Giters

gauravsitlani / unoon

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Unoon

Unoon is a desktop tool Intrusion detection tool. This is in the very early stage of development.

License: GPLv3+

Build instructions

Install dependencies

Install golang and configure go. Git clone this repo in ~/gocode/src/github.com/kushaldas/unoon.

Install go dependences:

In fedora: sudo dnf install libpcap-devel redis

Start redis service:

sudo systemctl start redis

Install python dependencies:

In Fedora: sudo dnf install python3-pyqt5 python3-redis python3-yaml python3-psutil audit

Build

Build the go portion with:

go build github.com/kushaldas/unoon/cmd/unoon

Setting up audit rules

Put the following in the /etc/audit/rules.d/audit.rules file.

## First rule - delete all
-D

## Increase the buffers to survive stress events.
## Make this bigger for busy systems
-b 8192

## This determine how long to wait in burst of events
--backlog_wait_time 0

## Set failure mode to syslog
-f 1

-a exit,always -F arch=b64 -S connect,listen,bind -k unoon_network
-a always,exit -F arch=b64 -S exit,exit_group -k unoon_exit

Remember as this tool is in the development stage, we will keep changing and adding a lot more rules in the coming days.

In future we may add rules in a different way, but for now, we will use auditd itself.

$ sudo systemctl start auditd
$ sudo systemctl status auditd
$ sudo systemctl stop auditd
$ sudo auditctl -l
-a always,exit -F arch=b64 -S connect,bind,listen -F key=unoon_network
-a always,exit -F arch=b64 -S exit,exit_group -F key=unoon_exit

On Fedora you may have to use the service command.

$ sudo service auditd restart
$ sudo service auditd stop

The last command should show you output as shown above.

Redis server configuration

You should run the redis server along with a password for production, and you can provide the same using the following format in /etc/unoon/unoon.yml file.

If the file does not exist, it will assume no password is required.

---
server: "localhost:6379"
password: "yourpassword"
db:     0

Start

Start the backend:

sudo ./unoon

You can pass a different interface name with -device flag to the unoon executable.

Next, create the database directory and also the sqlite database.

sudo mkdir /var/lib/unoon
sudo python3 ./desktop/udesktop/db.py

Start the frontend:

sudo python3 ./desktop/udesktop/main.py

About

License:GNU General Public License v3.0

Languages

Language:Python 76.9%Language:Go 23.1%