In today's fast-paced society, most people are unaware of the potential consequences of cyberattacks on their organizations. Furthermore, they do not invest in cybersecurity solutions due to the costs of setup, licensing, and maintenance.
MutableSecurity ๐๏ธ is a software product for making cybersecurity solution management easier and more accessible, from deployment and configuration to monitoring.
Despite the current lack of complex functionalities, we have a vision in mind that we hope to achieve in the near future. As we must begin somewhere, the first step in our progress is this command line interface for automatic management of cybersecurity solutions.
Come join the MutableSecurity journey!
MutableSecurity implements and operates on a few concepts:
- Target host (or target machine): A computer where the actions will be performed. Can be the local machine or remote one.
- Solution: A cybersecurity solution that needs to be set up on a target machine.
- Operation: A manipulation of a solution that is installed or needs to be installed. Could vary from effective installation to testing.
- Solution's lifecycle: States in which a solution exists. MutableSecurity implements a set of operations for each state.
- Configuration: A set of parameters (in pairs of aspect and value) specific to the solution. Can be initial, if it is used in the deployment process, or production, if it accompanies the solution on the target host and stores its current configuration.
- Logs: Logging messages generated by the solution, relevant to understand its functioning.
- Stats: Metrics offered by the installed solution, relevant to measure the protection provided to the machine.
| Stage | Operation | Description |
|---|---|---|
| Deployment | Initial Configuration Setting | Sets an aspect of the initial configuration used during the installation process. |
| Install | Installs the solution in the target host. | |
| Test | Tests the proper functioning of the newly installed solution. | |
| Production* | Production Configuration Retrieval | Retrieves the production configuration of the running solution |
| Production Configuration Setting | Sets an aspect of the production configuration. | |
| Logs Retrieval | Retrieves the logs generated by the solution. | |
| Stats Retrieval | Retrieves the stats generated by the solution. | |
| Test | Tests the proper functioning of the running solution. | |
| Update | Updates the solution to its latest version. | |
| Disconnection | Uninstall | Uninstalls the solution from the target host. |
* All the operations listed in the production stage are optional and can be executed in any order.
- Three solution supported so far (and more under development)
- Local or remote (via password-based or key-based SSH) deployment
- Deployment to multiple hosts, in parallel
- Intuitive command line interface
| Supported Solution | Short Description | Supported Environment |
|---|---|---|
 |
Open source real-time HTTP intrusion detection system | โข Ubuntu 20.04 LTS or above โข nginx |
 |
TLS certificates generation using a nonprofit Certificate Authority | โข Ubuntu 20.04 LTS or above โข nginx |
 |
Open source network intrusion detection and prevention system | โข Ubuntu 20.04 LTS or above |
| More coming soon... | ||
The easiest way to install MutableSecurity is from PyPI. Just run pip install mutablesecurity and you'll have everything set!
The only requirements are Python 3.9 and pip.
To avoid warnings when using pip to install Python scripts, add /home/<username>/.local/bin (where <username> identifies the current user) to your $PATH variable.
0๏ธโฃ Get help.
Syntax
mutablesecurity --help or mutablesecurity --solution <solution> --help
Example
โ mutablesecurity --help
_ _ _ __ _ _
/\/\ _ _| |_ __ _| |__ | | ___/ _\ ___ ___ _ _ _ __(_| |_ _ _
/ \| | | | __/ _` | '_ \| |/ _ \ \ / _ \/ __| | | | '__| | __| | | |
/ /\/\ | |_| | || (_| | |_) | | ___\ | __| (__| |_| | | | | |_| |_| |
\/ \/\__,_|\__\__,_|_.__/|_|\___\__/\___|\___|\__,_|_| |_|\__|\__, |
Seamless deployment and management of cybersecurity solutions |___/
Usage: mutablesecurity [OPTIONS]
Options:
-r, --remote TEXT Connect to remote in the
USERNAME@HOSTNAME:PORT format. If ommited,
the operations are executed locally.
-s, --solution [SURICATA] Solution to manage
-o, --operation [GET_CONFIGURATION|GET_LOGS|GET_STATS|INSTALL|SET_CONFIGURATION|TEST|UNINSTALL|UPDATE]
Operation to perform
-a, --aspect TEXT Configuration's aspect to modify. Available
only with a value (--value)
-v, --value TEXT New value of the configuration's aspect.
Available only with an aspect (--aspect).
--verbose Increase in the logging volume
-h, --help Useful information for using MutableSecurity
or about a solution
โ mutablesecurity --solution SURICATA --help
_ _ _ __ _ _
/\/\ _ _| |_ __ _| |__ | | ___/ _\ ___ ___ _ _ _ __(_| |_ _ _
/ \| | | | __/ _` | '_ \| |/ _ \ \ / _ \/ __| | | | '__| | __| | | |
/ /\/\ | |_| | || (_| | |_) | | ___\ | __| (__| |_| | | | | |_| |_| |
\/ \/\__,_|\__\__,_|_.__/|_|\___\__/\___|\___|\__,_|_| |_|\__|\__, |
Seamless deployment and management of cybersecurity solutions |___/
Full name: Suricata Intrusion Detection and Prevention System
Description:
Suricata is the leading independent open source threat detection engine. By combining intrusion detection (IDS), intrusion prevention (IPS), network
security monitoring (NSM) and PCAP processing, Suricata can quickly identify, stop, and assess even the most sophisticated attacks.
