forked from p15670423/monkey
Island: Create only one config
Island had "newconfig" and "inital_config". We don't need the complexity of creating these configs if we will only have one.
This commit is contained in:
parent
35b4fae326
commit
ae5216bf02
|
@ -15,7 +15,7 @@ class IslandConfiguration(AbstractResource):
|
|||
def get(self):
|
||||
return jsonify(
|
||||
schema=ConfigService.get_config_schema(),
|
||||
configuration=ConfigService.get_config(False, True, True),
|
||||
configuration=ConfigService.get_config(True, True),
|
||||
)
|
||||
|
||||
@jwt_required
|
||||
|
|
|
@ -65,8 +65,6 @@ class Monkey(AbstractResource):
|
|||
|
||||
monkey_json["modifytime"] = datetime.now()
|
||||
|
||||
ConfigService.save_initial_config_if_needed()
|
||||
|
||||
# if new monkey telem, change config according to "new monkeys" config.
|
||||
db_monkey = mongo.db.monkey.find_one({"guid": monkey_json["guid"]})
|
||||
|
||||
|
|
|
@ -60,12 +60,10 @@ class ConfigService:
|
|||
pass
|
||||
|
||||
@staticmethod
|
||||
def get_config(is_initial_config=False, should_decrypt=True, is_island=False):
|
||||
def get_config(should_decrypt=True, is_island=False):
|
||||
"""
|
||||
Gets the entire global config.
|
||||
|
||||
:param is_initial_config: If True, the initial config will be returned instead of the \
|
||||
current config. \
|
||||
:param should_decrypt: If True, all config values which are set as encrypted will be \
|
||||
decrypted. \
|
||||
:param is_island: If True, will include island specific configuration parameters. \
|
||||
|
@ -74,12 +72,8 @@ class ConfigService:
|
|||
|
||||
# is_initial_config and should_decrypt are only there to compare if we are on the
|
||||
# default configuration or did user modified it already
|
||||
config = (
|
||||
mongo.db.config.find_one({"name": "initial" if is_initial_config else "newconfig"})
|
||||
or {}
|
||||
)
|
||||
for field in ("name", "_id"):
|
||||
config.pop(field, None)
|
||||
config = mongo.db.config.find_one() or {}
|
||||
config.pop("_id", None)
|
||||
if should_decrypt and len(config) > 0:
|
||||
ConfigService.decrypt_config(config)
|
||||
if not is_island:
|
||||
|
@ -87,14 +81,12 @@ class ConfigService:
|
|||
return config
|
||||
|
||||
@staticmethod
|
||||
def get_config_value(config_key_as_arr, is_initial_config=False, should_decrypt=True):
|
||||
def get_config_value(config_key_as_arr, should_decrypt=True):
|
||||
"""
|
||||
Get a specific config value.
|
||||
|
||||
:param config_key_as_arr: The config key as an array.
|
||||
e.g. ['basic', 'credentials','exploit_password_list'].
|
||||
:param is_initial_config: If True, returns the value of the
|
||||
initial config instead of the current config.
|
||||
:param should_decrypt: If True, the value of the config key will be decrypted
|
||||
(if it's in the list of encrypted config values).
|
||||
:return: The value of the requested config key.
|
||||
|
@ -102,9 +94,7 @@ class ConfigService:
|
|||
config_key = functools.reduce(lambda x, y: x + "." + y, config_key_as_arr)
|
||||
|
||||
# This should just call get_config from repository. If None, then call get_default prob
|
||||
config = mongo.db.config.find_one(
|
||||
{"name": "initial" if is_initial_config else "newconfig"}, {config_key: 1}
|
||||
)
|
||||
config = mongo.db.config.find_one({}, {config_key: 1})
|
||||
|
||||
for config_key_part in config_key_as_arr:
|
||||
config = config[config_key_part]
|
||||
|
@ -124,11 +114,11 @@ class ConfigService:
|
|||
@staticmethod
|
||||
def set_config_value(config_key_as_arr, value):
|
||||
mongo_key = ".".join(config_key_as_arr)
|
||||
mongo.db.config.update({"name": "newconfig"}, {"$set": {mongo_key: value}})
|
||||
mongo.db.config.find_one().update({"$set": {mongo_key: value}})
|
||||
|
||||
@staticmethod
|
||||
def get_flat_config(is_initial_config=False, should_decrypt=True):
|
||||
config_json = ConfigService.get_config(is_initial_config, should_decrypt)
|
||||
def get_flat_config(should_decrypt=True):
|
||||
config_json = ConfigService.get_config(should_decrypt)
|
||||
flat_config_json = {}
|
||||
for i in config_json:
|
||||
if i == "ransomware":
|
||||
|
@ -153,7 +143,7 @@ class ConfigService:
|
|||
@staticmethod
|
||||
def add_item_to_config_set_if_dont_exist(item_path_array, item_value, should_encrypt):
|
||||
item_key = ".".join(item_path_array)
|
||||
items_from_config = ConfigService.get_config_value(item_path_array, False, should_encrypt)
|
||||
items_from_config = ConfigService.get_config_value(item_path_array, should_encrypt)
|
||||
if item_value in items_from_config:
|
||||
return
|
||||
if should_encrypt:
|
||||
|
@ -161,9 +151,7 @@ class ConfigService:
|
|||
item_value = encrypt_dict(SENSITIVE_SSH_KEY_FIELDS, item_value)
|
||||
else:
|
||||
item_value = get_datastore_encryptor().encrypt(item_value)
|
||||
mongo.db.config.update(
|
||||
{"name": "newconfig"}, {"$addToSet": {item_key: item_value}}, upsert=False
|
||||
)
|
||||
mongo.db.config.find_one().update({"$addToSet": {item_key: item_value}}, upsert=False)
|
||||
|
||||
mongo.db.monkey.update(
|
||||
{}, {"$addToSet": {"config." + item_key.split(".")[-1]: item_value}}, multi=True
|
||||
|
@ -225,7 +213,7 @@ class ConfigService:
|
|||
except KeyError:
|
||||
logger.error("Bad configuration file was submitted.")
|
||||
return False
|
||||
mongo.db.config.update({"name": "newconfig"}, {"$set": config_json}, upsert=True)
|
||||
mongo.db.config.update({}, {"$set": config_json}, upsert=True)
|
||||
logger.info("monkey config was updated")
|
||||
return True
|
||||
|
||||
|
@ -293,17 +281,6 @@ class ConfigService:
|
|||
ISLAND_PORT,
|
||||
)
|
||||
|
||||
@staticmethod
|
||||
def save_initial_config_if_needed():
|
||||
if mongo.db.config.find_one({"name": "initial"}) is not None:
|
||||
return
|
||||
|
||||
initial_config = mongo.db.config.find_one({"name": "newconfig"})
|
||||
initial_config["name"] = "initial"
|
||||
initial_config.pop("_id")
|
||||
mongo.db.config.insert(initial_config)
|
||||
logger.info("Monkey config was inserted to mongo and saved")
|
||||
|
||||
@staticmethod
|
||||
def _extend_config_with_default(validator_class):
|
||||
validate_properties = validator_class.VALIDATORS["properties"]
|
||||
|
|
|
@ -383,11 +383,11 @@ class ReportService:
|
|||
|
||||
@staticmethod
|
||||
def get_config_users():
|
||||
return ConfigService.get_config_value(USER_LIST_PATH, True, True)
|
||||
return ConfigService.get_config_value(USER_LIST_PATH, True)
|
||||
|
||||
@staticmethod
|
||||
def get_config_passwords():
|
||||
return ConfigService.get_config_value(PASSWORD_LIST_PATH, True, True)
|
||||
return ConfigService.get_config_value(PASSWORD_LIST_PATH, True)
|
||||
|
||||
@staticmethod
|
||||
def get_config_exploits():
|
||||
|
@ -395,7 +395,7 @@ class ReportService:
|
|||
default_exploits = ConfigService.get_default_config(False)
|
||||
for namespace in exploits_config_value:
|
||||
default_exploits = default_exploits[namespace]
|
||||
exploits = ConfigService.get_config_value(exploits_config_value, True, True)
|
||||
exploits = ConfigService.get_config_value(exploits_config_value, True)
|
||||
|
||||
if exploits == default_exploits:
|
||||
return ["default"]
|
||||
|
@ -406,11 +406,11 @@ class ReportService:
|
|||
|
||||
@staticmethod
|
||||
def get_config_ips():
|
||||
return ConfigService.get_config_value(SUBNET_SCAN_LIST_PATH, True, True)
|
||||
return ConfigService.get_config_value(SUBNET_SCAN_LIST_PATH, True)
|
||||
|
||||
@staticmethod
|
||||
def get_config_scan():
|
||||
return ConfigService.get_config_value(LOCAL_NETWORK_SCAN_PATH, True, True)
|
||||
return ConfigService.get_config_value(LOCAL_NETWORK_SCAN_PATH, True)
|
||||
|
||||
@staticmethod
|
||||
def get_issue_set(issues, config_users, config_passwords):
|
||||
|
|
Loading…
Reference in New Issue