Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Elk os 5 #6

Open
wants to merge 24 commits into
base: main
Choose a base branch
from
Open

Elk os 5 #6

wants to merge 24 commits into from

Conversation

IdanR-lighspin
Copy link

No description provided.

from pprint import pprint
from elasticsearch import Elasticsearch
import time
from art import *
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

avoid wildcard imports

return ansi_escape.sub('', line)


def vuls(vuls_root, sudo_password):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

consider removing the sudo_password argument.
I think it is better to require the script to be run as a privileged user from the beginning (sudo python3 ELK.py)

commands = ["cd /", "cd " + vuls_root, sudo_password + vuls_scan]
to_execute = "" # the string that will run in the terminal at the end
for i in commands:
to_execute += i + ';' # merging the commands into one line
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you are using a lot of "+" to concut strings it is much better to use format strings like this:
to_execute = f"cd /; cd {vuls_root}; {sudo_password}{vuls_scan};"

https://realpython.com/python-string-formatting/#3-string-interpolation-f-strings-python-36

# running the scan and then the report- in order to get just the report output.
commands = ["cd /", "cd " + vuls_root, sudo_password + vuls_report]
to_execute = ""
for i in commands:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the for loop is not necessary if using a format string as mentioned above.

output = subprocess.getoutput(to_execute)
# getting the data from the new json file:
directory = "/" + vuls_root + "/results"
output = subprocess.getoutput("sudo " + " chmod -R 777 " + directory) # giving access
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. again use format strings
  2. security-wise giving everyone full permissions to the dir is not recommended. I believe you used it to read the results files with a normal (non-sudo) user for testing.

# line = line.replace(" ", "")
line = line.strip()
# jdoc = {"hostname": hostname, "ipaddr": ipaddr, "type": type_of, "data": json.loads(line)}
if type_of != "lynis":
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you can initiate a base dict:
mydict = {"instance_id": instance_id, "time": time, "account_id": account_id,
"session_id": session_id,
"type_of_scan": type_of}
at the beginning of each loop interval and use: mydict.update({"added_key": "value"})
to populate more data to the dict.
this way you have the initial format once - maintainable

def main():
tprint("ELK EC2 SCAN")
link = input("insert your Elk URL (e.g: localhost:9200) : ")
username = input("insert your Elk username for auth(if there is no auth, click ENTER): ")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ELK


begin_time = datetime.datetime.now()

vuls_directory = "home/ubuntu/idannos"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

read directories path from user input with default to a sub dir in users home folder

date = temp[0] # getting the date only without hours


# need to fill this before running:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

boto3 has a built-in default to read these arguments from environment variables if set or read them from user input

- install lynis: apt-get install lynis

- Helping with setting auth to ELK: https://github.com/deviantony/docker-elk

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

add a requirements.txt file to the repo.
https://realpython.com/lessons/using-requirement-files/

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

link gives 404

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants