Parrot Security Center development

Idea:

  • Protect home users
  • There are users want to have AV and other security solutions
  • Control all security tools (defensive) in a place
  • Checked https://github.com/OWASP/SecureTea-Project and didn’t happy with it (web server / installation failed)
  • Want to bring some custom method to protect users

Goal:

  • Use backend security tools
  • Create some custom controllers and maintain everything in hand
  • Use nim lang with gintro library (GTK): Fast, easy to read and maintain. Great community!
  • Native GUI application

Status:

  • Playing with ClamAV
    Screenshot%20at%202019-12-24%2002-26-21

Todo:

  • Complete ClamAV controller
  • Better code syntax
  • Custom firewall rules with nftables
  • Anonsurf buttons in it
4 Likes

Ive never had sucess with ClamAV and ive never heard anyone say anything good about that Anti Virus Package. It throws more Fales Positives than real positives in my experience. Plus if your using PenTest/Redteam OS and I get it that your talking about the Home Addition, but no ones going to be reverse Engineering Maleware on that distro and its not easy to get Viruses on Linux if your behind a VPN and using a Firewall Correctly. Plus isnt every Parrot Applications using AppArmor?

Check out this Git page for Algo? https://github.com/trailofbits/algo
Ive been using this for building my on VPNs and Honestly Im looking for people who want to Start a VPN Startup, and Maybe Even Working with Parrot guys to Add a Revenue System for them? How does that Sound?

I believe that is marketing from other AV solutions.

2 weeks ago a member sent me a sample of Linux coin miner and Clam AV is 1 of 4 AV solutions can detect it (tested on virus total).

Yes I am focusing Home users.

There are more way to infect malware. It depends on how users use their system and AV is 1 method. For example: An user download a binary file on internet by HTTP protocol or FTP protocol. Someone hijacks the connection and injects malware into the binary file. AV will be a good solution to check the file (ofc AV could not detect malware because of signature problem).

AV is a part of this project and i’ll add more features to protect users. Firewall policies will be included and i’ll do IPS if i can.

Turned out clamAV is the biggest fail. Simple scan task takes 400mb RAM (800MB for full database). That is only clamscan task.

At this point, Having a thorough firewall ruleset shipped with default .iso would seem like a best bet for the first layer of defense of home users. I did send you a preset firewall rulset a few weeks ago @dmknght & a few exclusion like anonsurf ports and you’ll be ready with a robust firewall, test it out :blush:

Speaking on clamav, putting gui to work seems like a potential unnecessary workload. @Meet has a database of millions of malware signatures/hashes, exclude the ones for windows, mac, android & iOS and combine it with clamav sig database & run it via CLI. We can put a module together that is CLI, easy on resources and even more easy to operate. just few easy commands like “scan -all” that triggers a scan command on the backend side to scan the entire filesystem with a restricted limit on how many files/signatures are to be matched, but having our own sig database would mean we are the one to host server that pushes upgrades and since malware keeps evolving, we’ll have to push updates like every 6 hours and users will have to upgrade from their side soo often. Its basically like setting up our own department of malware analysis, which im pretty sure we aren’t ready for at the moment. Heuristic behavior based detection is a different topic, whole lot of different commands to finegrain the detection more on that in our personal chat on the messaging app.

Or what we can do is, ship the user-sec toolset with both home and well as security edtion, home edition comes with default firewall&malware sig ruleset enabled since it would reduce user interaction and less misconfiguration (aka pain in the ass) and security edition does come with with user-sec toolset but disabled by default assuming that people who choose to use security edition know what they’re doing.

What do you say?

2 Likes

I agree. It should be on todo soon (must test and check and other things). We are having so many big jobs todo :frowning:
GUI is something user friendly. I think i can contact that dude and try the backend on Linux if the code can be used on Linux.

Agree princess!

2 Likes

Do you still have that ufw ruleset? I wanted to take a look at it

I would like to briefly add a few thoughts to this thread as it is one that is of particular interest to me and the main reason why I found myself giving Parrot OS a try. I am really concerned about my home office security and want to be more prepared to both detect IF I have been comprimised and even better WHO is doing it.

So you know my perspective on this subject here is a brief self-introduction: I am a programmer by background and have been using Linux since kernel 0.12. I’ve done work ranging from end user applications through to automated building and publishing of deb’s then over to iPXE booting under UEFI for my own custom OS installer. My preferred language is Ruby and I’m doing a bunch of C++ for Arduinos. I’m ditching MacOS as my desktop and migrating completely over to Linux.

Back to the matter at hand…

The non-security-aware-user (i.e. 99.9% of the world) will disover some of the best practices they were supposed to follow after they have been comprismised. Comprimised or not, any of these users that want to boslter their security face a daunting array of options, none of which are straight forward to use, none are a ‘silver bullet’, and there’s a whole new realm of acronynms and jargon.

I am exactly one of these types of users. I was comprimised and went from solo e-health developer working in his home office to a guy who was really lost and confused and had no black, white or other hat coloured hackers in my circle of friends. I thought I was " pretty good" with maintaining my security - I was totally not. So I am painfully aware of a huge gap that I believe is going to start to eat a lot more smart highly techincal, but highly specialized in non-security matters, people just like myself.

I have some thoughts on what could really help someone just like this reduce the their vulnerabilities, and improve their resiliency given that we are facaing a growing threat of attack evry day.

Before going into greater detail I would like to inquire what is the best way to proceed and am putting myself out there as a resource who’s personally motivated to get involved in addressing this very issue.

if you know how to lockpick a door, you will be able to buy better doors next time. that’s the trick

the best way to teach security to people, in most of the cases, is to teach them how to break things. this raises both awareness and responsibility about security and pushes them into achieving real security instead of settling for something that just makes them feel more secure

4 Likes

Couldnt have said that any better!!!

hi, hablas spanish?

busco un mentor para aprender sobre seguridad informatica por donde empiezo