search

guardicore / monkey

Infection Monkey - An open-source adversary emulation platform
https://www.guardicore.com/infectionmonkey/
GNU General Public License v3.0
6.67k stars 785 forks source link

Mitigation storage fails when mongo not on localhost #1157

Closed VakarisZ closed 2 years ago

VakarisZ commented 3 years ago

Describe the bug

If custom mongodb location is provided, monkey island fails to create attack mitigation database collection with the following error:

2021-05-11 14:52:46,718 - setup.py:13 - setup() - INFO - Setting up the Monkey Island, this might take a while...

Traceback (most recent call last):

File "/monkey/monkey_island/cc/setup.py", line 22, in try_store_mitigations_on_mongo

raise errors.OperationFailure("Mitigation collection empty. Try dropping the collection and running again")

pymongo.errors.OperationFailure: Mitigation collection empty. Try dropping the collection and running again

During handling of the above exception, another exception occurred:

Traceback (most recent call last):

File "./monkey_island.py", line 21, in <module>

main(is_setup_only)

File "/monkey/monkey_island/cc/main.py", line 43, in main

start_island_server(should_setup_only)

File "/monkey/monkey_island/cc/main.py", line 59, in start_island_server

setup()

File "/monkey/monkey_island/cc/setup.py", line 14, in setup

try_store_mitigations_on_mongo()

File "/monkey/monkey_island/cc/setup.py", line 29, in try_store_mitigations_on_mongo

store_mitigations_on_mongo()

File "/monkey/monkey_island/cc/setup.py", line 42, in store_mitigations_on_mongo

mongo_object.save()

File "/monkey/lib/python3.7/site-packages/mongoengine/document.py", line 403, in save

self.ensure_indexes()

File "/monkey/lib/python3.7/site-packages/mongoengine/document.py", line 880, in ensure_indexes

collection = cls._get_collection()

File "/monkey/lib/python3.7/site-packages/mongoengine/document.py", line 215, in _get_collection

if cls._meta.get("auto_create_index", True) and db.client.is_primary:

File "/monkey/lib/python3.7/site-packages/pymongo/mongo_client.py", line 1031, in is_primary

return self._server_property('is_writable')

File "/monkey/lib/python3.7/site-packages/pymongo/mongo_client.py", line 856, in _server_property

writable_server_selector)

File "/monkey/lib/python3.7/site-packages/pymongo/topology.py", line 243, in select_server

address))

File "/monkey/lib/python3.7/site-packages/pymongo/topology.py", line 200, in select_servers

selector, server_timeout, address)

File "/monkey/lib/python3.7/site-packages/pymongo/topology.py", line 217, in _select_servers_loop

(self._error_message(selector), timeout, self.description))

pymongo.errors.ServerSelectionTimeoutError: localhost:27017: [Errno 111] Connection refused, Timeout: 30s, Topology Description: <TopologyDescription id: 609a9a3e8169e495cb16eeb8, topology_type: Single, servers: [<ServerDescription ('localhost', 27017) server_type: Unknown, rtt: None, error=AutoReconnect('localhost:27017: [Errno 111] Connection refused')>]>

Looks like the code there is trying to connect to localhost:27017 even though the environment flag is not localhost MONKEY_MONGO_URL=mongodb://172.26.32.1:27017/monkeyisland

To Reproduce

Steps to reproduce the behavior:

  1. Run mongodb docker container with: 
    docker run --name monkey-mongo -p 27017:27017 -v [DATABASE_PATH]:/data/db -d mongo:4.2
  2. Run the island container with: 
    docker run --name monkey-island -p 5000:5000 -p 5001:5001 --env MONKEY_MONGO_URL=mongodb://[HOST_IP]:27017/monkeyisland -d guardicore/monkey-island:1.10.0
  3. See error

Expected behavior

Monkey shouldn't fail on mitigation creation.

Machine version (please complete the following information):

mssalvatore commented 3 years ago

Can this be handled as part of https://github.com/guardicore/monkey/issues/1148?

VakarisZ commented 2 years ago

ATT&CK report is getting removed in https://github.com/guardicore/monkey/issues/2440