From 7f6496b330c8d37e13f6409ff0a65fa7034451da Mon Sep 17 00:00:00 2001 From: Ilija Lazoroski Date: Fri, 11 Feb 2022 17:43:38 +0100 Subject: [PATCH] Island, UT: Remove system info AWS Collector --- .../system_info_collectors_names.py | 1 - .../system_info/collectors/aws_collector.py | 28 --------- .../system_info_collector_classes.py | 10 --- .../cc/services/config_schema/monkey.py | 2 - .../processing/system_info_collectors/aws.py | 17 ------ .../system_info_telemetry_dispatcher.py | 6 +- .../automated_master_config.json | 1 - .../monkey_configs/flat_config.json | 1 - .../monkey_config_standard.json | 1 - .../test_system_info_telemetry_dispatcher.py | 61 ------------------- vulture_allowlist.py | 1 - 11 files changed, 1 insertion(+), 128 deletions(-) delete mode 100644 monkey/infection_monkey/system_info/collectors/aws_collector.py delete mode 100644 monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/aws.py delete mode 100644 monkey/tests/unit_tests/monkey_island/cc/services/telemetry/processing/system_info_collectors/test_system_info_telemetry_dispatcher.py diff --git a/monkey/common/common_consts/system_info_collectors_names.py b/monkey/common/common_consts/system_info_collectors_names.py index d65c45b7b..075d6ff45 100644 --- a/monkey/common/common_consts/system_info_collectors_names.py +++ b/monkey/common/common_consts/system_info_collectors_names.py @@ -1,3 +1,2 @@ -AWS_COLLECTOR = "AwsCollector" PROCESS_LIST_COLLECTOR = "ProcessListCollector" MIMIKATZ_COLLECTOR = "MimikatzCollector" diff --git a/monkey/infection_monkey/system_info/collectors/aws_collector.py b/monkey/infection_monkey/system_info/collectors/aws_collector.py deleted file mode 100644 index 8cbf26976..000000000 --- a/monkey/infection_monkey/system_info/collectors/aws_collector.py +++ /dev/null @@ -1,28 +0,0 @@ -import logging - -from common.cloud.aws.aws_instance import AwsInstance -from common.common_consts.system_info_collectors_names import AWS_COLLECTOR -from infection_monkey.system_info.system_info_collector import SystemInfoCollector - -logger = logging.getLogger(__name__) - - -class AwsCollector(SystemInfoCollector): - """ - Extract info from AWS machines. - """ - - def __init__(self): - super().__init__(name=AWS_COLLECTOR) - - def collect(self) -> dict: - logger.info("Collecting AWS info") - aws = AwsInstance() - info = {} - if aws.is_instance(): - logger.info("Machine is an AWS instance") - info = {"instance_id": aws.get_instance_id()} - else: - logger.info("Machine is NOT an AWS instance") - - return info diff --git a/monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py b/monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py index b77087a48..5e446513c 100644 --- a/monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py +++ b/monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py @@ -1,5 +1,4 @@ from common.common_consts.system_info_collectors_names import ( - AWS_COLLECTOR, MIMIKATZ_COLLECTOR, PROCESS_LIST_COLLECTOR, ) @@ -17,15 +16,6 @@ SYSTEM_INFO_COLLECTOR_CLASSES = { "info": "Collects credentials from Windows credential manager.", "attack_techniques": ["T1003", "T1005"], }, - { - "type": "string", - "enum": [AWS_COLLECTOR], - "title": "AWS Collector", - "safe": True, - "info": "If on AWS, collects more information about the AWS instance " - "currently running on.", - "attack_techniques": ["T1082"], - }, { "type": "string", "enum": [PROCESS_LIST_COLLECTOR], diff --git a/monkey/monkey_island/cc/services/config_schema/monkey.py b/monkey/monkey_island/cc/services/config_schema/monkey.py index 480aa0852..80719d4c2 100644 --- a/monkey/monkey_island/cc/services/config_schema/monkey.py +++ b/monkey/monkey_island/cc/services/config_schema/monkey.py @@ -1,5 +1,4 @@ from common.common_consts.system_info_collectors_names import ( - AWS_COLLECTOR, MIMIKATZ_COLLECTOR, PROCESS_LIST_COLLECTOR, ) @@ -86,7 +85,6 @@ MONKEY = { "uniqueItems": True, "items": {"$ref": "#/definitions/system_info_collector_classes"}, "default": [ - AWS_COLLECTOR, PROCESS_LIST_COLLECTOR, MIMIKATZ_COLLECTOR, ], diff --git a/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/aws.py b/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/aws.py deleted file mode 100644 index 0fae438d4..000000000 --- a/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/aws.py +++ /dev/null @@ -1,17 +0,0 @@ -import logging - -from monkey_island.cc.models.monkey import Monkey - -logger = logging.getLogger(__name__) - - -def process_aws_telemetry(collector_results, monkey_guid): - relevant_monkey = Monkey.get_single_monkey_by_guid(monkey_guid) - - if "instance_id" in collector_results: - instance_id = collector_results["instance_id"] - relevant_monkey.aws_instance_id = instance_id - relevant_monkey.save() - logger.debug( - "Updated Monkey {} with aws instance id {}".format(str(relevant_monkey), instance_id) - ) diff --git a/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py b/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py index 702cffe2c..13e0a9298 100644 --- a/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py +++ b/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py @@ -1,10 +1,7 @@ import logging import typing -from common.common_consts.system_info_collectors_names import AWS_COLLECTOR, PROCESS_LIST_COLLECTOR -from monkey_island.cc.services.telemetry.processing.system_info_collectors.aws import ( - process_aws_telemetry, -) +from common.common_consts.system_info_collectors_names import PROCESS_LIST_COLLECTOR from monkey_island.cc.services.telemetry.zero_trust_checks.antivirus_existence import ( check_antivirus_existence, ) @@ -12,7 +9,6 @@ from monkey_island.cc.services.telemetry.zero_trust_checks.antivirus_existence i logger = logging.getLogger(__name__) SYSTEM_INFO_COLLECTOR_TO_TELEMETRY_PROCESSORS = { - AWS_COLLECTOR: [process_aws_telemetry], PROCESS_LIST_COLLECTOR: [check_antivirus_existence], } diff --git a/monkey/tests/data_for_tests/monkey_configs/automated_master_config.json b/monkey/tests/data_for_tests/monkey_configs/automated_master_config.json index 4a7816301..e7290d822 100644 --- a/monkey/tests/data_for_tests/monkey_configs/automated_master_config.json +++ b/monkey/tests/data_for_tests/monkey_configs/automated_master_config.json @@ -104,7 +104,6 @@ } }, "system_info_collector_classes": [ - "AwsCollector", "ProcessListCollector", "MimikatzCollector" ] diff --git a/monkey/tests/data_for_tests/monkey_configs/flat_config.json b/monkey/tests/data_for_tests/monkey_configs/flat_config.json index 4f6704d9b..563eb21d5 100644 --- a/monkey/tests/data_for_tests/monkey_configs/flat_config.json +++ b/monkey/tests/data_for_tests/monkey_configs/flat_config.json @@ -101,7 +101,6 @@ "smb_service_name": "InfectionMonkey", "subnet_scan_list": ["192.168.1.50", "192.168.56.0/24", "10.0.33.0/30"], "system_info_collector_classes": [ - "AwsCollector", "ProcessListCollector", "MimikatzCollector" ], diff --git a/monkey/tests/data_for_tests/monkey_configs/monkey_config_standard.json b/monkey/tests/data_for_tests/monkey_configs/monkey_config_standard.json index b810d4356..69e6f4416 100644 --- a/monkey/tests/data_for_tests/monkey_configs/monkey_config_standard.json +++ b/monkey/tests/data_for_tests/monkey_configs/monkey_config_standard.json @@ -147,7 +147,6 @@ "system_info": { "system_info_collector_classes": [ "environmentcollector", - "awscollector", "hostnamecollector", "processlistcollector", "mimikatzcollector" diff --git a/monkey/tests/unit_tests/monkey_island/cc/services/telemetry/processing/system_info_collectors/test_system_info_telemetry_dispatcher.py b/monkey/tests/unit_tests/monkey_island/cc/services/telemetry/processing/system_info_collectors/test_system_info_telemetry_dispatcher.py deleted file mode 100644 index 6829daf4b..000000000 --- a/monkey/tests/unit_tests/monkey_island/cc/services/telemetry/processing/system_info_collectors/test_system_info_telemetry_dispatcher.py +++ /dev/null @@ -1,61 +0,0 @@ -import uuid - -import pytest - -from monkey_island.cc.models import Monkey -from monkey_island.cc.services.telemetry.processing.system_info_collectors.system_info_telemetry_dispatcher import ( # noqa: E501 - SystemInfoTelemetryDispatcher, - process_aws_telemetry, -) - -TEST_SYS_INFO_TO_PROCESSING = { - "AwsCollector": [process_aws_telemetry], -} - - -class TestSystemInfoTelemetryDispatcher: - def test_dispatch_to_relevant_collector_bad_inputs(self): - dispatcher = SystemInfoTelemetryDispatcher(TEST_SYS_INFO_TO_PROCESSING) - - # Bad format telem JSONs - throws - bad_empty_telem_json = {} - with pytest.raises(KeyError): - dispatcher.dispatch_collector_results_to_relevant_processors(bad_empty_telem_json) - - bad_no_data_telem_json = {"monkey_guid": "bla"} - with pytest.raises(KeyError): - dispatcher.dispatch_collector_results_to_relevant_processors(bad_no_data_telem_json) - - bad_no_monkey_telem_json = {"data": {"collectors": {"AwsCollector": "Bla"}}} - with pytest.raises(KeyError): - dispatcher.dispatch_collector_results_to_relevant_processors(bad_no_monkey_telem_json) - - # Telem JSON with no collectors - nothing gets dispatched - good_telem_no_collectors = {"monkey_guid": "bla", "data": {"bla": "bla"}} - good_telem_empty_collectors = { - "monkey_guid": "bla", - "data": {"bla": "bla", "collectors": {}}, - } - - dispatcher.dispatch_collector_results_to_relevant_processors(good_telem_no_collectors) - dispatcher.dispatch_collector_results_to_relevant_processors(good_telem_empty_collectors) - - def test_dispatch_to_relevant_collector(self): - a_monkey = Monkey(guid=str(uuid.uuid4())) - a_monkey.save() - - dispatcher = SystemInfoTelemetryDispatcher() - - # JSON with results - make sure functions are called - instance_id = "i-0bd2c14bd4c7d703f" - telem_json = { - "data": { - "collectors": { - "AwsCollector": {"instance_id": instance_id}, - } - }, - "monkey_guid": a_monkey.guid, - } - dispatcher.dispatch_collector_results_to_relevant_processors(telem_json) - - assert Monkey.get_single_monkey_by_guid(a_monkey.guid).aws_instance_id == instance_id diff --git a/vulture_allowlist.py b/vulture_allowlist.py index 1cb2e426c..2d8163f29 100644 --- a/vulture_allowlist.py +++ b/vulture_allowlist.py @@ -96,7 +96,6 @@ AccountDiscovery # unused class (monkey/infection_monkey/post_breach/actions/di ModifyShellStartupFiles # unused class (monkey/infection_monkey/post_breach/actions/modify_shell_startup_files.py:11) Timestomping # unused class (monkey/infection_monkey/post_breach/actions/timestomping.py:6) SignedScriptProxyExecution # unused class (monkey/infection_monkey/post_breach/actions/use_signed_scripts.py:15) -AwsCollector # unused class (monkey/infection_monkey/system_info/collectors/aws_collector.py:15) EnvironmentCollector # unused class (monkey/infection_monkey/system_info/collectors/environment_collector.py:19) HostnameCollector # unused class (monkey/infection_monkey/system_info/collectors/hostname_collector.py:10) ProcessListCollector # unused class (monkey/infection_monkey/system_info/collectors/process_list_collector.py:18)