References:
- https://suricata.io
- https://github.com/OISF/suricata
Configuration:
โโโโโโโโโโโโโโโโโโโโโณโโโโโโโณโโโโโโโโโโโโโโโโโโโโณโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Aspect โ Type โ Possible Values โ Description โ
โกโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฉ
โ interface โ str โ * โ Interface on which Suricata listens โ
โ automatic_updates โ str โ ENABLED, DISABLED โ State of the automatic daily updates โ
โโโโโโโโโโโโโโโโโโโโโดโโโโโโโดโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
1๏ธโฃ Install a solution.
Syntax
mutablesecurity --solution <solution> --operation INSTALL
Example
โ mutablesecurity --solution SURICATA --operation INSTALL
๐ Password for localhost:
โ
Suricata is now installed on this machine.
Optional: To connect to a remote host via a privileged user, just add the --remote flag.
โ mutablesecurity --remote [email protected]:22 --solution SURICATA --operation INSTALL
๐ Password for [email protected]:22:
โ
Suricata is now installed on this machine.
2๏ธโฃ Test the solution.
Syntax
mutablesecurity --solution <solution> --operation TEST
Example
โ mutablesecurity --solution SURICATA --operation TEST
๐ Password for localhost:
โ
Suricata works as expected.
3๏ธโฃ Get the production configuration.
Syntax
mutablesecurity --solution <solution> --operation GET_CONFIGURATION
Example
โ mutablesecurity --solution SURICATA --operation GET_CONFIGURATION
๐ Password for localhost:
โ
The configuration of Suricata was retrieved.
โโโโโโโโโโโโโโโโโโโโโณโโโโโโโโโโโ
โ Attribute โ Value โ
โกโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฉ
โ automatic_updates โ DISABLED โ
โ interface โ enp0s3 โ
โโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโ
4๏ธโฃ Modify the production configuration.
Syntax
mutablesecurity --solution <solution> --operation SET_CONFIGURATION --aspect <aspect> --value <value>
Example
โ mutablesecurity --solution SURICATA --operation SET_CONFIGURATION --aspect automatic_updates --value ENABLED
๐ Password for localhost:
โ
The configuration of Suricata was set.
Optional: To test the modifications, run the configuration retrieval and testing operations.
โ mutablesecurity --solution SURICATA --operation GET_CONFIGURATION
๐ Password for localhost:
โ
The configuration of Suricata was retrieved.
โโโโโโโโโโโโโโโโโโโโโณโโโโโโโโโโ
โ Attribute โ Value โ
โกโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฉ
โ automatic_updates โ ENABLED โ
โ interface โ enp0s3 โ
โโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโ
โ mutablesecurity --solution SURICATA --operation TEST
๐ Password for localhost:
โ
Suricata works as expected.
5๏ธโฃ Retrieve the solution logs.
Syntax
mutablesecurity --solution <solution> --operation GET_LOGS
Example
โ mutablesecurity --solution SURICATA --operation GET_LOGS
๐ Password for localhost:
โ
The logs of Suricata were retrieved.
[...]
04/18/2022-10:55:31.134760 [**] [1:2100498:7] GPL ATTACK_RESPONSE id check returned root [**] [Classification: Potentially Bad Traffic] [Priority: 2]
{TCP} 54.192.235.64:80 -> 10.0.2.15:50690
[...]
6๏ธโฃ Retrieve the solution statistics.
Syntax
mutablesecurity --solution <solution> --operation GET_STATS
Example
โ mutablesecurity --solution SURICATA --operation GET_STATS
๐ Password for localhost:
โ
The stats of Suricata were retrieved.
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโณโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Attribute โ Value โ
โกโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฉ
โ Total number of alerts โ 5 โ
โ Total number of alerts generated today โ 5 โ
โ Uptime โ 1 minute and 23 seconds โ
โ Current installed version โ 6.0.4 RELEASE โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโ
7๏ธโฃ Updates the solution.
Syntax
mutablesecurity --solution <solution> --operation UPDATE
Example
โ mutablesecurity --solution SURICATA --operation UPDATE
๐ Password for localhost:
โ
Suricata was updated to its latest version.
8๏ธโฃ Uninstall the solution.
Syntax
mutablesecurity --solution <solution> --operation UNINSTALL
Example
โ mutablesecurity --solution SURICATA --operation UNINSTALL
๐ Password for localhost:
โ
Suricata is no longer installed on this machine.
If you have any type of suggestion (for example, proposals for new functionalities or support for other security solutions), please open an issue or drop us a line at [email protected].
To find out how you can contribute to this project, check out our contribution guide.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent