Supported Operating Systems

The Infection Monkey Docker container works on Linux only. It is not compatible with Docker for Windows or Docker for Mac.

Deployment

Step 1: load the Docker images

  1. Pull the MongoDB v4.2 Docker image:

    sudo docker pull mongo:4.2
    
  2. Extract the Monkey Island Docker tarball:

    tar -xvzf InfectionMonkey-docker-v1.13.0.tgz
    
  3. Load the Monkey Island Docker image:

    sudo docker load -i InfectionMonkey-docker-v1.13.0.tar
    

Step 2: start MongoDB

If you are upgrading the Infection Monkey to a new version, be sure to remove any MongoDB containers or volumes associated with the previous version.

  1. Start a MongoDB Docker container:

    sudo docker run \
        --name monkey-mongo \
        --network=host \
        --volume db:/data/db \
        --detach \
        mongo:4.2
    

Step 3: start Monkey Island with a default certificate

By default, Infection Monkey comes with a self-signed SSL certificate. In enterprise or other security-sensitive environments, we recommend that the
user provide Infection Monkey with a certificate signed by a private certificate authority.

  1. Run the Monkey Island server
    sudo docker run \
        --tty \
        --interactive \
        --name monkey-island \
        --network=host \
        guardicore/monkey-island:VERSION
    

Step 4: accessing Monkey Island

After the Monkey Island docker container starts, you can access Monkey Island by pointing your browser at https://localhost:5000.

Configuring the server

For more information about server configuration, click here.
You can configure the server by mounting a volume and specifying a server configuration file:

  1. Create a directory for the server configuration file, e.g. monkey_island_data:
    mkdir ./monkey_island_data
    chmod 700 ./monkey_island_data
    
  2. Move your server_config.json file to ./monkey_island_data directory.
  3. Run the container with a mounted volume, specify the path to the server_config.json:
sudo docker run \
    --rm \
    --name monkey-island \
    --network=host \
    --user "$(id -u ${USER}):$(id -g ${USER})" \
    --volume "$(realpath ./monkey_island_data)":/monkey_island_data \
    guardicore/monkey-island:VERSION --setup-only --server-config="/monkey_island_data/server_config.json"

Start Monkey Island with a user-provided certificate

By default, Infection Monkey comes with a self-signed SSL certificate. In an enterprise or other security-sensitive environments, it is recommended that the
user provides Infection Monkey with a certificate that has been signed by a private certificate authority.

  1. Terminate the Docker container if it's already running.
  2. Move your .crt and .key files to ./monkey_island_data (directory created for the volume).
  3. Make sure that your .crt and .key files are readable only by you.
    chmod 600 <PATH_TO_KEY_FILE>
    chmod 600 <PATH_TO_CRT_FILE>
    
  4. Modify the server configuration file and add the following lines:
    {
        "ssl_certificate": {
            "ssl_certificate_file": "/monkey_island_data/my_cert.crt",
            "ssl_certificate_key_file": "/monkey_island_data/my_key.key"
        }
    }
    
  5. Run the container with a mounted volume, specify the path to the server_config.json:
    sudo docker run \
        --rm \
        --name monkey-island \
        --network=host \
        --user "$(id -u ${USER}):$(id -g ${USER})" \
        --volume "$(realpath ./monkey_island_data)":/monkey_island_data \
        guardicore/monkey-island:VERSION --setup-only --server-config="/monkey_island_data/server_config.json"
    
  6. Access the Monkey Island web UI by pointing your browser at
    https://localhost:5000.

Change logging level

  1. Stop the Docker container if it's already running.
  2. Modify the server configuration file by adding the following lines:
    {
        "log_level": "INFO"
    }
    
  3. Run the container with a mounted volume, specify the path to the server_config.json:
    sudo docker run \
        --rm \
        --name monkey-island \
        --network=host \
        --user "$(id -u ${USER}):$(id -g ${USER})" \
        --volume "$(realpath ./monkey_island_data)":/monkey_island_data \
        guardicore/monkey-island:VERSION --setup-only --server-config="/monkey_island_data/server_config.json"
    
  4. Access the Monkey Island web UI by pointing your browser at
    https://localhost:5000.

Upgrading

Currently, there's no "upgrade-in-place" option when a new version is released.
To get an updated version, download it, stop and remove the current Monkey Island and MongoDB containers and volumes, and run the installation commands again with the new file.

If you'd like to keep your existing configuration, you can export it to a file
using the Export config button and then importing it to the new Monkey Island.

Troubleshooting

The Monkey Island container crashes due to a 'UnicodeDecodeError'

You will encounter a UnicodeDecodeError if the monkey-island container is using a different secret key to encrypt sensitive data than was initially used to store data in the monkey-mongo container.

UnicodeDecodeError: 'utf-8' codec can't decode byte 0xee in position 0: invalid continuation byte

Starting a new container from the guardicore/monkey-island:VERSION image generates a new secret key for storing sensitive information in MongoDB. If you have an old database instance running (from a previous instance of Infection Monkey), the data stored in the monkey-mongo container has been encrypted with a key that is different from the one that Monkey Island is currently using. When MongoDB attempts to decrypt its data with the new key, decryption fails and you get this error.

You can fix this in one of three ways:

  1. Instead of starting a new container for the Monkey Island, you can run docker container start -a monkey-island to restart the existing container, which will contain the correct key material.
  2. Kill and remove the existing MongoDB container, and start a new one. This will remove the old database entirely. Then, start the new Monkey Island container.
  3. When you start the Monkey Island container, use --volume monkey_island_data:/monkey_island_data. This will store all of Monkey Island's runtime artifacts (including the encryption key file) in a Docker volume that can be reused by subsequent Monkey Island containers.