Code review changes

- break down `get_linux_commands_to_clear_command_history()` to separate functions
- keep technique off by default
- technique message changes
- other tiny changes

monkey/infection_monkey/post_breach/clear_command_history/clear_command_history.py

@@ -1,7 +1,12 @@
-from infection_monkey.post_breach.clear_command_history.linux_clear_command_history import \
-    get_linux_commands_to_clear_command_history
+from infection_monkey.post_breach.clear_command_history.linux_clear_command_history import (
+    get_linux_command_history_files,
+    get_linux_commands_to_clear_command_history, get_linux_usernames)
 
 
 def get_commands_to_clear_command_history():
-    linux_cmds = get_linux_commands_to_clear_command_history()
-    return linux_cmds
+    (linux_cmds,
+     linux_cmd_hist_files,
+     linux_usernames) = (get_linux_commands_to_clear_command_history(),
+                         get_linux_command_history_files(),
+                         get_linux_usernames())
+    return linux_cmds, linux_cmd_hist_files, linux_usernames

monkey/infection_monkey/post_breach/clear_command_history/linux_clear_command_history.py

@@ -2,21 +2,31 @@ import subprocess
 
 from infection_monkey.utils.environment import is_windows_os
 
-TEMP_HIST_FILE = '$HOME/monkey-temp-hist-file'
-
 
 def get_linux_commands_to_clear_command_history():
     if is_windows_os():
-        return '', [], []
+        return ''
+
+    TEMP_HIST_FILE = '$HOME/monkey-temp-hist-file'
+
+    return [
+        '3<{0} 3<&- && ',  # check for existence of file
+        'cat {0} '  # copy contents of history file to...
+        f'> {TEMP_HIST_FILE} && ',  # ...temporary file
+        'echo > {0} && ',  # clear contents of file
+        'echo \"Successfully cleared {0}\" && ',  # if successfully cleared
+        f'cat {TEMP_HIST_FILE} ',  # restore history file back with...
+        '> {0} ;'  # ...original contents
+        f'rm {TEMP_HIST_FILE} -f'  # remove temp history file
+    ]
+
+
+def get_linux_command_history_files():
+    if is_windows_os():
+        return []
 
     HOME_DIR = "/home/"
 
-    # get list of usernames
-    USERS = subprocess.check_output(  # noqa: DUO116
-            "cut -d: -f1,3 /etc/passwd | egrep ':[0-9]{4}$' | cut -d: -f1",
-            shell=True
-        ).decode().split('\n')[:-1]
-
     # get list of paths of different shell history files (default values) with place for username
     STARTUP_FILES = [
         file_path.format(HOME_DIR) for file_path in
@@ -29,13 +39,17 @@ def get_linux_commands_to_clear_command_history():
         ]
     ]
 
-    return [
-        '3<{0} 3<&- && ',  # check for existence of file
-        'cat {0} '  # copy contents of history file to...
-        f'> {TEMP_HIST_FILE} && ',  # ...temporary file
-        'echo > {0} && ',  # clear contents of file
-        'echo \"Successfully cleared {0}\" && ',  # if successfully cleared
-        f'cat {TEMP_HIST_FILE} ',  # restore history file back with...
-        '> {0} ;'  # ...original contents
-        f'rm {TEMP_HIST_FILE} -f'  # remove temp history file
-    ], STARTUP_FILES, USERS
+    return STARTUP_FILES
+
+
+def get_linux_usernames():
+    if is_windows_os():
+        return []
+
+    # get list of usernames
+    USERS = subprocess.check_output(  # noqa: DUO116
+            "cut -d: -f1,3 /etc/passwd | egrep ':[0-9]{4}$' | cut -d: -f1",
+            shell=True
+        ).decode().split('\n')[:-1]
+
+    return USERS

monkey/monkey_island/cc/services/attack/attack_schema.py

@@ -171,7 +171,7 @@ SCHEMA = {
                 "T1146": {
                     "title": "Clear command history",
                     "type": "bool",
-                    "value": True,
+                    "value": False,
                     "necessary": False,
                     "link": "https://attack.mitre.org/techniques/T1146",
                     "description": "Adversaries may clear/disable command history of a compromised "

monkey/monkey_island/cc/services/attack/technique_reports/T1146.py

@@ -7,9 +7,9 @@ __author__ = "shreyamalviya"
 
 class T1146(PostBreachTechnique):
     tech_id = "T1146"
-    unscanned_msg = "Monkey didn't try clearing/disabling the command history since it didn't run on any Linux machines."
-    scanned_msg = "Monkey tried clearing/disabling the command history but failed."
-    used_msg = "Monkey successfully cleared/disabled the command history."
+    unscanned_msg = "Monkey didn't try clearing the command history since it didn't run on any Linux machines."
+    scanned_msg = "Monkey tried clearing the command history but failed."
+    used_msg = "Monkey successfully cleared the command history (and then restored it back)."
     pba_names = [POST_BREACH_CLEAR_CMD_HISTORY]
 
     @staticmethod

monkey/monkey_island/cc/services/config_schema/monkey.py

@@ -67,8 +67,7 @@ MONKEY = {
                         "HiddenFiles",
                         "TrapCommand",
                         "ChangeSetuidSetgid",
-                        "ScheduleJobs",
-                        "ClearCommandHistory"
+                        "ScheduleJobs"
                     ]
                 },
             }

monkey/monkey_island/cc/ui/src/components/report-components/security/PostBreachParser.js

@@ -56,7 +56,7 @@ function aggregateMultipleResultsPba(results) {
     return results;
 
   // if modifications were made, push aggregated results to `results` and return
-  results = results.filter(result => result.name !== SHELL_STARTUP_NAME && result.name !== CMD_HISTORY_NAME);
+  results = results.filter(result => !multipleResultsPbas.includes(result.name));
   multipleResultsPbas.forEach(pba => checkAggregatedResults(pba));
   return results;
 }