Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement OTP compliance on the Agent #3077

Closed
25 tasks done
Tracked by #2049
mssalvatore opened this issue Mar 9, 2023 · 0 comments · Fixed by #3118
Closed
25 tasks done
Tracked by #2049

Implement OTP compliance on the Agent #3077

mssalvatore opened this issue Mar 9, 2023 · 0 comments · Fixed by #3118
Assignees
@VakarisZ
Labels
Complexity: Medium Impact: High Security
Projects
Monkey Dev Board
Milestone
v2.1.0

Comments

@mssalvatore
Copy link
Collaborator

mssalvatore commented Mar 9, 2023
edited

Description

Tasks

  • Add methods to IIslandAPIClient and HTTPIslandAPIClient that: (0d) - @VakarisZ
    • Fetch new OTPs from the Island
    • Trade OTPs for auth
  • Adjust the agents to look for environmental variable with an OTP (0d) @VakarisZ
    • Get the OTP from the environment
    • Clean up the OTP environmental variable
    • Trade OTP for auth token
    • IIslandAPIClient makes all future calls using the auth token
    • Make sure to avoid unnecessary temporal coupling
    • Write tests for HTTPClient or HTTPIslandAPIClient that verify an auth token in all calls
  • Add IOTPProvider that will allow Exploiters to get OTPs (0d) - @shreyamalviya
  • Add a concrete implementation of IOTPProvider that wraps an IIslandAPIClient (0d) - @shreyamalviya
  • Construct exploiters with IOTPProvider (0d) - @shreyamalviya
    • Construct an IOTPProvider in monkey.py
    • Pass it to the constructor of PluginRegistry and construct plugins with the component
    • Pass it to hard-coded exploiters on construction
  • Adjust propagation to add OTP to agent execution commands (0d) - @shreyamalviya
  • Make sure we're not logging (leaking) OTPs (0d) - @shreyamalviya
@mssalvatore mssalvatore added this to Backlog in Monkey Dev Board Mar 9, 2023
@mssalvatore mssalvatore moved this from Backlog to To Do in Monkey Dev Board Mar 9, 2023
@mssalvatore mssalvatore mentioned this issue Mar 10, 2023
Closed
11 tasks
@VakarisZ VakarisZ self-assigned this Mar 13, 2023
@VakarisZ VakarisZ moved this from To Do to In Progress in Monkey Dev Board Mar 13, 2023
@cakekoa cakekoa mentioned this issue Mar 13, 2023
Merged
8 tasks
@shreyamalviya shreyamalviya mentioned this issue Mar 14, 2023
Merged
8 tasks
mssalvatore added a commit that referenced this issue Mar 14, 2023
@mssalvatore
Merge branch '3077-i-otp-provider' into develop
69f3867 
Issue #3077
PR #3110
@VakarisZ VakarisZ mentioned this issue Mar 14, 2023
Merged
8 tasks
This was referenced Mar 15, 2023
Merged
Closed
mssalvatore added a commit that referenced this issue Mar 15, 2023
@mssalvatore
Merge branch '3077-pass-otp-provider-to-exploiters' into develop
e5851a0 
Issue #3077
PR #3114
@shreyamalviya shreyamalviya mentioned this issue Mar 16, 2023
Merged
10 tasks
VakarisZ added a commit that referenced this issue Mar 16, 2023
@VakarisZ
Merge branch '3077-agent-fetch-auth-token' into develop
d3aa582 
Issue #3077
PR #3011
mssalvatore added a commit that referenced this issue Mar 16, 2023
@mssalvatore
Hadoop: Disable speculative execution in YARN job
98f078b 
Hadoop's speculative execution feature has lead to a number of
difficulties. See #655, #1781, and #2578. Of concern is that the issue
where Hadoop sends a SIGKILL to the first process (#2578) could cause
significant issues when implementing agent OTP authentication (#3077).

Setting max-app-attempts to 1 resolves these issues.
VakarisZ added a commit that referenced this issue Mar 17, 2023
@VakarisZ
Merge branch '3077-get-otp-from-env' into develop
a5d6170 
Issue #3077
PR #3121
This was referenced Mar 17, 2023
Merged
Closed
VakarisZ added a commit that referenced this issue Mar 22, 2023
@VakarisZ
Merge branch '3077-do-not-leak-otp-in-logs' into develop Issue: #3077
6fd780d 
…PR: #3123
@mssalvatore mssalvatore moved this from In Progress to Ready For Review in Monkey Dev Board Mar 24, 2023
mssalvatore added a commit that referenced this issue Mar 28, 2023
@mssalvatore
Merge branch '3077-modify-exploiters-to-use-otp' into develop
780b940 
Issue #3077
PR #3118
Monkey Dev Board automation moved this from Ready For Review to Done Mar 28, 2023
@mssalvatore mssalvatore added this to the v2.1.0 milestone Mar 28, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@VakarisZ VakarisZ

Labels
Complexity: Medium Impact: High Security
Projects
Monkey Dev Board
Done
Milestone
v2.1.0
Development

Successfully merging a pull request may close this issue.

Modify exploiters to use OTP in commands guardicore/monkey
2 participants
@mssalvatore @VakarisZ