forked from p15670423/monkey
Add support for custom certificate (partially)
This commit is contained in:
parent
00434b9a25
commit
c9a53833e2
|
@ -52,3 +52,7 @@ class FindingWithoutDetailsError(Exception):
|
||||||
|
|
||||||
class DomainControllerNameFetchError(FailedExploitationError):
|
class DomainControllerNameFetchError(FailedExploitationError):
|
||||||
""" Raise on failed attempt to extract domain controller's name """
|
""" Raise on failed attempt to extract domain controller's name """
|
||||||
|
|
||||||
|
|
||||||
|
class InsecurePermissionsError(Exception):
|
||||||
|
""" Raise when a file does not have permissions that are secure enough """
|
||||||
|
|
|
@ -22,13 +22,13 @@ from monkey_island.cc.arg_parser import IslandCmdArgs # noqa: E402
|
||||||
from monkey_island.cc.arg_parser import parse_cli_args # noqa: E402
|
from monkey_island.cc.arg_parser import parse_cli_args # noqa: E402
|
||||||
from monkey_island.cc.resources.monkey_download import MonkeyDownload # noqa: E402
|
from monkey_island.cc.resources.monkey_download import MonkeyDownload # noqa: E402
|
||||||
from monkey_island.cc.server_utils.bootloader_server import BootloaderHttpServer # noqa: E402
|
from monkey_island.cc.server_utils.bootloader_server import BootloaderHttpServer # noqa: E402
|
||||||
from monkey_island.cc.server_utils.consts import MONKEY_ISLAND_ABS_PATH # noqa: E402
|
|
||||||
from monkey_island.cc.server_utils.encryptor import initialize_encryptor # noqa: E402
|
from monkey_island.cc.server_utils.encryptor import initialize_encryptor # noqa: E402
|
||||||
from monkey_island.cc.server_utils.island_logger import reset_logger, setup_logging # noqa: E402
|
from monkey_island.cc.server_utils.island_logger import reset_logger, setup_logging # noqa: E402
|
||||||
from monkey_island.cc.services.initialize import initialize_services # noqa: E402
|
from monkey_island.cc.services.initialize import initialize_services # noqa: E402
|
||||||
from monkey_island.cc.services.reporting.exporter_init import populate_exporter_list # noqa: E402
|
from monkey_island.cc.services.reporting.exporter_init import populate_exporter_list # noqa: E402
|
||||||
from monkey_island.cc.services.utils.network_utils import local_ip_addresses # noqa: E402
|
from monkey_island.cc.services.utils.network_utils import local_ip_addresses # noqa: E402
|
||||||
from monkey_island.cc.setup.island_config_options import IslandConfigOptions # noqa: E402
|
from monkey_island.cc.setup.island_config_options import IslandConfigOptions # noqa: E402
|
||||||
|
from monkey_island.cc.setup.certificate.certificate_setup import setup_certificate # noqa: E402
|
||||||
from monkey_island.cc.setup.mongo.database_initializer import init_collections # noqa: E402
|
from monkey_island.cc.setup.mongo.database_initializer import init_collections # noqa: E402
|
||||||
from monkey_island.cc.setup.mongo.mongo_setup import ( # noqa: E402
|
from monkey_island.cc.setup.mongo.mongo_setup import ( # noqa: E402
|
||||||
MONGO_URL,
|
MONGO_URL,
|
||||||
|
@ -83,8 +83,7 @@ def _start_island_server(should_setup_only, config_options: IslandConfigOptions)
|
||||||
