Artillery 0.1 alpha - New tool for Linux Protection by ReL1K
A new Tool "Artillery" - for Linux Protection has been Released by ReL1K (Founder DerbyCon, Creator of the Social-Engineer Toolkit). It's written in Python and completely open-source. Artillery is a combination of a honeypot, file monitoring and integrity, alerting, and brute force prevention tool. It's extremely light weight, has multiple different methods for detecting specific attacks and eventually will also notify you of insecure nix configurations.
Features:
Extremely Simple Configuration ( /var/artillery/config )
#############################################################################################
#
# This is the Artillery configuration file. Change these variables and flags to change how
# this behaves.
#
#############################################################################################
#
# DETERMINE IF YOU WANT TO MONITOR OR NOT
MONITOR=YES
#
# THESE ARE THE FOLDERS TO MONITOR, TO ADD MORE, JUST DO "/root","/var/", etc.
MONITOR_FOLDERS="/var/www","/etc/"
#
# BASED ON SECONDS, 2 = 2 seconds.
MONITOR_FREQUENCY=10
#
# PORTS TO SPAWN HONEYPOT FOR
PORTS="135,445,22,1433,3389,8080,21,5900,25,53,110,3306,1723,1337,10000,5800,44443″
#
EMAIL_ALERTS=OFF
#
# CURRENT SUPPORT IS FOR GMAIL ONLY, ENTER YOUR GMAIL USERNAME AND PASSWORD HERE
GMAIL_USERNAME="thisisjustatest@gmail.com"
#
# ENTER THE GMAIL PASSWORD HERE
GMAIL_PASSWORD="SETHERE"
#
# ENTER THE EMAIL ADDRESS TO RECEIVE THE ALERT
ALERT_USER_EMAIL="user@whatever.com"
#
# DO YOU WANT TO MONITOR SSH BRUTE FORCE ATTEMPTS
SSH_BRUTE_MONITOR=ON
#
# HOW MANY ATTEMPTS BEFORE YOU BAN
SSH_BRUTE_ATTEMPTS=4
Features:
- If anyone decides to port scan or touch those ports, they are blacklisted immediately and permanently.
- It's multi-threaded and can handle as many connections thrown at it.
- Monitor file integrity leveraging sha-512 database
- Keeps track of all system files and if anything changes
- Artillery also monitors the SSH logs, and the event of a brute force attack, blacklists the host forever
Extremely Simple Configuration ( /var/artillery/config )
#############################################################################################
#
# This is the Artillery configuration file. Change these variables and flags to change how
# this behaves.
#
#############################################################################################
#
# DETERMINE IF YOU WANT TO MONITOR OR NOT
MONITOR=YES
#
# THESE ARE THE FOLDERS TO MONITOR, TO ADD MORE, JUST DO "/root","/var/", etc.
MONITOR_FOLDERS="/var/www","/etc/"
#
# BASED ON SECONDS, 2 = 2 seconds.
MONITOR_FREQUENCY=10
#
# PORTS TO SPAWN HONEYPOT FOR
PORTS="135,445,22,1433,3389,8080,21,5900,25,53,110,3306,1723,1337,10000,5800,44443″
#
EMAIL_ALERTS=OFF
#
# CURRENT SUPPORT IS FOR GMAIL ONLY, ENTER YOUR GMAIL USERNAME AND PASSWORD HERE
GMAIL_USERNAME="thisisjustatest@gmail.com"
#
# ENTER THE GMAIL PASSWORD HERE
GMAIL_PASSWORD="SETHERE"
#
# ENTER THE EMAIL ADDRESS TO RECEIVE THE ALERT
ALERT_USER_EMAIL="user@whatever.com"
#
# DO YOU WANT TO MONITOR SSH BRUTE FORCE ATTEMPTS
SSH_BRUTE_MONITOR=ON
#
# HOW MANY ATTEMPTS BEFORE YOU BAN
SSH_BRUTE_ATTEMPTS=4
svn co https://svn.secmaniac.com/artillery artillery/
