search

guardicore / monkey

Infection Monkey - An open-source adversary emulation platform
https://www.guardicore.com/infectionmonkey/
GNU General Public License v3.0
6.62k stars 772 forks source link

Agents not properly shutting down in tunneling tests #2635

Closed mssalvatore closed 1 year ago

mssalvatore commented 1 year ago

Describe the bug

Agents should shut down quickly when the TERMINATE signal is sent. Agents involved in tunneling do not shut down. 120 seconds is the maximum amount of time the test suite is willing to wait for an agent to shut down.

To Reproduce

Steps to reproduce the behavior:

  1. Run any end-to-end tests that use tunneling (Credentials_reuse_SSH_Key, depth_3_a, depth_4_a)
  2. Notice the message that says "[INFO] exploitation.wait_until_monkeys_die.92: After 120 seconds all monkeys have died"

Expected behavior

Agents should shut down much more quickly.

mssalvatore commented 1 year ago

It looks like the issue is that the pipe on .15 times out after 10 seconds (infection_monkey.relay.consts.SOCKET_TIMEOUT) and closes. This allows .15 to close its tunnel and shutdown.

Modifying SOCKET_TIMEOUT to be 2x the heartbeat period should resolve the issue.