ghost
commented
4 years ago good question.
abilities will timeout, by default, after 60 seconds. you can override this in the ability YML file itself by adding a timeout property (at the same "level" of indentation as the command itself). The timeout is valued in seconds. Example:
command: whoami
timeout: 120When CALDERA runs an ability, it will consider it timed out if it doesn't complete within this time. However, that doesn't necessarily mean it didn't work. For example, if a lateral movement command stays alive because it is intended to "live forever" CALDERA may think that command timed out but really it's just long-living.
You can either disregard the timeout feedback - or you can run your command as a "job" or in the background (like nohup) to force it to complete and return a status code, instead of staying alive.
perra22
Hi, In which situations abilities (during an operation) can go in timeout?
I'm doing a lateral movement copying Sandcat from a machine to another one and then starting it. I can see that the Sandcat process is up (it appears in Caldera agents tab) but the "Start 54ndc47" step in the operation fall in timeout status.
Thanks!