grapheneX 系统自动化强化框架

网友投稿 825 2022-10-21

grapheneX 系统自动化强化框架

grapheneX 系统自动化强化框架

In computing, hardening is usually the process of securing a system by reducing its surface of vulnerability, which is larger when a system performs more functions; in principle a single-function system is more secure than a multipurpose one. Reducing available ways of attack typically includes changing default passwords, the removal of unnecessary software, unnecessary usernames or logins, and the disabling or removal of unnecessary services.

Although the current technology tries to design systems as safe as possible, security flaws and situations that can lead to vulnerabilities caused by unconscious use and missing configurations still exist. The user must be knowledgeable about the technical side of system architecture and should be aware of the importance of securing his/her system from vulnerabilities like this. Unfortunately, it's not possible to know all the details about hardening and necessary commands for every ordinary user and the hardening remains to be a technical issue due to the difficulty of understanding operating system internals. Therefore there are hardening checklists that contain various commands and rules of the specified operating system available such as trimstray/linux-hardening-checklist & Windows Server Hardening Checklist on the internet for providing a set of commands with their sections and of course simplifying the concept for the end user. But still, the user must know the commands and apply the hardening manually depending on the system. That's where the grapheneX exactly comes in play.

The project name is derived from the 'graphene'. Graphene is a one-atom-thick layer of carbon atoms arranged in a hexagonal lattice. In proportion to its thickness, it is about 100 times stronger than the strongest steel.

grapheneX project aims to provide a framework for securing the system with hardening commands automatically. It's designed for the end user as well as the Linux and Windows developers due to the interface options. (interactive shell/web interface) In addition to that, grapheneX can be used to secure a web server/application.

Hardening commands and the scopes of those commands are referred to modules and the namespaces in the project. They exist at the modules.json file after installation. ($PYPATH/site-packages/graphenex/modules.json) Additionally, it's possible to add, edit or remove modules and namespaces. Also, the hardening operation can be automated with the presets that contain a list of modules.

Currently, grapheneX support the hardening sections below. Each of these namespaces contains more than one module.

• Firewall • User • Network • Services • Kernel • Filesystem • Other

Installation

You can install grapheneX with pip. Usually this is the easiest way:

pip install graphenex

Or if you get an error try:

python3 -m pip install graphenex

Also it's possible to run the setup.py for installation as follows:

python setup.py install

The commands below can be used for testing the project without installation:

cd grapheneXpipenv installpipenv run python -m graphenex

Dependencies

Flask-SocketIOFlask coloredlogscoloramaterminaltablesPyInquirer

Usage

Command Line Arguments

usage: grapheneX [-h] [-v] [-w] [--open] [host:port]

positional arguments: host:port host and port to run the web interfaceoptional arguments: -h, --help show this help message and exit -v, --version show version information -w, --web run the grapheneX web server --open open browser on web server start

Interactive Shell

Execute the grapheneX command in order to start the interactive shell.

• Animated gifs and screenshots added for demonstration and include the test execution of the unversioned grapheneX. Use grapheneX or python -m graphenex command for the execution. • grapheneX currently supports Python3.7

Web Interface

Execute the grapheneX with the -w or --web argument in order to start the web server.

• Web interface has the authentication system that requires an access token. Once the user verifies her/his identity with the given token at the shell, grapheneX creates a session for further use.

• The default host and port value are localhost:8080. It can be changed via the host:port argument as shown below.

python grapheneX.py -w 192.168.1.36:8090

• Use --open argument to open the browser after the server start.

python grapheneX.py -w --open

CLI Commands

CommandDescription
backGo back from namespace or module
clearClear the terminal
exitExit interactive shell
hardenExecute the hardening command
helpList available commands with "help" or show detailed help with "help <cmd>"
infoShow information about the module
listList available hardening modules
manageAdd, edit or delete module
presetShow/execute the hardening module presets
searchSearch for modules
switchSwitch between modules or namespaces
useUse a hardening module
webStart the grapheneX web server

help

help or ? shows the commands list above. help [CMD] shows the detailed usage of given command.

list

Show the available modules in a table. For example:

switch

switch command can be used to switch to a namespace or use a module. It's helpful if you want to see a list of modules in a namespace.

switch [NAMESPACE]

• Supports autocomplete for namespaces.

Also, using the switch command like this is possible:

switch [NAMESPACE]/[MODULE]

It's the equivalent of the use command in this situation.

use

Serves the purpose of selecting a hardening module.

use [MODULE]

• Supports autocomplete for modules.

info

Shows information (namespace, description, OS command) about the selected module.

harden

Executes the hardening command of the selected module.

preset

grapheneX has presets that contain particular modules for automating the hardening operation. Presets can be customized with the modules.json file and they can contain any supported module. preset command shows the available module presets and preset [PRESET] runs the hardening commands in a preset.

An example preset command output is shown above. Below, a preset that contains 2 modules is selected and hardening modules executed.

preset command supports autocomplete for preset names. Also, it supports an option for asking permission between each hardening command execution so that the user knows what he/she is doing.

• Adding module presets

Presets are stored in the presets element inside the modules.json file. This JSON file can be edited for updating the presets.

"presets": [ { "name": "Preset_1", "modules": [ "namespace1/Module_Name1", "namespace2/Module_Name2", ], "target_os": "linux/win" }, { "name": "Preset_2", "modules": [ "namespace/All" ], "target_os": "linux/win" } ]

namespace/All means every hardening command in that namespace will be executed.

search

search [QUERY]

manage

manage command allows to add, edit or remove modules.

• Adding modules with manage

Follow the instructions for adding a new module. Choose the 'new' option in the namespace prompt for creating a new namespace.

• Adding modules manually

grapheneX stores the modules and namespaces in modules.json file. It will show up as a new module when a new element is created in this JSON file. An example element is given below.

"namespace": [ { "name": "Module_Name", "desc": "This is the module description.", "command": "echo 'hardening command'", "require_superuser": "True/False", "target_os": "linux/win" } ]

It's recommended to add modules from CLI or the Web interface other than editing the modules.json file.

• Editing modules

Choose the edit option after the manage command for the editing the module properties.

Or edit the modules.json manually.

• Removing modules

Choosing the remove option in the manage menu will be enough for removing the specified module. It's also possible to remove the module from modules.json manually.

web

Starts the grapheneX web server with the optional host:port argument.

web [host:port]

back

Go back from selected namespace or module.

clear

Clear terminal

exit

Exit interactive shell

Web

Most of the command line features are accessible with the Web interface.

Namespaces & Modules

It's easy to switch between namespaces and see details of modules.

Hardening

Just click run under the module properties for executing the hardening command.

Adding Modules

There's a menu available in the web interface for adding new modules.

Docker

Building the image

docker build -t graphenex .

Running the container

docker run --rm --name graphenex -p 8080:8080 --privileged graphenex

Screenshots

TODO(s)

Add new modules for Linux and Windows. Add -w support to Docker image

Contributing

For contributing to this project, see CONTRIBUTING.md

Contributors ✨

Thanks goes to these wonderful people (emoji key):

This project follows the all-contributors specification. Contributions of any kind welcome!

Sponsors

We don't have any sponsors yet. Contact us with email if you want to help us improve the project.

License

GNU General Public License v3.0 (gpl)

版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。

上一篇:数字化办公需求激增,企业OA系统该如何升级?
下一篇:组装式应用提升企业研发效率
相关文章

 发表评论

暂时没有评论,来抢沙发吧~