It looks like you're new here. If you want to get involved, click one of these buttons!
-+-+README for Poison IDS+-+-Version 1.0Poison IDS is a simple Intrusion Detection System written in Python by Chroniccommand.I stress the word basic. Right now all it does is loop a thread that checks the MD5 checksums of a certain files. If the system senses a change, it alerts the user and writes the Hashes to a log. The user may set the check interval whenever they want. Default is 15 seconds.The user may also add a file to the checklist. The checklist is a list of files the get the MD5sum for. NOTE:If you add a file to the checklist the system will alert you. Please note this is a false positive.Right now it's pretty decent, but not the best. This is the first release(Version 1.0) of the script, so expect some bugs. Please report bugs to Chroniccommand.You may modify, distribute, and use this script. But you must give credits to the original author(Chroniccommand)PoisonHaxMeiExploitxPC--Chroniccommand
#!/usr/bin/python'''Simple IDS(Intrustion Detection System) written in PythonVersion 1.0Author: Chroniccommandpoison.teamxpc.com/'''#We import threading so we can call chechhash() while in cp()import sys, hashlib, threading, osfrom datetime import *from time import *global statusstatus = 1 #Status - OFF/ONglobal intervalinterval = 15 #Interval in which the system checkslog = 'poisonids.log' #Logfile namefiles = ['/etc/passwd', '/bin/sh', '/bin/bash', '/bin/login', '/bin/ls', '/bin/mount', '/bin/ping', '/bin/umount', '/bin/netstat', '/bin/su', '/usr/bin/crontab', '/usr/bin/passwd'] #Preloaded with system filesmd5s = dict()newmd5 = dict()oldmd5 = dict()def getmd5(file, ex=\"\", inc=\"\"): #Function to get the MD5 hashes m = hashlib.md5() try: fd = open(file,\"rb\") except IOError: print \"Can't retrieve MD5sum for \", file return content = fd.readlines() #Read the file fd.close() for eachLine in content: if ex and eachLine.startswith(ex): continue m.update(eachLine) m.update(inc) return m.hexdigest() def checkhash(): #Function that sleeps and checks for hashes to make sure they're ok now = datetime.now() curtime = now.strftime(\"%Y-%m-%d %H:%M\") #Get and format current date/time sleep(interval) for i in files: oldmd5[i] = getmd5(i) sleep(interval) for i in files: newmd5[i] = getmd5(i) if newmd5 != oldmd5: #Compare the two dictionaries for changes print(\"\n[WARNING] - An md5 checksum has changed! This may be a false positive\") print(\"This may or may not be a backdoor\") print(\"Wrote info to log\n\") sleep(interval) try: logfile = open(log, 'a') #Log the info to the log file logfile.write(\"\nWARNING: An MD5 checksum changed!\n\") logfile.write(\"Time: \" + curtime + \"\n\") logfile.write(\"Dump of changed MD5 checksums\n\") logfile.write(\"\n\".join([\"%s => %s\" % (keys, vals) for keys, vals in newmd5.items()])) logfile.write(\"\n\n\") logfile.close() checkhash() except: print(\"\nCannot log to file\") checkhash() else: try: logfile = open(log, 'a') logfile.write(\"\n[INFO]Scanned files at \" + curtime + \"\n\") logfile.write(\"Everything turned up clean. Dump of hashes:\n\") logfile.write(\"\n\".join([\"%s => %s\" % (keys, vals) for keys, vals in newmd5.items()])) logfile.write(\"\n\") logfile.close() checkhash() except: print(\"\nCannot log to file\") checkhash() for i in files: md5s[i] = getmd5(i) #Loop to get the file hashesthread = threading.Thread(target=checkhash) #Start a thread of the checkhash() functionthread.start()print(\"Welcome to Poison IDS Control Panel version .1\")def cp(): #No, not child porn if status == 1: print(\"Status: ON\") offonstatus = \"Turn OFF\" #offonstatus to be used in the future elif status == 2: print(\"Status: Standby\") else: print(\"Status: OFF\") offonstatus = \"Turn ON\" print(\"1 - Show files/Hashes\n2 - Set check time\n3 - Add file to checklist\n4 - Print checklist\n5 - Exit\") choice = raw_input(\"Choice: \") if choice == \"1\": print \"\n\".join([\"%s => %s\" % (keys, vals) for keys, vals in md5s.items()]) #Print MD5 hashes cp() elif choice == \"2\": settime = raw_input(\"Interval: \") interval = settime cp() elif choice == \"3\": file = raw_input(\"File to add(full path): \") files.append(file) logfile = open(log, 'a') logfile.write(\"\nAdded file \" + file + \"\n\") logfile.close() cp() elif choice == \"4\": print(\"\n\") print(files) print(\"\n\") cp() elif choice == \"5\": sys.exit() else: print(\"Unknown input\") cp()cp()
said:Nice code would you have to run this say every 10 mins or so?
Nice code would you have to run this say every 10 mins or so?