Merge pull request #12 from StrangeRanger/dev

.deepsource.toml

@@ -5,4 +5,8 @@ name = "python"
 enabled = true
 
   [analyzers.meta]
-  runtime_version = "3.x.x"
+  runtime_version = "3.x.x"
+
+[[transformers]]
+name = "black"
+enabled = true

CHANGELOG.md

@@ -6,9 +6,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 ## [Unreleased]
 
-### Added
-
-- Added Pipfile and Pipfile.lock for users with `pipenv` 
+## [2.1.1] - 2021-03-27
 
 ### Changes
 
@@ -18,13 +16,12 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 ### Fixes
 
 - Re-definition found for builtin function PYL-W0622 (@deepsourcebot)
-- from module import * used; unable to detect undefined names PYL-W0401 (@deepsourcebot)
+- from module import \* used; unable to detect undefined names PYL-W0401 (@deepsourcebot)
 - Unused import from wildcard import found PYL-W0614 (@deepsourcebot)
 - Consider using in PYL-R1714 (@deepsourcebot)
 - Module imported but unused PYL-W0611 (@deepsourcebot)
 - Undefined name detected PYL-E0602 (@deepsourcebot)
 
-
 ## [2.1.0] - 2021-02-05
 
 ### Added
@@ -42,7 +39,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 ### Added
 
-- If ran without root privilege, users will be notified and the program will exit 
+- If ran without root privilege, users will be notified and the program will exit
 - Will present Distro ID and a version number if run on an unsupported distribution/OS
 
 ### Changed
@@ -52,14 +49,13 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 - Merged what used to be two different branches for different operating systems, into the same branch
   - Code that is required for specific operating systems will be imported based on what operating system program is being run on
 - Removed cron scripts till they can be properly implemented
-- Updated code to better follow personal and PEP style guide 
+- Updated code to better follow personal and PEP style guide
 
 ### Fixed
 
 - A few small bugs
 
-[Unreleased]: https://github.com/StrangeRanger/inspector/compare/v2.1.0...HEAD
+[unreleased]: https://github.com/StrangeRanger/inspector/compare/v2.1.1...HEAD
 [2.1.1]: https://github.com/StrangeRanger/inspector/releases/tag/v2.1.1
 [2.1.0]: https://github.com/StrangeRanger/inspector/releases/tag/v2.1.0
 [2.0.0]: https://github.com/StrangeRanger/inspector/releases/tag/v2.0.0
-

README.md

@@ -1,31 +1,42 @@
 # Inspector
 
-
 <!-- Active status commented out
 [![Project Status: Active – The project has reached a stable, usable state and is being actively developed.](https://www.repostatus.org/badges/latest/active.svg)](https://www.repostatus.org/#active)
 -->
-[![Project Status: Inactive – The project has reached a stable, usable state but is no longer being actively developed; support/maintenance will be provided as time allows.](https://www.repostatus.org/badges/latest/inactive.svg)](https://www.repostatus.org/#inactive)
-[![GPLv2 license](https://img.shields.io/badge/License-GPLv2-blue.svg)](https://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html)
-![Repo Size](https://img.shields.io/github/repo-size/StrangeRanger/inspector)
+
+[![Project Tracker](https://img.shields.io/badge/repo%20status-Project%20Tracker-lightgrey)](https://randomserver.xyz/project-tracker.html)
 ![Platform](https://img.shields.io/badge/platform-Linux-lightgrey)
 [![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black)
 [![CodeFactor](https://www.codefactor.io/repository/github/strangeranger/inspector/badge)](https://www.codefactor.io/repository/github/strangeranger/inspector)
-[![DeepSource](https://deepsource.io/gh/StrangeRanger/inspector.svg/?label=active+issues&show_trend=true)](https://deepsource.io/gh/StrangeRanger/inspector/?ref=repository-badge)
 
-Inspector is a security tool with the purpose of identifying users who have both successfully and unsuccessfully switched to root or another user linux based distributions.
+Inspector is a security tool with the purpose of identifying users who have both successfully and unsuccessfully switched to root or another user on Linux based Distributions. It does this by scanning through `/var/log/auth.log` for specific patterns that indicate specific actions/executed commands.
 
