Agent, Island: remove netstat collector and references

2021-11-11 15:33:50 +02:00 · 2021-11-11 15:33:50 +02:00 · 9e3ac63090
parent 9220cd2f5b
commit 9e3ac63090
4 changed files with 3 additions and 64 deletions
--- a/monkey/infection_monkey/system_info/init.py
+++ b/monkey/infection_monkey/system_info/init.py
@ -7,7 +7,6 @@ import psutil
 from common.common_consts.system_info_collectors_names import AZURE_CRED_COLLECTOR
 from infection_monkey.network.info import get_host_subnets
 from infection_monkey.system_info.azure_cred_collector import AzureCollector
-from infection_monkey.system_info.netstat_collector import NetstatCollector
 from infection_monkey.system_info.system_info_collectors_handler import SystemInfoCollectorsHandler

 logger = logging.getLogger(__name__)
@ -72,15 +71,12 @@ class InfoCollector(object):
    def get_network_info(self):
        """
        Adds network information from the host to the system information.
-        Currently updates with netstat and a list of networks accessible from host
+        Currently updates with list of networks accessible from host
        containing host ip and the subnet range
        :return: None. Updates class information
        """
        logger.debug("Reading subnets")
-        self.info["network_info"] = {
-            "networks": get_host_subnets(),
-            "netstat": NetstatCollector.get_netstat_info(),
-        }
+        self.info["network_info"] = {"networks": get_host_subnets()}

    def get_azure_info(self):
        """
--- a/monkey/infection_monkey/system_info/netstat_collector.py
+++ b/monkey/infection_monkey/system_info/netstat_collector.py
@ -1,42 +0,0 @@
-# Inspired by Giampaolo Rodola's psutil example from
-# https://github.com/giampaolo/psutil/blob/master/scripts/netstat.py
-
-import logging
-import socket
-from socket import AF_INET, SOCK_DGRAM, SOCK_STREAM
-
-import psutil
-
-logger = logging.getLogger(__name__)
-
-
-class NetstatCollector(object):
-    """
-    Extract netstat info
-    """
-
-    AF_INET6 = getattr(socket, "AF_INET6", object())
-
-    proto_map = {
-        (AF_INET, SOCK_STREAM): "tcp",
-        (AF_INET6, SOCK_STREAM): "tcp6",
-        (AF_INET, SOCK_DGRAM): "udp",
-        (AF_INET6, SOCK_DGRAM): "udp6",
-    }
-
-    @staticmethod
-    def get_netstat_info():
-        logger.info("Collecting netstat info")
-        return [NetstatCollector._parse_connection(c) for c in psutil.net_connections(kind="inet")]
-
-    @staticmethod
-    def _parse_connection(c):
-        return {
-            "proto": NetstatCollector.proto_map[(c.family, c.type)],
-            "local_address": c.laddr[0],
-            "local_port": c.laddr[1],
-            "remote_address": c.raddr[0] if c.raddr else None,
-            "remote_port": c.raddr[1] if c.raddr else None,
-            "status": c.status,
-            "pid": c.pid,
-        }
--- a/monkey/monkey_island/cc/services/attack/technique_reports/T1016.py
+++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1016.py
@ -16,21 +16,13 @@ class T1016(AttackTechnique):
            "$project": {
                "machine": {"hostname": "$data.hostname", "ips": "$data.network_info.networks"},
                "networks": "$data.network_info.networks",
-                "netstat": "$data.network_info.netstat",
            }
        },
        {
            "$addFields": {
                "_id": 0,
-                "netstat": 0,
                "networks": 0,
                "info": [
-                    {
-                        "used": {
-                            "$and": [{"$ifNull": ["$netstat", False]}, {"$gt": ["$netstat", {}]}]
-                        },
-                        "name": {"$literal": "Network connections (netstat)"},
-                    },
                    {
                        "used": {
                            "$and": [{"$ifNull": ["$networks", False]}, {"$gt": ["$networks", {}]}]
--- a/monkey/monkey_island/cc/services/attack/technique_reports/T1082.py
+++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1082.py
@ -16,7 +16,6 @@ class T1082(AttackTechnique):
            "$project": {
                "machine": {"hostname": "$data.hostname", "ips": "$data.network_info.networks"},
                "aws": "$data.aws",
-                "netstat": "$data.network_info.netstat",
                "process_list": "$data.process_list",
                "ssh_info": "$data.ssh_info",
                "azure_info": "$data.Azure",
@ -28,7 +27,7 @@ class T1082(AttackTechnique):
                "machine": 1,
                "collections": [
                    {
-                        "used": {"$and": [{"$ifNull": ["$netstat", False]}, {"$gt": ["$aws", {}]}]},
+                        "used": {"$and": [{"$gt": ["$aws", {}]}]},
                        "name": {"$literal": "Amazon Web Services info"},
                    },
                    {
@ -40,12 +39,6 @@ class T1082(AttackTechnique):
                        },
                        "name": {"$literal": "Running process list"},
                    },
-                    {
-                        "used": {
-                            "$and": [{"$ifNull": ["$netstat", False]}, {"$ne": ["$netstat", []]}]
-                        },
-                        "name": {"$literal": "Network connections"},
-                    },
                    {
                        "used": {
                            "$and": [{"$ifNull": ["$ssh_info", False]}, {"$ne": ["$ssh_info", []]}]