Skip to Main Content
October 15, 2011

Release of 0.1.1 alpha Artillery

Written by David Kennedy
Penetration Testing Security Testing & Analysis
Airplane rides are my favorite time to get in some serious coding. I've released 0.1.1 which adds some additional functionality. For one, it will monitor /var/www permissions and check to see if its root:root and proper filesystem attributes. In addition it is beginning to baseline the computer for insecure configurations, its currently checking /etc/ssh/sshd_config for hardening and will expand on a lot more. I've also added an option in the installer to check out the subversion and perform automatic updates, so you don't have to run an install and rewrite the config each time a new version is out. In addition to these, when the honeypot is setup, if a connection is received, it sends back to the attacker a random 5 to 30000 random character sequence. Makes it look like a completely funky protocol, then bans them. That should be fun :) Below is the changelog for 0.1.1: ~~~~~~~~~~~~~~~~~~~~~ version 0.1.1 alpha ~~~~~~~~~~~~~~~~~~~~~ * removed the majority of imports in * added better handling over missing folders * fixed the installer * added better wording around what changes were detected * added time changes were detected * removed, not needed * added directory checking for monitored folders..different platforms may not have the exact folders * changed port range to get detected through config versus hardcoded into src/ will now use config to generate port ranges * added granularity if port was in use * added a generate random character sequence upon connect, will send a string between 5 and 30000 to the attacker...should be confusing :) * added src/ which now checks for base configurations on a linux system that may be insecure in nature * added check for ssh log in to see if default port running on 22 and if running as root * added a check for /var/www to check permissions and ensure files are running as root * removed some un-necessary code in install and piped subprocess to stdout and stderr instead of /dev/null * added option to checkout svn during install, this will keep artillery up-to-date * added automatic-updating when artillery is launched * added threading to automatic-update to remove any delay that might happen if Internet isn't working