Giters

lestums / ProbeManager

Centralize Management of Intrusion Detection System like Suricata Bro Ossec ...

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Probe Manager

Licence Version

Code_Health

Coverage_Status

Status Operating system
Build_Status Linux x86_64

Presentation

It is common to note that many IDS which are installed on a system, are not updated, as well on the side of the software, as rules. This can be explained because maintenance and rule management are complicated. This observation made me want to develop an application that would better manage network and machine detection probes on a system.

ProbeManager is an application that centralizes the management of intrusion detection system. For the moment the NIDS Suricata is implemented and Bro and OSSEC are being implemented.

Features

  • Search rules in those of all probes.
  • List of installed probes and their status.
  • Push notifications (change of status, ...).
  • API Restfull.

TODO

  • Increase tests

Installation

Operating System

OSX and Debian are Supported.

Requirements

  • Python3.
  • Pip with access to repository
  • Rabbitmq-server (installed with install script)
  • Postgresql (installed with install script)

Retrieve the project

git clone --recursive https://github.com/treussart/ProbeManager.git

Install

For developer :

./install.sh
./start.sh

For Production :

Default destination path : /usr/local/share

sudo ./install.sh prod [destination path]

With Django server (not recommended) :

[destination path]./start.sh prod

With Apache (Only for Debian) :

http://localhost

Launch the tests

./test.sh

Open the file with a web browser :

coverage_html/index.html

Modules

Add a submodule

git submodule add -b master --name suricata https://github.com/treussart/ProbeManager_Suricata.git probemanager/suricata
Modules must respect a few rules:
  • A file version.txt (generate by install script)
  • A file README.rst
  • A folder api with a variable urls_to_register into urls.py

Documentation

Respect the standard : reStructuredText (RST).

venv/bin/python probemanager/manage.py runscript generate_doc --settings=probemanager.settings.dev

Open the file with a web browser :

docs/_build/html/index.html

Conventions

Respect the syntax and rules PEP8

flake8 .

Good practice :

flake8 --install-hook git git config --bool flake8.strict true

Update

Repository

git pull origin master
git submodule foreach git pull origin master

PIP Packages

See upgrades :
pip list --outdated --format=freeze
Apply upgrades :
pip list --outdated --format=legacy | cut -d' ' -f1 | xargs pip install --upgrade

Upgrade pip :
pip install --upgrade pip

Uninstall packages :
pip freeze | cut -d'=' -f1 | xargs pip uninstall -y

About

Centralize Management of Intrusion Detection System like Suricata Bro Ossec ...

License:GNU General Public License v3.0

Languages

Language:Python 78.2%Language:Shell 11.6%Language:HTML 9.5%Language:CSS 0.6%Language:JavaScript 0.1%