Projects

From ChekMate Security Group

ChekMate has a number of On Going Projects. These projects are created by local developers and provide details of beneficial hack and tricks, as well as system management such as Statistic Gathering, etc.

"PHP-Syslog-NG is a front-end for viewing syslog-ng messages logged to MySQL in real-time. It features customized searches based on device, priority, message, and date." (vermeer.org, Nov 15) Syslog_NG is configured to pipe the logs into a database. http://www.vermeer.org/ is the official project home page. Due to the limitations of the original project, we have added additional functionality to further enhance PHP-Syslog-NG to meet our needs. Please note that we have retired this version. We have since integrated PHP-Syslog-NG into a Cacti implementation to utilize the Cacti authentication model and to have Cacti graphs of the syslog messages. We will publish this newer version in the near future.
The Cisco Secure Access server (TACACS) is used in many environments to provide AAA services for network devices.
  • One of the features lacking in the Cisco product is the ability to search or browse logfiles.
  • What we can do here, is create a batch job, on the TACACS server, which nightly copies the log from there to a unix server. On the unix server, the file is parsed and fed into a mysql database. You can browse and search the logs by priv level, fqdn, username, or a substring search of the commands.
This shell script will load Snort and record all traffic based on the Filter defined. It creates a new log per day which is in pcap format. This provides the ability to create special filters such as you want to monitor a specific users traffic over a period. The script also monitors the hard drive space to ensure that it will not over fill the hard drive.
This Cacti add-on will query the Snort (BASE) Database and produce trends for the Traffic Profile and the Unique Alerts from within the database. BASE.php has also been configured to capture additional information but at this moment the other modules have not been created.
Snort and BASE are both excellent tools and very useful for monitoring intrusion attempts within your network but it is difficult to get a clear picture of what events are happening and when within a specific period. The following two scripts presents a summary of the events and ties back to BASE to pull details.
  • base_summary.php reports on the total number of alerts within the specified time period, breaking it down into the IP Protocol groups (TCP, UDP, ICMP and Portscans) and which events triggered.
  • base_details.php reports on a specific Snort signature and is called from base_summary.php. It reports what IP address links are involved with the event.
  • base_fulldetails.php reports on all Snort signatures. It reports what IP address links are involved with each event.
A Kickstart script to automate the build of CentOS 4 and harden the server - removing packages that are not needed or necessary, etc. This process has saved a large number of hours on our work environments and also ensure a higher level of consistency when it comes to how each server has been hardened.
While my opinion is "A manual process for hardening servers is just not effective or efficient." It is extremely important to understand what is happening during the process and why. Failure to do so will leave your environment in a questionable state. It will be difficult to manage and items will not work as expected due to nature of the security controls applied.
A large number of alerts can be collected within the Snort/Basic Analysis and Security Engine (BASE) implementation. The performance starts to become a factor when the number of alerts keeps growing. This script removes old events from the Snort database so that old histroy does not clog your system.
My Blog is a MediaWiki extension that allows a blogger to the user's menu. It allows each user to have the capabilities to create blog entries and to have their blog entries listed under the "Most Recent Blogs" from the Navigation Menu.
My Portal is a MediaWiki hack, it is NOT a MediaWiki extension, that allows users to have a custom portal page like MyGoogle, MyYahoo, etc. It is a modified version of Simplortal.
Description of Simplortal from Simplortal Site:
Simplortal is a portal engine which focuses on simplicity, modularity, and being highly configurable, not only for the administrator, but also for the end user. Users can log in and make their own selection of the content they want to see, and even (if the administrator allows it) add their own HTML blocks, RSS feeds, etc.
I have modified xmlQuiz (by Jon Thomas) to work within the MediaWiki framework. Now this is not a true extension as what I did was placed a MediaWiki wrapper around the xmlQuiz.
I have modified the DynamicArticleList.php extension to work with PHP4 and added a new BLOG list to work with my blog implementation.
Quick little extension that shows the number of quests and the number of registered users online.
Simple extension to set up client side image maps using URL or Uploaded Mediawiki images/maps.
MediaWiki/PJIRC is a Mediawiki hack. It provides the MediaWiki framework around the PJIRC Interface.
This extension allows the wiki server to pull the status page, the host summary or the service summary from your Nagios server. This extension was designed so that the Nagios server could be located on a remote server.
The TabbedData extension allows tabular data to be easily cut-and-pasted into a Wiki; for example, this allows an export from Excel to be pasted in without having to manually edit it into Wiki table syntax. Originally written by User:JohanTheGhost
  • I have modified the extension to allow wiki text.
Modified the Simple IRC RC Bot created by Thrasher6670. This bot does not require ircii. It is completely self contained. It displays recent changes of your wiki to an IRC channel.
A simple mediawiki extension to display one or more local date/times.
This is the HostAcceptor IRC bot, which will approve all HostServ requests unless they contain certain substrings.
A simple bot to interface with PasteBin. (Currently in development phase)
A Snort/Barnyard LiveIDS deployment, loading via PXEboot, communicating with a central server, with webjob syncronization, munin monitoring, pfacct for tcpheaders.
Retrieved from "http://www.chekmate.org//wiki/index.php/Projects"