* Added another configuration endpoint for the island specific fields

This commit is contained in:
maor.rayzin 2018-11-27 11:08:43 +02:00
parent 90554f63cb
commit a42d621340
4 changed files with 37 additions and 10 deletions

View File

@ -18,6 +18,7 @@ from cc.resources.log import Log
from cc.resources.island_logs import IslandLog from cc.resources.island_logs import IslandLog
from cc.resources.monkey import Monkey from cc.resources.monkey import Monkey
from cc.resources.monkey_configuration import MonkeyConfiguration from cc.resources.monkey_configuration import MonkeyConfiguration
from cc.resources.island_configuration import IslandConfiguration
from cc.resources.monkey_download import MonkeyDownload from cc.resources.monkey_download import MonkeyDownload
from cc.resources.netmap import NetMap from cc.resources.netmap import NetMap
from cc.resources.node import Node from cc.resources.node import Node
@ -104,6 +105,7 @@ def init_app(mongo_url):
api.add_resource(ClientRun, '/api/client-monkey', '/api/client-monkey/') api.add_resource(ClientRun, '/api/client-monkey', '/api/client-monkey/')
api.add_resource(Telemetry, '/api/telemetry', '/api/telemetry/', '/api/telemetry/<string:monkey_guid>') api.add_resource(Telemetry, '/api/telemetry', '/api/telemetry/', '/api/telemetry/<string:monkey_guid>')
api.add_resource(MonkeyConfiguration, '/api/configuration', '/api/configuration/') api.add_resource(MonkeyConfiguration, '/api/configuration', '/api/configuration/')
api.add_resource(IslandConfiguration, '/api/configuration/island', '/api/configuration/island/')
api.add_resource(MonkeyDownload, '/api/monkey/download', '/api/monkey/download/', api.add_resource(MonkeyDownload, '/api/monkey/download', '/api/monkey/download/',
'/api/monkey/download/<string:path>') '/api/monkey/download/<string:path>')
api.add_resource(NetMap, '/api/netmap', '/api/netmap/') api.add_resource(NetMap, '/api/netmap', '/api/netmap/')

View File

@ -0,0 +1,24 @@
import json
import flask_restful
from flask import request, jsonify, abort
from cc.auth import jwt_required
from cc.services.config import ConfigService
class IslandConfiguration(flask_restful.Resource):
@jwt_required()
def get(self):
return jsonify(schema=ConfigService.get_config_schema(),
configuration=ConfigService.get_config(False, True, True))
@jwt_required()
def post(self):
config_json = json.loads(request.data)
if 'reset' in config_json:
ConfigService.reset_config()
else:
if not ConfigService.update_config(config_json, should_encrypt=True):
abort(400)
return self.get()

View File

@ -648,17 +648,20 @@ SCHEMA = {
'aws_account_id': { 'aws_account_id': {
'title': 'AWS account ID', 'title': 'AWS account ID',
'type': 'string', 'type': 'string',
'description': 'Your AWS account ID that is subscribed to security hub feeds' 'description': 'Your AWS account ID that is subscribed to security hub feeds',
'default': " "
}, },
'aws_access_key_id': { 'aws_access_key_id': {
'title': 'AWS access key ID', 'title': 'AWS access key ID',
'type': 'string', 'type': 'string',
'description': 'Your AWS public access key ID, can be found in the IAM user interface in the AWS console.' 'description': 'Your AWS public access key ID, can be found in the IAM user interface in the AWS console.',
'default': " "
}, },
'aws_secret_access_key': { 'aws_secret_access_key': {
'title': 'AWS secret access key', 'title': 'AWS secret access key',
'type': 'string', 'type': 'string',
'description': 'Your AWS secret access key id, you can get this after creating a public access key in the console.' 'description': 'Your AWS secret access key id, you can get this after creating a public access key in the console.',
'default': " "
} }
} }
} }
@ -897,16 +900,14 @@ ENCRYPTED_CONFIG_ARRAYS = \
['basic', 'credentials', 'exploit_password_list'], ['basic', 'credentials', 'exploit_password_list'],
['internal', 'exploits', 'exploit_lm_hash_list'], ['internal', 'exploits', 'exploit_lm_hash_list'],
['internal', 'exploits', 'exploit_ntlm_hash_list'], ['internal', 'exploits', 'exploit_ntlm_hash_list'],
['internal', 'exploits', 'exploit_ssh_keys'], ['internal', 'exploits', 'exploit_ssh_keys']
# ['cnc', 'aws_config', 'iam_role_id'],
# ['cnc', 'aws_config', 'aws_access_key_id'],
# ['cnc', 'aws_config', 'aws_secret_access_key'],
] ]
# This should be used for config values of string type # This should be used for config values of string type
ENCRYPTED_CONFIG_STRINGS = \ ENCRYPTED_CONFIG_STRINGS = \
[ [
['cnc', 'aws_config', 'aws_access_key_id'],
['cnc', 'aws_config', 'aws_secret_access_key']
] ]
@ -931,7 +932,7 @@ class ConfigService:
if should_decrypt and len(config) > 0: if should_decrypt and len(config) > 0:
ConfigService.decrypt_config(config) ConfigService.decrypt_config(config)
if not is_island: if not is_island:
config['cnc'].pop('aws_config', None) config.get('cnc', {}).pop('aws_config', None)
return config return config
@staticmethod @staticmethod

View File

@ -24,7 +24,7 @@ class ConfigurePageComponent extends AuthComponent {
} }
componentDidMount() { componentDidMount() {
this.authFetch('/api/configuration') this.authFetch('/api/configuration/island')
.then(res => res.json()) .then(res => res.json())
.then(res => { .then(res => {
let sections = []; let sections = [];