Merge branch 'issue_86_bd'

.gitignore

@@ -1,2 +1,3 @@
 *.pyc
-
+banlist.txt
+config

README.md

@@ -1,40 +1,3 @@
-Artillery is a combination of a honeypot, monitoring tool, and alerting system. Eventually this will evolve into a hardening monitoring platform as well to detect insecure configurations from nix systems. It's relatively simple, run ```./setup.py``` and hit yes (or ```./setup.py -y``` for a silent install), this will install Artillery in ```/var/artillery``` and edit your ```/etc/init.d/rc.local``` to start artillery on boot up.
-
-### Features
-
-1. It sets up multiple common ports that are attacked. If someone connects to these ports, it blacklists them forever (to remove blacklisted ip's, remove them from ```/var/artillery/banlist.txt```)
-
-2. It monitors what folders you specify, by default it checks ```/var/www``` and ```/etc``` for modifications.
-
-3. It monitors the SSH logs and looks for brute force attempts.
-
-4. It will email you when attacks occur and let you know what the attack was.
-
-Be sure to edit the ```/var/artillery/config``` to turn on mail delivery, brute force attempt customizations, and what folders to monitor.
-
-### Bugs and enhancements
-
-For bug reports or enhancements, please open an issue here https://github.com/BinaryDefense/artillery/issues
-
-### Project structure
-
-For those technical folks you can find all of the code in the following structure:
-
-- ```src/core.py``` - main central code reuse for things shared between each module
-- ```src/monitor.py``` - main monitoring module for changes to the filesystem
-- ```src/ssh_monitor.py``` - main monitoring module for SSH brute forcing
-- ```src/honeypot.py``` - main module for honeypot detection
-- ```src/harden.py``` - check for basic hardening to the OS
-- ```database/integrity.data``` - main database for maintaining sha512 hashes of filesystem
-- ```setup.py``` - copies files to ```/var/artillery/``` then edits ```/etc/init.d/artillery``` to ensure artillery starts per each reboot
-
-### Supported platforms
-
-- Linux
-- Windows
-
-On windows to install pywin32 is needed.Install version that matches the version of python installed ex: 32/64 bit. Download files to location of your choice.open a cmd prompt browse to directory that files are located. To run type "python setup.py". You will be prompted for credentials if you are not an admin.  Artillery wil be installed in "Program Files (x86). After setup you have option to launch program. included is a batch file to launch once it is installed it is located in install directory.Console logging must be enabled in config. 
-
 Project Artillery - A project by Binary Defense Systems (https://www.binarydefense.com).
 
 Binary Defense Systems (BDS) is a sister company of TrustedSec, LLC

artillery.py

@@ -16,44 +16,39 @@
 import os
 import subprocess
 from src.pyuac import * # added so that it prompts when launching from batch file
+
+import traceback
+
+# import artillery global variables
+import src.globals
+from src.core import *
 #
+init_globals()
 # Tested on win 7/8/10 also on kali rolling. left this here for when someone tries to launch this directly before using setup.
-if 'win32' in sys.platform:
-    if not os.path.isfile("C:\Program Files (x86)\\Artillery\\artillery.py"):
-        print("[*] Artillery is not installed, running setup.py..")
-        import setup
-#        subprocess.Popen("python setup.py", shell=True).wait()
-
-# consolidated nix* variants
-if ('linux' or 'linux2' or 'darwin') in sys.platform:
-    if not os.path.isfile("/var/artillery/artillery.py"):
-        print("[*] Artillery is not installed, running setup.py..")
-        import setup
-#        subprocess.Popen("python setup.py", shell=True).wait()
-#        sys.exit()
+if not os.path.isfile(src.globals.g_appfile):
+    print("[*] Artillery is not installed, running setup.py..")
+    import setup
 
-from src.core import *
 # from src.config import * # yaml breaks config reading - disabling
 
 if is_windows():#this is for launching script as admin from batchfile.
     if not isUserAdmin():# will prompt for user\pass and open in seperate window when you double click batchfile
         runAsAdmin()
-    #removed below.These folders are created in setup.py
-    #if not os.path.isdir("C:\\Program Files (x86)\\Artillery\\database"):
-        #os.mkdir("C:\\Program Files (x86)\\Artillery\\database")
+    #
     if isUserAdmin():
+        check_config()
         #moved for issue #39 BinaryDefense to only import on windows. seemed like best place
         #not the best way but for now something will go into eventlog.
         #for people with subscriptions in there environment like myself.
         #will work on better way
         from src.events import ArtilleryStartEvent
         # let the local(txt))logfile know artillery has started successfully
-        write_log("[*] %s: Artillery has started successfully." % (grab_time()))
+        write_log("Artillery has started successfully.")
         # write to windows log to let know artillery has started
         ArtilleryStartEvent()
         #create temp datebase and continue
-    if not os.path.isfile("C:\\Program Files (x86)\\Artillery\\database\\temp.database"):
-        filewrite = open("C:\\Program Files (x86)\\Artillery\database\\temp.database", "w")
+    if not os.path.isfile(src.globals.g_apppath + "\\database\\temp.database"):
+        filewrite = open(src.globals.g_apppath + "\\database\\temp.database", "w")
         filewrite.write("")
         filewrite.close()
 
