sssnake/Autarch
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Autarch/modules/mysystem.py

1259 lines
49 KiB
Python
Raw Normal View History

Initial public release — AUTARCH v1.0.0 Full security platform with web dashboard, 16 Flask blueprints, 26 modules, autonomous AI agent, WebUSB hardware support, and Archon Android companion app. Includes Hash Toolkit, debug console, anti-stalkerware shield, Metasploit/RouterSploit integration, WireGuard VPN, OSINT reconnaissance, and multi-backend LLM support. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-01 03:57:32 -08:00
"""
AUTARCH My System Module
Comprehensive system security audit with CVE detection and remediation
Performs full system audit, saves results, and offers LLM-assisted or manual fixes.
"""
import os
import sys
import json
import subprocess
import socket
from pathlib import Path
from datetime import datetime
from typing import Optional, List, Dict, Any
# Module metadata
DESCRIPTION = "System audit with CVE detection & auto-fix"
AUTHOR = "darkHal"
VERSION = "1.0"
CATEGORY = "defense"
sys.path.insert(0, str(Path(__file__).parent.parent))
from core.banner import Colors, clear_screen, display_banner
from core.config import get_config
from core.cve import get_cve_db
class SecurityIssue:
"""Represents a security issue found during audit."""
SEVERITY_COLORS = {
'CRITICAL': Colors.RED,
'HIGH': Colors.RED,
'MEDIUM': Colors.YELLOW,
'LOW': Colors.CYAN,
'INFO': Colors.DIM,
}
def __init__(
self,
name: str,
description: str,
severity: str,
category: str,
fix_command: str = None,
fix_instructions: str = None,
cve_ids: List[str] = None
):
self.name = name
self.description = description
self.severity = severity.upper()
self.category = category
self.fix_command = fix_command
self.fix_instructions = fix_instructions
self.cve_ids = cve_ids or []
self.status = "open" # open, fixed, ignored
def to_dict(self) -> Dict:
return {
'name': self.name,
'description': self.description,
'severity': self.severity,
'category': self.category,
'fix_command': self.fix_command,
'fix_instructions': self.fix_instructions,
'cve_ids': self.cve_ids,
'status': self.status,
}
@classmethod
def from_dict(cls, data: Dict) -> 'SecurityIssue':
issue = cls(
name=data.get('name', ''),
description=data.get('description', ''),
severity=data.get('severity', 'MEDIUM'),
category=data.get('category', 'general'),
fix_command=data.get('fix_command'),
fix_instructions=data.get('fix_instructions'),
cve_ids=data.get('cve_ids', []),
)
issue.status = data.get('status', 'open')
return issue
class MySystem:
"""Comprehensive system security auditor."""
@staticmethod
def _system_inf_path():
from core.paths import get_app_dir
return get_app_dir() / "system.inf"
def __init__(self):
self.issues: List[SecurityIssue] = []
self.system_info: Dict = {}
self.audit_results: Dict = {}
self.security_score: int = 100
self.cve_db = get_cve_db()
self.llm = None
def print_status(self, message: str, status: str = "info"):
colors = {
"info": Colors.CYAN,
"success": Colors.GREEN,
"warning": Colors.YELLOW,
"error": Colors.RED
}
symbols = {"info": "*", "success": "+", "warning": "!", "error": "X"}
print(f"{colors.get(status, Colors.WHITE)}[{symbols.get(status, '*')}] {message}{Colors.RESET}")
def run_cmd(self, cmd: str, timeout: int = 10) -> tuple:
"""Run command and return (success, output)."""
try:
result = subprocess.run(cmd, shell=True, capture_output=True, text=True, timeout=timeout)
return result.returncode == 0, result.stdout.strip()
except:
return False, ""
def collect_system_info(self):
"""Collect comprehensive system information."""
self.print_status("Collecting system information...")
info = self.cve_db.get_system_info()
# Additional system info
success, output = self.run_cmd("hostname")
info['hostname'] = output if success else 'unknown'
success, output = self.run_cmd("uptime -p 2>/dev/null || uptime")
info['uptime'] = output if success else 'unknown'
success, output = self.run_cmd("whoami")
info['current_user'] = output if success else 'unknown'
success, output = self.run_cmd("cat /proc/meminfo 2>/dev/null | grep MemTotal | awk '{print $2}'")
if success and output:
info['memory_kb'] = int(output)
info['memory_gb'] = round(int(output) / 1024 / 1024, 1)
success, output = self.run_cmd("nproc 2>/dev/null || sysctl -n hw.ncpu 2>/dev/null")
info['cpu_cores'] = int(output) if success and output.isdigit() else 0
self.system_info = info
def add_issue(
self,
name: str,
description: str,
severity: str,
category: str,
fix_command: str = None,
fix_instructions: str = None,
score_penalty: int = 5
):
"""Add a security issue to the list."""
issue = SecurityIssue(
name=name,
description=description,
severity=severity,
category=category,
fix_command=fix_command,
fix_instructions=fix_instructions,
)
self.issues.append(issue)
# Adjust score based on severity
penalties = {'CRITICAL': 20, 'HIGH': 15, 'MEDIUM': 10, 'LOW': 5, 'INFO': 0}
self.security_score -= penalties.get(severity.upper(), score_penalty)
self.security_score = max(0, self.security_score)
# =========================================================================
# AUDIT CHECKS
# =========================================================================
def check_firewall(self):
"""Check firewall status."""
self.print_status("Checking firewall...")
