* Added aws creds keys to configuration

* Added boto session creation using credentials
* Added a flag in the get_config function to separate island configuration values from monkey ones.
This commit is contained in:
maor.rayzin 2018-11-26 11:48:43 +02:00
parent dd5bbdec35
commit f8f7421c47
3 changed files with 47 additions and 38 deletions

View File

@ -4,9 +4,13 @@ from datetime import datetime
import boto3 import boto3
from cc.resources.exporter import Exporter from cc.resources.exporter import Exporter
from cc.services.config import ConfigService
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
AWS_CRED_CONFIG_KEYS = [['cnc', 'aws_config', 'aws_access_key_id'],
['cnc', 'aws_config', 'aws_secret_access_key']]
class AWSExporter(Exporter): class AWSExporter(Exporter):
@ -19,12 +23,20 @@ class AWSExporter(Exporter):
for issue in issues_list[machine]: for issue in issues_list[machine]:
findings_list.append(AWSExporter._prepare_finding(issue)) findings_list.append(AWSExporter._prepare_finding(issue))
if not AWSExporter._send_findings(findings_list): if not AWSExporter._send_findings(findings_list, AWSExporter._get_aws_keys()):
logger.error('Exporting findings to aws failed') logger.error('Exporting findings to aws failed')
return False return False
return True return True
@staticmethod
def _get_aws_keys():
creds_dict = {}
for key in AWS_CRED_CONFIG_KEYS:
creds_dict[key[2]] = ConfigService.get_config_value(key)
return creds_dict
@staticmethod @staticmethod
def merge_two_dicts(x, y): def merge_two_dicts(x, y):
z = x.copy() # start with x's keys and values z = x.copy() # start with x's keys and values
@ -60,9 +72,11 @@ class AWSExporter(Exporter):
return AWSExporter.merge_two_dicts(finding, findings_dict[issue['type']](issue)) return AWSExporter.merge_two_dicts(finding, findings_dict[issue['type']](issue))
@staticmethod @staticmethod
def _send_findings(findings_list): def _send_findings(findings_list, creds_dict):
securityhub = boto3.client('securityhub') securityhub = boto3.client('securityhub',
aws_access_key_id=creds_dict.get('aws_access_key_id', ''),
aws_secret_access_key=creds_dict.get('aws_secret_access_key', ''))
import_response = securityhub.batch_import_findings(Findings=findings_list) import_response = securityhub.batch_import_findings(Findings=findings_list)
print import_response print import_response
if import_response['ResponseMetadata']['HTTPStatusCode'] == 200: if import_response['ResponseMetadata']['HTTPStatusCode'] == 200:

View File

@ -639,6 +639,28 @@ SCHEMA = {
"description": "The current command server the monkey is communicating with" "description": "The current command server the monkey is communicating with"
} }
} }
},
'aws_config': {
'title': 'AWS Configuration',
'type': 'object',
'description': 'These credentials will be used in order to export the monkey\'s findings to the AWS Security Hub.',
'properties': {
'iam_role_id': {
'title': 'IAM role ID',
'type': 'string',
'description': ''
},
'aws_access_key_id': {
'title': 'AWS access key ID',
'type': 'string',
'description': 'Your AWS public access key ID, can be found in the IAM user interface in the AWS console.'
},
'aws_secret_access_key': {
'title': 'AWS secret access key',
'type': 'string',
'description': 'Your AWS secret access key id, you can get this after creating a public access key in the console.'
}
}
} }
} }
}, },
@ -863,36 +885,6 @@ SCHEMA = {
} }
} }
}, },
'island_configuration': {
'title': 'Island Configuration',
'type': 'object',
'properties':
{
'aws_config':
{
'title': 'AWS Configuration',
'type': 'object',
'properties':
{
'iam_role_id':
{
'title': 'IAM role ID',
'type': 'string'
},
'aws_access_key':
{
'title': 'AWS access key ID',
'type': 'string'
},
'aws_secret_access_key':
{
'title': 'AWS Secret Access Key',
'type': 'string'
}
}
}
}
}
}, },
"options": { "options": {
"collapsed": True "collapsed": True
@ -906,9 +898,9 @@ ENCRYPTED_CONFIG_ARRAYS = \
['internal', 'exploits', 'exploit_lm_hash_list'], ['internal', 'exploits', 'exploit_lm_hash_list'],
['internal', 'exploits', 'exploit_ntlm_hash_list'], ['internal', 'exploits', 'exploit_ntlm_hash_list'],
['internal', 'exploits', 'exploit_ssh_keys'], ['internal', 'exploits', 'exploit_ssh_keys'],
['island_configuration', 'aws_config', 'iam_role_id'], # ['cnc', 'aws_config', 'iam_role_id'],
['island_configuration', 'aws_config', 'aws_access_key'], # ['cnc', 'aws_config', 'aws_access_key_id'],
['island_configuration', 'aws_config', 'aws_secret_access_key'], # ['cnc', 'aws_config', 'aws_secret_access_key'],
] ]
# This should be used for config values of string type # This should be used for config values of string type
@ -925,11 +917,12 @@ class ConfigService:
pass pass
@staticmethod @staticmethod
def get_config(is_initial_config=False, should_decrypt=True): def get_config(is_initial_config=False, should_decrypt=True, is_island=False):
""" """
Gets the entire global config. Gets the entire global config.
:param is_initial_config: If True, the initial config will be returned instead of the current config. :param is_initial_config: If True, the initial config will be returned instead of the current config.
:param should_decrypt: If True, all config values which are set as encrypted will be decrypted. :param should_decrypt: If True, all config values which are set as encrypted will be decrypted.
:param is_island: If True, will include island specific configuration parameters.
:return: The entire global config. :return: The entire global config.
""" """
config = mongo.db.config.find_one({'name': 'initial' if is_initial_config else 'newconfig'}) or {} config = mongo.db.config.find_one({'name': 'initial' if is_initial_config else 'newconfig'}) or {}
@ -937,6 +930,8 @@ class ConfigService:
config.pop(field, None) config.pop(field, None)
if should_decrypt and len(config) > 0: if should_decrypt and len(config) > 0:
ConfigService.decrypt_config(config) ConfigService.decrypt_config(config)
if not is_island:
config['cnc'].pop('aws_config', None)
return config return config
@staticmethod @staticmethod

View File

@ -10,7 +10,7 @@ class ConfigurePageComponent extends AuthComponent {
this.currentSection = 'basic'; this.currentSection = 'basic';
this.currentFormData = {}; this.currentFormData = {};
this.sectionsOrder = ['basic', 'basic_network', 'monkey', 'cnc', 'network', 'exploits', 'internal', 'monkey_island']; this.sectionsOrder = ['basic', 'basic_network', 'monkey', 'cnc', 'network', 'exploits', 'internal'];
// set schema from server // set schema from server
this.state = { this.state = {