CounterIntelligence bot, based on Telegram API
You thought you'd get away without the necessary lecture?!?
Security is an active exercise, you need to:
- assess your threat landscape
- generate your custom policy
- apply it
- make sure it is constantly applied/monitor
Regarding #2
above, you may want to read a guide:
- How To Harden OpenSSH on Ubuntu 20.04: just an example, the article focuses on Ubuntu but it is applicable to other distros with minor, if any, modifications
- install Fail2Ban
OK, now you're good to go and read the rest :)
Telegram's Bot API allows users to create programs capable, for instance, of sending messages.
Telegram Bots are special accounts that do not require an additional phone number to set up. These accounts serve as an interface for code running somewhere on a remote server.
Get started by reading Bots: An introduction for developers or grab the nitty-gritty stuff by delving into Telegram Bot API.
- Clone the repository and create a virtual environment
$ git clone https://github.com/carmelo0x99/CIBot.git
$ cd CIBot/
$ python3 -m venv .
$ source bin/activate
(CIBot) $ python3 -m pip install --upgrade pip setuptools wheel
(CIBot) $ python3 -m pip install requests
- Configure your own setup with the appropriate bot name, token and chat ID. The configuration file,
cibot.json
, looks like this
{"BOT": "<somename_bot>", "TOKEN": "<long string>", "CHATID": "<decimal number>"}
NOTE: details can be found on Bots: An introduction for developers
- Check A quick run of the main script would do:
$ ./cibot.py
If everything has been setup correctly, according to the instructions to be found on Telegram API pages, a ping should hit your mobile phone with an apt message.
This part is optional but no README would be complete without the containerization section:
$ docker build -t <repository>/<image>:<tag> .
$ docker push <repository>/<image>:<tag>
$ docker run \
--detach \
--rm \
--volume /var/log:/var/log:ro \
--volume -v $PWD:/usr/local/bin \
<repository>/<image>:<tag>
At minute 59
every hour:
59 * * * * (cd /path/to/CIBot; /usr/bin/docker run -d --rm -v /var/log:/var/log:ro -v $PWD:/usr/local/bin <repository>/<image>:<tag>)
First and foremost, DON'T PANIC!!!
If you've secured your system (you have, right?), chances are that any attacks have been unsuccessful.
It won't hurt though to log into your system and:
- check the logs
- run a scan with Lynis or chkrootkit for instance
- verify that your security policies are still applied
- just for fun, check where the attackers came from