# Check iptables
success, output = self.run_cmd("iptables -L -n 2>/dev/null | head -20")
if success and "Chain" in output:
rules = output.count("\n")
if rules > 5:
self.audit_results['firewall'] = {'status': 'enabled', 'type': 'iptables', 'rules': rules}
return
else:
self.add_issue(
"Firewall - Minimal Rules",
f"iptables has only {rules} rules configured",
"MEDIUM",
"network",
fix_instructions="Configure iptables with appropriate rules or use ufw/firewalld for easier management"
)
return
# Check ufw
success, output = self.run_cmd("ufw status 2>/dev/null")
if success and "active" in output.lower():
self.audit_results['firewall'] = {'status': 'enabled', 'type': 'ufw'}
return
# Check firewalld
success, output = self.run_cmd("firewall-cmd --state 2>/dev/null")
if success and "running" in output.lower():
self.audit_results['firewall'] = {'status': 'enabled', 'type': 'firewalld'}
return
# No firewall
self.add_issue(
"No Active Firewall",
"No firewall (iptables/ufw/firewalld) is currently active",
"HIGH",
"network",
fix_command="sudo ufw enable",
fix_instructions="Enable UFW: sudo ufw enable\nOr install: sudo apt install ufw && sudo ufw enable"
)
def check_ssh_config(self):
"""Check SSH hardening."""
self.print_status("Checking SSH configuration...")
ssh_config = Path("/etc/ssh/sshd_config")
if not ssh_config.exists():
self.audit_results['ssh'] = {'status': 'not_installed'}
return
try:
content = ssh_config.read_text()
except PermissionError:
success, content = self.run_cmd("sudo cat /etc/ssh/sshd_config 2>/dev/null")
if not success:
self.audit_results['ssh'] = {'status': 'permission_denied'}
return
self.audit_results['ssh'] = {'status': 'installed', 'issues': []}
# Check root login
if "PermitRootLogin no" not in content and "PermitRootLogin prohibit-password" not in content:
self.add_issue(
"SSH Root Login Enabled",
"Root login via SSH is not disabled",
"HIGH",
"ssh",
fix_command="sudo sed -i 's/^#*PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config && sudo systemctl restart sshd",
fix_instructions="Edit /etc/ssh/sshd_config:\n PermitRootLogin no\nThen restart: sudo systemctl restart sshd"
)
# Check password auth
if "PasswordAuthentication no" not in content:
self.add_issue(
"SSH Password Auth Enabled",
"Password authentication is enabled (key-based is more secure)",
"MEDIUM",
"ssh",
fix_command="sudo sed -i 's/^#*PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config && sudo systemctl restart sshd",
fix_instructions="Edit /etc/ssh/sshd_config:\n PasswordAuthentication no\nEnsure you have SSH keys set up first!"
)
# Check protocol version
if "Protocol 1" in content:
self.add_issue(
"SSH Protocol 1 Enabled",
"Insecure SSH Protocol 1 is enabled",
"CRITICAL",
"ssh",
fix_instructions="Remove 'Protocol 1' from /etc/ssh/sshd_config"
)
def check_open_ports(self):
"""Check for listening ports."""
self.print_status("Scanning open ports...")
success, output = self.run_cmd("ss -tlnp 2>/dev/null || netstat -tlnp 2>/dev/null")
if not success:
return
lines = [l for l in output.split('\n') if 'LISTEN' in l]
self.audit_results['ports'] = {'listening': len(lines), 'high_risk': []}
high_risk_ports = {
'21': ('FTP', 'HIGH', 'FTP transmits credentials in plaintext'),
'23': ('Telnet', 'CRITICAL', 'Telnet is unencrypted'),
'69': ('TFTP', 'HIGH', 'TFTP has no authentication'),
'111': ('RPC', 'MEDIUM', 'RPC can expose services'),
'135': ('MS-RPC', 'HIGH', 'Windows RPC - potential attack vector'),
'139': ('NetBIOS', 'HIGH', 'NetBIOS session service'),
'445': ('SMB', 'HIGH', 'SMB - common attack target'),
'512': ('rexec', 'CRITICAL', 'Insecure remote execution'),
'513': ('rlogin', 'CRITICAL', 'Insecure remote login'),
'514': ('rsh', 'CRITICAL', 'Insecure remote shell'),
'1433': ('MSSQL', 'MEDIUM', 'Database port exposed'),
'3306': ('MySQL', 'MEDIUM', 'Database port exposed'),
'3389': ('RDP', 'HIGH', 'Remote Desktop exposed'),
'5432': ('PostgreSQL', 'MEDIUM', 'Database port exposed'),
'5900': ('VNC', 'HIGH', 'VNC often weakly configured'),
}
for line in lines:
for port, (name, severity, desc) in high_risk_ports.items():
if f':{port} ' in line or f':{port}\t' in line:
self.audit_results['ports']['high_risk'].append(port)
self.add_issue(
f"High-Risk Port Open: {port} ({name})",
desc,
severity,
"network",
fix_instructions=f"Disable the {name} service if not needed:\n sudo systemctl stop <service>\n sudo systemctl disable <service>"
)
def check_users(self):
"""Check user security."""
self.print_status("Checking user accounts...")
self.audit_results['users'] = {'issues': []}
# Users with UID 0
success, output = self.run_cmd("awk -F: '$3 == 0 {print $1}' /etc/passwd")
if success:
uid0_users = [u for u in output.split('\n') if u]
if len(uid0_users) > 1:
extra_roots = [u for u in uid0_users if u != 'root']
self.add_issue(
"Multiple Root Users",
f"Users with UID 0 besides root: {', '.join(extra_roots)}",
"CRITICAL",
"users",
fix_instructions="Review and remove extra UID 0 accounts:\n sudo vipw\n Change UID to non-zero or remove account"
)
# Empty passwords
success, output = self.run_cmd("sudo awk -F: '($2 == \"\" ) {print $1}' /etc/shadow 2>/dev/null")
if success and output:
empty = [u for u in output.split('\n') if u]
if empty:
self.add_issue(
"Users with Empty Passwords",
f"Accounts without passwords: {', '.join(empty)}",
"CRITICAL",
"users",
fix_instructions=f"Set passwords for these users:\n sudo passwd <username>\nOr lock the accounts:\n sudo usermod -L <username>"
)
# Users with shells that shouldn't have them
success, output = self.run_cmd("awk -F: '($7 != \"/usr/sbin/nologin\" && $7 != \"/bin/false\" && $7 != \"/sbin/nologin\") {print $1}' /etc/passwd")
if success:
shell_users = [u for u in output.split('\n') if u]
self.audit_results['users']['shell_users'] = len(shell_users)
def check_permissions(self):
"""Check critical file permissions."""
