def command_interpreter(db_connection, commands): """ Trojan shell command interpreter """ try: # Try to guess what the user is saying possibilities = [s for s in COMMANDS if s.lower().startswith(commands[1])] if len(possibilities) == 1: commands[1] = possibilities[0] if commands[1].replace(' ', '') == '': result = 0 elif commands[1].lower() == 'help': print_help() result = 0 elif commands[1].lower() == 'createusertable': result = db_connection.create_user_table() elif commands[1].lower() == 'truncateusertable': avalon.warning('By truncating you will LOSE ALL USER DATA') if avalon.ask('Are you sure you want to truncate?'): result = db_connection.truncate_user_table() else: avalon.warning('Operation canceled') result = 0 elif commands[1].lower() == 'dropusertable': avalon.warning('By dropping the table you will LOSE ALL USER DATA') if avalon.ask('Are you sure you want to drop the table?'): result = db_connection.drop_user_table() else: avalon.warning('Operation canceled') result = 0 elif commands[1].lower() == 'verify': result = db_connection.verify(commands[2]) elif commands[1].lower() == 'adduser': result = db_connection.add_user(commands[2], commands[3]) elif commands[1].lower() == 'deluser': result = db_connection.del_user(commands[2]) elif commands[1].lower() == 'show': if commands[2].lower() == 'users': result = db_connection.show_users() elif commands[2].lower() == 'quota': result = db_connection.show_users(show_quota=True) elif commands[1].lower() == 'setquota': result = db_connection.set_quota(commands[2], commands[3]) elif commands[1].lower() == 'addquota': result = db_connection.add_quota(commands[2], commands[3]) elif commands[1].lower() == 'clearusage': result = db_connection.clear_usage(commands[2]) elif commands[1].lower() == 'exit' or commands[1].lower() == 'quit': avalon.warning('Exiting') exit(0) elif len(possibilities) > 0: avalon.warning('Ambiguous command \"{}\"'.format(commands[1])) print('Use \"Help\" command to list available commands') result = 1 else: avalon.error('Invalid command') print('Use \"Help\" command to list available commands') result = 1 return result except IndexError: avalon.error('Invalid arguments') print('Use \"Help\" command to list available commands') result = 0
def _get_inputs(self): # welcome and banner server_types = [ "Web Server", "Mail Server", "Minecraft PC Server", ] print(avalon.FG.G + avalon.FM.BD + "Welcome to DefenseMatrix!") print("This is the setup wizard") print("You will be asked to answer basic questions about your server" + avalon.FM.RST) for index in range(len(server_types)): print(str(index) + ". " + server_types[index]) while True: server_select = avalon.gets("Select your type of server: ") try: server_type = server_types[int(server_select)] break except ValueError: avalon.error("Invalid Input!") if server_type == "Web Server": open_ports = [80, 443] elif server_type == "Mail Server": open_ports = [25, 110, 587] elif server_type == "Minecraft PC Server": open_ports = [25565] print(open_ports) avalon.info( "DefenseMatrix takes care of your firewall settings for you.") avalon.warning( "This following step is going to reset your iptables configuration" ) if not avalon.ask("Is is okay to proceed?", True): exit(0) os.system("iptables -F") os.system("iptables -X") os.system("ufw --force reset") ssh_port = 22 avalon.info("It is " + avalon.FM.BD + "HIGHLY recommended to change your default port for ssh") if avalon.ask("Do you want to change it now?", True): while True: try: ssh_port = avalon.gets( "Which port do you want to change to?: ") if len(ssh_port) == 0: avalon.error( "Please enter a valid port number between 1-65565!" ) pass else: ssh_port = int(ssh_port) break except ValueError: avalon.error( "Please enter a valid port number between 1-65565!") else: avalon.info( "You can always change it using the command \"dm --ssh-port [port]\"" ) return open_ports, ssh_port
help="Check DefenseMatrix & AVALON Framework Updates", action="store_true", default=False) args = parser.parse_args() # -------------------------------- Procedural -------------------------------- processArguments() if os.getuid() != 0: avalon.error("This app requires root privilege to run!") exit(0) try: if args.install: installer = Install() installer.install() elif args.uninstall: uninstaller = Install() uninstaller.uninstall() elif args.audit: securityAudit.audit() else: while True: iptables.ufw.generateStatistics() iptables.ufw.adjustStatus() time.sleep(5) except KeyboardInterrupt: avalon.warning("Aborting")
try: if sys.argv[1].lower() == 'interactive' or sys.argv[1].lower() == 'int': print_legal_info() # Set command completer completer = ShellCompleter(COMMANDS) readline.set_completer(completer.complete) readline.parse_and_bind('tab: complete') # Launch interactive trojan shell prompt = '{}[trojan]> {}'.format(avalon.FM.BD, avalon.FM.RST) while True: command_interpreter(trojan_db, [''] + input(prompt).split(' ')) else: # Return to shell with command return value exit(command_interpreter(trojan_db, sys.argv[0:])) except IndexError: avalon.warning('No commands specified') exit(0) except (KeyboardInterrupt, EOFError): avalon.warning('Exiting') exit(0) except Exception: avalon.error('Exception caught') traceback.print_exc() exit(1) if __name__ == '__main__': main() else: avalon.warning('This file cannot be imported')
def install(self): """ This is the main function for installer """ global ifacesSelected config = configparser.ConfigParser() config["Interfaces"] = {} config["NetworkControllers"] = {} config["Ufw"] = {} print(avalon.FM.BD + "Choose Installation Directory (Enter for default)" + avalon.FM.RST) installation_dir = avalon.gets( "Choose Installation Path (\"/usr/share/scutum\"):") if installation_dir.strip(" ") != "" and installation_dir[-1] == "/": self.INSTALL_DIR = installation_dir[ 0:-1] # strip last "/" if exists. breaks program path format avalon.info("Changed installation directory to: {}{}{}".format( avalon.FM.BD, self.INSTALL_DIR, avalon.FM.RST)) elif installation_dir.strip(" ") != "": self.INSTALL_DIR = installation_dir avalon.info("Changed installation directory to: {}{}{}".format( avalon.FM.BD, self.INSTALL_DIR, avalon.FM.RST)) else: avalon.info("Using default installation directory: {}{}{}".format( avalon.FM.BD, self.INSTALL_DIR, avalon.FM.RST)) if self.INSTALLER_DIR != self.INSTALL_DIR: if os.path.isdir(self.INSTALL_DIR): shutil.rmtree( self.INSTALL_DIR) # delete existing old scutum files shutil.copytree(self.INSTALLER_DIR, self.INSTALL_DIR) if os.path.islink(self.SCUTUM_BIN_FILE) or os.path.isfile( self.SCUTUM_BIN_FILE): os.remove( self.SCUTUM_BIN_FILE) # Remove old file or symbolic links os.system("ln -s " + self.INSTALL_DIR + "/scutum.py " + self.SCUTUM_BIN_FILE) self.install_service() # install and register service files os.system("systemctl enable scutum") # enable service os.system("systemctl start scutum") # start service if not os.path.isfile('/usr/bin/arptables') and not os.path.isfile( '/sbin/arptables'): # Detect if arptables installed print( avalon.FM.BD + avalon.FG.R + '\nWe have detected that you don\'t have arptables installed!' + avalon.FM.RST) print('SCUTUM requires arptables to run') if not self.sysInstallPackage("arptables"): avalon.error("arptables is required for scutum. Exiting...") exit(1) ifacesSelected = [] while True: print(avalon.FM.BD + '\nWhich interface do you wish to install for?' + avalon.FM.RST) ifaces = [] with open('/proc/net/dev', 'r') as dev: for line in dev: try: if line.split(':')[1]: ifaces.append(line.split(':')[0]) except IndexError: pass if not len(ifaces) == 0: idx = 0 for iface in ifaces: print(str(idx) + '. ' + iface.replace(' ', '')) idx += 1 print('99. Manually Enter') selection = avalon.gets('Please select (index number): ') try: if selection == '99': manif = avalon.gets('Interface: ') if manif not in ifacesSelected: ifacesSelected.append(manif) if avalon.ask('Add more interfaces?', False): pass else: break elif int(selection) >= len(ifaces): avalon.error('Selected interface doesn\'t exist!') else: ifacesSelected.append(ifaces[int(selection)].replace( ' ', '')) if avalon.ask('Add more interfaces?', False): pass else: break except ValueError: avalon.error('Invalid Input!') avalon.error('Please enter the index number!') config["Interfaces"]["interfaces"] = ",".join(ifacesSelected) while True: print(avalon.FM.BD + '\nWhich network controller do you want to install for?' + avalon.FM.RST) print('1. WICD') print('2. Network-Manager') print('3. Both') selection = avalon.gets('Please select: (index number): ') if selection == '1': if self.installWicdScripts() is not True: avalon.error( "SCUTUM Script for WICD has failed to install!") avalon.error("Aborting Installation...") exit(1) config["NetworkControllers"]["controllers"] = "wicd" break elif selection == '2': if self.installNMScripts(ifacesSelected) is not True: avalon.error( "SCUTUM Script for NetworkManager has failed to install!" ) avalon.error("Aborting Installation...") exit(1) config["NetworkControllers"]["controllers"] = "NetworkManager" break elif selection == '3': ifaces = ["wicd", "NetworkManager"] if self.installWicdScripts() is not True: avalon.warning("Deselected WICD from installation") ifaces.remove("wicd") if self.installNMScripts(ifacesSelected) is not True: avalon.warning( "Deselected NetworkManager from installation") ifaces.remove("NetworkManager") if len(ifaces) == 0: avalon.error("All SCUTUM Scripts have failed to install!") avalon.error("Aborting Installation...") exit(1) config["NetworkControllers"]["controllers"] = ",".join(ifaces) break else: avalon.error('Invalid Input!') print(avalon.FM.BD + '\nEnable UFW firewall?' + avalon.FM.RST) print( "Do you want SCUTUM to help configuring and enabling UFW firewall?" ) print("This will prevent a lot of scanning and attacks") if avalon.ask('Enable?', True): ufwctrl = Ufw(False) print("UFW can configure UFW Firewall for you") print("However this will reset your current UFW configurations") print( "It is recommended to do so the first time you install SCUTUM") if avalon.ask("Let SCUTUM configure UFW for you?", True): ufwctrl.initialize(True) else: avalon.info("Okay. Then we will simply enable it for you") ufwctrl.enable() print( "If you let SCUTUM handle UFW, then UFW will be activated and deactivated with SCUTUM" ) if avalon.ask("Let SCUTUM handle UFW?", True): config["Ufw"]["handled"] = "true" else: config["Ufw"]["handled"] = "false" else: config["Ufw"]["handled"] = "false" avalon.info("You can turn it on whenever you change your mind") print(avalon.FM.BD + '\nInstall Easy TCP controllers?' + avalon.FM.RST) print("Easy tcp controller helps you open/close ports quickly") print("ex. \"openport 80\" opens port 80") print("ex. \"closeport 80\" closes port 80") print("ex. \"openport 80 443\" opens port 80 and 443") print("ex. \"closeport 80 443\" closes port 80 and 443") if avalon.ask("Install Easy TCP conrollers?", True): self.install_easytcp_controllers() print(avalon.FM.BD + '\nInstall SCUTUM GUI?' + avalon.FM.RST) print("SCUTUM GUI is convenient for GUI Interfaces") print("ex. KDE, GNOME, XFCE, etc.") print("However, there\'s not point to install GUI on servers") if avalon.ask("Install SCUTUM GUI?", True): self.install_scutum_gui() with open(self.CONFPATH, 'w') as configfile: config.write(configfile) # Writes configurations
