Azure safety updates (#2324)

Author: ChrisThibodeaux

analyzer/windows/analyzer.py

@@ -497,46 +497,34 @@ def run(self):
         Auxiliary()
         prefix = f"{auxiliary.__name__}."
 
-        # disable_screens = True
-        # if self.options.get("disable_screens") == "0":
-        #    disable_screens = False
-
         for _, name, _ in pkgutil.iter_modules(auxiliary.__path__, prefix):
             try:
-                log.debug('Importing auxiliary module "%s"...', name)
-                __import__(name, globals(), locals(), ["dummy"])
-                # log.debug('Imported auxiliary module "%s"', name)
+                mod_name = name.split(".")[-1]
+                if hasattr(self.config, mod_name) and getattr(self.config, mod_name, False):
+                    log.debug('Importing auxiliary module "%s"...', name)
+                    __import__(name, globals(), locals(), ["dummy"])
+                    # log.debug('Imported auxiliary module "%s"', name)
             except ImportError as e:
                 log.warning('Unable to import the auxiliary module "%s": %s', name, e)
+
         # Walk through the available auxiliary modules.
         aux_modules = []
 
         for module in sorted(Auxiliary.__subclasses__(), key=lambda x: x.start_priority, reverse=True):
-            # Try to start the auxiliary module.
-            # if module.__name__ == "Screenshots" and disable_screens:
-            #    continue
             try:
                 aux = module(self.options, self.config)
                 log.debug('Initialized auxiliary module "%s"', module.__name__)
                 aux_modules.append(aux)
-
-                # The following commented out code causes the monitor to not upload logs.
-                # If the auxiliary module is not enabled, we shouldn't start it
-                # if hasattr(aux, "enabled") and not getattr(aux, "enabled", False):
-                #     log.debug('Auxiliary module "%s" is disabled.', module.__name__)
-                #     # We continue so that the module is not added to AUX_ENABLED
-                #     continue
-                # else:
-                log.debug('Trying to start auxiliary module "%s"...', module.__name__)
+                log.debug('Trying to start auxiliary module "%s"...', module.__module__)
                 aux.start()
             except (NotImplementedError, AttributeError) as e:
                 log.warning("Auxiliary module %s was not implemented: %s", module.__name__, e)
             except Exception as e:
-                log.warning("Cannot execute auxiliary module %s: %s", module.__name__, e)
+                log.warning("Cannot execute auxiliary module %s: %s", module.__module__, e)
             else:
-                log.debug("Started auxiliary module %s", module.__name__)
+                log.debug("Started auxiliary module %s", module.__module__)
                 AUX_ENABLED.append(aux)
-
+    
         """
         # Inform zer0m0n of the ResultServer address.
         zer0m0n.resultserver(self.config.ip, self.config.port)

conf/default/az.conf.default

@@ -118,6 +118,9 @@ spot_instances = false
 # start pulling tasks off of the stack
 wait_for_agent_before_starting = true
 
+# This integer value is used to determine how many times a VMSS that does not initialize properly can retry
+init_retries = 2
+
 # These are the value(s) of the DNS server(s) that you want the scale sets to use. (E.g. 1.1.1.1,8.8.8.8)
 # NOTE: NO SPACES
 dns_server_ips = <dns_server_ip>

installer/cape2.sh

@@ -1248,8 +1248,32 @@ function install_systemd() {
 	if [ "$MONGO_ENABLE" -ge 1 ]; then
 		cape_web_enable_string="cape-web"
 	fi
+
     systemctl enable cape cape-rooter cape-processor "$cape_web_enable_string" suricata
     systemctl restart cape cape-rooter cape-processor "$cape_web_enable_string" suricata
+
+    if [ ! -f "/etc/sudoers.d/cape" ] ; then
+        cat > /etc/sudoers.d/cape << EOF
+Cmnd_Alias CAPE_SVC = /usr/bin/systemctl stop cape, /usr/bin/systemctl start cape, /usr/bin/systemctl restart cape
+Cmnd_Alias CAPE_WEB_SVC = /usr/bin/systemctl stop cape-web, /usr/bin/systemctl start cape-web, /usr/bin/systemctl restart cape-web
+Cmnd_Alias CAPE_PROCESSING_SVC = /usr/bin/systemctl stop cape-processor, /usr/bin/systemctl start cape-processor, /usr/bin/systemctl restart cape-processor
+Cmnd_Alias CAPE_ROOTER_SVC = /usr/bin/systemctl stop cape-rooter, /usr/bin/systemctl start cape-rooter, /usr/bin/systemctl restart cape-rooter
+Cmnd_Alias SURICATA = /usr/bin/systemctl stop suricata, /usr/bin/systemctl start suricata, /usr/bin/systemctl restart suricata
+Cmnd_Alias UWSGI = /usr/bin/systemctl stop uwsgi, /usr/bin/systemctl start uwsgi, /usr/bin/systemctl restart uwsgi
+
+# disttributed cape related
+Cmnd_Alias CAPE_FSTAB_SVC = /usr/bin/systemctl stop cape-fstab, /usr/bin/systemctl start cape-fstab, /usr/bin/systemctl restart cape-fstab
+
+%${USER} ALL=CAPE_SVC
+%${USER} ALL=CAPE_WEB_SVC
+%${USER} ALL=CAPE_PROCESSING_SVC
+%${USER} ALL=CAPE_ROOTER_SVC
+%${USER} ALL=SURICATA
+%${USER} ALL=UWSGI
+
+%cape ALL=CAPE_FSTAB_SVC
+EOF
+    fi
 }
 
 
@@ -1264,6 +1288,7 @@ function install_prometheus_grafana() {
     sudo dpkg -i grafana_"$grafana_version"_amd64.deb
 
     systemctl enable grafana
+
     cat << EOL
     Edit grafana config to listen on correct interface, default localhost, then
     systemctl start grafana