self.print_status("Checking file permissions...")
critical_files = [
("/etc/passwd", "644", "User database"),
("/etc/shadow", "640", "Password hashes"),
("/etc/group", "644", "Group database"),
("/etc/gshadow", "640", "Group passwords"),
("/etc/ssh/sshd_config", "600", "SSH configuration"),
("/root", "700", "Root home directory"),
("/etc/crontab", "600", "System crontab"),
]
self.audit_results['permissions'] = {'checked': 0, 'issues': 0}
for filepath, expected, desc in critical_files:
p = Path(filepath)
if p.exists():
self.audit_results['permissions']['checked'] += 1
try:
mode = oct(p.stat().st_mode)[-3:]
if int(mode) > int(expected):
self.audit_results['permissions']['issues'] += 1
self.add_issue(
f"Insecure Permissions: {filepath}",
f"{desc} has mode {mode} (should be {expected} or less)",
"MEDIUM",
"permissions",
fix_command=f"sudo chmod {expected} {filepath}",
fix_instructions=f"Fix permissions:\n sudo chmod {expected} {filepath}"
)
except:
pass
# Check for world-writable directories
success, output = self.run_cmd("find /etc -type f -perm -002 2>/dev/null | head -5")
if success and output:
files = output.split('\n')
self.add_issue(
"World-Writable Files in /etc",
f"Found {len(files)} world-writable files in /etc",
"HIGH",
"permissions",
fix_instructions="Review and fix permissions:\n find /etc -type f -perm -002 -exec chmod o-w {} \\;"
)
def check_services(self):
"""Check for unnecessary/dangerous services."""
self.print_status("Auditing services...")
dangerous_services = [
("telnet", "Telnet server"),
("rsh", "Remote shell"),
("rlogin", "Remote login"),
("tftp", "TFTP server"),
("vsftpd", "FTP server"),
("proftpd", "FTP server"),
("pure-ftpd", "FTP server"),
]
self.audit_results['services'] = {'dangerous_running': []}
for svc, desc in dangerous_services:
success, _ = self.run_cmd(f"systemctl is-active {svc} 2>/dev/null")
if success:
self.audit_results['services']['dangerous_running'].append(svc)
self.add_issue(
f"Dangerous Service Running: {svc}",
f"{desc} is running",
"HIGH",
"services",
fix_command=f"sudo systemctl stop {svc} && sudo systemctl disable {svc}",
fix_instructions=f"Stop and disable {svc}:\n sudo systemctl stop {svc}\n sudo systemctl disable {svc}"
)
def check_updates(self):
"""Check for available updates."""
self.print_status("Checking for updates...")
self.audit_results['updates'] = {'available': 0, 'security': 0}
os_id = self.system_info.get('os_id', '')
if os_id in ['debian', 'ubuntu', 'kali', 'mint']:
success, output = self.run_cmd("apt list --upgradable 2>/dev/null | grep -c upgradable || echo 0", timeout=30)
if success and output.isdigit():
count = int(output)
self.audit_results['updates']['available'] = count
if count > 50:
self.add_issue(
"Many Pending Updates",
f"{count} packages need updating",
"MEDIUM",
"updates",
fix_command="sudo apt update && sudo apt upgrade -y",
fix_instructions="Update system:\n sudo apt update\n sudo apt upgrade"
)
elif os_id in ['fedora', 'rhel', 'centos', 'rocky', 'alma']:
success, output = self.run_cmd("dnf check-update 2>/dev/null | wc -l", timeout=30)
if success and output.isdigit():
self.audit_results['updates']['available'] = int(output)
def check_fail2ban(self):
"""Check fail2ban status."""
self.print_status("Checking fail2ban...")
success, output = self.run_cmd("systemctl is-active fail2ban 2>/dev/null")
if success and "active" in output:
self.audit_results['fail2ban'] = {'status': 'running'}
else:
success, _ = self.run_cmd("which fail2ban-client 2>/dev/null")
if success:
self.add_issue(
"Fail2Ban Not Running",
"Fail2ban is installed but not running",
"MEDIUM",
"services",
fix_command="sudo systemctl start fail2ban && sudo systemctl enable fail2ban",
fix_instructions="Start fail2ban:\n sudo systemctl start fail2ban\n sudo systemctl enable fail2ban"
)
else:
self.add_issue(
"Fail2Ban Not Installed",
"Fail2ban is not installed (protects against brute-force)",
"LOW",
"services",
fix_command="sudo apt install fail2ban -y && sudo systemctl enable fail2ban && sudo systemctl start fail2ban",
fix_instructions="Install fail2ban:\n sudo apt install fail2ban\n sudo systemctl enable --now fail2ban"
)
def check_antivirus(self):
"""Check for antivirus."""
self.print_status("Checking antivirus...")
# Check ClamAV
success, _ = self.run_cmd("which clamscan 2>/dev/null")
if success:
self.audit_results['antivirus'] = {'status': 'installed', 'type': 'clamav'}
return
# Check for other AV
for av in ['sophos', 'eset', 'kaspersky']:
success, _ = self.run_cmd(f"which {av} 2>/dev/null")
if success:
self.audit_results['antivirus'] = {'status': 'installed', 'type': av}
return
self.add_issue(
"No Antivirus Installed",
"No antivirus solution detected",
"LOW",
"security",
fix_command="sudo apt install clamav clamav-daemon -y && sudo freshclam",
fix_instructions="Install ClamAV:\n sudo apt install clamav clamav-daemon\n sudo freshclam"
)
def check_cves(self, verbose: bool = True):
"""Check for CVEs affecting this system using local SQLite database."""
self.print_status("Checking CVE database for system vulnerabilities...")
