Description
๐ผ๏ธ
Background ๐ด๐ผ
In today's fast-paced society, most people are unaware of the potential consequences of cyberattacks on their organizations. Furthermore, they do not invest in cybersecurity solutions due to the costs of setup, licensing, and maintenance.
Vision
๐
MutableSecurity
Despite the current lack of complex functionalities, we have a vision in mind that we hope to achieve in the near future. As we must begin somewhere, the first step in our progress is this command line interface for automatic management of cybersecurity solutions.
Come join the MutableSecurity journey!
Concepts
๐ฌ
MutableSecurity implements and operates on a few concepts:
- Target host (or target machine): A computer where the actions will be performed. Can be the local machine or remote one.
- Solution: A cybersecurity solution that needs to be set up on a target machine.
- Operation: A manipulation of a solution that is installed or needs to be installed. Could vary from effective installation to testing.
- Solution's lifecycle: States in which a solution exists. MutableSecurity implements a set of operations for each state.
- Configuration: A set of parameters (in pairs of aspect and value) specific to the solution. Can be initial, if it is used in the deployment process, or production, if it accompanies the solution on the target host and stores its current configuration.
- Logs: Logging messages generated by the solution, relevant to understand its functioning.
- Stats: Metrics offered by the installed solution, relevant to measure the protection provided to the machine.
Solutions' Lifecycle. Operations
โญ
| Stage | Operation | Description |
|---|---|---|
| Deployment | Initial Configuration Setting | Sets an aspect of the initial configuration used during the installation process. |
| Install | Installs the solution in the target host. | |
| Test | Tests the proper functioning of the newly installed solution. | |
| Production* | Production Configuration Retrieval | Retrieves the production configuration of the running solution |
| Production Configuration Setting | Sets an aspect of the production configuration. | |
| Logs Retrieval | Retrieves the logs generated by the solution. | |
| Stats Retrieval | Retrieves the stats generated by the solution. | |
| Test | Tests the proper functioning of the running solution. | |
| Update | Updates the solution to its latest version. | |
| Disconnection | Uninstall | Uninstalls the solution from the target host. |
* All the operations listed in the production stage are optional and can be executed in any order.
Functionalities
๐
- Local or remote (via password-based SSH) deployment
- One solution supported so far (and more under development)
- Intuitive command line interface
Supported Cybersecurity Solutions
๐ฆ
| Supported Solution | Short Description | Supported Operating Systems |
|---|---|---|
 |
Open source network intrusion detection and prevention system | Ubuntu 20.04 LTS and 22.04 LTS |
| More coming soon... | ||
Installation
๐ฅก
The easiest way to install MutableSecurity is from PyPI. Just run pip install mutablesecurity and you'll have everything set!
Requirements
๐ฅข
The only requirements are Python 3.9 and pip.
To avoid warnings when using pip to install Python scripts, add /home/<username>/.local/bin (where <username> identifies the current user) to your $PATH variable.
Usage and Demos
๐ช
0๏ธโฃ
Get help.
Syntax
mutablesecurity --help or mutablesecurity --solution <solution> --help
Example
โ mutablesecurity --help
_ _ _ __ _ _
/\/\ _ _| |_ __ _| |__ | | ___/ _\ ___ ___ _ _ _ __(_| |_ _ _
/ \| | | | __/ _` | '_ \| |/ _ \ \ / _ \/ __| | | | '__| | __| | | |
/ /\/\ | |_| | || (_| | |_) | | ___\ | __| (__| |_| | | | | |_| |_| |
\/ \/\__,_|\__\__,_|_.__/|_|\___\__/\___|\___|\__,_|_| |_|\__|\__, |
Seamless deployment and management of cybersecurity solutions |___/
Usage: mutablesecurity [OPTIONS]
Options:
-r, --remote TEXT Connect to remote in the
[email protected]:PORT format. If ommited,
the operations are executed locally.
-s, --solution [SURICATA] Solution to manage
-o, --operation [GET_CONFIGURATION|GET_LOGS|GET_STATS|INSTALL|SET_CONFIGURATION|TEST|UNINSTALL|UPDATE]
Operation to perform
-a, --aspect TEXT Configuration's aspect to modify. Available
only with a value (--value)
-v, --value TEXT New value of the configuration's aspect.
Available only with an aspect (--aspect).
--verbose Increase in the logging volume
-h, --help Useful information for using MutableSecurity
or about a solution
โ mutablesecurity --solution SURICATA --help
_ _ _ __ _ _
/\/\ _ _| |_ __ _| |__ | | ___/ _\ ___ ___ _ _ _ __(_| |_ _ _
/ \| | | | __/ _` | '_ \| |/ _ \ \ / _ \/ __| | | | '__| | __| | | |
/ /\/\ | |_| | || (_| | |_) | | ___\ | __| (__| |_| | | | | |_| |_| |
\/ \/\__,_|\__\__,_|_.__/|_|\___\__/\___|\___|\__,_|_| |_|\__|\__, |
Seamless deployment and management of cybersecurity solutions |___/
Full name: Suricata Intrusion Detection and Prevention System
Description:
Suricata is the leading independent open source threat detection engine. By combining intrusion detection (IDS), intrusion prevention (IPS), network
security monitoring (NSM) and PCAP processing, Suricata can quickly identify, stop, and assess even the most sophisticated attacks.