 ## Getting Started
 
-### Installing Dependencies
+### Prerequisites
+
+Install the required dependencies using either of the following commands:
 
-To install dependencies for Inspector, run either of the following commands: 
 - `python3 -m pip install -r requirements.txt` (installs globally)
 - `pipenv install -r requirements.txt` (installs locally via pipenv)
-    - pipenv must already be installed: `python3 -m pip install pipenv`
 
-## Officially Supported Linux Distributions
+### Installing
+
+All you need to do is download the repository. There are no binaries or anything to install.
+
+`git clone https://github.com/StrangeRanger/inspector/`
+
+## Usage
+
+Because Inspector needs to access `/var/log/auth.log`, you'll be required to execute Inspector with root priviledge:
+
+`sudo python3 inspector.py`
+
+## Supported Distributions
+
+The following is a list of all the Linux Distributions that Inspector officially supports and works on:
 
-| Distributions | Distro Versions |
-|---------------|-----------------|
+| Distributions | Distro Versions         |
+| ------------- | ----------------------- |
 | Ubuntu        | 20.04<br>16.04<br>18.04 |
-| Debian        | 10<br>9        |
+| Debian        | 10<br>9                 |

docs/dev-docs/doc-1.md

@@ -4,29 +4,30 @@ When users use `su`:
 
 |                  | su                                                                                         | su root                                                                                    | su [username]                                                                                          |
 | ---------------- | ------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------ |
-| **Successful**   | **Log input:** `su: (to root) <username> on pts/<n>`<br>*Identifying Symbol:* +            | **Log input:** `su: (to root) <username> on pts/<n>`<br>*Identifying Symbol:* +            | **Log input:** `su: (to <victim_username>) <username> on pts/<n>`<br>*Identifying Symbol:* –           |
-| **Unsuccessful** | **Log input:** `su: FAILED SU (to root) <username> on pts/<n>`<br>*Identifying Symbol:* \* | **Log input:** `su: FAILED SU (to root) <username> on pts/<n>`<br>*Identifying Symbol:* \* | **Log input:** `su: FAILED SU (to <victim_username>) <username> on pts/<n>`<br>*Identifying Symbol:* / |
+| **Successful**   | **Log input:** `su: (to root) <username> on pts/<n>`<br>_Identifying Symbol:_ +            | **Log input:** `su: (to root) <username> on pts/<n>`<br>_Identifying Symbol:_ +            | **Log input:** `su: (to <victim_username>) <username> on pts/<n>`<br>_Identifying Symbol:_ –           |
+| **Unsuccessful** | **Log input:** `su: FAILED SU (to root) <username> on pts/<n>`<br>_Identifying Symbol:_ \* | **Log input:** `su: FAILED SU (to root) <username> on pts/<n>`<br>_Identifying Symbol:_ \* | **Log input:** `su: FAILED SU (to <victim_username>) <username> on pts/<n>`<br>_Identifying Symbol:_ / |
 
 When users use `sudo su`:
 
 |                                                        | sudo su                                                                                                                                                                                                                                      | sudo su root                                                                                                                                                                                                                                      | sudo su [username]                                                                                                                                                                                                                                                          |
 | ------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| **Successful**                                         | **Log input (line 1):** `sudo: <username> : TTY=<n> ; PWD=<pwd> ; USER=root ; COMMAND=/bin/su`<br>**Log input (line 3):** `su: (to root) <username> on pts/<n>`<br>**_Note 1 (refer to Info block below table)_**<br>*Identifying Symbol:* + | **Log input (line 1):** `sudo: <username> : TTY=<n> ; PWD=<pwd> ; USER=root ; COMMAND=/bin/su root`<br>**Log input (line 3):** `su: (to root) <username> on pts/<n>`<br>**_Note 1 (refer to Info block below table)_**<br>*Identifying Symbol:* + | **Log input (line 1):** `sudo: <username> : TTY=<n> ; PWD=<pwd> ; USER=root ; COMMAND=/bin/su <victim_username>`<br>**Log input (line 3):** `su: (to <victim_username>) <username> on pts/<n>`<br>**_Note 1 (refer to Info block below table)_**<br>*Identifying Symbol:* – |
-| **Unsuccessful (even if <username\> does not exist)**  | **Log input:** `sudo: <username> : <n> incorrect password attempt ; TTY=<n> ; PWD=<pwd> ; USER=root ; COMMAND=/bin/su`<br>*Identifying Symbol:* \*                                                                                           | **Log input:** `sudo: <username> : <n> incorrect password attempt ; TTY=<n> ; PWD=<pwd> ; USER=root ; COMMAND=/bin/su root`<br>*Identifying Symbol:* \*                                                                                           | **Log input:** `sudo: <username> : <n> incorrect password attempt ; TTY=<n> ; PWD=<pwd> ; USER=root ; COMMAND=/bin/su <victim_username>`<br>*Identifying Symbol:* /                                                                                                         |
-| **Successful attempt when <username\> does not exist** | N/A                                                                                                                                                                                                                                          | N/A                                                                                                                                                                                                                                               | **Log input:** ...............<br>*Identifying Symbol:* N/A (we want it to be /) (future fix)                                                                                                                                                                               |
+| **Successful**                                         | **Log input (line 1):** `sudo: <username> : TTY=<n> ; PWD=<pwd> ; USER=root ; COMMAND=/bin/su`<br>**Log input (line 3):** `su: (to root) <username> on pts/<n>`<br>**_Note 1 (refer to Info block below table)_**<br>_Identifying Symbol:_ + | **Log input (line 1):** `sudo: <username> : TTY=<n> ; PWD=<pwd> ; USER=root ; COMMAND=/bin/su root`<br>**Log input (line 3):** `su: (to root) <username> on pts/<n>`<br>**_Note 1 (refer to Info block below table)_**<br>_Identifying Symbol:_ + | **Log input (line 1):** `sudo: <username> : TTY=<n> ; PWD=<pwd> ; USER=root ; COMMAND=/bin/su <victim_username>`<br>**Log input (line 3):** `su: (to <victim_username>) <username> on pts/<n>`<br>**_Note 1 (refer to Info block below table)_**<br>_Identifying Symbol:_ – |
+| **Unsuccessful (even if <username\> does not exist)**  | **Log input:** `sudo: <username> : <n> incorrect password attempt ; TTY=<n> ; PWD=<pwd> ; USER=root ; COMMAND=/bin/su`<br>_Identifying Symbol:_ \*                                                                                           | **Log input:** `sudo: <username> : <n> incorrect password attempt ; TTY=<n> ; PWD=<pwd> ; USER=root ; COMMAND=/bin/su root`<br>_Identifying Symbol:_ \*                                                                                           | **Log input:** `sudo: <username> : <n> incorrect password attempt ; TTY=<n> ; PWD=<pwd> ; USER=root ; COMMAND=/bin/su <victim_username>`<br>_Identifying Symbol:_ /                                                                                                         |
+| **Successful attempt when <username\> does not exist** | N/A                                                                                                                                                                                                                                          | N/A                                                                                                                                                                                                                                               | **Log input:** ...............<br>_Identifying Symbol:_ N/A (we want it to be /) (future fix)                                                                                                                                                                               |
 