# Get database stats
db_stats = self.cve_db.get_db_stats()
if db_stats['total_cves'] == 0:
if verbose:
print(f"{Colors.YELLOW}[!] Local CVE database is empty. Searching online...{Colors.RESET}")
# Fall back to online search
cves = self.cve_db.search_online(
cpe_name=self.cve_db.system_info.get('cpe_prefix', ''),
days_back=365,
max_results=100,
verbose=verbose
)
else:
if verbose:
print(f"{Colors.DIM} Local DB: {db_stats['total_cves']:,} CVEs | Last sync: {db_stats.get('last_sync', 'Never')[:10] if db_stats.get('last_sync') else 'Never'}{Colors.RESET}")
# Use local database
cves = self.cve_db.get_system_cves(max_results=100)
self.audit_results['cves'] = {
'total': len(cves),
'critical': sum(1 for c in cves if c.get('severity') == 'CRITICAL'),
'high': sum(1 for c in cves if c.get('severity') == 'HIGH'),
'medium': sum(1 for c in cves if c.get('severity') == 'MEDIUM'),
'low': sum(1 for c in cves if c.get('severity') == 'LOW'),
'items': cves[:20], # Keep top 20
'db_stats': db_stats,
}
if verbose:
print(f"{Colors.GREEN}[+] Found {len(cves)} CVEs for your system{Colors.RESET}")
# Add critical/high CVEs as issues
for cve in cves[:10]:
if cve.get('severity') in ['CRITICAL', 'HIGH']:
cve_id = cve.get('cve_id') or cve.get('id', '')
desc = cve.get('description', '')[:150]
self.add_issue(
f"CVE: {cve_id}",
desc,
cve['severity'],
"cve",
fix_instructions=f"Check: https://nvd.nist.gov/vuln/detail/{cve_id}\nUpdate affected packages and apply patches.",
score_penalty=15 if cve['severity'] == 'CRITICAL' else 10
)
# =========================================================================
# MAIN AUDIT
# =========================================================================
def run_full_audit(self, check_cves: bool = True):
"""Run complete system audit."""
clear_screen()
display_banner()
print(f"\n{Colors.BOLD}{Colors.CYAN}Starting Full System Security Audit{Colors.RESET}")
print(f"{Colors.DIM}{'' * 50}{Colors.RESET}\n")
self.issues = []
self.audit_results = {}
self.security_score = 100
# Collect info and run checks
self.collect_system_info()
self.check_firewall()
self.check_ssh_config()
self.check_open_ports()
self.check_users()
self.check_permissions()
self.check_services()
self.check_updates()
self.check_fail2ban()
self.check_antivirus()
if check_cves:
self.check_cves()
print(f"\n{Colors.DIM}{'' * 50}{Colors.RESET}")
self.print_summary()
def print_summary(self):
"""Print audit summary."""
print(f"\n{Colors.BOLD}Security Audit Summary{Colors.RESET}")
print(f"{Colors.DIM}{'' * 40}{Colors.RESET}")
# System info
print(f"\n{Colors.CYAN}System:{Colors.RESET} {self.system_info.get('os_name', 'Unknown')}")
print(f"{Colors.CYAN}Hostname:{Colors.RESET} {self.system_info.get('hostname', 'Unknown')}")
# Issue counts by severity
critical = sum(1 for i in self.issues if i.severity == 'CRITICAL')
high = sum(1 for i in self.issues if i.severity == 'HIGH')
medium = sum(1 for i in self.issues if i.severity == 'MEDIUM')
low = sum(1 for i in self.issues if i.severity == 'LOW')
print(f"\n{Colors.BOLD}Issues Found:{Colors.RESET}")
if critical:
print(f" {Colors.RED}CRITICAL: {critical}{Colors.RESET}")
if high:
print(f" {Colors.RED}HIGH: {high}{Colors.RESET}")
if medium:
print(f" {Colors.YELLOW}MEDIUM: {medium}{Colors.RESET}")
if low:
print(f" {Colors.CYAN}LOW: {low}{Colors.RESET}")
if not self.issues:
print(f" {Colors.GREEN}No issues found!{Colors.RESET}")
# Security score
print(f"\n{Colors.BOLD}Security Score: ", end="")
if self.security_score >= 80:
print(f"{Colors.GREEN}{self.security_score}/100{Colors.RESET}")
elif self.security_score >= 50:
print(f"{Colors.YELLOW}{self.security_score}/100{Colors.RESET}")
else:
print(f"{Colors.RED}{self.security_score}/100{Colors.RESET}")
def save_to_file(self) -> bool:
"""Save audit results to system.inf."""
try:
data = {
'audit_date': datetime.now().isoformat(),
'system_info': self.system_info,
'security_score': self.security_score,
'audit_results': self.audit_results,
'issues': [i.to_dict() for i in self.issues],
}
with open(self._system_inf_path(), 'w') as f:
json.dump(data, f, indent=2, default=str)
self.print_status(f"Results saved to {self._system_inf_path()}", "success")
return True
except Exception as e:
self.print_status(f"Failed to save: {e}", "error")
return False
def load_from_file(self) -> bool:
"""Load previous audit results from system.inf."""
if not self._system_inf_path().exists():
return False
try:
with open(self._system_inf_path(), 'r') as f:
data = json.load(f)
self.system_info = data.get('system_info', {})
self.security_score = data.get('security_score', 100)
self.audit_results = data.get('audit_results', {})
self.issues = [SecurityIssue.from_dict(i) for i in data.get('issues', [])]
return True
except Exception as e:
self.print_status(f"Failed to load: {e}", "error")
return False
# =========================================================================
# ISSUE REMEDIATION
# =========================================================================
def show_issue_details(self, issue: SecurityIssue):
"""Show detailed information about an issue."""
