Major update fixing a number of issues and adding new features v1.3

artillery.py

@@ -27,9 +27,9 @@
         filewrite.close()
 
 # let the logfile know artillery has started successfully
-write_log("Artillery has started successfully.")
+write_log("[*] %s: Artillery has started successfully." % (grab_time()))
 if is_config_enabled("CONSOLE_LOGGING"):
-    print "Artillery has started successfully.\nConsole logging enabled.\n"
+    print "[*] %s: Artillery has started successfully.\n[*] Console logging enabled.\n" % (grab_time())
 
 # prep everything for artillery first run
 check_banlist_path()

readme/CHANGELOG

@@ -1,3 +1,19 @@
+~~~~~~~~~~~~~~~~~~~~~~
+version 1.3
+~~~~~~~~~~~~~~~~~~~~~~
+
+* added new function for grabbing date and time
+* added new function kill_artillery() to kill any running processes of artillery using signal and os.kill
+* added timestamp data for when a new instance of artillery is killed and restarted
+* removed old kill_artillery() legacy function in setup that did not properly terminate prior versions of artillery
+* added a write_log function that will notify when Artillery is unable to bind to a specific port and included timestamp data
+* fixed spacing issues inside of syslog on remote and local
+* corrected Issue identified spacing into one line in harden.py
+* added timestamp data to error artillery unable to log to mail server
+* fixed an issue that would cause the process to not properly be terminated on certain Linux versions
+* added datetime for when artillery successfully started from normal artillery.py located in /var/artillery
+* fixed a bug when using FILE as a designator that would cause an exception for alert not being defined (should have been assigned as variable)
+
 ~~~~~~~~~~~~~~~~~~~~~~
 version 1.2
 ~~~~~~~~~~~~~~~~~~~~~~

restart_server.py

@@ -7,18 +7,12 @@
 import os
 import signal
 from src.core import *
+
 proc = subprocess.Popen("ps -A x | grep artiller[y]", stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
-try:
-    pid = proc.communicate()[0]
-    pid = pid.split(" ")
-    pid = int(pid[0])
-    write_log("[!] Killing the old Artillery process...")
-    print "[*] Killing Old Artillery Process...."
-    os.kill(pid, signal.SIGKILL)
-except:
-    pass
+# kill running instance of artillery
+kill_artillery()
 
-print "[*] Restarting Artillery Server..."
+print "[*] %s: Restarting Artillery Server..." % (grab_time())
 if os.path.isfile("/var/artillery/artillery.py"):
-    write_log("[*] Restarting the Artillery Server process...")
+    write_log("[*] %s: Restarting the Artillery Server process..." % (grab_time()))
     subprocess.Popen("python /var/artillery/artillery.py &", stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)

setup.py

@@ -4,7 +4,6 @@
 #
 #
 import subprocess,re,os,shutil
-
 from src.core import *
 
 print '''
@@ -13,21 +12,6 @@
 Written by: Dave Kennedy (ReL1K)
 '''
 
-def kill_artillery():
-    print "[*] Checking to see if Artillery is currently running..."
-    proc = subprocess.Popen("ps -au | grep /var/artillery/artillery.py", stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
-    stdout = proc.communicate()
-    try:
-        for line in stdout:
-            match = re.search("python /var/artillery/artillery.py", line) or re.search("python artillery.py", line)
-            if match:
-                print "[*] Killing running version of Artillery.."
-                line = line.split(" ")
-                pid = line[6]
-                subprocess.Popen("kill %s" % (pid), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait()
-                print "[*] Killed the Artillery process: " + pid
-    except: pass
-
 if os.path.isfile("/etc/init.d/artillery"):
     answer = raw_input("Artillery detected. Do you want to uninstall [y/n:] ")
     if answer.lower() == "yes" or answer.lower() == "y":

src/core.py

@@ -17,6 +17,13 @@
 import shutil
 import logging
 import logging.handlers
+import datetime
+import signal
+
+# grab the current time
+def grab_time():
+        ts = time.time()
+        return datetime.datetime.fromtimestamp(ts).strftime('%Y-%m-%d %H:%M:%S')
 
 def get_config_path():
     path = ""
@@ -358,7 +365,7 @@ def syslog_send(message, level=LEVEL['notice'], facility=FACILITY['daemon'],
             filewrite.write("***** Artillery Alerts Log *****\n")
             filewrite.close()
         filewrite = file("/var/artillery/logs/alerts.log", "a")
-        filewrite.write(alert+"\n")
+        filewrite.write(message+"\n")
         filewrite.close()
 
 def write_log(alert):
@@ -423,4 +430,25 @@ def mail(to, subject, text):
         mailServer.sendmail(to, to, msg.as_string())
         mailServer.close()
     except:
-        write_log("[!] Error, Artillery was unable to log into the mail server")
+        write_log("[!] %s: Error, Artillery was unable to log into the mail server" % (grab_time()))
+
+# kill running instances of artillery
+def kill_artillery():
+	try:
+		proc = subprocess.Popen("ps -A x | grep artiller[y]", stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
+    		pid = proc.communicate()[0]
+    		pid = pid.split(" ")
+		try:
+	    		pid = int(pid[0])
+		except:
+			# depends on OS on integer
+			pid = int(pid[2])
+
+    		write_log("[!] %s: Killing the old Artillery process..." % (grab_time()))
+    		print "[!] %s: Killing Old Artillery Process...." % (grab_time())
+	        os.kill(pid, signal.SIGKILL)
+
+	except Exception, e:
+	    print e
+	    pass
+

src/harden.py

@@ -21,12 +21,12 @@
             # if we permit root logins trigger alert
             if match:
                 # trigger warning if match
-                warning = warning + "Issue identified: /etc/ssh/sshd_config allows RootLogin. An attacker can gain root access to the system if password is guessed. Recommendation: Change RootLogin yes to RootLogin no\n\n"
+                warning = warning + "[!] Issue identified: /etc/ssh/sshd_config allows RootLogin. An attacker can gain root access to the system if password is guessed. Recommendation: Change RootLogin yes to RootLogin no\n\r\n\r"
         match = re.search(r"Port 22\b", data)
         if match:
             if is_config_enabled("SSH_DEFAULT_PORT_CHECK"):
                 # trigger warning is match
-                warning = warning + "Issue identified: /etc/ssh/sshd_config. SSH is running on the default port 22. An attacker commonly scans for these type of ports. Recommendation: Change the port to something high that doesn't get picked up by typical port scanners.\n\n"
+                warning = warning + "[!] Issue identified: /etc/ssh/sshd_config. SSH is running on the default port 22. An attacker commonly scans for these type of ports. Recommendation: Change the port to something high that doesn't get picked up by typical port scanners.\n\r\n\r"
 
     #
     # check ftp config
@@ -37,7 +37,7 @@
         match = re.search("anonymous_enable=YES", data)
         if match:	
             # trigger warning if match
-            warning = warning + "Issue identified: /etc/vsftpd.conf allows Anonymous login. An attacker can gain a foothold to the system with absolutel zero effort. Recommendation: Change anonymous_enable yes to anonymous_enable no\n\n"
+            warning = warning + "[!] Issue identified: /etc/vsftpd.conf allows Anonymous login. An attacker can gain a foothold to the system with absolutel zero effort. Recommendation: Change anonymous_enable yes to anonymous_enable no\n\r\n\r"
 
 
     #
@@ -66,5 +66,5 @@
     # if we had warnings then trigger alert
     #
     if len(warning) > 1:
-        subject = "[!] Insecure configuration detected on filesystem"
+        subject = "[!] Insecure configuration detected on filesystem: "
         warn_the_good_guys(subject, subject + warning)

src/honeypot.py

@@ -13,7 +13,6 @@
 import os
 import random
 import datetime
-
 from src.core import *
 
 # port ranges to spawn pulled from config
@@ -74,7 +73,10 @@ def listen_server(port,bind_interface):
         server.serve_forever()
 
     # if theres already something listening on this port
-    except Exception: pass
+    except Exception:
+	# write a log if we are unable to bind to an interface
+	write_log("[!] %s: Artillery was unable to bind to port: %s. This could be to an active port in use." % (grab_time(),port))	 
+	pass
 
 # check to see which ports we are using and ban if ports are touched
 def main(ports,bind_interface):