{ "info": { "author": "Yves-Gwenael Bourhis", "author_email": "ygbourhis at gmail.com", "bugtrack_url": null, "classifiers": [], "description": "This script is still in alpha version, and may have some instabilities.\nIf you use it, you acknowledge doing it at your own risks and certify that you know what you are\ndoing.\n\nThe purpose of this script is to monitor /var/log/messages on a cron.daily basis for predefined\ndropped packets, in order to detect \"spambot\" infected machines in your LAN.\nAn email is send only per detection.\n\nFirst, you need to configure iptables or shorewall to drop packets originating from your LAN\ntowards port 25, if the destination server is not your own MTA (or your ISP's MTA).\nIndeed, machines in your LAN are supposed to use your own (or your ISP's) smtp server as a relay,\nand should never send mails directly.\n(infected machines participating in spam bots usually send mails directly)\nOf coarse, your smtp server itself still needs to be allowed to send mails, take care not to block\nit while configuring your firewall.\nCheck also that the dropped packets are well logged, otherwise we would detect nothing.\n\nSecondly, install (by typing the 'python setup.py install' command as root) this script on your linux\nfirewall, and adapt /etc/botalert.conf to your needs (\"IN:\" being the interface of your lan, \"OUT:\"\nthe outbound interface (not required to be defined). Leaving a variable empty means no corresponding\n'matches' will be searched for.\nYou can define as many signals you want (other than [smtp]) by creating another signal section and\nthen add the sections you want to log in the \"log:\" variable of the [signals] section, as a comma\nseparated list. Indeed this script is pre-configured to detect spam bots, but you can detect anything\nelse if you know the protocol of what you want to detect, and then define it (and it needs to be\nlogged in the log file (defaults : /var/log/messages)).\n\nThis script has only been tested with shorewall and iptables logs, however, you can adapt the regex\nto your needs. No need to edit the regex in botalert.py itself, instead you can add a \"regex:\"\nvariable in the [DEFAULT] section of /etc/botalert.conf, it will override the one in the script.\n\nType::\n\n python -m botalert.py -h\n\nfor help.\n\n\n\n===============\nRelease Notes :\n===============\n\nRelease 0.4a:\n=============\n\nAlpha Version\n\nRelease 0.5a:\n=============\n\nChanged author's contact info.", "description_content_type": null, "docs_url": null, "download_url": "UNKNOWN", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "UNKNOWN", "keywords": null, "license": "GNU General Public License version 2.0", "maintainer": null, "maintainer_email": null, "name": "botalert", "package_url": "https://pypi.org/project/botalert/", "platform": "Linux", "project_url": "https://pypi.org/project/botalert/", "project_urls": { "Download": "UNKNOWN", "Homepage": "UNKNOWN" }, "release_url": "https://pypi.org/project/botalert/0.5a/", "requires_dist": null, "requires_python": null, "summary": "parse logged dropped outgoing packets in order to detect bot infected machines", "version": "0.5a" }, "last_serial": 786985, "releases": { "0.1a": [ { "comment_text": "", "digests": { "md5": "967ce2924b676fc6a59ab72a8833a529", "sha256": "c8257347f9493570f1ca8aaa91650e5466cae1575cdff020d71ebb6b18850ebb" }, "downloads": -1, "filename": "botalert-0.1a.tar.gz", "has_sig": false, "md5_digest": "967ce2924b676fc6a59ab72a8833a529", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 4814, "upload_time": "2011-12-07T02:27:37", "url": "https://files.pythonhosted.org/packages/b7/ea/5e51ecadf4bc0b5905299ba12c0a4e5196e86df3843e2e32f56c100c87bb/botalert-0.1a.tar.gz" } ], "0.1b": [ { "comment_text": "", "digests": { "md5": "605d01121e3de17d430b7e86393d5746", "sha256": "eb6919822929cefeb43155a190208b9f85346fcf70fd794c2bcff99b0b601a32" }, "downloads": -1, "filename": "botalert-0.1b.tar.gz", "has_sig": false, "md5_digest": "605d01121e3de17d430b7e86393d5746", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 4815, "upload_time": "2011-12-07T02:26:41", "url": "https://files.pythonhosted.org/packages/21/f1/191078f98bd726b35da1281aaac9b4d9080efaec04e4808f49ceb82e44fc/botalert-0.1b.tar.gz" } ], "0.2a": [ { "comment_text": "", "digests": { "md5": "70baf0977ed7cc73cfbbf7a56fdc593b", "sha256": "ad918fdb12e90cb1d2a112d6c359913bf1165ab7e85401b0909f364d2bae6bda" }, "downloads": -1, "filename": "botalert-0.2a.tar.gz", "has_sig": false, "md5_digest": "70baf0977ed7cc73cfbbf7a56fdc593b", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5153, "upload_time": "2011-12-07T02:36:48", "url": "https://files.pythonhosted.org/packages/34/17/995a0049c855a7f9519dfb1b02f659f4f3e4561e6d4304455ddb420d90f6/botalert-0.2a.tar.gz" } ], "0.3a": [ { "comment_text": "", "digests": { "md5": "200b1acc148de29587e22d81dd726a52", "sha256": "3a0db45d4b7289c9f169d6b7206b170d28af60dd9831be94bdbb0e459849be08" }, "downloads": -1, "filename": "botalert-0.3a.tar.gz", "has_sig": false, "md5_digest": "200b1acc148de29587e22d81dd726a52", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5152, "upload_time": "2011-12-07T02:41:35", "url": "https://files.pythonhosted.org/packages/a2/d2/cd9f203b30cfbd891b8a874720c29051021a802f71fd05b1a3b3e328069a/botalert-0.3a.tar.gz" } ], "0.4a": [ { "comment_text": "", "digests": { "md5": "009f5f69e6e3abd7c43d10897ebcd103", "sha256": "c978898339bd289cbe2f008bdb43866f7922d3710858cc24866b1e0e25334f7a" }, "downloads": -1, "filename": "botalert-0.4a.tar.gz", "has_sig": false, "md5_digest": "009f5f69e6e3abd7c43d10897ebcd103", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 4858, "upload_time": "2011-12-07T11:07:02", "url": "https://files.pythonhosted.org/packages/7a/df/dcb8ed3a45d621e5c69835d8e1fb7d05da4c12158d498a50f156a7c92187/botalert-0.4a.tar.gz" }, { "comment_text": "", "digests": { "md5": "7554689b1f0e77221a19145413be4bd2", "sha256": "0d6cf3c9d41c61295f975bb947c0bce43290c8bf64c65e55a30c52459d7a5fa9" }, "downloads": -1, "filename": "botalert-0.4a.zip", "has_sig": false, "md5_digest": "7554689b1f0e77221a19145413be4bd2", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 6687, "upload_time": "2011-12-07T11:04:44", "url": "https://files.pythonhosted.org/packages/81/56/309d79ff0664c5f0a5eca59d00257b78aad44ad08a334e8b618a319b5139/botalert-0.4a.zip" } ], "0.5a": [ { "comment_text": "", "digests": { "md5": "ae4f2296608d709c7e405d11235aecd7", "sha256": "0f2bce7cef4090dfaa8d0796421e4f64e7df8607493a440b39590060d5ff8f8a" }, "downloads": -1, "filename": "botalert-0.5a.zip", "has_sig": false, "md5_digest": "ae4f2296608d709c7e405d11235aecd7", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 6740, "upload_time": "2012-02-17T21:19:01", "url": "https://files.pythonhosted.org/packages/43/f7/21177e7bc0c9048ea864583f192ac0ac5b4334a58ab6d369b69202d3a4e1/botalert-0.5a.zip" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "ae4f2296608d709c7e405d11235aecd7", "sha256": "0f2bce7cef4090dfaa8d0796421e4f64e7df8607493a440b39590060d5ff8f8a" }, "downloads": -1, "filename": "botalert-0.5a.zip", "has_sig": false, "md5_digest": "ae4f2296608d709c7e405d11235aecd7", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 6740, "upload_time": "2012-02-17T21:19:01", "url": "https://files.pythonhosted.org/packages/43/f7/21177e7bc0c9048ea864583f192ac0ac5b4334a58ab6d369b69202d3a4e1/botalert-0.5a.zip" } ] }