Skip to content

Commit

Permalink
Merge pull request #1101 from guardicore/appimage-v2
Browse files Browse the repository at this point in the history
Appimage v2
  • Loading branch information
mssalvatore authored Apr 16, 2021
2 parents d507e6f + f3439bb commit 57f8f20
Show file tree
Hide file tree
Showing 15 changed files with 162 additions and 182 deletions.
2 changes: 1 addition & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- PostgreSQL fingerprinter. #892
- A runtime-configurable option to specify a data directory where runtime
configuration and other artifacts can be stored. #994
- Scripts to build a prototype AppImage for Monkey Island. #1069
- Scripts to build an AppImage for Monkey Island. #1069, #1090

### Changed
- server_config.json can be selected at runtime. #963
Expand Down
1 change: 1 addition & 0 deletions appimage/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
*.AppImage
29 changes: 29 additions & 0 deletions appimage/AppRun
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
#! /bin/bash

# Export APPRUN if running from an extracted image
self="$(readlink -f -- $0)"
here="${self%/*}"
APPDIR="${APPDIR:-${here}}"

# Export TCl/Tk
export TCL_LIBRARY="${APPDIR}/usr/share/tcltk/tcl8.4"
export TK_LIBRARY="${APPDIR}/usr/share/tcltk/tk8.4"
export TKPATH="${TK_LIBRARY}"

# Export SSL certificate
export SSL_CERT_FILE="${APPDIR}/opt/_internal/certs.pem"

# Call the entry point
for opt in "$@"
do
[ "${opt:0:1}" != "-" ] && break
if [[ "${opt}" =~ "I" ]] || [[ "${opt}" =~ "E" ]]; then
# Environment variables are disabled ($PYTHONHOME). Let's run in a safe
# mode from the raw Python binary inside the AppImage
"$APPDIR/opt/python3.7/bin/python3.7" "$@"
exit "$?"
fi
done

(PYTHONHOME="${APPDIR}/opt/python3.7" exec "/bin/bash" "${APPDIR}/usr/src/monkey_island/linux/run_appimage.sh")
exit "$?"
15 changes: 7 additions & 8 deletions deployment_scripts/appimage/README.md → appimage/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@

## About

This directory contains the necessary artifacts for building a prototype
monkey_island AppImage using appimage-builder.
This directory contains the necessary artifacts for building an Infection
Monkey AppImage

## Building an AppImage

Expand All @@ -18,19 +18,18 @@ NOTE: This script is intended to be run from a clean VM. You can also manually
remove build artifacts by removing the following files and directories.

- $HOME/.monkey_island (optional)
- $HOME/monkey-appdir
- $HOME/squashfs-root
- $HOME/git/monkey
- $HOME/appimage/appimage-builder-cache
- $HOME/appimage/"Monkey\ Island-\*-x86-64.Appimage"
- $HOME/appimage/Infection_Monkey-x86_64.AppImage

After removing the above files and directories, you can again execute `bash
build_appimage.sh`.

## Running the AppImage

The build script will produce an AppImage executible named something like
`Monkey Island-VERSION-x86-64.AppImage`. Simply execute this file and you're
off to the races.
The build script will produce an AppImage executible named
`Infection_Monkey-x86_64.AppImage`. Simply execute this file and you're off to
the races.

A new directory, `$HOME/.monkey_island` will be created to store runtime
artifacts.
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
#!/bin/bash

python_cmd="python3.7"
APPDIR="$HOME/monkey-appdir"
APPDIR="$HOME/squashfs-root"
CONFIG_URL="https://raw.githubusercontent.com/guardicore/monkey/develop/deployment_scripts/config"
INSTALL_DIR="$APPDIR/usr/src"

GIT=$HOME/git
Expand All @@ -13,6 +13,10 @@ ISLAND_PATH="$INSTALL_DIR/monkey_island"
MONGO_PATH="$ISLAND_PATH/bin/mongodb"
ISLAND_BINARIES_PATH="$ISLAND_PATH/cc/binaries"

NODE_SRC=https://deb.nodesource.com/setup_12.x
APP_TOOL_URL=https://github.com/AppImage/AppImageKit/releases/download/12/appimagetool-x86_64.AppImage
PYTHON_APPIMAGE_URL="https://github.com/niess/python-appimage/releases/download/python3.7/python3.7.9-cp37-cp37m-manylinux1_x86_64.AppImage"

is_root() {
return "$(id -u)"
}
Expand All @@ -33,21 +37,7 @@ log_message() {
echo -e "DEPLOYMENT SCRIPT: $1"
}

setup_appdir() {
rm -rf "$APPDIR" || true
mkdir -p "$INSTALL_DIR"
}

install_pip_37() {
pip_url=https://bootstrap.pypa.io/get-pip.py
curl $pip_url -o get-pip.py
${python_cmd} get-pip.py
rm get-pip.py
}

install_nodejs() {
NODE_SRC=https://deb.nodesource.com/setup_12.x

log_message "Installing nodejs"

curl -sL $NODE_SRC | sudo -E bash -
Expand All @@ -56,28 +46,17 @@ install_nodejs() {

install_build_prereqs() {
sudo apt update
sudo apt upgrade
sudo apt upgrade -y

# appimage-builder prereqs
sudo apt install -y python3 python3-pip python3-setuptools patchelf desktop-file-utils libgdk-pixbuf2.0-dev fakeroot strace

#monkey island prereqs
sudo apt install -y curl libcurl4 python3.7 python3.7-dev openssl git build-essential moreutils
install_pip_37
# monkey island prereqs
sudo apt install -y curl libcurl4 openssl git build-essential moreutils
install_nodejs
}

install_appimage_builder() {
sudo pip3 install appimage-builder

install_appimage_tool
}

install_appimage_tool() {
APP_TOOL_BIN=$HOME/bin/appimagetool
APP_TOOL_URL=https://github.com/AppImage/AppImageKit/releases/download/12/appimagetool-x86_64.AppImage

mkdir "$HOME"/bin
mkdir -p "$HOME"/bin
curl -L -o "$APP_TOOL_BIN" "$APP_TOOL_URL"
chmod u+x "$APP_TOOL_BIN"

Expand All @@ -88,7 +67,7 @@ load_monkey_binary_config() {
tmpfile=$(mktemp)

log_message "downloading configuration"
curl -L -s -o "$tmpfile" "$config_url"
curl -L -s -o "$tmpfile" "$CONFIG_URL"

log_message "loading configuration"
source "$tmpfile"
Expand All @@ -100,17 +79,49 @@ clone_monkey_repo() {
fi

log_message "Cloning files from git"
branch=${2:-"develop"}
branch=${1:-"develop"}
git clone --single-branch --recurse-submodules -b "$branch" "${MONKEY_GIT_URL}" "${REPO_MONKEY_HOME}" 2>&1 || handle_error

chmod 774 -R "${MONKEY_HOME}"
chmod 774 -R "${REPO_MONKEY_HOME}"
}

setup_appdir() {
setup_python_37_appdir

copy_monkey_island_to_appdir
download_monkey_agent_binaries

install_monkey_island_python_dependencies
install_mongodb

generate_ssl_cert
build_frontend

add_monkey_icon
add_desktop_file
add_apprun
}

setup_python_37_appdir() {
PYTHON_APPIMAGE="python3.7.9_x86_64.AppImage"
rm -rf "$APPDIR" || true

log_message "downloading Python3.7 Appimage"
curl -L -o "$PYTHON_APPIMAGE" "$PYTHON_APPIMAGE_URL"

chmod u+x "$PYTHON_APPIMAGE"

./"$PYTHON_APPIMAGE" --appimage-extract
rm "$PYTHON_APPIMAGE"
mv ./squashfs-root "$APPDIR"
mkdir -p "$INSTALL_DIR"
}

copy_monkey_island_to_appdir() {
cp "$REPO_MONKEY_SRC"/__init__.py "$INSTALL_DIR"
cp "$REPO_MONKEY_SRC"/monkey_island.py "$INSTALL_DIR"
cp -r "$REPO_MONKEY_SRC"/common "$INSTALL_DIR"
cp -r "$REPO_MONKEY_SRC"/monkey_island "$INSTALL_DIR"
cp -r "$REPO_MONKEY_SRC"/common "$INSTALL_DIR/"
cp -r "$REPO_MONKEY_SRC"/monkey_island "$INSTALL_DIR/"
cp ./run_appimage.sh "$INSTALL_DIR"/monkey_island/linux/
cp ./island_logger_config.json "$INSTALL_DIR"/
cp ./server_config.json.standard "$INSTALL_DIR"/monkey_island/cc/
Expand All @@ -128,7 +139,7 @@ install_monkey_island_python_dependencies() {
# dependencies and should not be installed as a runtime requirement.
cat "$requirements_island" | grep -Piv "virtualenv|pyinstaller" | sponge "$requirements_island"

