The agent logs are named /tmp/user-1563 and %temp%\~df1563.tmp. As far as I can tell, these names are meaningless. A name like infection-monkey-agent.log would be much more user-friendly.

In addition, using a constant file name like this in /tmp on Linux opens Infection Monkey to a denial of service attack. The actual risk and impact of this "attack" is extremely low, however, it's annoying when you receive the following error on a machine that developers share:

Traceback (most recent call last):
  File "/usr/lib/python3.7/logging/config.py", line 563, in configure
    handler = self.configure_handler(handlers[name])
  File "/usr/lib/python3.7/logging/config.py", line 736, in configure_handler
    result = factory(**kwargs)
  File "/usr/lib/python3.7/logging/__init__.py", line 1087, in __init__
    StreamHandler.__init__(self, self._open())
  File "/usr/lib/python3.7/logging/__init__.py", line 1116, in _open
    return open(self.baseFilename, self.mode, encoding=self.encoding)
PermissionError: [Errno 13] Permission denied: '/tmp/user-1563'

Here's a suggested mechanism for creating the log file name:

>>> tempfile.mkstemp(suffix=f"-{time.strftime('%Y-%m-%d-%H-%M-%S', time.gmtime())}.log", prefix="infection-monkey-agent-")
(5, '/home/msalvatore/tmp/infection-monkey-agent-4wj_aect-2022-03-03-17-29-33.log')

Tasks

• Rename the log to be more user-friendly @ilija-lazoroski
  • m0nk3y
  • dr0pp3r
• Use tempfile.mkstemp() or similar to add a random component to the file's name. Including the date/time would be nice, too. @ilija-lazoroski
  • m0nk3y
  • dr0pp3r
• Remove internal logging from config as the log file path is set before the agent asks for config. @ilija-lazoroski
• Review and test (0d)