 !!! Info "Note 1"
+
     The script uses “Log input (line 3)”, because “line 3” is exactly the same for the above table (the su table). Since the script looks for “line 3” when the su command is used, if it looks for “line 1” when sudo is used, it would cause the script to identify the user twice as many times
 
 Other `sudo` alternatives:
 
-|                  | sudo -i                                                                                                                                               | sudo bash                                                                                                                                             |
-| ---------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------- |
-| **Successful**   | **Log input:** `sudo: <username> : TTY=<n> ; PWD= <pwd> ; USER=root ; COMMAND=<shell path>`<br>*Identifying Symbol:* +                                   | **Log input:** `sudo: <username> : TTY=<n> ; PWD= <pwd> ; USER=root ; COMMAND=<shell path>`<br>*Identifying Symbol:* +                                   |
-| **Unsuccessful** | **Log input:** `sudo: <username> : <n> incorrect password attempts ; TTY=<n> ; PWD=<pwd> ; USER=root ; COMMAND=<shell path>`<br>*Identifying Symbol:* \* | **Log input:** `sudo: <username> : <n> incorrect password attempts ; TTY=<n> ; PWD=<pwd> ; USER=root ; COMMAND=<shell path>`<br>*Identifying Symbol:* \* |
+|                  | sudo -i                                                                                                                                                  | sudo bash                                                                                                                                                |
+| ---------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| **Successful**   | **Log input:** `sudo: <username> : TTY=<n> ; PWD= <pwd> ; USER=root ; COMMAND=<shell path>`<br>_Identifying Symbol:_ +                                   | **Log input:** `sudo: <username> : TTY=<n> ; PWD= <pwd> ; USER=root ; COMMAND=<shell path>`<br>_Identifying Symbol:_ +                                   |
+| **Unsuccessful** | **Log input:** `sudo: <username> : <n> incorrect password attempts ; TTY=<n> ; PWD=<pwd> ; USER=root ; COMMAND=<shell path>`<br>_Identifying Symbol:_ \* | **Log input:** `sudo: <username> : <n> incorrect password attempts ; TTY=<n> ; PWD=<pwd> ; USER=root ; COMMAND=<shell path>`<br>_Identifying Symbol:_ \* |
 
 When users who don't have sudo power use `sudo`:
 
 |                                                           | sudo [command]                                                                                                                                          |
 | --------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| **Sudo used when <username\> is not in the sudoers file** | **Log input:** `sudo: <username> : user NOT in sudoers ; TTY=<n> ; PWD=<pwd> ; USER=root ; COMMAND=<command execution path>`<br>*Identifying Symbol:* ~ |
+| **Sudo used when <username\> is not in the sudoers file** | **Log input:** `sudo: <username> : user NOT in sudoers ; TTY=<n> ; PWD=<pwd> ; USER=root ; COMMAND=<command execution path>`<br>_Identifying Symbol:_ ~ |