πΌοΈ
Description Background π΄πΌ
In today's fast-paced society, most people are unaware of the potential consequences of cyberattacks on their organizations. Furthermore, they do not invest in cybersecurity solutions due to the costs of setup, licensing, and maintenance.
π
Vision MutableSecurity
Despite the current lack of complex functionalities, we have a vision in mind that we hope to achieve in the near future. As we must begin somewhere, the first step in our progress is this command line interface for automatic management of cybersecurity solutions.
Come join the MutableSecurity journey!
π¬
Concepts MutableSecurity implements and operates on a few concepts:
- Target host (or target machine): A computer where the actions will be performed. Can be the local machine or remote one.
- Solution: A cybersecurity solution that needs to be set up on a target machine.
- Operation: A manipulation of a solution that is installed or needs to be installed. Could vary from effective installation to testing.
- Solution's lifecycle: States in which a solution exists. MutableSecurity implements a set of operations for each state.
- Configuration: A set of parameters (in pairs of aspect and value) specific to the solution. Can be initial, if it is used in the deployment process, or production, if it accompanies the solution on the target host and stores its current configuration.
- Logs: Logging messages generated by the solution, relevant to understand its functioning.
- Stats: Metrics offered by the installed solution, relevant to measure the protection provided to the machine.
β
Solutions' Lifecycle. Operations Stage | Operation | Description |
---|---|---|
Deployment | Initial Configuration Setting | Sets an aspect of the initial configuration used during the installation process. |
Install | Installs the solution in the target host. | |
Test | Tests the proper functioning of the newly installed solution. | |
Production* | Production Configuration Retrieval | Retrieves the production configuration of the running solution |
Production Configuration Setting | Sets an aspect of the production configuration. | |
Logs Retrieval | Retrieves the logs generated by the solution. | |
Stats Retrieval | Retrieves the stats generated by the solution. | |
Test | Tests the proper functioning of the running solution. | |
Update | Updates the solution to its latest version. | |
Disconnection | Uninstall | Uninstalls the solution from the target host. |
* All the operations listed in the production stage are optional and can be executed in any order.
π
Functionalities - Local or remote (via password-based SSH) deployment
- One solution supported so far (and more under development)
- Intuitive command line interface
π¦
Supported Cybersecurity Solutions Supported Solution | Short Description | Supported Operating Systems |
---|---|---|
Open source network intrusion detection and prevention system | Ubuntu 20.04 LTS and 22.04 LTS | |
More coming soon... |
π₯‘
Installation The easiest way to install MutableSecurity is from PyPI. Just run pip install mutablesecurity
and you'll have everything set!
π₯’
Requirements The only requirements are Python 3.9 and pip.
To avoid warnings when using pip to install Python scripts, add /home/<username>/.local/bin
(where <username>
identifies the current user) to your $PATH
variable.
πͺ
Usage and Demos
0οΈβ£
Get help.
Syntax
mutablesecurity --help
or mutablesecurity --solution <solution> --help
Example
β mutablesecurity --help
_ _ _ __ _ _
/\/\ _ _| |_ __ _| |__ | | ___/ _\ ___ ___ _ _ _ __(_| |_ _ _
/ \| | | | __/ _` | '_ \| |/ _ \ \ / _ \/ __| | | | '__| | __| | | |
/ /\/\ | |_| | || (_| | |_) | | ___\ | __| (__| |_| | | | | |_| |_| |
\/ \/\__,_|\__\__,_|_.__/|_|\___\__/\___|\___|\__,_|_| |_|\__|\__, |
Seamless deployment and management of cybersecurity solutions |___/
Usage: mutablesecurity [OPTIONS]
Options:
-r, --remote TEXT Connect to remote in the
[email protected]:PORT format. If ommited,
the operations are executed locally.
-s, --solution [SURICATA] Solution to manage
-o, --operation [GET_CONFIGURATION|GET_LOGS|GET_STATS|INSTALL|SET_CONFIGURATION|TEST|UNINSTALL|UPDATE]
Operation to perform
-a, --aspect TEXT Configuration's aspect to modify. Available
only with a value (--value)
-v, --value TEXT New value of the configuration's aspect.
Available only with an aspect (--aspect).
--verbose Increase in the logging volume
-h, --help Useful information for using MutableSecurity
or about a solution
β mutablesecurity --solution SURICATA --help
_ _ _ __ _ _
/\/\ _ _| |_ __ _| |__ | | ___/ _\ ___ ___ _ _ _ __(_| |_ _ _
/ \| | | | __/ _` | '_ \| |/ _ \ \ / _ \/ __| | | | '__| | __| | | |
/ /\/\ | |_| | || (_| | |_) | | ___\ | __| (__| |_| | | | | |_| |_| |
\/ \/\__,_|\__\__,_|_.__/|_|\___\__/\___|\___|\__,_|_| |_|\__|\__, |
Seamless deployment and management of cybersecurity solutions |___/
Full name: Suricata Intrusion Detection and Prevention System
Description:
Suricata is the leading independent open source threat detection engine. By combining intrusion detection (IDS), intrusion prevention (IPS), network
security monitoring (NSM) and PCAP processing, Suricata can quickly identify, stop, and assess even the most sophisticated attacks.
References:
- https://suricata.io
- https://github.com/OISF/suricata
Configuration:
βββββββββββββββββββββ³βββββββ³ββββββββββββββββββββ³βββββββββββββββββββββββββββββββββββββββ
β Aspect β Type β Possible Values β Description β
β‘ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ©
β interface β str β * β Interface on which Suricata listens β
β automatic_updates β str β ENABLED, DISABLED β State of the automatic daily updates β
βββββββββββββββββββββ΄βββββββ΄ββββββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββ
1οΈβ£
Install a solution.
Syntax
mutablesecurity --solution <solution> --operation INSTALL
Example
β mutablesecurity --solution SURICATA --operation INSTALL
π Password for localhost:
β
Suricata is now installed on this machine.
Optional: To connect to a remote host via a privileged user, just add the --remote
flag.
β mutablesecurity --remote [email protected]:22 --solution SURICATA --operation INSTALL
π Password for adm[email protected]:22:
β
Suricata is now installed on this machine.
2οΈβ£
Test the solution.
Syntax
mutablesecurity --solution <solution> --operation TEST
Example
β mutablesecurity --solution SURICATA --operation TEST
π Password for localhost:
β
Suricata works as expected.
3οΈβ£
Get the production configuration.
Syntax
mutablesecurity --solution <solution> --operation GET_CONFIGURATION
Example
β mutablesecurity --solution SURICATA --operation GET_CONFIGURATION
π Password for localhost:
β
The configuration of Suricata was retrieved.
βββββββββββββββββββββ³βββββββββββ
β Attribute β Value β
β‘βββββββββββββββββββββββββββββββ©
β automatic_updates β DISABLED β
β interface β enp0s3 β
βββββββββββββββββββββ΄βββββββββββ
4οΈβ£
Modify the production configuration.
Syntax
mutablesecurity --solution <solution> --operation SET_CONFIGURATION --aspect <aspect> --value <value>
Example
β mutablesecurity --solution SURICATA --operation SET_CONFIGURATION --aspect automatic_updates --value ENABLED
π Password for localhost:
β
The configuration of Suricata was set.
Optional: To test the modifications, run the configuration retrieval and testing operations.
β mutablesecurity --solution SURICATA --operation GET_CONFIGURATION
π Password for localhost:
β
The configuration of Suricata was retrieved.
βββββββββββββββββββββ³ββββββββββ
β Attribute β Value β
β‘ββββββββββββββββββββββββββββββ©
β automatic_updates β ENABLED β
β interface β enp0s3 β
βββββββββββββββββββββ΄ββββββββββ
β mutablesecurity --solution SURICATA --operation TEST
π Password for localhost:
β
Suricata works as expected.
5οΈβ£
Retrieve the solution logs.
Syntax
mutablesecurity --solution <solution> --operation GET_LOGS
Example
β mutablesecurity --solution SURICATA --operation GET_LOGS
π Password for localhost:
β
The logs of Suricata were retrieved.
[...]
04/18/2022-10:55:31.134760 [**] [1:2100498:7] GPL ATTACK_RESPONSE id check returned root [**] [Classification: Potentially Bad Traffic] [Priority: 2]
{TCP} 54.192.235.64:80 -> 10.0.2.15:50690
[...]
6οΈβ£
Retrieve the solution statistics.
Syntax
mutablesecurity --solution <solution> --operation GET_STATS
Example
β mutablesecurity --solution SURICATA --operation GET_STATS
π Password for localhost:
β
The stats of Suricata were retrieved.
ββββββββββββββββββββββββββββββββββββββββββ³ββββββββββββββββββββββββββ
β Attribute β Value β
β‘βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ©
β Total number of alerts β 5 β
β Total number of alerts generated today β 5 β
β Uptime β 1 minute and 23 seconds β
β Current installed version β 6.0.4 RELEASE β
ββββββββββββββββββββββββββββββββββββββββββ΄ββββββββββββββββββββββββββ
7οΈβ£
Updates the solution.
Syntax
mutablesecurity --solution <solution> --operation UPDATE
Example
β mutablesecurity --solution SURICATA --operation UPDATE
π Password for localhost:
β
Suricata was updated to its latest version.
8οΈβ£
Uninstall the solution.
Syntax
mutablesecurity --solution <solution> --operation UNINSTALL
Example
β mutablesecurity --solution SURICATA --operation UNINSTALL
π Password for localhost:
β
Suricata is no longer installed on this machine.
π
Support If you have any type of suggestion (for example, proposals for new functionalities or support for other security solutions), please open an issue or drop us a line at [email protected].
π€
Contributing To find out how you can contribute to this project, check out our contribution guide.