${python_cmd} -m pip install -r "${requirements_island}" --ignore-installed --prefix /usr --root="$APPDIR" || handle_error
"$APPDIR"/AppRun -m pip install -r "${requirements_island}" --ignore-installed || handle_error
}

download_monkey_agent_binaries() {
Expand Down Expand Up @@ -168,24 +179,26 @@ build_frontend() {
popd || handle_error
}

build_appimage() {
log_message "Building AppImage"
appimage-builder --recipe monkey_island_builder.yml --log DEBUG --skip-appimage
add_monkey_icon() {
unlink "$APPDIR"/python.png
mkdir -p "$APPDIR"/usr/share/icons
cp "$REPO_MONKEY_SRC"/monkey_island/cc/ui/src/images/monkey-icon.svg "$APPDIR"/usr/share/icons/infection-monkey.svg
ln -s "$APPDIR"/usr/share/icons/infection-monkey.svg "$APPDIR"/infection-monkey.svg
}

# There is a bug or unwanted behavior in appimage-builder that causes issues
# if 32-bit binaries are present in the appimage. To work around this, we:
# 1. Build the AppDir with appimage-builder and skip building the appimage
# 2. Add the 32-bit binaries to the AppDir
# 3. Build the AppImage with appimage-builder from the already-built AppDir
#
# Note that appimage-builder replaces the interpreter on the monkey agent binaries
# when building the AppDir. This is unwanted as the monkey agents may execute in
# environments where the AppImage isn't loaded.
#
# See https://github.com/AppImageCrafters/appimage-builder/issues/93 for more info.
download_monkey_agent_binaries
add_desktop_file() {
unlink "$APPDIR"/python3.7.9.desktop
cp ./infection-monkey.desktop "$APPDIR"/usr/share/applications
ln -s "$APPDIR"/usr/share/applications/infection-monkey.desktop "$APPDIR"/infection-monkey.desktop
}

appimage-builder --recipe monkey_island_builder.yml --log DEBUG --skip-build
add_apprun() {
cp ./AppRun "$APPDIR"
}

build_appimage() {
log_message "Building AppImage"
ARCH="x86_64" appimagetool "$APPDIR"
}

if is_root; then
Expand All @@ -199,33 +212,14 @@ Run \`sudo -v\`, enter your password, and then re-run this script."
exit 1
fi

config_url="https://raw.githubusercontent.com/mssalvatore/monkey/linux-deploy-binaries/deployment_scripts/config"

setup_appdir

install_build_prereqs
install_appimage_builder

install_appimage_tool

load_monkey_binary_config
clone_monkey_repo "$@"

copy_monkey_island_to_appdir

# Create folders
log_message "Creating island dirs under $ISLAND_PATH"
mkdir -p "${MONGO_PATH}" || handle_error

install_monkey_island_python_dependencies

install_mongodb

generate_ssl_cert

build_frontend

mkdir -p "$APPDIR"/usr/share/icons
cp "$REPO_MONKEY_SRC"/monkey_island/cc/ui/src/images/monkey-icon.svg "$APPDIR"/usr/share/icons/monkey-icon.svg
setup_appdir

build_appimage

Expand Down
8 changes: 8 additions & 0 deletions appimage/infection-monkey.desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
[Desktop Entry]
Type=Application
Name=Infection Monkey
Exec=bash
Comment=An automated breach and attack simulation platform
Icon=infection-monkey
Categories=Development;
Terminal=true
File renamed without changes.
29 changes: 29 additions & 0 deletions appimage/run_appimage.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
#!/bin/bash

PYTHON_CMD="$APPDIR"/opt/python3.7/bin/python3.7
DOT_MONKEY="$HOME"/.monkey_island/

configure_default_logging() {
if [ ! -f "$DOT_MONKEY"/island_logger_config.json ]; then
cp "$APPDIR"/usr/src/island_logger_config.json "$DOT_MONKEY"
fi
}

configure_default_server() {
if [ ! -f "$DOT_MONKEY"/server_config.json ]; then
cp "$APPDIR"/usr/src/monkey_island/cc/server_config.json.standard "$DOT_MONKEY"/server_config.json
fi
}

# shellcheck disable=SC2174
mkdir --mode=0700 --parents "$DOT_MONKEY"

DB_DIR="$DOT_MONKEY"/db
mkdir --parents "$DB_DIR"

configure_default_logging
configure_default_server

cd "$APPDIR"/usr/src || exit 1
./monkey_island/bin/mongodb/bin/mongod --dbpath "$DB_DIR" &
${PYTHON_CMD} ./monkey_island.py --server-config "$DOT_MONKEY"/server_config.json --logger-config "$DOT_MONKEY"/island_logger_config.json
File renamed without changes.
40 changes: 0 additions & 40 deletions deployment_scripts/appimage/monkey_island_builder.yml

This file was deleted.

Loading

0 comments on commit 57f8f20

Please sign in to comment.