This is a pre-production deployment of Warehouse, however changes made here WILL affect the production instance of PyPI.
Latest Version Dependencies status unknown Test status unknown Test coverage unknown
Project Description

This script is still in alpha version, and may have some instabilities. If you use it, you acknowledge doing it at your own risks and certify that you know what you are doing.

The purpose of this script is to monitor /var/log/messages on a cron.daily basis for predefined dropped packets, in order to detect “spambot” infected machines in your LAN. An email is send only per detection.

First, you need to configure iptables or shorewall to drop packets originating from your LAN towards port 25, if the destination server is not your own MTA (or your ISP’s MTA). Indeed, machines in your LAN are supposed to use your own (or your ISP’s) smtp server as a relay, and should never send mails directly. (infected machines participating in spam bots usually send mails directly) Of coarse, your smtp server itself still needs to be allowed to send mails, take care not to block it while configuring your firewall. Check also that the dropped packets are well logged, otherwise we would detect nothing.

Secondly, install (by typing the ‘python setup.py install’ command as root) this script on your linux firewall, and adapt /etc/botalert.conf to your needs (“IN:” being the interface of your lan, “OUT:” the outbound interface (not required to be defined). Leaving a variable empty means no corresponding ‘matches’ will be searched for. You can define as many signals you want (other than [smtp]) by creating another signal section and then add the sections you want to log in the “log:” variable of the [signals] section, as a comma separated list. Indeed this script is pre-configured to detect spam bots, but you can detect anything else if you know the protocol of what you want to detect, and then define it (and it needs to be logged in the log file (defaults : /var/log/messages)).

This script has only been tested with shorewall and iptables logs, however, you can adapt the regex to your needs. No need to edit the regex in botalert.py itself, instead you can add a “regex:” variable in the [DEFAULT] section of /etc/botalert.conf, it will override the one in the script.

Type:

python -m botalert.py -h

for help.

Release Notes :

Release 0.4a:

Alpha Version

Release 0.5a:

Changed author’s contact info.

Release History

Release History

0.5a

This version

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.4a

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.3a

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.2a

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.1b

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.1a

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

Download Files

Download Files

TODO: Brief introduction on what you do with files - including link to relevant help section.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
botalert-0.5a.zip (6.7 kB) Copy SHA256 Checksum SHA256 Source Feb 17, 2012

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS HPE HPE Development Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting