Poison IDS

[chroniccommand]

Poison IDS version 1.0

Please read the README for more information
README.txt:

Code: [Select]

-+-+README for Poison IDS+-+-
Version 1.0
Poison IDS is a simple Intrusion Detection System written in Python by Chroniccommand.

I stress the word basic. Right now all it does is loop a thread that checks the MD5 checksums of a certain files. If the system senses a change, it alerts the user and writes the Hashes to a log.

The user may set the check interval whenever they want. Default is 15 seconds.

The user may also add a file to the checklist. The checklist is a list of files the get the MD5sum for.
NOTE:
If you add a file to the checklist the system will alert you. Please note this is a false positive.

Right now it's pretty decent, but not the best. This is the first release(Version 1.0) of the script, so expect some bugs. Please report bugs to Chroniccommand.

You may modify, distribute, and use this script. But you must give credits to the original author(Chroniccommand)

Poison
HaxMe
iExploit
xPC

--Chroniccommand

IDS:

Code: [Select]

#!/usr/bin/python
'''
Simple IDS(Intrustion Detection System) written in Python
Version 1.0
Author: Chroniccommand
poison.teamxpc.com/
'''
#We import threading so we can call chechhash() while in cp()
import sys, hashlib, threading, os
from datetime import *
from time import *
global status
status = 1 #Status - OFF/ON
global interval
interval = 15 #Interval in which the system checks
log = 'poisonids.log' #Logfile name
files = ['/etc/passwd', '/bin/sh', '/bin/bash', '/bin/login', '/bin/ls', '/bin/mount', '/bin/ping', '/bin/umount', '/bin/netstat', '/bin/su', '/usr/bin/crontab', '/usr/bin/passwd'] #Preloaded with system files
md5s = dict()
newmd5 = dict()
oldmd5 = dict()
def getmd5(file, ex="", inc=""): #Function to get the MD5 hashes
    m = hashlib.md5()
    try:
        fd = open(file,"rb")
    except IOError:
        print "Can't retrieve MD5sum for ", file
        return
    content = fd.readlines() #Read the file
    fd.close()
    for eachLine in content:
        if ex and eachLine.startswith(ex):
            continue
        m.update(eachLine)
    m.update(inc)
    return m.hexdigest()
   
def checkhash(): #Function that sleeps and checks for hashes to make sure they're ok
    now = datetime.now()
    curtime = now.strftime("%Y-%m-%d %H:%M") #Get and format current date/time
    sleep(interval)
    for i in files:
        oldmd5[i] = getmd5(i)
    sleep(interval)
    for i in files:
        newmd5[i] = getmd5(i)
    if newmd5 != oldmd5: #Compare the two dictionaries for changes
        print("\n[WARNING] - An md5 checksum has changed! This may be a false positive")
        print("This may or may not be a backdoor")
        print("Wrote info to log\n")
        sleep(interval)
        try:
            logfile = open(log, 'a') #Log the info to the log file
            logfile.write("\nWARNING: An MD5 checksum changed!\n")
            logfile.write("Time: " + curtime + "\n")
            logfile.write("Dump of changed MD5 checksums\n")
            logfile.write("\n".join(["%s => %s" % (keys, vals) for keys, vals in newmd5.items()]))
            logfile.write("\n\n")
            logfile.close()
            checkhash()
        except:
            print("\nCannot log to file")
            checkhash()
    else:
        try:
            logfile = open(log, 'a')
            logfile.write("\n[INFO]Scanned files at " + curtime + "\n")
            logfile.write("Everything turned up clean. Dump of hashes:\n")
            logfile.write("\n".join(["%s => %s" % (keys, vals) for keys, vals in newmd5.items()]))
            logfile.write("\n")
            logfile.close()
            checkhash()
        except:
            print("\nCannot log to file")
            checkhash()
           

for i in files:
    md5s[i] = getmd5(i) #Loop to get the file hashes
thread = threading.Thread(target=checkhash) #Start a thread of the checkhash() function
thread.start()
print("Welcome to Poison IDS Control Panel version .1")
def cp(): #No, not child porn
    if status == 1:
        print("Status: ON")
        offonstatus = "Turn OFF" #offonstatus to be used in the future
    elif status == 2:
        print("Status: Standby")
    else:
        print("Status: OFF")
        offonstatus = "Turn ON"
    print("1 - Show files/Hashes\n2 - Set check time\n3 - Add file to checklist\n4 - Print checklist\n5 - Exit")
    choice = raw_input("Choice: ")
    if choice == "1":
        print "\n".join(["%s => %s" % (keys, vals) for keys, vals in md5s.items()]) #Print MD5 hashes
        cp()
    elif choice == "2":
        settime = raw_input("Interval: ")
        interval = settime
        cp()
    elif choice == "3":
        file = raw_input("File to add(full path): ")
        files.append(file)
        logfile = open(log, 'a')
        logfile.write("\nAdded file " + file + "\n")
        logfile.close()
        cp()
    elif choice == "4":
        print("\n")
        print(files)
        print("\n")
        cp()
    elif choice == "5":
        sys.exit()
    else:
        print("Unknown input")
        cp()

cp()