README.md 2.12 KB
Newer Older
Edvard Rejthar's avatar
Edvard Rejthar committed
1
#  MDM-Augmented
Edvard Rejthar's avatar
Edvard Rejthar committed
2

Edvard Rejthar's avatar
Edvard Rejthar committed
3
Scans a website for a sign of a parasite hosts or commands.
Edvard Rejthar's avatar
Edvard Rejthar committed
4

Edvard Rejthar's avatar
Edvard Rejthar committed
5
## Installation
Edvard Rejthar's avatar
Edvard Rejthar committed
6

7 8
1. Download ```git clone git@gitlab.labs.nic.cz:csirt/mdmaug.git /tmp/mdmaug```
2. Edit mdmaug/lib/config.py
9
3. You should generate a certificate to `mdmaug/cert-mdmaug.pem`, at least a self-signed one (non recommended): `openssl req -x509 -newkey rsa:4096 -nodes -out cert-mdmaug.pem -keyout key-mdmaug.pem`
10 11 12 13
4. Perform installation: ```/tmp/mdmaug/INSTALL```
5. Everything should be located in `/opt/mdmaug`.
6. Launch under newly created `mdmaug` user: `su - mdmaug -c 'python3 -m mdmaug'`
7. Connect in the browser at: https://localhost:8000
Edvard Rejthar's avatar
Edvard Rejthar committed
14

Edvard Rejthar's avatar
Edvard Rejthar committed
15
### Notes
Edvard Rejthar's avatar
Edvard Rejthar committed
16

Edvard Rejthar's avatar
Edvard Rejthar committed
17 18
* If you use NoScript, make sure it doesn't block the MDM-Augmented server.
* Certificate error: Make sure that the browser doesn't blockt the MDM-Augmented server if used from MDM.
19 20
* If you want other count of profiles than 21, change INSTALL + config.py + profiles.ini
* You may put ```03 1,7,13,19 * * * ~/mdmaug-launch``` in ```crontab -e``` of user mdmaug.
21
* We are using Python3.6+
Edvard Rejthar's avatar
Edvard Rejthar committed
22

23 24 25 26
## Tips

* You may use /static/demopage.html as a testing page.

27 28
### Troubleshooting
* Analysis stopped working after restart? Maybe you need to launch `xhost +local:mdmaug` command from a common user shell after every system restart :( I'm not sure.
Edvard Rejthar's avatar
Edvard Rejthar committed
29

30
## What is done to Firefox profiles?
31
We want no block nor safebrowsing warning. If you created the profiles manually, you'd use ```firefox -P```, the profiles names being: 0,1...
Edvard Rejthar's avatar
Edvard Rejthar committed
32
For about:config changes, see pref.js. IE:
Edvard Rejthar's avatar
Edvard Rejthar committed
33 34 35 36 37 38
    * toolkit.startup.max_resumed_crashes = -1 (protoze i kdyz prohlizec nekdy killnu, nesmi me pri spusteni otravovat gui popupem)
    * network.http.accept-encoding = "" # ukladame streamy, ale neumim je rozzipovat
    * extensions.autoDisableScopes = "0" # moznost instalovat ze vsech umisteni
    * browser.selfsupport.url = "" # tato moznost normalne v about:config neni, ale omezuje to nejake zbytecnou telemetrii, viz Mozilla Heartbeat
    * # nepamatovat si historii (Preferences / Privacy / Firefox will use custom settings for history / Clear history when closes / Setting / All)
    * # nejsem si jist, nakolik to funguje, zrejme dost
39
    * ...