger = logging.getLogger(__name__)
AGENT_BINARIES_PATH = Path(MONKEY_ISLAND_ABS_PATH) / "cc" / "binaries" AGENT_BINARIES_PATH = Path(MONKEY_ISLAND_ABS_PATH) / "cc" / "binaries"
@ -40,4 +45,32 @@ def initialize_services(data_dir: Path) -> DIContainer:
def _build_agent_binary_repository(): def _build_agent_binary_repository():
file_repository = LocalStorageFileRepository(AGENT_BINARIES_PATH) file_repository = LocalStorageFileRepository(AGENT_BINARIES_PATH)
return AgentBinaryRepository(file_repository) agent_binary_repository = AgentBinaryRepository(file_repository)
_log_agent_binary_hashes(agent_binary_repository)
return agent_binary_repository
def _log_agent_binary_hashes(agent_binary_repository: IAgentBinaryRepository):
"""
Logs all the hashes of the agent executables for debbuging ease
:param agent_binary_repository: Used to retrieve the agent binaries
"""
agent_binaries = {
"Linux": agent_binary_repository.get_linux_binary,
"Windows": agent_binary_repository.get_windows_binary,
}
agent_hashes = {}
for os, get_agent_binary in agent_binaries.items():
try:
agent_binary = get_agent_binary()
binary_sha256_hash = get_binary_io_sha256_hash(agent_binary)
agent_hashes[os] = binary_sha256_hash
except AgentRetrievalError as err:
logger.error(f"No agent available for {os}: {err}")
for os, binary_sha256_hash in agent_hashes.items():
logger.info(f"{os} agent: SHA-256 hash: {binary_sha256_hash}")