clear_screen()
display_banner()
color = SecurityIssue.SEVERITY_COLORS.get(issue.severity, Colors.WHITE)
print(f"\n{Colors.BOLD}Issue Details{Colors.RESET}")
print(f"{Colors.DIM}{'' * 50}{Colors.RESET}\n")
print(f"{Colors.BOLD}Name:{Colors.RESET} {issue.name}")
print(f"{Colors.BOLD}Severity:{Colors.RESET} {color}{issue.severity}{Colors.RESET}")
print(f"{Colors.BOLD}Category:{Colors.RESET} {issue.category}")
print(f"\n{Colors.BOLD}Description:{Colors.RESET}")
print(f" {issue.description}")
if issue.cve_ids:
print(f"\n{Colors.BOLD}Related CVEs:{Colors.RESET}")
for cve in issue.cve_ids:
print(f" - {cve}")
if issue.fix_instructions:
print(f"\n{Colors.BOLD}Manual Fix Instructions:{Colors.RESET}")
for line in issue.fix_instructions.split('\n'):
print(f" {line}")
if issue.fix_command:
print(f"\n{Colors.BOLD}Auto-Fix Command:{Colors.RESET}")
print(f" {Colors.CYAN}{issue.fix_command}{Colors.RESET}")
print(f"\n{Colors.DIM}{'' * 50}{Colors.RESET}")
def attempt_llm_fix(self, issue: SecurityIssue) -> bool:
"""Use LLM to generate and optionally apply a fix."""
try:
from core.llm import get_llm, LLMError
except ImportError:
self.print_status("LLM module not available", "error")
return False
self.print_status("Consulting LLM for fix recommendation...", "info")
try:
llm = get_llm()
if not llm.is_loaded:
self.print_status("Loading LLM model...", "info")
llm.load_model(verbose=True)
# Build prompt
prompt = f"""You are a Linux security expert. Analyze this security issue and provide a fix.
System: {self.system_info.get('os_name', 'Linux')}
Issue: {issue.name}
Severity: {issue.severity}
Description: {issue.description}
Category: {issue.category}
Provide:
1. A brief explanation of the risk
2. The exact command(s) to fix this issue
3. Any important warnings or prerequisites
Format your response clearly with sections."""
print(f"\n{Colors.CYAN}LLM Analysis:{Colors.RESET}\n")
# Generate response with streaming
response_text = ""
for token in llm.generate(prompt, stream=True, max_tokens=500):
print(token, end="", flush=True)
response_text += token
print("\n")
# Ask if user wants to apply suggested fix
if issue.fix_command:
print(f"\n{Colors.YELLOW}Suggested command:{Colors.RESET} {issue.fix_command}")
choice = input(f"\n{Colors.WHITE}Apply this fix? (y/n): {Colors.RESET}").strip().lower()
if choice == 'y':
print(f"\n{Colors.CYAN}[*] Executing: {issue.fix_command}{Colors.RESET}")
success, output = self.run_cmd(issue.fix_command, timeout=60)
if success:
self.print_status("Fix applied successfully!", "success")
issue.status = "fixed"
return True
else:
self.print_status(f"Command failed: {output}", "error")
return False
return True
except Exception as e:
self.print_status(f"LLM error: {e}", "error")
return False
def apply_manual_fix(self, issue: SecurityIssue) -> bool:
"""Apply the predefined fix command."""
if not issue.fix_command:
self.print_status("No automatic fix available for this issue", "warning")
return False
print(f"\n{Colors.BOLD}Fix Command:{Colors.RESET}")
print(f" {Colors.CYAN}{issue.fix_command}{Colors.RESET}")
print(f"\n{Colors.YELLOW}Warning: This will modify your system.{Colors.RESET}")
choice = input(f"{Colors.WHITE}Execute this command? (y/n): {Colors.RESET}").strip().lower()
if choice != 'y':
self.print_status("Fix cancelled", "info")
return False
print(f"\n{Colors.CYAN}[*] Executing...{Colors.RESET}")
success, output = self.run_cmd(issue.fix_command, timeout=60)
if output:
print(f"\n{Colors.DIM}Output:{Colors.RESET}")
print(output)
if success:
self.print_status("Fix applied successfully!", "success")
issue.status = "fixed"
return True
else:
self.print_status("Command failed", "error")
return False
# =========================================================================
# MENU SYSTEM
# =========================================================================
def show_menu(self):
"""Display main menu."""
