Opening up /var/log/auth.log on my Ubuntu server was huge, huge surprise, and a wake-up call for me: Every day, thousands of IPs tried to log onto the server, trying to guess usernames and passwords, and trying to run exploits on my SSH port. I wanted to make a tool that really puts that info in perspective, and gives users the proper security advice.
What it does
Sentinel does 3 main things:
Analyzes your system's authentication logs for any suspicious activity
Scans your system for open ports, and whether those ports are under a firewall or not
Has a shorthand command to run a full antivirus scan on your system, using the free, open-source ClamAV antivirus
How we built it
Sentinel is built using Node.js. It runs on any Debian-based Linux distribution, and mainly interfaces with UFW (Uncomplicated Firewall). For port scanning, it uses the NPM package
Challenges we ran into
Scanning ports from localhost, even with a firewall, still reveals all the ports and being open. To fix this, I wrote functionality that interfaces with the UFW firewall to see if a certain port is already protected.
Testing the program was difficult, as my work computer runs Windows 10, thus leading to me needing to copy over my repository to my server every time I needed to test something.
Accomplishments that we're proud of
The program semi-accurately detects the local IP of the user currently logged onto the server.
The program accurately scans local ports.
What we learned
I learned a lot about how Linux servers log various information about users and connections.
I learned how to use the UFW firewall for my own needs.
I learned that pretty much any server in the cloud is constantly under fire from various connection attempts and scrapers.
What's next for Sentinel
Adding more scanning functionality
Supporting more firewall software than just UFW
Automated pentesting on ports using Metasploit.