From 7bab9a03d87f1a94eeaf533d18e1975c0b78dd77 Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Thu, 9 Apr 2020 15:51:59 +0300 Subject: [PATCH 01/14] Updated python version to 3.7 --- monkey/monkey_island/deb-package/DEBIAN_MONGO/control | 2 +- monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/monkey/monkey_island/deb-package/DEBIAN_MONGO/control b/monkey/monkey_island/deb-package/DEBIAN_MONGO/control index a4737100588..93e062b51c7 100644 --- a/monkey/monkey_island/deb-package/DEBIAN_MONGO/control +++ b/monkey/monkey_island/deb-package/DEBIAN_MONGO/control @@ -5,4 +5,4 @@ Homepage: https://www.infectionmonkey.com Priority: optional Version: 1.0 Description: Guardicore Infection Monkey Island installation package -Depends: openssl, python3-pip, python3-dev +Depends: openssl, python3.7-dev, python3.7-venv diff --git a/monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst b/monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst index f79a71913b9..3ae266edcd7 100644 --- a/monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst +++ b/monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst @@ -3,10 +3,12 @@ MONKEY_FOLDER=/var/monkey INSTALLATION_FOLDER=/var/monkey/monkey_island/installation PYTHON_FOLDER=/var/monkey/monkey_island/bin/python +PYTHON_VERSION=python3.7 # Prepare python virtualenv -pip3 install virtualenv --no-index --find-links file://$INSTALLATION_FOLDER -python3 -m virtualenv -p python3 ${PYTHON_FOLDER} +# This is using the apt package `python3.7-venv` which is listed in the `control` file as a dependency. +# See https://packages.debian.org/stable/python/python3.7-venv +$PYTHON_VERSION -m venv ${PYTHON_FOLDER} # install pip requirements ${PYTHON_FOLDER}/bin/python -m pip install -r $MONKEY_FOLDER/monkey_island/requirements.txt --no-index --find-links file://$INSTALLATION_FOLDER From c72ed36b7685bf3261b6b13167d3898570d1745f Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Thu, 9 Apr 2020 18:50:10 +0300 Subject: [PATCH 02/14] No need for bson package in requirements Installed with pymongo in a maintained project --- monkey/monkey_island/requirements.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/monkey/monkey_island/requirements.txt b/monkey/monkey_island/requirements.txt index cad53d1c8a5..b5baed7f4d5 100644 --- a/monkey/monkey_island/requirements.txt +++ b/monkey/monkey_island/requirements.txt @@ -1,5 +1,4 @@ pytest -bson python-dateutil tornado werkzeug From 5c6b9c43b3d5292aa6e37ab0823e0b21157c07fd Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Fri, 10 Apr 2020 14:45:25 +0300 Subject: [PATCH 03/14] Added build-essential to deps, to install packages without precompiled whl like netifaces --- monkey/monkey_island/deb-package/DEBIAN_MONGO/control | 10 +++++++++- monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst | 5 +++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/monkey/monkey_island/deb-package/DEBIAN_MONGO/control b/monkey/monkey_island/deb-package/DEBIAN_MONGO/control index 93e062b51c7..62efa5077a3 100644 --- a/monkey/monkey_island/deb-package/DEBIAN_MONGO/control +++ b/monkey/monkey_island/deb-package/DEBIAN_MONGO/control @@ -5,4 +5,12 @@ Homepage: https://www.infectionmonkey.com Priority: optional Version: 1.0 Description: Guardicore Infection Monkey Island installation package -Depends: openssl, python3.7-dev, python3.7-venv + +# | Dependency | Why is it required | +# |----------------- |--------------------------------------------------------------------------------------------------- | +# | openssl | Server certificate generation | +# | python3.7-dev | Server runtime | +# | python3.7-venv | For creating virtual env to install all the server pip deps (don't want to pollute system python) | +# | python3-venv | python3.7-venv doesn't work without it since you need ensure-pip. | +# | build-essential | for compiling python dependencies that don't come in a pre-compiled wheel, like `netifaces` | +Depends: openssl, python3.7-dev, python3.7-venv, python3-venv, build-essential diff --git a/monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst b/monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst index 3ae266edcd7..6e1b98f79e7 100644 --- a/monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst +++ b/monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst @@ -8,11 +8,16 @@ PYTHON_VERSION=python3.7 # Prepare python virtualenv # This is using the apt package `python3.7-venv` which is listed in the `control` file as a dependency. # See https://packages.debian.org/stable/python/python3.7-venv +echo "Using $(command -v $PYTHON_VERSION) as the base for virtualenv creation." $PYTHON_VERSION -m venv ${PYTHON_FOLDER} +# shellcheck disable=SC1090 +source ${PYTHON_FOLDER}/bin/activate # install pip requirements ${PYTHON_FOLDER}/bin/python -m pip install -r $MONKEY_FOLDER/monkey_island/requirements.txt --no-index --find-links file://$INSTALLATION_FOLDER +deactivate + # remove installation folder and unnecessary files rm -rf ${INSTALLATION_FOLDER} rm -f ${MONKEY_FOLDER}/monkey_island/requirements.txt From ef5694e055c4b018c8502251d23593ad6ded9a88 Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Fri, 10 Apr 2020 14:51:58 +0300 Subject: [PATCH 04/14] Updating pip and added more messages to the postinstall script --- .../deb-package/DEBIAN_MONGO/postinst | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst b/monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst index 6e1b98f79e7..a2e29a7846a 100644 --- a/monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst +++ b/monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst @@ -1,5 +1,7 @@ #!/bin/bash +echo "Installing Monkey Island (Infection Monkey server)..." + MONKEY_FOLDER=/var/monkey INSTALLATION_FOLDER=/var/monkey/monkey_island/installation PYTHON_FOLDER=/var/monkey/monkey_island/bin/python @@ -8,12 +10,15 @@ PYTHON_VERSION=python3.7 # Prepare python virtualenv # This is using the apt package `python3.7-venv` which is listed in the `control` file as a dependency. # See https://packages.debian.org/stable/python/python3.7-venv -echo "Using $(command -v $PYTHON_VERSION) as the base for virtualenv creation." +echo "Using $(command -v $PYTHON_VERSION) as the base for virtualenv creation" $PYTHON_VERSION -m venv ${PYTHON_FOLDER} # shellcheck disable=SC1090 source ${PYTHON_FOLDER}/bin/activate -# install pip requirements +echo "Installing Python dependencies using $(command -v pip)..." +# First, make sure that pip is updated +${PYTHON_FOLDER}/bin/python -m pip install --upgrade pip +# Then install the dependecies from the pre-downloaded whl and tar.gz file ${PYTHON_FOLDER}/bin/python -m pip install -r $MONKEY_FOLDER/monkey_island/requirements.txt --no-index --find-links file://$INSTALLATION_FOLDER deactivate @@ -22,6 +27,7 @@ deactivate rm -rf ${INSTALLATION_FOLDER} rm -f ${MONKEY_FOLDER}/monkey_island/requirements.txt +echo "Installing mongodb..." ${MONKEY_FOLDER}/monkey_island/install_mongo.sh ${MONKEY_FOLDER}/monkey_island/bin/mongodb if [ -d "/etc/systemd/network" ]; then @@ -32,11 +38,13 @@ if [ -d "/etc/systemd/network" ]; then systemctl enable monkey-island fi +echo "Creating server certificate..." ${MONKEY_FOLDER}/monkey_island/create_certificate.sh ${MONKEY_FOLDER}/monkey_island/ +echo "Starting services..." service monkey-island start service monkey-mongo start -echo Monkey Island installation ended +echo "Monkey Island installation ended. The server should now be accessible soon via https://localhost:5000/" exit 0 \ No newline at end of file From 7488dea00e032fcd7fa2f644067588e92eac9b38 Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Fri, 10 Apr 2020 16:14:35 +0300 Subject: [PATCH 05/14] Fixed comment format --- .../monkey_island/deb-package/DEBIAN_MONGO/control | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/monkey/monkey_island/deb-package/DEBIAN_MONGO/control b/monkey/monkey_island/deb-package/DEBIAN_MONGO/control index 62efa5077a3..ea040e2ea3d 100644 --- a/monkey/monkey_island/deb-package/DEBIAN_MONGO/control +++ b/monkey/monkey_island/deb-package/DEBIAN_MONGO/control @@ -5,12 +5,10 @@ Homepage: https://www.infectionmonkey.com Priority: optional Version: 1.0 Description: Guardicore Infection Monkey Island installation package - -# | Dependency | Why is it required | -# |----------------- |--------------------------------------------------------------------------------------------------- | -# | openssl | Server certificate generation | -# | python3.7-dev | Server runtime | -# | python3.7-venv | For creating virtual env to install all the server pip deps (don't want to pollute system python) | -# | python3-venv | python3.7-venv doesn't work without it since you need ensure-pip. | -# | build-essential | for compiling python dependencies that don't come in a pre-compiled wheel, like `netifaces` | +# Dependency Why is it required +# openssl Server certificate generation +# python3.7-dev Server runtime +# python3.7-venv For creating virtual env to install all the server pip deps (don't want to pollute system python) +# python3-venv python3.7-venv doesn't work without it since you need ensure-pip +# build-essential for compiling python dependencies that don't come in a pre-compiled wheel, like `netifaces` Depends: openssl, python3.7-dev, python3.7-venv, python3-venv, build-essential From 41f4f3ffbbbc24c18022e7b456147a7d9509e0a2 Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Fri, 10 Apr 2020 16:38:21 +0300 Subject: [PATCH 06/14] Trying to change to comments format, since it's messing with dpkg --- .../monkey_island/deb-package/DEBIAN_MONGO/control | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/monkey/monkey_island/deb-package/DEBIAN_MONGO/control b/monkey/monkey_island/deb-package/DEBIAN_MONGO/control index ea040e2ea3d..f796b3a8aea 100644 --- a/monkey/monkey_island/deb-package/DEBIAN_MONGO/control +++ b/monkey/monkey_island/deb-package/DEBIAN_MONGO/control @@ -5,10 +5,10 @@ Homepage: https://www.infectionmonkey.com Priority: optional Version: 1.0 Description: Guardicore Infection Monkey Island installation package -# Dependency Why is it required -# openssl Server certificate generation -# python3.7-dev Server runtime -# python3.7-venv For creating virtual env to install all the server pip deps (don't want to pollute system python) -# python3-venv python3.7-venv doesn't work without it since you need ensure-pip -# build-essential for compiling python dependencies that don't come in a pre-compiled wheel, like `netifaces` Depends: openssl, python3.7-dev, python3.7-venv, python3-venv, build-essential +# Dependency - Why is it required +# openssl - Server certificate generation +# python3.7-dev - Server runtime +# python3.7-venv - For creating virtual env to install all the server pip deps (don't want to pollute system python) +# python3-venv - python3.7-venv doesn't work without it since you need ensure-pip +# build-essential - for compiling python dependencies that don't come in a pre-compiled wheel, like `netifaces` From bd2edee49a8b78dbd1ace2132160066e38a41f6a Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Fri, 10 Apr 2020 16:47:55 +0300 Subject: [PATCH 07/14] Moved comments. For some reason, dpkg-deb can't read them moved to postinst --- monkey/monkey_island/deb-package/DEBIAN_MONGO/control | 6 ------ monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst | 9 +++++++++ 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/monkey/monkey_island/deb-package/DEBIAN_MONGO/control b/monkey/monkey_island/deb-package/DEBIAN_MONGO/control index f796b3a8aea..a7bc2373eb5 100644 --- a/monkey/monkey_island/deb-package/DEBIAN_MONGO/control +++ b/monkey/monkey_island/deb-package/DEBIAN_MONGO/control @@ -6,9 +6,3 @@ Priority: optional Version: 1.0 Description: Guardicore Infection Monkey Island installation package Depends: openssl, python3.7-dev, python3.7-venv, python3-venv, build-essential -# Dependency - Why is it required -# openssl - Server certificate generation -# python3.7-dev - Server runtime -# python3.7-venv - For creating virtual env to install all the server pip deps (don't want to pollute system python) -# python3-venv - python3.7-venv doesn't work without it since you need ensure-pip -# build-essential - for compiling python dependencies that don't come in a pre-compiled wheel, like `netifaces` diff --git a/monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst b/monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst index a2e29a7846a..20f72b56a63 100644 --- a/monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst +++ b/monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst @@ -1,5 +1,14 @@ #!/bin/bash +# See the "Depends" field of the control file for what packages this scripts depends on. +# Here are the explanations for the current deps: +# Dependency - Why is it required +## openssl - Server certificate generation +## python3.7-dev - Server runtime +## python3.7-venv - For creating virtual env to install all the server pip deps (don't want to pollute system python) +## python3-venv - python3.7-venv doesn't work without it since you need ensure-pip +## build-essential - for compiling python dependencies that don't come in a pre-compiled wheel, like `netifaces` + echo "Installing Monkey Island (Infection Monkey server)..." MONKEY_FOLDER=/var/monkey From 90f9f69e30c4efd7e02880e8147b729e6675a969 Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Fri, 10 Apr 2020 23:11:50 +0300 Subject: [PATCH 08/14] Added some more output to the postinst script --- monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst b/monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst index 20f72b56a63..0a8a25debd7 100644 --- a/monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst +++ b/monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst @@ -54,6 +54,8 @@ echo "Starting services..." service monkey-island start service monkey-mongo start -echo "Monkey Island installation ended. The server should now be accessible soon via https://localhost:5000/" +echo "Monkey Island installation ended." +echo "The server should be accessible soon via https://localhost:5000/" +echo "To check server status, run 'sudo service monkey_island status'" exit 0 \ No newline at end of file From 305d15cc6a3d823ae5eb48a53b6590f8c8544df8 Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Sat, 11 Apr 2020 01:11:01 +0300 Subject: [PATCH 09/14] Added random seed data to .rnd for openssl to work This is a known issue with openssl and once ubuntu 18 gets a new version we can delete this --- monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst | 2 +- monkey/monkey_island/linux/create_certificate.sh | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst b/monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst index 0a8a25debd7..6d6a2e26fd8 100644 --- a/monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst +++ b/monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst @@ -56,6 +56,6 @@ service monkey-mongo start echo "Monkey Island installation ended." echo "The server should be accessible soon via https://localhost:5000/" -echo "To check server status, run 'sudo service monkey_island status'" +echo "To check the Island's status, run 'sudo service monkey-island status'" exit 0 \ No newline at end of file diff --git a/monkey/monkey_island/linux/create_certificate.sh b/monkey/monkey_island/linux/create_certificate.sh index 7e306a82280..365024ead11 100644 --- a/monkey/monkey_island/linux/create_certificate.sh +++ b/monkey/monkey_island/linux/create_certificate.sh @@ -2,8 +2,9 @@ server_root=${1:-"./cc"} +# We override the RANDFILE determined by default openssl.cnf +dd bs=1024 count=2 ~/.rnd openssl genrsa -out "$server_root"/server.key 2048 openssl req -new -key "$server_root"/server.key -out "$server_root"/server.csr -subj "/C=GB/ST=London/L=London/O=Global Security/OU=Monkey Department/CN=monkey.com" openssl x509 -req -days 366 -in "$server_root"/server.csr -signkey "$server_root"/server.key -out $server_root/server.crt - From b95646c3008bdeef03f8bddf0607f32fed6c065b Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Sat, 11 Apr 2020 01:12:27 +0300 Subject: [PATCH 10/14] Added a comment which explains the new dd --- monkey/monkey_island/linux/create_certificate.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/monkey/monkey_island/linux/create_certificate.sh b/monkey/monkey_island/linux/create_certificate.sh index 365024ead11..5aea0b310e1 100644 --- a/monkey/monkey_island/linux/create_certificate.sh +++ b/monkey/monkey_island/linux/create_certificate.sh @@ -3,6 +3,10 @@ server_root=${1:-"./cc"} # We override the RANDFILE determined by default openssl.cnf +# This is a known issue with the current version of openssl on Ubuntu 18.04 - once they release +# a new version, we can delete this command. See +# https://github.com/openssl/openssl/commit/0f58220973a02248ca5c69db59e615378467b9c8#diff-8ce6aaad88b10ed2b3b4592fd5c8e03a +# for more details. dd bs=1024 count=2 ~/.rnd openssl genrsa -out "$server_root"/server.key 2048 From f1de8e8c76e612943d77ac887acdd35e1904445f Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Sat, 11 Apr 2020 12:45:12 +0300 Subject: [PATCH 11/14] openssl needs to be able to read the .rnd file --- monkey/monkey_island/linux/create_certificate.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/monkey/monkey_island/linux/create_certificate.sh b/monkey/monkey_island/linux/create_certificate.sh index 5aea0b310e1..78d1b87121a 100644 --- a/monkey/monkey_island/linux/create_certificate.sh +++ b/monkey/monkey_island/linux/create_certificate.sh @@ -8,7 +8,11 @@ server_root=${1:-"./cc"} # https://github.com/openssl/openssl/commit/0f58220973a02248ca5c69db59e615378467b9c8#diff-8ce6aaad88b10ed2b3b4592fd5c8e03a # for more details. dd bs=1024 count=2 ~/.rnd +chmod 666 ~/.rnd openssl genrsa -out "$server_root"/server.key 2048 openssl req -new -key "$server_root"/server.key -out "$server_root"/server.csr -subj "/C=GB/ST=London/L=London/O=Global Security/OU=Monkey Department/CN=monkey.com" openssl x509 -req -days 366 -in "$server_root"/server.csr -signkey "$server_root"/server.key -out $server_root/server.crt + +# Shove some new random data into the file to override the original seed. +dd bs=1024 count=2 ~/.rnd From 9d889aada814b4c9456bd89b6f15852df88aa146 Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Sat, 11 Apr 2020 18:29:19 +0300 Subject: [PATCH 12/14] Fix create cert paths in postinst and added debug messages --- monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst | 6 ++++-- monkey/monkey_island/linux/create_certificate.sh | 4 ++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst b/monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst index 6d6a2e26fd8..ec37b07a48d 100644 --- a/monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst +++ b/monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst @@ -48,14 +48,16 @@ if [ -d "/etc/systemd/network" ]; then fi echo "Creating server certificate..." -${MONKEY_FOLDER}/monkey_island/create_certificate.sh ${MONKEY_FOLDER}/monkey_island/ +${MONKEY_FOLDER}/monkey_island/create_certificate.sh ${MONKEY_FOLDER}/monkey_island/cc echo "Starting services..." service monkey-island start service monkey-mongo start +echo "" echo "Monkey Island installation ended." -echo "The server should be accessible soon via https://localhost:5000/" +echo "The server should be accessible soon via https://:5000/" echo "To check the Island's status, run 'sudo service monkey-island status'" +echo "" exit 0 \ No newline at end of file diff --git a/monkey/monkey_island/linux/create_certificate.sh b/monkey/monkey_island/linux/create_certificate.sh index 78d1b87121a..8bb2a5571dd 100644 --- a/monkey/monkey_island/linux/create_certificate.sh +++ b/monkey/monkey_island/linux/create_certificate.sh @@ -2,6 +2,7 @@ server_root=${1:-"./cc"} +echo "Creating server cetificate. Server root: $server_root" # We override the RANDFILE determined by default openssl.cnf # This is a known issue with the current version of openssl on Ubuntu 18.04 - once they release # a new version, we can delete this command. See @@ -10,8 +11,11 @@ server_root=${1:-"./cc"} dd bs=1024 count=2 ~/.rnd chmod 666 ~/.rnd +echo "Generating key in $server_root/server.key" openssl genrsa -out "$server_root"/server.key 2048 +echo "Generating csr in $server_root/server.csr" openssl req -new -key "$server_root"/server.key -out "$server_root"/server.csr -subj "/C=GB/ST=London/L=London/O=Global Security/OU=Monkey Department/CN=monkey.com" +echo "Generating certificate in $server_root/server.crt" openssl x509 -req -days 366 -in "$server_root"/server.csr -signkey "$server_root"/server.key -out $server_root/server.crt # Shove some new random data into the file to override the original seed. From 