clear_screen()
display_banner()
# Load previous results if available
has_results = self._system_inf_path().exists()
# Get CVE database stats
db_stats = self.cve_db.get_db_stats()
print(f"\n{Colors.BLUE}{Colors.BOLD} My System - Security Audit{Colors.RESET}")
print(f"{Colors.DIM} {'' * 50}{Colors.RESET}")
# Show system info
sys_info = self.cve_db.get_system_info()
print(f"\n {Colors.CYAN}Detected:{Colors.RESET} {sys_info.get('os_id', 'unknown')} {sys_info.get('os_version', '')}")
print(f" {Colors.CYAN}Kernel:{Colors.RESET} {sys_info.get('kernel', 'unknown')}")
# Show CVE database status
if db_stats['total_cves'] > 0:
last_sync = db_stats.get('last_sync', '')[:10] if db_stats.get('last_sync') else 'Never'
print(f" {Colors.CYAN}CVE Database:{Colors.RESET} {db_stats['total_cves']:,} CVEs ({db_stats['db_size_mb']} MB)")
print(f" {Colors.CYAN}Last Sync:{Colors.RESET} {last_sync}")
else:
print(f" {Colors.YELLOW}CVE Database:{Colors.RESET} Empty - sync required")
if has_results and self.issues:
print(f" {Colors.CYAN}Last Score:{Colors.RESET} {self.security_score}/100")
print(f" {Colors.CYAN}Open Issues:{Colors.RESET} {sum(1 for i in self.issues if i.status == 'open')}")
print(f"\n{Colors.DIM} {'' * 50}{Colors.RESET}\n")
print(f" {Colors.GREEN}[1]{Colors.RESET} Run Full System Audit")
print(f" {Colors.GREEN}[2]{Colors.RESET} Run Audit (Skip CVE Check)")
if has_results:
print(f"\n {Colors.CYAN}[3]{Colors.RESET} View Issues ({len(self.issues)} found)")
print(f" {Colors.CYAN}[4]{Colors.RESET} View CVE Report")
print(f"\n {Colors.YELLOW}[5]{Colors.RESET} Search CVE Database")
print(f" {Colors.YELLOW}[6]{Colors.RESET} Check Software for CVEs")
print(f"\n {Colors.MAGENTA}[7]{Colors.RESET} Sync CVE Database (Recent)")
print(f" {Colors.MAGENTA}[8]{Colors.RESET} Sync CVE Database (Full)")
print(f" {Colors.MAGENTA}[9]{Colors.RESET} CVE Database Info")
print(f"\n {Colors.DIM}[0]{Colors.RESET} Back to Main Menu")
print()
def show_issues_menu(self):
"""Display issues as selectable options."""
if not self.issues:
self.print_status("No issues found. Run an audit first.", "info")
input(f"\n{Colors.WHITE}Press Enter to continue...{Colors.RESET}")
return
while True:
clear_screen()
display_banner()
open_issues = [i for i in self.issues if i.status == 'open']
fixed_issues = [i for i in self.issues if i.status == 'fixed']
print(f"\n{Colors.BOLD}Security Issues{Colors.RESET}")
print(f"{Colors.DIM}Score: {self.security_score}/100 | Open: {len(open_issues)} | Fixed: {len(fixed_issues)}{Colors.RESET}")
print(f"{Colors.DIM}{'' * 60}{Colors.RESET}\n")
if not open_issues:
print(f"{Colors.GREEN}All issues have been addressed!{Colors.RESET}")
input(f"\n{Colors.WHITE}Press Enter to continue...{Colors.RESET}")
return
# List issues
for idx, issue in enumerate(open_issues, 1):
color = SecurityIssue.SEVERITY_COLORS.get(issue.severity, Colors.WHITE)
severity_badge = f"{color}[{issue.severity[:4]}]{Colors.RESET}"
print(f" [{idx:2}] {severity_badge} {issue.name}")
print(f"\n {Colors.DIM}[0]{Colors.RESET} Back")
print()
try:
choice = input(f"{Colors.WHITE} Select issue to fix: {Colors.RESET}").strip()
if choice == '0':
break
if choice.isdigit():
idx = int(choice) - 1
if 0 <= idx < len(open_issues):
self.handle_issue(open_issues[idx])
except (EOFError, KeyboardInterrupt):
break
def handle_issue(self, issue: SecurityIssue):
"""Handle remediation of a single issue."""
self.show_issue_details(issue)
print(f"\n {Colors.GREEN}[1]{Colors.RESET} Auto-Fix with LLM")
print(f" {Colors.CYAN}[2]{Colors.RESET} Apply Manual Fix")
print(f" {Colors.YELLOW}[3]{Colors.RESET} Mark as Ignored")
print(f" {Colors.DIM}[0]{Colors.RESET} Back")
print()
try:
choice = input(f"{Colors.WHITE} Select action: {Colors.RESET}").strip()
if choice == '1':
self.attempt_llm_fix(issue)
self.save_to_file()
input(f"\n{Colors.WHITE}Press Enter to continue...{Colors.RESET}")
elif choice == '2':
self.apply_manual_fix(issue)
self.save_to_file()
input(f"\n{Colors.WHITE}Press Enter to continue...{Colors.RESET}")
elif choice == '3':
issue.status = 'ignored'
self.print_status("Issue marked as ignored", "info")
self.save_to_file()
input(f"\n{Colors.WHITE}Press Enter to continue...{Colors.RESET}")
except (EOFError, KeyboardInterrupt):
pass
def show_cve_report(self):
"""Show CVE report from audit."""
clear_screen()
display_banner()
cve_data = self.audit_results.get('cves', {})
print(f"\n{Colors.BOLD}CVE Report for Your System{Colors.RESET}")
print(f"{Colors.DIM}{'' * 60}{Colors.RESET}\n")
print(f" {Colors.CYAN}Total CVEs:{Colors.RESET} {cve_data.get('total', 0)}")
print(f" {Colors.RED}Critical:{Colors.RESET} {cve_data.get('critical', 0)}")
print(f" {Colors.RED}High:{Colors.RESET} {cve_data.get('high', 0)}")
print(f" {Colors.YELLOW}Medium:{Colors.RESET} {cve_data.get('medium', 0)}")
print(f" {Colors.CYAN}Low:{Colors.RESET} {cve_data.get('low', 0)}")
print(f"\n{Colors.BOLD}Top CVEs:{Colors.RESET}\n")
for cve in cve_data.get('items', [])[:15]:
color = SecurityIssue.SEVERITY_COLORS.get(cve['severity'], Colors.WHITE)
print(f" {color}{cve['id']}{Colors.RESET} ({cve['severity']}) - CVSS: {cve['cvss_score']}")
print(f" {Colors.DIM}{cve['description'][:70]}...{Colors.RESET}")
print()
input(f"\n{Colors.WHITE}Press Enter to continue...{Colors.RESET}")
def search_cve_interactive(self):
"""Interactive CVE search."""
clear_screen()
display_banner()
print(f"\n{Colors.BOLD}CVE Database Search{Colors.RESET}")
print(f"{Colors.DIM}{'' * 50}{Colors.RESET}\n")
db_stats = self.cve_db.get_db_stats()
if db_stats['total_cves'] > 0:
print(f"{Colors.DIM}Local database: {db_stats['total_cves']:,} CVEs{Colors.RESET}\n")
else:
print(f"{Colors.YELLOW}Local database empty - will search online{Colors.RESET}\n")
keyword = input(f"{Colors.WHITE}Search keyword (or Enter for system CVEs): {Colors.RESET}").strip()
print()
self.print_status("Searching CVE database...", "info")
# Try local database first, fall back to online
if db_stats['total_cves'] > 0:
if keyword:
cves = self.cve_db.search_cves(keyword=keyword)
else:
cves = self.cve_db.get_system_cves()
else:
if keyword:
cves = self.cve_db.search_online(keyword=keyword, verbose=True)
else:
cve_prefix = self.cve_db.system_info.get('cpe_prefix', '')
cves = self.cve_db.search_online(cpe_name=cve_prefix, verbose=True)
if not cves:
self.print_status("No CVEs found", "warning")
input(f"\n{Colors.WHITE}Press Enter to continue...{Colors.RESET}")
return
print(f"\n{Colors.BOLD}Results ({len(cves)} found):{Colors.RESET}\n")
for cve in cves[:20]:
color = SecurityIssue.SEVERITY_COLORS.get(cve.get('severity', ''), Colors.WHITE)
cve_id = cve.get('cve_id') or cve.get('id', '')
score = cve.get('cvss_score') or cve.get('cvss_v3_score') or 0
desc = cve.get('description', '')[:80]
print(f" {color}{cve_id}{Colors.RESET} - CVSS: {score} ({cve.get('severity', 'N/A')})")
print(f" {Colors.DIM}{desc}...{Colors.RESET}")
print()
# Option to view details
cve_id = input(f"\n{Colors.WHITE}Enter CVE ID for details (or Enter to go back): {Colors.RESET}").strip().upper()
if cve_id:
# Try local first, then online
details = self.cve_db.get_cve(cve_id)
if not details:
details = self.cve_db.fetch_cve_online(cve_id, verbose=True)
if details:
self.show_cve_details(details)
else:
self.print_status(f"CVE {cve_id} not found", "warning")
input(f"\n{Colors.WHITE}Press Enter to continue...{Colors.RESET}")
def show_cve_details(self, cve: Dict):
"""Show detailed CVE information."""
clear_screen()
display_banner()
cve_id = cve.get('cve_id') or cve.get('id', '')
print(f"\n{Colors.BOLD}{cve_id}{Colors.RESET}")
print(f"{Colors.DIM}{'' * 60}{Colors.RESET}\n")
print(f"{Colors.BOLD}Description:{Colors.RESET}")
print(f" {cve.get('description', 'N/A')}\n")
# CVSS v3
if cve.get('cvss_v3_score'):
color = SecurityIssue.SEVERITY_COLORS.get(cve.get('cvss_v3_severity', ''), Colors.WHITE)
print(f"{Colors.BOLD}CVSS v3:{Colors.RESET}")
print(f" Score: {color}{cve['cvss_v3_score']} ({cve.get('cvss_v3_severity', 'N/A')}){Colors.RESET}")
if cve.get('cvss_v3_vector'):
print(f" Vector: {cve['cvss_v3_vector']}")
# CVSS v2 (if no v3)
elif cve.get('cvss_v2_score'):
color = SecurityIssue.SEVERITY_COLORS.get(cve.get('cvss_v2_severity', ''), Colors.WHITE)
print(f"{Colors.BOLD}CVSS v2:{Colors.RESET}")
print(f" Score: {color}{cve['cvss_v2_score']} ({cve.get('cvss_v2_severity', 'N/A')}){Colors.RESET}")
if cve.get('cvss_v2_vector'):
print(f" Vector: {cve['cvss_v2_vector']}")
if cve.get('published'):
print(f"\n{Colors.BOLD}Published:{Colors.RESET} {cve['published'][:10]}")
if cve.get('weaknesses'):
print(f"\n{Colors.BOLD}Weaknesses (CWE):{Colors.RESET}")
for w in cve['weaknesses'][:5]:
print(f" - {w}")
if cve.get('references'):
print(f"\n{Colors.BOLD}References:{Colors.RESET}")
for ref in cve['references'][:5]:
url = ref.get('url', ref) if isinstance(ref, dict) else ref
print(f" - {url}")
if cve.get('cpes'):
print(f"\n{Colors.BOLD}Affected Products:{Colors.RESET}")
for cpe in cve['cpes'][:5]:
criteria = cpe.get('cpe_criteria', cpe) if isinstance(cpe, dict) else cpe
print(f" - {criteria}")
print(f"\n{Colors.CYAN}Full details: https://nvd.nist.gov/vuln/detail/{cve_id}{Colors.RESET}")
input(f"\n{Colors.WHITE}Press Enter to continue...{Colors.RESET}")
def check_software_cves(self):
"""Check CVEs for specific software."""
clear_screen()
display_banner()
print(f"\n{Colors.BOLD}Software CVE Check{Colors.RESET}")
print(f"{Colors.DIM}{'' * 50}{Colors.RESET}\n")
db_stats = self.cve_db.get_db_stats()
if db_stats['total_cves'] > 0:
print(f"{Colors.DIM}Local database: {db_stats['total_cves']:,} CVEs{Colors.RESET}\n")
software = input(f"{Colors.WHITE}Software name (e.g., apache, nginx, openssh): {Colors.RESET}").strip()
if not software:
return
version = input(f"{Colors.WHITE}Version (optional): {Colors.RESET}").strip()
print()
self.print_status(f"Searching CVEs for {software}...", "info")
# Try local database first
if db_stats['total_cves'] > 0:
cves = self.cve_db.get_software_cves(software, version=version if version else None)
else:
# Fall back to online search
keyword = f"{software} {version}" if version else software
cves = self.cve_db.search_online(keyword=keyword, verbose=True)
if not cves:
self.print_status("No CVEs found for this software", "success")
input(f"\n{Colors.WHITE}Press Enter to continue...{Colors.RESET}")
return
print(f"\n{Colors.BOLD}Found {len(cves)} CVEs:{Colors.RESET}\n")
for cve in cves[:15]:
color = SecurityIssue.SEVERITY_COLORS.get(cve.get('severity', ''), Colors.WHITE)
cve_id = cve.get('cve_id') or cve.get('id', '')
score = cve.get('cvss_score') or cve.get('cvss_v3_score') or 0
desc = cve.get('description', '')
desc = desc[:70] + '...' if len(desc) > 70 else desc
print(f" {color}{cve_id}{Colors.RESET} - CVSS: {score} ({cve.get('severity', 'N/A')})")
print(f" {Colors.DIM}{desc}{Colors.RESET}")
print()
input(f"\n{Colors.WHITE}Press Enter to continue...{Colors.RESET}")
def sync_database_recent(self):
"""Sync recent CVEs (last 120 days)."""
clear_screen()
display_banner()
print(f"\n{Colors.BOLD}CVE Database Sync (Recent){Colors.RESET}")
print(f"{Colors.DIM}{'' * 50}{Colors.RESET}\n")
print(f"This will download CVEs from the last 120 days.")
print(f"Estimated time: 5-15 minutes (depending on API rate limits)\n")
confirm = input(f"{Colors.WHITE}Start sync? (y/n): {Colors.RESET}").strip().lower()
if confirm != 'y':
return
print()
stats = self.cve_db.sync_database(days_back=120, verbose=True)
print(f"\n{Colors.BOLD}Sync Complete{Colors.RESET}")
print(f" CVEs processed: {stats.get('cves_processed', 0):,}")
print(f" Errors: {stats.get('errors', 0)}")
input(f"\n{Colors.WHITE}Press Enter to continue...{Colors.RESET}")
def sync_database_full(self):
"""Full database sync (all CVEs since 1999)."""
clear_screen()
display_banner()
print(f"\n{Colors.BOLD}CVE Database Sync (Full){Colors.RESET}")
print(f"{Colors.DIM}{'' * 50}{Colors.RESET}\n")
print(f"{Colors.YELLOW}WARNING: This will download ALL CVEs (200,000+){Colors.RESET}")
print(f"Estimated time: 2-6 hours (depending on API rate limits)")
print(f"Database size: ~150-300 MB\n")
print(f"Consider getting an NVD API key for faster sync:")
print(f" https://nvd.nist.gov/developers/request-an-api-key\n")
confirm = input(f"{Colors.WHITE}Start full sync? (y/n): {Colors.RESET}").strip().lower()
if confirm != 'y':
return
print()
stats = self.cve_db.sync_database(full_sync=True, verbose=True)
print(f"\n{Colors.BOLD}Sync Complete{Colors.RESET}")
print(f" CVEs processed: {stats.get('cves_processed', 0):,}")
print(f" Errors: {stats.get('errors', 0)}")
input(f"\n{Colors.WHITE}Press Enter to continue...{Colors.RESET}")
def show_database_info(self):
"""Show CVE database information."""
clear_screen()
display_banner()
print(f"\n{Colors.BOLD}CVE Database Information{Colors.RESET}")
print(f"{Colors.DIM}{'' * 50}{Colors.RESET}\n")
stats = self.cve_db.get_db_stats()
print(f" {Colors.CYAN}Database Path:{Colors.RESET} {stats['db_path']}")
print(f" {Colors.CYAN}Database Size:{Colors.RESET} {stats['db_size_mb']} MB")
print(f" {Colors.CYAN}Total CVEs:{Colors.RESET} {stats['total_cves']:,}")
print(f" {Colors.CYAN}Total CPEs:{Colors.RESET} {stats['total_cpes']:,}")
print(f" {Colors.CYAN}Last Sync:{Colors.RESET} {stats.get('last_sync', 'Never')}")
if stats.get('by_severity'):
print(f"\n {Colors.BOLD}CVEs by Severity:{Colors.RESET}")
for sev, count in sorted(stats['by_severity'].items()):
color = SecurityIssue.SEVERITY_COLORS.get(sev, Colors.WHITE)
print(f" {color}{sev}:{Colors.RESET} {count:,}")
sys_info = self.cve_db.get_system_info()
print(f"\n {Colors.BOLD}System Detection:{Colors.RESET}")
print(f" OS: {sys_info.get('os_name', 'Unknown')}")
print(f" CPE: {sys_info.get('cpe_prefix', 'Unknown')}")
input(f"\n{Colors.WHITE}Press Enter to continue...{Colors.RESET}")
def run(self):
"""Main module loop."""
# Try to load previous results
self.load_from_file()
while True:
self.show_menu()
try:
choice = input(f"{Colors.WHITE} Select: {Colors.RESET}").strip()
if choice == '0':
break
elif choice == '1':
self.run_full_audit(check_cves=True)
self.save_to_file()
input(f"\n{Colors.WHITE}Press Enter to continue...{Colors.RESET}")
elif choice == '2':
self.run_full_audit(check_cves=False)
self.save_to_file()
input(f"\n{Colors.WHITE}Press Enter to continue...{Colors.RESET}")
elif choice == '3' and self._system_inf_path().exists():
self.show_issues_menu()
elif choice == '4' and self._system_inf_path().exists():
self.show_cve_report()
elif choice == '5':
self.search_cve_interactive()
elif choice == '6':
self.check_software_cves()
elif choice == '7':
self.sync_database_recent()
elif choice == '8':
self.sync_database_full()
elif choice == '9':
self.show_database_info()
except (EOFError, KeyboardInterrupt):
break
def run():
MySystem().run()
if __name__ == "__main__":
run()
Reference in New Issue Copy Permalink