References:
- https://suricata.io
- https://github.com/OISF/suricata
Configuration:
โโโโโโโโโโโโโโโโโโโโโณโโโโโโโณโโโโโโโโโโโโโโโโโโโโณโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Aspect โ Type โ Possible Values โ Description โ
โกโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฉ
โ interface โ str โ * โ Interface on which Suricata listens โ
โ automatic_updates โ str โ ENABLED, DISABLED โ State of the automatic daily updates โ
โโโโโโโโโโโโโโโโโโโโโดโโโโโโโดโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
1๏ธโฃ
Install a solution.
Syntax
mutablesecurity --solution <solution> --operation INSTALL
Example
โ mutablesecurity --solution SURICATA --operation INSTALL
๐ Password for localhost:
โ
Suricata is now installed on this machine.
Optional: To connect to a remote host via a privileged user, just add the --remote flag.
โ mutablesecurity --remote [email protected]:22 --solution SURICATA --operation INSTALL
๐ Password for adm[email protected]:22:
โ
Suricata is now installed on this machine.
2๏ธโฃ
Test the solution.
Syntax
mutablesecurity --solution <solution> --operation TEST
Example
โ mutablesecurity --solution SURICATA --operation TEST
๐ Password for localhost:
โ
Suricata works as expected.
3๏ธโฃ
Get the production configuration.
Syntax
mutablesecurity --solution <solution> --operation GET_CONFIGURATION
Example
โ mutablesecurity --solution SURICATA --operation GET_CONFIGURATION
๐ Password for localhost:
โ
The configuration of Suricata was retrieved.
โโโโโโโโโโโโโโโโโโโโโณโโโโโโโโโโโ
โ Attribute โ Value โ
โกโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฉ
โ automatic_updates โ DISABLED โ
โ interface โ enp0s3 โ
โโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโ
4๏ธโฃ
Modify the production configuration.
Syntax
mutablesecurity --solution <solution> --operation SET_CONFIGURATION --aspect <aspect> --value <value>
Example
โ mutablesecurity --solution SURICATA --operation SET_CONFIGURATION --aspect automatic_updates --value ENABLED
๐ Password for localhost:
โ
The configuration of Suricata was set.
Optional: To test the modifications, run the configuration retrieval and testing operations.
โ mutablesecurity --solution SURICATA --operation GET_CONFIGURATION
๐ Password for localhost:
โ
The configuration of Suricata was retrieved.
โโโโโโโโโโโโโโโโโโโโโณโโโโโโโโโโ
โ Attribute โ Value โ
โกโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฉ
โ automatic_updates โ ENABLED โ
โ interface โ enp0s3 โ
โโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโ
โ mutablesecurity --solution SURICATA --operation TEST
๐ Password for localhost:
โ
Suricata works as expected.
5๏ธโฃ
Retrieve the solution logs.
Syntax
mutablesecurity --solution <solution> --operation GET_LOGS
Example
โ mutablesecurity --solution SURICATA --operation GET_LOGS
๐ Password for localhost:
โ
The logs of Suricata were retrieved.
[...]
04/18/2022-10:55:31.134760 [**] [1:2100498:7] GPL ATTACK_RESPONSE id check returned root [**] [Classification: Potentially Bad Traffic] [Priority: 2]
{TCP} 54.192.235.64:80 -> 10.0.2.15:50690
[...]
6๏ธโฃ
Retrieve the solution statistics.
Syntax
mutablesecurity --solution <solution> --operation GET_STATS
Example
โ mutablesecurity --solution SURICATA --operation GET_STATS
๐ Password for localhost:
โ
The stats of Suricata were retrieved.
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโณโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Attribute โ Value โ
โกโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฉ
โ Total number of alerts โ 5 โ
โ Total number of alerts generated today โ 5 โ
โ Uptime โ 1 minute and 23 seconds โ
โ Current installed version โ 6.0.4 RELEASE โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโ
7๏ธโฃ
Updates the solution.
Syntax
mutablesecurity --solution <solution> --operation UPDATE
Example
โ mutablesecurity --solution SURICATA --operation UPDATE
๐ Password for localhost:
โ
Suricata was updated to its latest version.
8๏ธโฃ
Uninstall the solution.
Syntax
mutablesecurity --solution <solution> --operation UNINSTALL
Example
โ mutablesecurity --solution SURICATA --operation UNINSTALL
๐ Password for localhost:
โ
Suricata is no longer installed on this machine.
Support
๐
If you have any type of suggestion (for example, proposals for new functionalities or support for other security solutions), please open an issue or drop us a line at [email protected].
Contributing
๐ค
To find out how you can contribute to this project, check out our contribution guide.
39 Dec 10, 2022
26 Dec 29, 2022
15 Jul 24, 2022
854 Dec 30, 2022
79 Dec 27, 2022
15 Jul 30, 2022
6 Oct 07, 2022
20 Nov 30, 2022
2 Mar 15, 2022
7 Nov 09, 2022
4 Apr 05, 2022
820 Dec 18, 2022
35 Dec 25, 2022
5 Mar 21, 2022
21 Sep 24, 2022
22 Oct 17, 2022
429 Dec 31, 2022
25 May 10, 2022
70 Nov 09, 2022
3 Feb 22, 2022