def __init__(self, debug=False):
"""
Initialize PasswordDefect.
Args:
debug (bool): Log on terminal or not
Raises:
None
Returns:
None
"""
# Initialize logger
self.logger = logger.SecureTeaLogger(__name__, debug=debug)
# OS name to password-log path map
self.system_log_map = {"debian": "/etc/passwd"}
os_name = utils.categorize_os()
self.log_file = None
if os_name:
try:
self.log_file = self.system_log_map[os_name]
except KeyError:
self.logger.log("Could not find path for the auth-log file",
logtype="error")
return
else:
return
# Initialize user to password dict
self.user_password = dict()
def __init__(self, debug=False):
"""
Initialize SSHLogin.
Args:
debug (bool): Log on terminal or not
Raises:
None
Returns:
None
"""
# Initialize logger
self.logger = logger.SecureTeaLogger(
__name__,
debug=debug
)
# OS name to SSH-log path map
self.system_log_map = {
"debian": "/var/log/auth.log"
}
os_name = utils.categorize_os()
self.log_file = None
if os_name:
try:
self.log_file = self.system_log_map[os_name]
except KeyError:
self.logger.log(
"Could not find path for the SSH-log file",
logtype="error"
)
return
else:
return
# Salt to generate hashed username
self.SALT = "<!@?>"
# Regex to extract invalid SSH login details
self.INVALID_USER = r'^([a-zA-Z]+\s[0-9]+)\s([0-9]+:[0-9]+:[0-9]+).*' \
r'Invalid\suser\s([a-zA-Z0-9_-]+)\sfrom\s([0-9]+\.' \
r'[0-9]+\.[0-9]+\.[0-9]+)'
# Initialize username to IP dict
self.username_dict = dict()
# Set threshold to 5 attempts per second to detect brute-force
self.THRESHOLD = 5 # inter = 0.2
# Initialize OSINT object
self.osint_obj = OSINT(debug=debug)
def __init__(self, debug=False):
"""
Initialize FailedLogin.
Args:
debug (bool): Log on terminal or not
Raises:
None
Returns:
None
Working:
- Detect login attempts
- Detect password brute-force
"""
# Initialize logger
self.logger = logger.SecureTeaLogger(__name__, debug=debug)
# OS name to auth-log path map
self.system_log_map = {"debian": "/var/log/auth.log"}
os_name = utils.categorize_os()
self.log_file = None
if os_name:
try:
self.log_file = self.system_log_map[os_name]
except KeyError:
self.logger.log("Could not find path for the auth-log file",
logtype="error")
return
else:
return
# Salt to generate hashed username
self.SALT = "<!@?>"
# Regex to extract details
self.AUTH_FAILURE = r'^[a-zA-Z]+.*authentication failure.*\s'
self.USERNAME = r'(user=)([a-zA-Z0-9]+)'
self.MESSAGE_REPEAT = r'message repeated\s([0-9]+)'
# Initialize user to login attempt count dict
self.user_to_count = dict()
# Set threshold to 5 attempts per second to detect brute-force
self.THRESHOLD = 5 # inter = 0.2
def __init__(self, debug=False):
"""
Initialize PortScan.
Args:
debug (bool): Log on terminal or not
Raises:
None
Returns:
None
"""
# Initialize logger
self.logger = logger.SecureTeaLogger(__name__, debug=debug)
# OS name to auth-log path map
self.system_log_map = {"debian": "/var/log/auth.log"}
os_name = utils.categorize_os()
self.log_file = None
if os_name:
try:
self.log_file = self.system_log_map[os_name]
except KeyError:
self.logger.log("Could not find path for the auth-log file",
logtype="error")
return
else:
return
# Salt to generate hashed username
self.SALT = "<!@?>"
# Regex to extract Received disconnect
self.RECIEVED_DISCONNECT = r'^([a-zA-Z]+\s[0-9]+)\s([0-9]+:[0-9]+:[0-9]+).' \
r'*Received\sdisconnect\sfrom\s([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)'
# Initialize IP to count dict
self.ip_dict = dict()
# Set threshold to 5 attempts per second to detect port scan
self.THRESHOLD = 5 # inter = 0.2
# Initialize OSINT object
self.osint_obj = OSINT(debug=debug)
def __init__(self, debug=False):
"""
Initialize HarmfulCommnads.
Detect harmful commands executed as root / sudo.
Args:
debug (bool): Log on terminal or not
Raises:
None
Returns:
None
"""
# Initialize logger
self.logger = logger.SecureTeaLogger(__name__, debug=debug)
# OS name to command-log path map
self.system_log_map = {"debian": "/var/log/auth.log"}
os_name = utils.categorize_os()
self.log_file = None
if os_name:
try:
self.log_file = self.system_log_map[os_name]
except KeyError:
self.logger.log("Could not find path for the command-log file",
logtype="error")
return
else:
return
# Path for file of harmful commands
self.COMMNAND_FILE_PATH = "/etc/securetea/log_monitor/system_log/harmful_command.txt"
self.COMMAND = r'COMMAND=(.*\s)' # regex to extract commands
self.harmful_commands = utils.open_file(self.COMMNAND_FILE_PATH)
self.found_harmful = [] # list of harmful commands found
def __init__(self, debug=False):
"""
Initialize NonStdHash.
Args:
debug (bool): Log on terminal or not
Raises:
None
Returns:
None
"""
# Initialize logger
self.logger = logger.SecureTeaLogger(__name__, debug=debug)
# OS name to auth-log path map
self.system_log_map = {"debian": "/etc/shadow"}
os_name = utils.categorize_os()
self.log_file = None
if os_name:
try:
self.log_file = self.system_log_map[os_name]
except KeyError:
self.logger.log(
"Could not find path for the password-log file",
logtype="error")
return
else:
return
# List of hashing algorithm used
self.used_algo = []
# Set THRESHOLD to 3 different hashing algorithm
self.THRESHOLD = 3
def __init__(self, debug=False):
"""
Initialize DetSniffer.
Args:
debug (bool): Log on terminal or not
Raises:
None
Returns:
None
"""
# Initialize logger
self.logger = logger.SecureTeaLogger(__name__, debug=debug)
# OS name to sys-log path map
self.system_log_map = {"debian": "/var/log/syslog"}
os_name = utils.categorize_os()
self.log_file = None
if os_name:
try:
self.log_file = self.system_log_map[os_name]
except KeyError:
self.logger.log("Could not find path for the SSH-log file",
logtype="error")
return
else:
return
# Regex to find malicious sniffer
self.SNIFFER = r"device\s([a-zA-Z0-9_-]+)\s.*promisc"
# List of promisc devices
self.found_promisc = []
def __init__(self, debug=False):
"""
Initialize CheckSync.
Args:
debug (bool): Log on terminal or not
Raises:
None
Returns:
None
"""
# Initialize logger
self.logger = logger.SecureTeaLogger(__name__, debug=debug)
# OS name to password-log path map
self.system_log_map = {"debian": ["/etc/passwd", "/etc/shadow"]}
os_name = utils.categorize_os()
self.log_file = None
if os_name:
try:
self.log_file = self.system_log_map[os_name]
except KeyError:
self.logger.log("Could not find path for the auth-log file",
logtype="error")
return
else:
return
# Users collected from both the files
# stored as list
self.log1_users = []
self.log2_users = []
def test_categorize_os(self, mock_system):
"""
Test categorize_os.
"""
mock_system.return_value = "debian"
self.assertEqual(utils.categorize_os(), "debian")