Opening up /var/log/auth.log on my Ubuntu server was huge, huge surprise, and a wake-up call for me: Every day, thousands of IPs tried to log onto the server, trying to guess usernames and passwords, and trying to run exploits on my SSH port. I wanted to make a tool that really puts that info in perspective, and gives users the proper security advice.

What it does

Sentinel does 3 main things:

  • Analyzes your system's authentication logs for any suspicious activity

  • Scans your system for open ports, and whether those ports are under a firewall or not

  • Has a shorthand command to run a full antivirus scan on your system, using the free, open-source ClamAV antivirus

How we built it

Sentinel is built using Node.js. It runs on any Debian-based Linux distribution, and mainly interfaces with UFW (Uncomplicated Firewall). For port scanning, it uses the NPM package evilscan.

Challenges we ran into

Scanning ports from localhost, even with a firewall, still reveals all the ports and being open. To fix this, I wrote functionality that interfaces with the UFW firewall to see if a certain port is already protected.

Testing the program was difficult, as my work computer runs Windows 10, thus leading to me needing to copy over my repository to my server every time I needed to test something.

Accomplishments that we're proud of

  • The program semi-accurately detects the local IP of the user currently logged onto the server.

  • The program accurately scans local ports.

What we learned

  • I learned a lot about how Linux servers log various information about users and connections.

  • I learned how to use the UFW firewall for my own needs.

  • I learned that pretty much any server in the cloud is constantly under fire from various connection attempts and scrapers.

What's next for Sentinel

  • Adding more scanning functionality

  • Supporting more firewall software than just UFW

  • Automated pentesting on ports using Metasploit.

Built With

Share this project: