Commit Graph

6771 Commits

Author SHA1 Message Date
Mike Salvatore 9ed689946c Docs: Minor edits to Linux setup documentation 2021-11-30 12:56:52 -05:00
Mike Salvatore 3e8f7382d0 Docs: Minor edits to docker setup documentation 2021-11-30 12:53:55 -05:00
Mike Salvatore 9e036c8853 Doc: Make minor edits to windows setup documentation 2021-11-30 12:52:40 -05:00
Mike Salvatore 7570064ae7 Docs: Remove erroneous comment about log level for agents
Agents' log level is not configurable at this time.
2021-11-30 12:49:19 -05:00
Mike Salvatore 0b7da7ed67 Docs: Fix "logging" links in FAQ 2021-11-30 12:48:03 -05:00
Mike Salvatore e76915cf96
Merge pull request #1634 from guardicore/1610-cleanup-ransomware
Cleanup function for ransomware
2021-11-30 12:31:04 -05:00
Mike Salvatore a5fc0bc393 Agent: Change readme if condition in RansomwarePayload.cleanup()
If the _readme_incomplete flag is set but no readme file has been left
in the target directory, do not leave a new readme file. This can happen
if the thread is forcefully killed between the time when the flag is set
and the file is first created. The cleanup function is only concerned
with cleaning up incomplete files, not ensuring the existence of the
file under all circumstances.
2021-11-30 12:03:37 -05:00
Mike Salvatore 789a6691c1 Agent: Improve log messages in RansomwarePayload.cleanup() 2021-11-30 12:03:37 -05:00
Mike Salvatore 62a6b09e00 Agent: Use `self._target_directory` in RansomwarePayload 2021-11-30 12:03:37 -05:00
Mike Salvatore 14c298e89c Agent: Move exception handling from readme_dropper to ransomware_payload 2021-11-30 12:03:26 -05:00
Mike Salvatore f87802678b Tests: Use default parameters in build_ransomware_payload() fixture
This allows ransomware payloads with different mocks to be built on a
per-test basis with minimal effort and maximal code reuse.
2021-11-30 11:13:03 -05:00
Shreya Malviya bedc8d4f84 Agent: Add cleanup logic for ransomware payload 2021-11-30 11:12:51 -05:00
VakarisZ 0a32ac888e Docs: moved server configuration and common configuration operation docs to corresponding deployment option setup pages 2021-11-30 15:44:46 +02:00
VakarisZ 06f31791fc Island, UT: fix island config option extraction to also expand paths and add a UT for that 2021-11-30 12:12:29 +02:00
VakarisZ 03566d2966 Island: remove the server config extraction from server_config.json in island's cwd
All deployments can be configured via command line OR by modifying the server_config.json that comes with the deployment
2021-11-30 12:06:02 +02:00
VakarisZ e95df875be Island: fix a bug in server's config options extraction that caused unspecified properties to get overridden by defaults 2021-11-30 10:27:09 +02:00
Ilija Lazoroski f8441f2d7f Agent: Refactor the new start and cleanup function 2021-11-29 19:57:25 +01:00
Ilija Lazoroski 72f4fc1ef6 Agent: Remove intialize both from monkey and dropper
Add legacy start and cleanup to the agent which
are the same code reformated in the previous commits.
Reformat start function.
2021-11-29 18:54:52 +01:00
VakarisZ 68ea983458 UT: fixed the path to consts in test_server_setup.py 2021-11-29 17:27:26 +02:00
VakarisZ ffe9a65037 Docs: improve the documentation by specifying that user can use log levels `info` and `debug`, instead of saying "default Python log levels" 2021-11-29 17:21:46 +02:00
VakarisZ 04feb1b31d Island,UT: move PACKAGE_CONFIG_PATH and USER_CONFIG_PATH consts to config_setup.py, where they are used 2021-11-29 15:16:02 +02:00
VakarisZ 7e479ec3df Island: improve readability in config_setup.py by renaming methods and adding default parameter to IslandConfigOptions 2021-11-29 14:47:37 +02:00
Shreya Malviya 75226bdf6e Agent: Comment out mock master things in monkey.py
So that both 'masters' don't run at the same time.
To test the mock master, un-comment the lines in this commit and
comment the lines `self._start_post_breach_async()` and `self._start_propagation()`
in `start()`.
2021-11-29 15:26:12 +05:30
VakarisZ 811983a8b5 Island: refactor/change exit() to the syntax of sys.exit 2021-11-29 11:35:22 +02:00
VakarisZ 3e32dbbc52 Docs: extract the server configuration workflow to a separate server_configuration.md page, which explains how to setup and use server_configuration.json
This change extracts server_config.json usage into a single page, which can then be referred to from any page that requires island configuration
2021-11-26 17:05:38 +02:00
Ilija Lazoroski 1ee6d10b4c Agent: Refactor agent startup
Reorder and rename functions.
2021-11-26 13:34:06 +01:00
Ilija Lazoroski 3c13324e8a Agent: Change send_exploit_telemetry for host exploiter 2021-11-26 13:32:41 +01:00
VakarisZ dcc71faaa9 Island: try reading server_config.json from install directory
On windows it's not easy to pass server_config as a commandline parameter. It's easier to just create a file in install directory.
2021-11-26 12:04:46 +02:00
VakarisZ 00665cbae0 Island: implements the logic of server config extraction and adds unit tests for it
Since server_config.json no longer needs to be writable, we can load defaults, then override package specific options and lastly override user specified options to form the final config for island
2021-11-26 12:04:46 +02:00
VakarisZ 00819ccf40 Build: remove unused server config options from docker
Options removed match the defaults so there's no reason to keep them
2021-11-26 12:04:46 +02:00
VakarisZ 7e21635733 Island: separate the workflow of config extraction from data directory setup 2021-11-26 12:04:46 +02:00
Ilija Lazoroski fb007e9cc8 Agent: Initial refactoring of monkey including mocked puppet and a master 2021-11-25 17:17:23 +01:00
Ilija Lazoroski 44d3ad8586 Agent: Add realistic puppet exploit telemetry info and attempts
Fix logging consistency in mock master.
2021-11-25 17:14:24 +01:00
Mike Salvatore 137afa6473 Agent: Don't register new signal handler in monkey.py (for now)
The signal handler is not quite ready for prime time. Issue #1595 and
issue #1597 will need to be resolved before the signal handler can be
fully ready. For now, don't register the signal handler.
2021-11-24 13:46:18 -05:00
Mike Salvatore d31fd2c811 Agent: Improve Windows signal handler 2021-11-24 13:42:28 -05:00
Mike Salvatore e04e8d3177
Merge pull request #1628 from guardicore/1593-i-master
Add IMaster and MockMaster
2021-11-24 07:59:55 -05:00
Mike Salvatore 0ec8fca766 Agent: Add start/finish logging to phases of MockMaster execution 2021-11-24 07:45:40 -05:00
Mike Salvatore 8c36b1925f
Merge pull request #1629 from guardicore/1599-unused-python-dependencies
1599 unused python dependencies
2021-11-24 06:46:21 -05:00
VakarisZ a3563b97a8
Merge pull request #1625 from guardicore/1599-unused-python-dependencies
1599 unused python dependencies
2021-11-24 13:07:58 +02:00
VakarisZ 8a88949d1a Island: re-add cffi explicit requirement
Docker island is showing ModuleNotFoundError: No module named '_cffi_backend'without it
2021-11-24 11:12:34 +02:00
VakarisZ 474e1adbf5
Merge pull request #1627 from guardicore/1594-signal-handlers
Agent: register signal handlers
2021-11-24 10:54:53 +02:00
VakarisZ 3f7c4a8859 Agent: add a comment warning that windows will terminate the process 5s after CTRL_CLOSE_EVENT signal
The comment will warn us that in case that particular signal is raised, the cleanup shouldn't take longer than 5s
2021-11-24 10:52:55 +02:00
Mike Salvatore 73329e9729 Agent: Remove input() call in monkey.py
The call to input() was used to pause the execution of the agent while
testing the new signal handlers. It is no longer needed.
2021-11-24 10:52:55 +02:00
Mike Salvatore 6149ef630b Agent: Improve signal handler log message 2021-11-24 10:52:55 +02:00
Mike Salvatore 068307f0eb Agent: Handle window close event on Windows 2021-11-24 10:52:55 +02:00
Mike Salvatore 27ef06c546 Agent: Call IMaster.terminate() from signal handler 2021-11-24 10:52:55 +02:00
VakarisZ 9d36f20b42 Agent: register signal handlers
Agent will now handle interrupt and break signals on linux and windows
2021-11-24 10:52:55 +02:00
Shreya Malviya e00fd64530 Agent: Fix PBA return value 2021-11-24 13:54:49 +05:30
Shreya Malviya d0b9fca4d7 Agent: Fix return types and statements in mock puppet for PBA and exploiters 2021-11-24 13:54:49 +05:30
Shreya Malviya 57b710fb10 UT: Modify unit tests for ExploitTelem and PostBreachTelem based on previous changes 2021-11-24 13:54:49 +05:30