@@ -69,16 +64,17 @@
             print ("[*] You must be root to run this script!\r\n")
         sys.exit(1)
     else:
-        if not os.path.isdir("/var/artillery/database/"):
-            os.makedirs("/var/artillery/database/")
-        if not os.path.isfile("/var/artillery/database/temp.database"):
-            filewrite = open("/var/artillery/database/temp.database", "w")
+        check_config()
+        if not os.path.isdir(src.globals.g_apppath + "/database/"):
+            os.makedirs(src.globals.g_apppath + "/database/")
+        if not os.path.isfile(src.globals.g_apppath + "/database/temp.database"):
+            filewrite = open(src.globals.g_apppath + "/database/temp.database", "w")
             filewrite.write("")
             filewrite.close()
 
 
-if is_config_enabled("CONSOLE_LOGGING"):
-    print("[*] %s: Artillery has started successfully.\n[*] If on Windows Ctrl+C to exit. \n[*] Console logging enabled.\n" % (grab_time()))
+write_console("Artillery has started \nIf on Windows Ctrl+C to exit. \nConsole logging enabled.\n")
+write_console("Artillery is running from '%s'" % src.globals.g_apppath)
 
 # prep everything for artillery first run
 check_banlist_path()
@@ -89,7 +85,7 @@
         thread.start_new_thread(update, ())
 
     # import base monitoring of fs
-    if is_config_enabled("MONITOR"):
+    if is_config_enabled("MONITOR") and is_posix():
         from src.monitor import *
 
     # port ranges to spawn
@@ -99,40 +95,55 @@
     # if we are running posix then lets create a new iptables chain
     if is_posix():
         time.sleep(2)
+        write_console("Creating iptables entries, hold on.")
         create_iptables_subset()
-        # start anti_dos
-        import src.anti_dos
+        write_console("iptables entries created.")
+        if is_config_enabled("ANTI_DOS"):
+            write_console("Activating anti DoS.")
+            # start anti_dos
+            import src.anti_dos
 
     # spawn honeypot
+    write_console("Launching honeypot.") 
     import src.honeypot
 
     # spawn ssh monitor
-    if is_config_enabled("SSH_BRUTE_MONITOR"):
+    if is_config_enabled("SSH_BRUTE_MONITOR") and is_posix():
+        write_console("Launching SSH Bruteforce monitor.")
         import src.ssh_monitor
 
     # spawn ftp monitor
-    if is_config_enabled("FTP_BRUTE_MONITOR"):
+    if is_config_enabled("FTP_BRUTE_MONITOR") and is_posix():
+        write_console("Launching FTP Bruteforce monitor.")
         import src.ftp_monitor
 
     # start monitor engine
-    import src.monitor
-
-    # check hardening
-    import src.harden
+    if is_config_enabled("MONITOR") and is_posix():
+        write_console("Launching monitor engines.")
+        import src.monitor
+    if is_config_enabled("SYSTEM_HARDENING") and is_posix():
+        # check hardening
+        write_console("Check system hardening.")
+        import src.harden
 
     # start the email handler
-    import src.email_handler
+    if is_config_enabled("EMAIL_ALERTS") and is_posix():
+        write_console("Launching email handler.")
+        import src.email_handler
 
     # check to see if we are a threat server or not
     if is_config_enabled("THREAT_SERVER"):
+        write_console("Launching threat server thread.")
         thread.start_new_thread(threat_server, ())
 
     # recycle IP addresses if enabled
     if is_config_enabled("RECYCLE_IPS"):
+        write_console("Launching thread to recycle IP addresses.")
         thread.start_new_thread(refresh_log, ())
 
     # pull additional source feeds from external parties other than artillery
     # - pulls every 2 hours or ATIF threat feeds
+    write_console("Launching thread to get source feeds, if needed.")
     thread.start_new_thread(pull_source_feeds, ())
     #removed turns out the issue was windows carriage returns in the init script i had.
     #note to self never edit linux service files on windows.doh
@@ -146,6 +157,8 @@
 
 
     # let the program to continue to run
+    write_console("All set.")
+    write_log("Artillery is up and running")
     while 1:
         try:
             time.sleep(100000)
@@ -161,5 +174,8 @@
     sys.exit()
 
 except Exception as e:
-    print("General exception: " + format(e))
+    emsg = traceback.format_exc()
+    print("General exception: " + format(e) + "\n" + emsg)
+    write_log("Error launching Artillery\n%s" % (emsg),2)
+
     sys.exit()