def __init__(self, debug=False): """ Initialize PasswordDefect. Args: debug (bool): Log on terminal or not Raises: None Returns: None """ # Initialize logger self.logger = logger.SecureTeaLogger(__name__, debug=debug) # OS name to password-log path map self.system_log_map = {"debian": "/etc/passwd"} os_name = utils.categorize_os() self.log_file = None if os_name: try: self.log_file = self.system_log_map[os_name] except KeyError: self.logger.log("Could not find path for the auth-log file", logtype="error") return else: return # Initialize user to password dict self.user_password = dict()
def __init__(self, debug=False): """ Initialize SSHLogin. Args: debug (bool): Log on terminal or not Raises: None Returns: None """ # Initialize logger self.logger = logger.SecureTeaLogger( __name__, debug=debug ) # OS name to SSH-log path map self.system_log_map = { "debian": "/var/log/auth.log" } os_name = utils.categorize_os() self.log_file = None if os_name: try: self.log_file = self.system_log_map[os_name] except KeyError: self.logger.log( "Could not find path for the SSH-log file", logtype="error" ) return else: return # Salt to generate hashed username self.SALT = "<!@?>" # Regex to extract invalid SSH login details self.INVALID_USER = r'^([a-zA-Z]+\s[0-9]+)\s([0-9]+:[0-9]+:[0-9]+).*' \ r'Invalid\suser\s([a-zA-Z0-9_-]+)\sfrom\s([0-9]+\.' \ r'[0-9]+\.[0-9]+\.[0-9]+)' # Initialize username to IP dict self.username_dict = dict() # Set threshold to 5 attempts per second to detect brute-force self.THRESHOLD = 5 # inter = 0.2 # Initialize OSINT object self.osint_obj = OSINT(debug=debug)
def __init__(self, debug=False): """ Initialize FailedLogin. Args: debug (bool): Log on terminal or not Raises: None Returns: None Working: - Detect login attempts - Detect password brute-force """ # Initialize logger self.logger = logger.SecureTeaLogger(__name__, debug=debug) # OS name to auth-log path map self.system_log_map = {"debian": "/var/log/auth.log"} os_name = utils.categorize_os() self.log_file = None if os_name: try: self.log_file = self.system_log_map[os_name] except KeyError: self.logger.log("Could not find path for the auth-log file", logtype="error") return else: return # Salt to generate hashed username self.SALT = "<!@?>" # Regex to extract details self.AUTH_FAILURE = r'^[a-zA-Z]+.*authentication failure.*\s' self.USERNAME = r'(user=)([a-zA-Z0-9]+)' self.MESSAGE_REPEAT = r'message repeated\s([0-9]+)' # Initialize user to login attempt count dict self.user_to_count = dict() # Set threshold to 5 attempts per second to detect brute-force self.THRESHOLD = 5 # inter = 0.2
def __init__(self, debug=False): """ Initialize PortScan. Args: debug (bool): Log on terminal or not Raises: None Returns: None """ # Initialize logger self.logger = logger.SecureTeaLogger(__name__, debug=debug) # OS name to auth-log path map self.system_log_map = {"debian": "/var/log/auth.log"} os_name = utils.categorize_os() self.log_file = None if os_name: try: self.log_file = self.system_log_map[os_name] except KeyError: self.logger.log("Could not find path for the auth-log file", logtype="error") return else: return # Salt to generate hashed username self.SALT = "<!@?>" # Regex to extract Received disconnect self.RECIEVED_DISCONNECT = r'^([a-zA-Z]+\s[0-9]+)\s([0-9]+:[0-9]+:[0-9]+).' \ r'*Received\sdisconnect\sfrom\s([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)' # Initialize IP to count dict self.ip_dict = dict() # Set threshold to 5 attempts per second to detect port scan self.THRESHOLD = 5 # inter = 0.2 # Initialize OSINT object self.osint_obj = OSINT(debug=debug)
def __init__(self, debug=False): """ Initialize HarmfulCommnads. Detect harmful commands executed as root / sudo. Args: debug (bool): Log on terminal or not Raises: None Returns: None """ # Initialize logger self.logger = logger.SecureTeaLogger(__name__, debug=debug) # OS name to command-log path map self.system_log_map = {"debian": "/var/log/auth.log"} os_name = utils.categorize_os() self.log_file = None if os_name: try: self.log_file = self.system_log_map[os_name] except KeyError: self.logger.log("Could not find path for the command-log file", logtype="error") return else: return # Path for file of harmful commands self.COMMNAND_FILE_PATH = "/etc/securetea/log_monitor/system_log/harmful_command.txt" self.COMMAND = r'COMMAND=(.*\s)' # regex to extract commands self.harmful_commands = utils.open_file(self.COMMNAND_FILE_PATH) self.found_harmful = [] # list of harmful commands found
def __init__(self, debug=False): """ Initialize NonStdHash. Args: debug (bool): Log on terminal or not Raises: None Returns: None """ # Initialize logger self.logger = logger.SecureTeaLogger(__name__, debug=debug) # OS name to auth-log path map self.system_log_map = {"debian": "/etc/shadow"} os_name = utils.categorize_os() self.log_file = None if os_name: try: self.log_file = self.system_log_map[os_name] except KeyError: self.logger.log( "Could not find path for the password-log file", logtype="error") return else: return # List of hashing algorithm used self.used_algo = [] # Set THRESHOLD to 3 different hashing algorithm self.THRESHOLD = 3
def __init__(self, debug=False): """ Initialize DetSniffer. Args: debug (bool): Log on terminal or not Raises: None Returns: None """ # Initialize logger self.logger = logger.SecureTeaLogger(__name__, debug=debug) # OS name to sys-log path map self.system_log_map = {"debian": "/var/log/syslog"} os_name = utils.categorize_os() self.log_file = None if os_name: try: self.log_file = self.system_log_map[os_name] except KeyError: self.logger.log("Could not find path for the SSH-log file", logtype="error") return else: return # Regex to find malicious sniffer self.SNIFFER = r"device\s([a-zA-Z0-9_-]+)\s.*promisc" # List of promisc devices self.found_promisc = []
def __init__(self, debug=False): """ Initialize CheckSync. Args: debug (bool): Log on terminal or not Raises: None Returns: None """ # Initialize logger self.logger = logger.SecureTeaLogger(__name__, debug=debug) # OS name to password-log path map self.system_log_map = {"debian": ["/etc/passwd", "/etc/shadow"]} os_name = utils.categorize_os() self.log_file = None if os_name: try: self.log_file = self.system_log_map[os_name] except KeyError: self.logger.log("Could not find path for the auth-log file", logtype="error") return else: return # Users collected from both the files # stored as list self.log1_users = [] self.log2_users = []
def test_categorize_os(self, mock_system): """ Test categorize_os. """ mock_system.return_value = "debian" self.assertEqual(utils.categorize_os(), "debian")