Artillery 0.1 alpha – New tool for Linux Protection by ReL1K

Artillery 0.1 alpha – New tool for Linux Protection by ReL1K
A new Tool “Artillery” – for Linux Protection has been Released by ReL1K (Founder DerbyCon, Creator of the Social-Engineer Toolkit). It’s written in Python and completely open-source. Artillery is a combination of a honeypot, file monitoring and integrity, alerting, and brute force prevention tool. It’s extremely light weight, has multiple different methods for detecting specific attacks and eventually will also notify you of insecure nix configurations.Features:If anyone decides to port scan or touch those ports, they are blacklisted immediately and permanently.
It’s multi-threaded and can handle as many connections thrown at it.
Monitor file integrity leveraging sha-512 database
Keeps track of all system files and if anything changes
Artillery also monitors the SSH logs, and the event of a brute force attack, blacklists the host forever
Extremely Simple Configuration ( /var/artillery/config )############################################################################################### This is the Artillery configuration file. Change these variables and flags to change how# this behaves.################################################################################################ DETERMINE IF YOU WANT TO MONITOR OR NOTMONITOR=YES## THESE ARE THE FOLDERS TO MONITOR, TO ADD MORE, JUST DO “/root”,”/var/”, etc.MONITOR_FOLDERS=”/var/www”,”/etc/”## BASED ON SECONDS, 2 = 2 seconds.MONITOR_FREQUENCY=10## PORTS TO SPAWN HONEYPOT FORPORTS=”135,445,22,1433,3389,8080,21,5900,25,53,110,3306,1723,1337,10000,5800,44443?#EMAIL_ALERTS=OFF## CURRENT SUPPORT IS FOR GMAIL ONLY, ENTER YOUR GMAIL USERNAME AND PASSWORD HEREGMAIL_USERNAME=”thisisjustatest@gmail.com”## ENTER THE GMAIL PASSWORD HEREGMAIL_PASSWORD=”SETHERE”## ENTER THE EMAIL ADDRESS TO RECEIVE THE ALERTALERT_USER_EMAIL=”user@whatever.com”## DO YOU WANT TO MONITOR SSH BRUTE FORCE ATTEMPTSSSH_BRUTE_MONITOR=ON## HOW MANY ATTEMPTS BEFORE YOU BANSSH_BRUTE_ATTEMPTS=4

To install, simply run ./install.py. This will add artillery to bootup and start Artillery. You can download Artillery here:

svn co https://svn.secmaniac.com/artillery artillery/