From cd9d5b4c5e673717e903361d3d2610b01e736d8a Mon Sep 17 00:00:00 2001 From: Ilija Lazoroski Date: Wed, 1 Sep 2021 18:22:17 +0200 Subject: [PATCH] Agent: Change trap command signal to TERM --- CHANGELOG.md | 8 +++++--- .../post_breach/actions/use_trap_command.py | 2 +- .../post_breach/trap_command/linux_trap_command.py | 6 +++--- .../config_schema/definitions/post_breach_actions.py | 2 +- 4 files changed, 10 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 142a9029c..bfaa62352 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -28,9 +28,11 @@ Changelog](https://keepachangelog.com/en/1.0.0/). language systems. #1175 - Malfunctioning timestomping PBA. #1405 - Malfunctioning shell startup script PBA. #1419 +- Trap command produced no output. #1406 ### Security -- Generate a random password when creating a new user for CommunicateAsNewUser PBA. #1434 +- Generate a random password when creating a new user for CommunicateAsNewUser + PBA. #1434 ## [1.11.0] - 2021-08-13 ### Added @@ -62,8 +64,8 @@ Changelog](https://keepachangelog.com/en/1.0.0/). instead of $HOME. #1143 - Put environment config options in `server_config.json` into a separate section named "environment". #1161 -- Automatically register if BlackBox tests are run on a fresh installation. - #1180 +- Automatically register if BlackBox tests are run on a fresh + installation. #1180 - Limit the ports used for scanning in blackbox tests. #1368 - Limit the propagation depth of most blackbox tests. #1400 - Wait less time for monkeys to die when running BlackBox tests. #1400 diff --git a/monkey/infection_monkey/post_breach/actions/use_trap_command.py b/monkey/infection_monkey/post_breach/actions/use_trap_command.py index 9f6afc829..879db77bf 100644 --- a/monkey/infection_monkey/post_breach/actions/use_trap_command.py +++ b/monkey/infection_monkey/post_breach/actions/use_trap_command.py @@ -6,4 +6,4 @@ from infection_monkey.post_breach.trap_command.trap_command import get_trap_comm class TrapCommand(PBA): def __init__(self): linux_cmds = get_trap_commands() - super(TrapCommand, self).__init__(POST_BREACH_TRAP_COMMAND, linux_cmd=linux_cmds) + super(TrapCommand, self).__init__(POST_BREACH_TRAP_COMMAND, linux_cmd=" ".join(linux_cmds)) diff --git a/monkey/infection_monkey/post_breach/trap_command/linux_trap_command.py b/monkey/infection_monkey/post_breach/trap_command/linux_trap_command.py index 75d545140..5b8daf24f 100644 --- a/monkey/infection_monkey/post_breach/trap_command/linux_trap_command.py +++ b/monkey/infection_monkey/post_breach/trap_command/linux_trap_command.py @@ -1,6 +1,6 @@ def get_linux_trap_commands(): return [ - # trap and send SIGINT signal - "trap 'echo \"Successfully used trap command\"' INT && kill -2 $$ ;", - "trap - INT", # untrap SIGINT + # trap and send SIGTERM signal + "trap 'echo \"Successfully used trap command\"' TERM && kill -15 $$ ;", + "trap - TERM", # untrap SIGTERM ] diff --git a/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py b/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py index 88a3e8cb5..be1aa802b 100644 --- a/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py +++ b/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py @@ -39,7 +39,7 @@ POST_BREACH_ACTIONS = { "enum": ["TrapCommand"], "title": "Trap", "safe": True, - "info": "On Linux systems, attempts to trap an interrupt signal in order " + "info": "On Linux systems, attempts to trap a terminate signal in order " "to execute a command " "upon receiving that signal. Removes the trap afterwards.", "attack_techniques": ["T1154"],