def installScutum(): def install4WICD(): """ Write scutum scripts for WICD """ print(avalon.FG.G + '[+] INFO: Installing for WICD' + avalon.FM.RST + '.....', end='') if not os.path.isdir('/etc/wicd/'): print(avalon.FG.G + avalon.FM.BD + 'ERROR' + avalon.FM.RST) avalon.warning('WICD folder not found! WICD does not appear to be installed!') if avalon.ask('Continue anyway?', False): os.system('mkdir /etc/wicd/') os.system('mkdir /etc/wicd/scripts/') os.system('mkdir /etc/wicd/scripts/postconnect/') os.system('mkdir /etc/wicd/scripts/postdisconnect/') else: avalon.warning('Aborting installation for WICD') return 0 with open('/etc/wicd/scripts/postconnect/scutum_connect', 'w') as postconnect: postconnect.write('#!/bin/bash\n') postconnect.write('scutum') postconnect.close() with open('/etc/wicd/scripts/postdisconnect/scutum_disconnect', 'w') as postdisconnect: postdisconnect.write('#!/bin/bash\n') postdisconnect.write('scutum --reset') postdisconnect.close() os.system('chown root: /etc/wicd/scripts/postconnect/scutum_connect') os.system('chmod 755 /etc/wicd/scripts/postconnect/scutum_connect') os.system('chown root: /etc/wicd/scripts/postdisconnect/scutum_disconnect') os.system('chmod 755 /etc/wicd/scripts/postdisconnect/scutum_disconnect') print(avalon.FG.G + avalon.FM.BD + 'SUCCEED' + avalon.FM.RST) def install4NM(): """ Write scutum scripts for Network Manager """ print(avalon.FG.G + '[+] INFO: Installing for NetworkManager' + avalon.FM.RST + '.....', end='') if not os.path.isdir('/etc/NetworkManager/dispatcher.d/'): print(avalon.FG.G + avalon.FM.BD + 'ERROR' + avalon.FM.RST) avalon.warning('NetworkManager folders not found! NetworkManager does not appear to be installed!') if avalon.ask('Continue anyway?', False): os.system('mkdir /etc/NetworkManager/') os.system('mkdir /etc/NetworkManager/dispatcher.d/') else: avalon.warning('Aborting installation for NetworkManager') return 0 with open('/etc/NetworkManager/dispatcher.d/scutum', 'w') as nmScript: nmScript.write("#!/bin/bash\n") nmScript.write(" \n") nmScript.write("IF=$1\n") nmScript.write("STATUS=$2\n") nmScript.write(" \n") for iface in ifacesSelected: nmScript.write("if [ \"$IF\" == \"" + iface + "\" ]\n") nmScript.write("then\n") nmScript.write(" case \"$2\" in\n") nmScript.write(" up)\n") nmScript.write(" scutum\n") nmScript.write(" ;;\n") nmScript.write(" down)\n") nmScript.write(" scutum --reset\n") nmScript.write(" ;;\n") nmScript.write(" *)\n") nmScript.write(" ;;\n") nmScript.write(" esac\n") nmScript.write("fi\n") nmScript.close() os.system('chown root: /etc/NetworkManager/dispatcher.d/scutum') os.system('chmod 755 /etc/NetworkManager/dispatcher.d/scutum') print(avalon.FG.G + avalon.FM.BD + 'SUCCEED' + avalon.FM.RST) if not os.path.isfile('/usr/bin/arptables') and not os.path.isfile('/sbin/arptables'): print(avalon.FM.BD + avalon.FG.R + '\nWe have detected that you don\'t have arptables installed!' + avalon.FM.RST) print('SCUTUM requires arptables to run') if avalon.ask('Install arptables?', True): if os.path.isfile('/usr/bin/apt'): os.system('apt update && apt install arptables -y') elif os.path.isfile('/usr/bin/yum'): os.system('yum install arptables -y') elif os.path.isfile('/usr/bin/pacman'): os.system('pacman -S arptables --noconfirm') else: avalon.error('Sorry, we can\'t find a package manager that we currently support. Aborting..') print('Currently Supported: apt, yum, pacman') print('Please come to SCUTUM\'s github page and comment if you know how to add support to another package manager') exit(0) else: avalon.error('arptables not installed. Unable to proceed. Aborting..') exit(0) ifacesSelected = [] while True: print(avalon.FM.BD + '\nWhich interface do you wish to install for?' + avalon.FM.RST) ifaces = [] with open('/proc/net/dev', 'r') as dev: for line in dev: try: if line.split(':')[1]: ifaces.append(line.split(':')[0]) except IndexError: pass if not len(ifaces) == 0: idx = 0 for iface in ifaces: print(str(idx) + '. ' + iface.replace(' ', '')) idx += 1 print('99. Manually Enter') selection = avalon.gets('Please select (index number): ') try: if selection == '99': manif = avalon.gets('Interface: ') if manif not in ifacesSelected: ifacesSelected.append(manif) if avalon.ask('Add more interfaces?', False): pass else: break elif int(selection) >= len(ifaces): avalon.error('Selected interface doesn\'t exist!') else: ifacesSelected.append(ifaces[int(selection)].replace(' ', '')) if avalon.ask('Add more interfaces?', False): pass else: break except ValueError: avalon.error('Invalid Input!') avalon.error('Please enter the index number!') while True: print(avalon.FM.BD + '\nWhich network controller do you want to install for?' + avalon.FM.RST) print('1. WICD') print('2. Network-Manager') print('3. Both') selection = avalon.gets('Please select: (index number): ') if selection == '1': install4WICD() break elif selection == '2': install4NM() break elif selection == '3': install4WICD() install4NM() break else: avalon.error('Invalid Input!') print(avalon.FM.BD + '\nEnable SCUTUM iptables firewall?' + avalon.FM.RST) print('This firewall uses linux iptables to establish a relatively secure environment') print('However, professional firewall softwares like ufw is recommended') print('Enable this only if you don\'t have a firewall already') avalon.warning('This feature will erase all existing iptables settings!') if avalon.ask('Enable?', False): with open('/etc/scutum.conf', 'w') as scutum_config: # A very simple config system scutum_config.write('[SCUTUM CONFIG]\n') scutum_config.write('firewall=true\n') scutum_config.write('interfaces=' + ','.join(ifacesSelected) + '\n') scutum_config.write('enabled=true\n') scutum_config.close() else: with open('/etc/scutum.conf', 'w') as scutum_config: scutum_config.write('[SCUTUM CONFIG]\n') scutum_config.write('firewall=false\n') scutum_config.write('interfaces=' + ','.join(ifacesSelected) + '\n') scutum_config.write('enabled=true\n') scutum_config.close()
processArguments() if not (args.enable or args.disable): printIcon() try: if os.getuid() != 0: # Arptables requires root avalon.error('SCUTUM must be run as root!') exit(0) if not (args.purgelog or args.install or args.uninstall or args.enable or args.disable): log = open(LOGPATH, 'a+') # Just for debugging log.write(str(datetime.datetime.now()) + ' ---- START ----\n') log.write(str(datetime.datetime.now()) + ' UID: ' + str(os.getuid()) + '\n') if not os.path.isfile('/etc/scutum.conf'): avalon.error('SCUTUM Config file not found! Please re-install SCUTUM!') avalon.warning('Please run "scutum --install" before using it for the first time') exit() configIntegrity = [] required = ['firewall', 'enabled', 'interfaces'] with open('/etc/scutum.conf', 'r') as scutum_config: for line in scutum_config: if 'firewall' in line and 'true' in line: configIntegrity.append('firewall') iptablesEnabled = True elif 'firewall' in line and 'false' in line: configIntegrity.append('firewall') iptablesEnabled = False if 'enabled' in line and 'true' in line:
