Skip to main content

Automated System Hardening Framework for Linux & Windows

Project description

grapheneX

grapheneX Release License Ruff

In computing, hardening is usually the process of securing a system by reducing its surface of vulnerability, which is larger when a system performs more functions; in principle a single-function system is more secure than a multipurpose one. Reducing available ways of attack typically includes changing default passwords, the removal of unnecessary software, unnecessary usernames or logins, and the disabling or removal of unnecessary services.

grapheneX project aims to provide a framework for securing the system with hardening commands automatically. It's designed for the end user as well as the Linux and Windows developers due to the interface options. (interactive shell/web interface) In addition to that, grapheneX can be used to secure a web server/application.

The project name is derived from 'graphene'. Graphene is a one-atom-thick layer of carbon atoms arranged in a hexagonal lattice. In proportion to its thickness, it is about 100 times stronger than the strongest steel.

Hardening commands and the scopes of those commands are referred to modules and the namespaces in the project. They exist at the modules.json file after installation. ($PYPATH/site-packages/graphenex/modules.json) Additionally, it's possible to add, edit or remove modules and namespaces. Also, the hardening operation can be automated with the presets that contain a list of modules.

Currently, grapheneX supports the hardening sections below. Each of these namespaces contains more than one module.

• Firewall
• User
• Network
• Services
• Kernel
• Filesystem
• Other

Listen to The Python Podcast.__init__: Automate Your Server Security With GrapheneX - Episode 237

Installation

You can install grapheneX with pip. Usually this is the easiest way:

pip install graphenex

Or if you get an error try:

python3 -m pip install graphenex

Additionally, poetry can be used for development:

poetry install        # install the dependencies
poetry run grapheneX  # run grapheneX

Dependencies

Usage

Command Line Arguments

usage: grapheneX [-h] [-v] [-w] [--open] [host:port]
positional arguments:
  host:port      host and port to run the web interface

optional arguments:
  -h, --help     show this help message and exit
  -v, --version  show version information
  -w, --web      run the grapheneX web server
  --open         open browser on web server start

Interactive Shell

Execute the grapheneX command in order to start the interactive shell.

GrapheneX Interactive Shell

• Animated gifs and screenshots added for demonstration and include the test execution of the unversioned grapheneX. Use grapheneX or python -m graphenex command for the execution.
• grapheneX currently supports Python 3.10

Web Interface

Execute the grapheneX with the -w or --web argument in order to start the web server.

Starting the Web Server

• Web interface has the authentication system that requires an access token. Once the user verifies her/his identity with the given token at the shell, grapheneX creates a session for further use. FLASK_SECRET_KEY is automatically generated by a cryptographically secure os.urandom function to keep your grapheneX instance secure by design. It is stored inside an .env file at the root of the project.

• You can override this value with CLI parameter --flask-secret-key:

python3 -m graphenex --flask-secret-key <secure_key_here>

GrapheneX Web Interface I

GrapheneX Web Interface II

• The default host and port values are 0.0.0.0:8080. It can be changed via the host:port argument as shown below. The default server address is set to 0.0.0.0 because the docker container is designed to listen on all available network interfaces, allowing it to be accessible from both within the container itself and from the host machine. You can also set it to localhost if you aren't planning to containerize grapheneX.

python3 -m graphenex -w 192.168.1.36:8090

• Use --open argument to open the browser after the server start.

python3 -m graphenex -w --open

CLI Commands

Command Description
back Go back from namespace or module
clear Clear the terminal
exit Exit interactive shell
harden Execute the hardening command
help List available commands with "help" or show detailed help with "help <cmd>"
info Show information about the module
list List available hardening modules
manage Add, edit or delete module
preset Show/execute the hardening module presets
search Search for modules
switch Switch between modules or namespaces
use Use a hardening module
web Start the grapheneX web server

help

help or ? shows the commands list above.
help [CMD] shows the detailed usage of given command.

list

Show the available modules in a table. For example:

List Command

switch

switch command can be used to switch to a namespace or use a module. It's helpful if you want to see a list of modules in a namespace.

switch [NAMESPACE]

Switch Command

• Supports autocomplete for namespaces.

Also, using the switch command like this is possible:

switch [NAMESPACE]/[MODULE]

It's the equivalent of the use command in this situation.

use

Serves the purpose of selecting a hardening module.

use [MODULE]

Use Command

• Supports autocomplete for modules.

info

Shows information (namespace, description, OS command) about the selected module.

Info Command

harden

Executes the hardening command of the selected module.

Harden Command

preset

grapheneX has presets that contain particular modules for automating the hardening operation. Presets can be customized with the modules.json file, and they can contain any supported module. preset command shows the available module presets and preset [PRESET] runs the hardening commands in a preset.

Show Presets

An example preset command output is shown above. Below, a preset that contains 2 modules is selected and hardening modules executed.

Preset Command

preset command supports autocomplete for preset names. Also, it supports an option for asking permission between each hardening command execution so that the user knows what he/she is doing.

• Adding module presets

Presets are stored in the presets element inside the modules.json file. This JSON file can be edited for updating the presets.

"presets": [
        {
            "name": "Preset_1",
            "modules": [
                "namespace1/Module_Name1",
                "namespace2/Module_Name2",
            ],
            "target_os": "linux/win"
        },
        {
            "name": "Preset_2",
            "modules": [
                "namespace/All"
            ],
            "target_os": "linux/win"
        }
    ]

namespace/All means every hardening command in that namespace will be executed.

search

search [QUERY]

Search Command

manage

manage command allows to add, edit or remove modules.

• Adding modules with manage

Follow the instructions for adding a new module. Choose the 'new' option in the namespace prompt for creating a new namespace.

Adding Module

• Adding modules manually

grapheneX stores the modules and namespaces in modules.json file. It will show up as a new module when a new element is created in this JSON file. An example element is given below.

"namespace": [
        {
            "name": "Module_Name",
            "desc": "This is the module description.",
            "command": "echo 'hardening command'",
            "require_superuser": "True/False",
            "require_restart": "True/False",
            "target_os": "linux/win"
        }
    ]

It's recommended to add modules from CLI or the Web interface other than editing the modules.json file.

• Editing modules

Choose the edit option after the manage command for the editing the module properties.

Editing Module

Or edit the modules.json manually.

• Removing modules

Choosing the remove option in the manage menu will be enough for removing the specified module. It's also possible to remove the module from modules.json manually.

Removing Module

web

Starts the grapheneX web server with the optional host:port argument.

web [host:port]

Web Command

back

Go back from selected namespace or module.

clear

Clear terminal

exit

Exit interactive shell

Web

Most of the command line features are accessible with the Web interface.

Namespaces & Modules

It's easy to switch between namespaces and see details of modules.

Namespaces and Modules

Hardening

Just click run under the module properties for executing the hardening command.

Hardening

Adding Modules

There's a menu available in the web interface for adding new modules.

Adding Modules

System Monitor

It's possible to display various system information such as disk usage and network state at the Web interface.

System Monitor

Docker

Building the image

docker build -t graphenex .

Running the container

docker run -it --rm --name graphenex -p 8080:8080 --privileged graphenex

Screenshots

Screenshot I

Screenshot II

Screenshot III

Screenshot IV

Screenshot V

TODO(s)

  • Add new modules for Linux and Windows.

Contributing

For contributing to this project, see CONTRIBUTING.md

Contributors ✨

Thanks goes to these wonderful people ✨

Made with contrib.rocks.

Sponsors

We don't have any sponsors yet. Contact us with email if you want to help us improve the project.

License

GNU General Public License v3.0

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

graphenex-1.7.0.tar.gz (1.5 MB view details)

Uploaded Source

Built Distribution

graphenex-1.7.0-py3-none-any.whl (1.5 MB view details)

Uploaded Python 3

File details

Details for the file graphenex-1.7.0.tar.gz.

File metadata

  • Download URL: graphenex-1.7.0.tar.gz
  • Upload date:
  • Size: 1.5 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.8.3 CPython/3.10.14 Linux/6.5.0-1022-azure

File hashes

Hashes for graphenex-1.7.0.tar.gz
Algorithm Hash digest
SHA256 2862b7545c745eb2de9be2399112240d4c533962cb6f35003afde9e2ec1fcc00
MD5 eefc95c4f7603e1de17ecc1e12a0310f
BLAKE2b-256 b44c1cb230919ecb908a7f75c9fe2e0ce8a577ad4ccfaf8bbe1299b8550e6420

See more details on using hashes here.

File details

Details for the file graphenex-1.7.0-py3-none-any.whl.

File metadata

  • Download URL: graphenex-1.7.0-py3-none-any.whl
  • Upload date:
  • Size: 1.5 MB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.8.3 CPython/3.10.14 Linux/6.5.0-1022-azure

File hashes

Hashes for graphenex-1.7.0-py3-none-any.whl
Algorithm Hash digest
SHA256 f4b357da99952bb1b021093f55922e77cd4db754c546ef5a051bdaf2d881acce
MD5 bfa4021cff81bf3887401b96d40026ae
BLAKE2b-256 f3bff3d70128a38eb9291de771e08148bb28907d503dd470525be69cbba02086

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page