UPDATE: Artillery 0.2 Alpha!

by Mayuresh on December 7, 2011

in Open Source, Security tools, Tool Updates

Our first post regarding Artillery can be found here. Recently, an update Artillery version 0.2 Alpha was released!

Artillery 0.2 Alpha

 “Artillery is a combination of a honeypot, monitoring tool, and alerting system. Eventually this will evolve into a hardening monitoring platform as well to detect insecure configurations from nix systems.”

Official change log for Artillery 0.2 Alpha:

  • added a check to see if we are running on windows or linux
  • added a new anti-dos protection for linux, it will check connections and limit based on how many are connecting, you will probably want to adjust this per server
  • changed honeypot ban method to src.core through ban(ip) versus standalone call for iptables
  • changed iptable chains to be ARTILLERY versus piggy backing INPUT, much cleaner to view
  • fixed a bug that would cause duplicate entries into iptables and in banlist.txt
  • added functionality to support blacklisting via redirection routes on windows machines.. may have better alternatives but this works for now
  • added a ip check routine for when banning IP addresses, ensures sanitization if something crazy is inserted instead of an IP address
  • converted all core.py modules to be windows compliant
  • converted all of honeypot.py modules to be windows compliant
  • converted all of the monitor.py modules, this will only work for linux until I rewrite the module to support difflib versus the actual application diff
  • converted all of the ssh_brute.py modules to be windows compliant.. this will be linux only since nix is primarily used for SSH
  • converted all of the harden.py modules to be windows compliant.. this will be linux only since nix is primarily checked. Will expand later on others
  • fixed a bug that would not properly monitor the overall database for monitored files (thanks Pier)

This Artillery incorporates lots of bug fixes including some basic anti-dos prevention. This release also adds basic support for the Microsoft Windows platform. Features such as the creation of fake ports on Windows 7 and Windows Vista work quiet well. However, to run Artillery you will need Python 2.6+ installed and running on the Windows systems.

Download Artillery:

Artillery 0.2 Alpha can be downloaded from the SVN at the following link:

svn co http://svn.secmaniac.com/artillery artillery/
0

If you enjoyed this article, you might also like:

Tagged as: , , , ,

{ 0 comments… add one now }

Leave a Comment

* Copy this password:

* Type or paste password here:

Previous post:

Next post: