SMB: Add SMBOptions to SMBPlugin

[ilija-lazoroski]

Issue: #2952

What does this PR do?

Fixes part of #2952

Add any further explanations here.

PR Checklist

• Have you added an explanation of what your changes do and why you'd like to include them?
• Is the TravisCI build passing?
• Was the CHANGELOG.md updated to reflect the changes?
• Was the documentation framework updated to reflect the changes?
• Have you checked that you haven't introduced any duplicate code?

Testing Checklist

• Added relevant unit tests?
• Have you successfully tested your changes locally? Elaborate:

  Tested by unit tests

• If applicable, add screenshots or log transcripts of the feature working

[mssalvatore]

@ybasford Option descriptions could use your expert opinion.

[mssalvatore]

Vulture fails

[mssalvatore]

These maximums seem somewhat arbitrary. Are they based on anything?

[cakekoa]

Should we get rid of the maximums altogether?

[mssalvatore]

Only if we add a note to the description that this could cause the agent to hang on manual shutdown if it's set too high. Realistically, we shutdown after I think 120 seconds if things are hung.

[ilija-lazoroski]

Then we should also change things in Hadoop

[codecov]

Codecov Report

Patch coverage has no change and project coverage change: +0.05 🎉

Comparison is base (c254126) 67.58% compared to head (04b6cb0) 67.63%.

❗ Current head 04b6cb0 differs from pull request most recent head 899673c. Consider uploading reports for the commit 899673c to get more accurate results

Additional details and impacted files

@@                      Coverage Diff                      @@
##           2952-smb-exploiter-plugin    #3089      +/-   ##
=============================================================
+ Coverage                      67.58%   67.63%   +0.05%     
=============================================================
  Files                            444      446       +2     
  Lines                          12730    12755      +25     
=============================================================
+ Hits                            8603     8627      +24     
- Misses                          4127     4128       +1     

see 11 files with indirect coverage changes

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

[shreyamalviya]

We should consider adding the option of choosing both or one of port 445 and port 139 instead of hard-coding it to be both. Probably checkboxes.

[shreyamalviya]

We probably don't need this. We don't have any exploiter logic for when Kerberos auth is set to true.

[ilija-lazoroski]

Yep, we don't but RPC transport has that option which we were hard-coding to False.

[shreyamalviya]

Exactly, we don't specifically handle cases where Kerberos is used. Do we need anything else for it to work or is our existing logic enough?

[ilija-lazoroski]

Probablyyyy. We need to check that.

[shreyamalviya]

I'm also wondering if this should just be one option (smb_connect_timeout) which is used in both places. The user doesn't know about the internal workings of the exploiter i.e. where/when/why RPC is being used.

[ilija-lazoroski]

That probably make sense.

[mssalvatore]

We should consider adding the option of choosing both or one of port 445 and port 139 instead of hard-coding it to be both. Probably checkboxes.

@shreyamalviya We discussed it on Friday. The issue is that 445 and 139 aren't really the right configuration options. The right set of configuration options are checkboxes regarding whether or not we should use the protocol over NetBIOS (see https://www.upguard.com/blog/smb-port). After some discussion, we decided this requires the user to have more knowledge of SMB and its history than they probably want. We decided that, since it's so easy to modify and release new versions of the plugin, we could add this option at a later date if a user requests it. For now, we decided to just hard code both.

[mssalvatore]

Should these just be the same option?

[ilija-lazoroski]

#3089 (comment) Yep.

[ybasford]

Change description text: "Timeout (in seconds) for uploading the Agent binary."