9687b22b2bf02387ad1c3ee7795432b39090bbd3 Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Sun, 12 Apr 2020 19:24:21 +0300 Subject: [PATCH 13/14] Add some safety check for the .rnd file nonsense I added more comments, so it must be fine :fire: :dog: :fire: --- .../monkey_island/linux/create_certificate.sh | 26 ++++++++++++------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/monkey/monkey_island/linux/create_certificate.sh b/monkey/monkey_island/linux/create_certificate.sh index 8bb2a5571dd..985f607bc94 100644 --- a/monkey/monkey_island/linux/create_certificate.sh +++ b/monkey/monkey_island/linux/create_certificate.sh @@ -3,20 +3,28 @@ server_root=${1:-"./cc"} echo "Creating server cetificate. Server root: $server_root" -# We override the RANDFILE determined by default openssl.cnf +# We override the RANDFILE determined by default openssl.cnf, if it doesn't exist. # This is a known issue with the current version of openssl on Ubuntu 18.04 - once they release # a new version, we can delete this command. See # https://github.com/openssl/openssl/commit/0f58220973a02248ca5c69db59e615378467b9c8#diff-8ce6aaad88b10ed2b3b4592fd5c8e03a # for more details. -dd bs=1024 count=2 ~/.rnd -chmod 666 ~/.rnd +DEFAULT_RND_FILE_PATH=~/.rnd +CREATED_RND_FILE=false +if [ ! -f /tmp/foo.txt ]; then # If the file already exists, assume that the contents are fine, and don't change them. + echo "Creating rand seed file in $DEFAULT_RND_FILE_PATH" + dd bs=1024 count=2 "$DEFAULT_RND_FILE_PATH" + chmod 666 "$DEFAULT_RND_FILE_PATH" + CREATED_RND_FILE=true +fi -echo "Generating key in $server_root/server.key" +echo "Generating key in $server_root/server.key..." openssl genrsa -out "$server_root"/server.key 2048 -echo "Generating csr in $server_root/server.csr" +echo "Generating csr in $server_root/server.csr..." openssl req -new -key "$server_root"/server.key -out "$server_root"/server.csr -subj "/C=GB/ST=London/L=London/O=Global Security/OU=Monkey Department/CN=monkey.com" -echo "Generating certificate in $server_root/server.crt" -openssl x509 -req -days 366 -in "$server_root"/server.csr -signkey "$server_root"/server.key -out $server_root/server.crt +echo "Generating certificate in $server_root/server.crt..." +openssl x509 -req -days 366 -in "$server_root"/server.csr -signkey "$server_root"/server.key -out "$server_root"/server.crt -# Shove some new random data into the file to override the original seed. -dd bs=1024 count=2 ~/.rnd +# Shove some new random data into the file to override the original seed we put in. +if [ "$CREATED_RND_FILE" = true ] ; then + dd bs=1024 count=2 "$DEFAULT_RND_FILE_PATH" +fi From 592fd887b859fe5b496359ede9cb25f53f349281 Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Sun, 12 Apr 2020 19:26:26 +0300 Subject: [PATCH 14/14] No need to qualify python since we sourced `activate` Added which python it to the debug prints to compensate --- monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst b/monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst index ec37b07a48d..f12b31b73e2 100644 --- a/monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst +++ b/monkey/monkey_island/deb-package/DEBIAN_MONGO/postinst @@ -24,11 +24,11 @@ $PYTHON_VERSION -m venv ${PYTHON_FOLDER} # shellcheck disable=SC1090 source ${PYTHON_FOLDER}/bin/activate -echo "Installing Python dependencies using $(command -v pip)..." +echo "Installing Python dependencies using $(command -v python) and $(command -v pip)..." # First, make sure that pip is updated -${PYTHON_FOLDER}/bin/python -m pip install --upgrade pip +python -m pip install --upgrade pip # Then install the dependecies from the pre-downloaded whl and tar.gz file -${PYTHON_FOLDER}/bin/python -m pip install -r $MONKEY_FOLDER/monkey_island/requirements.txt --no-index --find-links file://$INSTALLATION_FOLDER +python -m pip install -r $MONKEY_FOLDER/monkey_island/requirements.txt --no-index --find-links file://$INSTALLATION_FOLDER deactivate @@ -60,4 +60,4 @@ echo "The server should be accessible soon via https://:5000/" echo "To check the Island's status, run 'sudo service monkey-island status'" echo "" -exit 0 \ No newline at end of file +exit 0