def installScutum(): def install4WICD(): avalon.info('Installing scutum for WICD') with open('/etc/wicd/scripts/postconnect/scutum_connect', 'w') as postconnect: postconnect.write('#!/bin/bash\n') postconnect.write('scutum') postconnect.close() with open('/etc/wicd/scripts/postdisconnect/scutum_disconnect', 'w') as postdisconnect: postdisconnect.write('#!/bin/bash\n') postdisconnect.write('scutum --reset') postdisconnect.close() os.system('chown root: /etc/wicd/scripts/postconnect/scutum_connect') os.system('chmod 755 /etc/wicd/scripts/postconnect/scutum_connect') os.system( 'chown root: /etc/wicd/scripts/postdisconnect/scutum_disconnect') os.system( 'chmod 755 /etc/wicd/scripts/postdisconnect/scutum_disconnect') def install4NM(): avalon.warning('Installing for network manager') with open('/etc/network/if-up.d/scutum_connect', 'w') as postconnect: postconnect.write('#!/bin/bash\n') postconnect.write('scutum') postconnect.close() with open('/etc/network/if-post-down.d/scutum_disconnect', 'w') as postdown: postdown.write('#!/bin/bash\n') postdown.write('scutum --reset') postdown.close() os.system('chown root: /etc/network/if-up.d/scutum_connect') os.system('chmod 755 /etc/network/if-up.d/scutum_connect') os.system('chown root: /etc/network/if-post-down.d/scutum_disconnect') os.system('chmod 755 /etc/network/if-post-down.d/scutum_disconnect') while True: print(avalon.FM.BD + 'Which network controller do you want to install for?' + avalon.FM.RST) print('1. WICD') print('2. Network-Manager') print('3. Both') selection = avalon.gets('Please select: ') if selection == '1': install4WICD() break elif selection == '2': install4NM() break elif selection == '3': install4WICD() install4NM() break else: avalon.error('Invalid Input!') print(avalon.FM.BD + '\nEnable SCUTUM iptables firewall?' + avalon.FM.RST) print( 'This firewall uses linux iptables to establish a relatively secure environment' ) print('However, professional firewall softwares like ufw is recommended') print('Enable this only if you don\'t have a firewall already') avalon.warning('This feature will erase all existing iptables settings!') if avalon.ask('Enable?', False): with open('/etc/scutum.conf', 'w') as scutum_config: scutum_config.write('[SCUTUM CONFIG]\n') scutum_config.write('firewall=true\n') scutum_config.close() else: with open('/etc/scutum.conf', 'w') as scutum_config: scutum_config.write('[SCUTUM CONFIG]\n') scutum_config.write('firewall=false\n') scutum_config.close()
if os.getuid() != 0: avalon.error('This program must be run as root!') exit(0) try: if not (args.purgelog or args.install or args.uninstall): log = open(LOGPATH, 'a+') # Just for debugging log.write(str(datetime.datetime.now()) + ' ---- START ----\n') log.write( str(datetime.datetime.now()) + ' UID: ' + str(os.getuid()) + '\n') if not os.path.isfile('/etc/scutum.conf'): avalon.error( 'SCUTUM Config file not found! Please re-install SCUTUM!') avalon.warning( 'Please run "scutum --install" before using it for the first time' ) exit() with open('/etc/scutum.conf', 'r') as scutum_config: for line in scutum_config: if 'firewall' in line and 'true' in line: iptablesEnabled = True elif 'firewall' in line and 'false' in line: iptablesEnabled = False if os.getuid() != 0: # Arptables requires root avalon.error('Scutum requires root access to run!') raise NotRoot(str(datetime.datetime.now()) + ' Not Root') if args.install: avalon.info('Start Installing Scutum...') os.rename(os.path.abspath(__file__), '/usr/bin/scutum') os.system('chown root: /usr/bin/scutum')