populate_exporter_list()
|
populate_exporter_list()
|
||||||
app = init_app(MONGO_URL)
|
app = init_app(MONGO_URL)
|
||||||
|
|
||||||
crt_path = str(Path(MONKEY_ISLAND_ABS_PATH, "cc", "server.crt"))
|
crt_path, key_path = setup_certificate(config_options)
|
||||||
key_path = str(Path(MONKEY_ISLAND_ABS_PATH, "cc", "server.key"))
|
|
||||||
|
|
||||||
init_collections()
|
init_collections()
|
||||||
|
|
||||||
|
|
|
@ -46,3 +46,6 @@ DEFAULT_DEVELOP_SERVER_CONFIG_PATH = os.path.join(
|
||||||
|
|
||||||
DEFAULT_LOG_LEVEL = "INFO"
|
DEFAULT_LOG_LEVEL = "INFO"
|
||||||
DEFAULT_START_MONGO_DB = True
|
DEFAULT_START_MONGO_DB = True
|
||||||
|
|
||||||
|
DEFAULT_CRT_PATH = str(Path(MONKEY_ISLAND_ABS_PATH, "cc", "server.crt"))
|
||||||
|
DEFAULT_KEY_PATH = str(Path(MONKEY_ISLAND_ABS_PATH, "cc", "server.key"))
|
||||||
|
|
|
@ -0,0 +1,23 @@
|
||||||
|
import os
|
||||||
|
|
||||||
|
from common.utils.exceptions import InsecurePermissionsError
|
||||||
|
from monkey_island.setup.island_config_options import IslandConfigOptions
|
||||||
|
|
||||||
|
|
||||||
|
def setup_certificate(config_options: IslandConfigOptions) -> (str, str):
|
||||||
|
crt_path = config_options.crt_path
|
||||||
|
key_path = config_options.key_path
|
||||||
|
|
||||||
|
# check paths
|
||||||
|
for file in [crt_path, key_path]:
|
||||||
|
if not os.path.exists(file):
|
||||||
|
raise FileNotFoundError(f"File not found at {file}. Exiting.")
|
||||||
|
|
||||||
|
if not has_sufficient_permissions(file):
|
||||||
|
raise InsecurePermissionsError(f"{file} has insecure permissions. Exiting.")
|
||||||
|
|
||||||
|
return crt_path, key_path
|
||||||
|
|
||||||
|
|
||||||
|
def has_sufficient_permissions():
|
||||||
|
pass
|
|
@ -3,7 +3,9 @@ from __future__ import annotations
|
||||||
import os
|
import os
|
||||||
|
|
||||||
from monkey_island.cc.server_utils.consts import (
|
from monkey_island.cc.server_utils.consts import (
|
||||||
|
DEFAULT_CRT_PATH,
|
||||||
DEFAULT_DATA_DIR,
|
DEFAULT_DATA_DIR,
|
||||||
|
DEFAULT_KEY_PATH,
|
||||||
DEFAULT_LOG_LEVEL,
|
DEFAULT_LOG_LEVEL,
|
||||||
DEFAULT_START_MONGO_DB,
|
DEFAULT_START_MONGO_DB,
|
||||||
)
|
)
|
||||||
|
@ -14,8 +16,12 @@ class IslandConfigOptions:
|
||||||
self.data_dir = os.path.expandvars(
|
self.data_dir = os.path.expandvars(
|
||||||
os.path.expanduser(config_contents.get("data_dir", DEFAULT_DATA_DIR))
|
os.path.expanduser(config_contents.get("data_dir", DEFAULT_DATA_DIR))
|
||||||
)
|
)
|
||||||
|
|
||||||
self.log_level = config_contents.get("log_level", DEFAULT_LOG_LEVEL)
|
self.log_level = config_contents.get("log_level", DEFAULT_LOG_LEVEL)
|
||||||
|
|
||||||
self.start_mongodb = config_contents.get(
|
self.start_mongodb = config_contents.get(
|
||||||
"mongodb", {"start_mongodb": DEFAULT_START_MONGO_DB}
|
"mongodb", {"start_mongodb": DEFAULT_START_MONGO_DB}
|
||||||
).get("start_mongodb", DEFAULT_START_MONGO_DB)
|
).get("start_mongodb", DEFAULT_START_MONGO_DB)
|
||||||
|
|
||||||
|
self.crt_path = config_contents.get("cert_path", DEFAULT_CRT_PATH)
|
||||||
|
self.key_path = config_contents.get("cert_path", DEFAULT_KEY_PATH)
|
||||||
|
|
Loading…
Reference in New Issue