Add support for custom certificate (partially)

This commit is contained in:
Shreya 2021-06-02 19:39:47 +05:30
parent 00434b9a25
commit c9a53833e2
5 changed files with 38 additions and 3 deletions

View File

@ -52,3 +52,7 @@ class FindingWithoutDetailsError(Exception):
class DomainControllerNameFetchError(FailedExploitationError): class DomainControllerNameFetchError(FailedExploitationError):
""" Raise on failed attempt to extract domain controller's name """ """ Raise on failed attempt to extract domain controller's name """
class InsecurePermissionsError(Exception):
""" Raise when a file does not have permissions that are secure enough """

View File

@ -22,13 +22,13 @@ from monkey_island.cc.arg_parser import IslandCmdArgs # noqa: E402
from monkey_island.cc.arg_parser import parse_cli_args # noqa: E402 from monkey_island.cc.arg_parser import parse_cli_args # noqa: E402
from monkey_island.cc.resources.monkey_download import MonkeyDownload # noqa: E402 from monkey_island.cc.resources.monkey_download import MonkeyDownload # noqa: E402
from monkey_island.cc.server_utils.bootloader_server import BootloaderHttpServer # noqa: E402 from monkey_island.cc.server_utils.bootloader_server import BootloaderHttpServer # noqa: E402
from monkey_island.cc.server_utils.consts import MONKEY_ISLAND_ABS_PATH # noqa: E402
from monkey_island.cc.server_utils.encryptor import initialize_encryptor # noqa: E402 from monkey_island.cc.server_utils.encryptor import initialize_encryptor # noqa: E402
from monkey_island.cc.server_utils.island_logger import reset_logger, setup_logging # noqa: E402 from monkey_island.cc.server_utils.island_logger import reset_logger, setup_logging # noqa: E402
from monkey_island.cc.services.initialize import initialize_services # noqa: E402 from monkey_island.cc.services.initialize import initialize_services # noqa: E402
from monkey_island.cc.services.reporting.exporter_init import populate_exporter_list # noqa: E402 from monkey_island.cc.services.reporting.exporter_init import populate_exporter_list # noqa: E402
from monkey_island.cc.services.utils.network_utils import local_ip_addresses # noqa: E402 from monkey_island.cc.services.utils.network_utils import local_ip_addresses # noqa: E402
from monkey_island.cc.setup.island_config_options import IslandConfigOptions # noqa: E402 from monkey_island.cc.setup.island_config_options import IslandConfigOptions # noqa: E402
from monkey_island.cc.setup.certificate.certificate_setup import setup_certificate # noqa: E402
from monkey_island.cc.setup.mongo.database_initializer import init_collections # noqa: E402 from monkey_island.cc.setup.mongo.database_initializer import init_collections # noqa: E402
from monkey_island.cc.setup.mongo.mongo_setup import ( # noqa: E402 from monkey_island.cc.setup.mongo.mongo_setup import ( # noqa: E402
MONGO_URL, MONGO_URL,
@ -83,8 +83,7 @@ def _start_island_server(should_setup_only, config_options: IslandConfigOptions)
populate_exporter_list() populate_exporter_list()
app = init_app(MONGO_URL) app = init_app(MONGO_URL)
crt_path = str(Path(MONKEY_ISLAND_ABS_PATH, "cc", "server.crt")) crt_path, key_path = setup_certificate(config_options)
key_path = str(Path(MONKEY_ISLAND_ABS_PATH, "cc", "server.key"))
init_collections() init_collections()

View File

@ -46,3 +46,6 @@ DEFAULT_DEVELOP_SERVER_CONFIG_PATH = os.path.join(
DEFAULT_LOG_LEVEL = "INFO" DEFAULT_LOG_LEVEL = "INFO"
DEFAULT_START_MONGO_DB = True DEFAULT_START_MONGO_DB = True
DEFAULT_CRT_PATH = str(Path(MONKEY_ISLAND_ABS_PATH, "cc", "server.crt"))
DEFAULT_KEY_PATH = str(Path(MONKEY_ISLAND_ABS_PATH, "cc", "server.key"))

View File

@ -0,0 +1,23 @@
import os
from common.utils.exceptions import InsecurePermissionsError
from monkey_island.setup.island_config_options import IslandConfigOptions
def setup_certificate(config_options: IslandConfigOptions) -> (str, str):
crt_path = config_options.crt_path
key_path = config_options.key_path
# check paths
for file in [crt_path, key_path]:
if not os.path.exists(file):
raise FileNotFoundError(f"File not found at {file}. Exiting.")
if not has_sufficient_permissions(file):
raise InsecurePermissionsError(f"{file} has insecure permissions. Exiting.")
return crt_path, key_path
def has_sufficient_permissions():
pass

View File

@ -3,7 +3,9 @@ from __future__ import annotations
import os import os
from monkey_island.cc.server_utils.consts import ( from monkey_island.cc.server_utils.consts import (
DEFAULT_CRT_PATH,
DEFAULT_DATA_DIR, DEFAULT_DATA_DIR,
DEFAULT_KEY_PATH,
DEFAULT_LOG_LEVEL, DEFAULT_LOG_LEVEL,
DEFAULT_START_MONGO_DB, DEFAULT_START_MONGO_DB,
) )
@ -14,8 +16,12 @@ class IslandConfigOptions:
self.data_dir = os.path.expandvars( self.data_dir = os.path.expandvars(
os.path.expanduser(config_contents.get("data_dir", DEFAULT_DATA_DIR)) os.path.expanduser(config_contents.get("data_dir", DEFAULT_DATA_DIR))
) )
self.log_level = config_contents.get("log_level", DEFAULT_LOG_LEVEL) self.log_level = config_contents.get("log_level", DEFAULT_LOG_LEVEL)
self.start_mongodb = config_contents.get( self.start_mongodb = config_contents.get(
"mongodb", {"start_mongodb": DEFAULT_START_MONGO_DB} "mongodb", {"start_mongodb": DEFAULT_START_MONGO_DB}
).get("start_mongodb", DEFAULT_START_MONGO_DB) ).get("start_mongodb", DEFAULT_START_MONGO_DB)
self.crt_path = config_contents.get("cert_path", DEFAULT_CRT_PATH)
self.key_path = config_contents.get("cert_path", DEFAULT_KEY_PATH)