Skip to content
/ noidd Public

An asyncio python daemon for integrity checking with sms + push notifications

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

onesamblack/noidd

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

30 Commits
noidd
noidd
 
 
scripts
scripts
 
 
test
test
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
setup.py
setup.py
 
 

Repository files navigation

Noid.d

Noid.d is designed to prevent malevolent actors (internal/external) from altering files on your fs - and to quickly notify you if they do.

While external threats can be mitigated with strong auth and firewalls, few tools exist to combat insider threats - people with access to your cloud, rogue developers in your company or organization and people with privileged access to your machines.

This could help you:

  1. Stop someone from installing a kernel level rootkit
  2. Stop a "team" member from installing a backdoor which modifies your network configuration(s) after you just spent 20 hours rebuilding 10 instances
  3. Catch someone while they're outright deleting files from the fs

It provides one primary component

  • File system integrity: checks for unplanned changes to system binaries, configuration files or other important system files

Design

As described, this is primarily for checking filesystems and maintaining integrity, not attempting to emulate more complex tasks like those in watchman or other watch type libraries

Noidd (in its current state) runs as a cron-able task

On first run, a checksum for all files (in your configurable watchlists) is created and stored in a leveldb instance.

On subsequent runs, a checksum is created and checked against the original, if changed, a notification is sent to one or more of your configurable sources.

This also includes a notifier that pipes to stdout, which could be used with a daemon of your own which does something special that you like when a specific file or other is changed.

Wishlists/Todo

Some integration with inotify would make sense (similar to watchman), but with much less confusion.

Usage

  • Install using pip
pip3 install noidd
  • Create a configuration file, the noid.d system configuration file lives in /etc/noid.d/config.yml

Note: as of 2023-02-14, only twilio is supported

---
watch_directories:
 - ...
watch_files:
 - 
notification_sources:
 - email:
   addresses: []
   template: 'your_notification_template.html'
 - twilio:
   recipient_numbers: []
   twilio_api_key: '...'
   twilio_sid_token: '....'
   twilio_from_number: '....'
 - amazon_sns: [not implemented]
 - onesignal: [not implemented]

Add it to a crontab or other scheduler

* */2 * * * noidd [opts]

Run noidd --help for a list of all options

Requirements

Leveldb:

apt install leveldb

inotify-tools:

apt install inotify-tools

About

An asyncio python daemon for integrity checking with sms + push notifications

Topics

twilio leveldb python3 asyncio integrity-checker

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages