Compare commits
26 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 3bdac850b6 | |||
| 885d67afd0 | |||
| 6de9f4aabe | |||
| c3b48f278d | |||
| e4d63a7ef5 | |||
| 672b8cf0c1 | |||
| 4488a52631 | |||
| 92b89b78cf | |||
| 22c7cf1119 | |||
| 9ad538862e | |||
| ee1f89e45f | |||
| 79f6c09cc9 | |||
| b0869a94c9 | |||
| a5f84f35de | |||
| 0b64402f74 | |||
| c8d667f5c5 | |||
| dc37b6a2da | |||
| 8890ed1b26 | |||
| 6b6c9bb368 | |||
| 7acc61d80d | |||
| ecf1281290 | |||
| 6350241a35 | |||
| 8d64b3bc9a | |||
| 6790b17f86 | |||
| 5a133d0d17 | |||
| 67ac58ef46 |
@ -40,15 +40,6 @@ Once installed, you can connect yourself to the TinyCheck backend by browsing th
|
||||
|
||||
The backend allows you to edit the configuration of TinyCheck, add extended IOCs and whitelisted elements in order to prevent false positives. Several IOCs are already provided such as few suricata rules, FreeDNS, Name servers, CIDRs known to host malicious servers and so on.
|
||||
|
||||
### Questions & Answers
|
||||
|
||||
**Your project seem very cool, does it send data to Kaspersky or any telemetry server?**<br /><br />
|
||||
No, at all. You can look to the sources, the only data sent by TinyCheck is an HTTP GET request to a website that you can specify in the config, as well as the watchers URLs. Kaspersky don't - and will not - receive any telemetry from your TinyCheck device.<br /><br />
|
||||
**Can you list some hardware which can be used with this project (touch screen, wifi dongle etc.)?**<br /><br />
|
||||
Unfortunately, we prefer to not promote any hardware/constructor/website on this page. Do not hesitate to contact us if you want specific references. <br /><br />
|
||||
**I'm not very confortable with the concept of "watchers" as the IOCs downloaded are public. Do you plan to develop a server to centralize AMBER/RED IOCs?**<br /><br />
|
||||
Yes, if the demand is felt by NGOs (contact us!). Is it possible to develop this kind of thing, allowing you to centralize your IOCs and managing your fleet of TinyCheck instances on a server that you host. The server can also embed better detection rules thanks to the telemetry that it will receive from devices.<br />
|
||||
|
||||
### Special thanks
|
||||
|
||||
**Guys who provided some IOCs**
|
||||
|
||||
@ -55,11 +55,19 @@
|
||||
this.set_lang();
|
||||
})
|
||||
.catch(error => { console.log(error) });
|
||||
},
|
||||
get_version: function() {
|
||||
axios.get('/api/update/get-version', { timeout: 60000 })
|
||||
.then(response => {
|
||||
if(response.data.status) window.current_version = response.data.current_version
|
||||
})
|
||||
.catch(error => { console.log(error) });
|
||||
}
|
||||
},
|
||||
created: function() {
|
||||
window.config = {}
|
||||
this.get_config();
|
||||
this.get_version();
|
||||
}
|
||||
}
|
||||
</script>
|
||||
|
||||
File diff suppressed because one or more lines are too long
@ -2,9 +2,11 @@
|
||||
<div class="controls" v-if="display">
|
||||
<i class="off-icon" v-on:click="action('shutdown')" v-if="off_available"></i>
|
||||
<i class="quit-icon" v-on:click="action('quit')" v-if="quit_available"></i>
|
||||
<i :class="[ update_available ? 'update-icon' :'no-update-icon' ]" @click="$router.push({ name: 'update' })"></i>
|
||||
<i class="home-icon" @click="$router.push({ name: 'home' })"></i>
|
||||
<i class="update-icon" v-if="update_available&&update_possible" @click="$router.push({ name: 'update' })"></i>
|
||||
</div>
|
||||
</template>
|
||||
|
||||
<script>
|
||||
import axios from 'axios'
|
||||
|
||||
@ -14,7 +16,7 @@ export default {
|
||||
return {
|
||||
display: true,
|
||||
update_available: false,
|
||||
update_possible: true,
|
||||
update_possible: false,
|
||||
quit_available: false,
|
||||
off_available: false
|
||||
}
|
||||
@ -33,11 +35,14 @@ export default {
|
||||
.then(response => {
|
||||
if(response.data.status) {
|
||||
if(response.data.message == "A new version is available"){
|
||||
|
||||
// Allow to show the warning chip.
|
||||
this.update_available = true
|
||||
this.update_possible = true
|
||||
} else if(response.data.message == "This is the latest version"){
|
||||
this.update_available = false
|
||||
this.update_possible = true
|
||||
|
||||
// Pass the versions as "global vars" through window variable.
|
||||
window.current_version = response.data.current_version
|
||||
window.next_version = response.data.next_version
|
||||
}
|
||||
} else {
|
||||
this.update_possible = false
|
||||
|
||||
@ -78,5 +78,12 @@
|
||||
"tap_msg": "Podeu tocar la tecla USB per iniciar una nova captura.",
|
||||
"capture_download": "La descàrrega de la captura començarà ...",
|
||||
"start_capture_btn": "Inicia una altra captura"
|
||||
},
|
||||
"update": {
|
||||
"tinycheck_needs": "TinyCheck ha d´actualitzar-se a la propera versió",
|
||||
"please_click": "Feu click al botó de sota per actualitzar",
|
||||
"the_process": "El procés pot trigar uns minuts, si us plau esperi ...",
|
||||
"update_finished": "Actualització finalitzada, actualitzant la interfície...",
|
||||
"update_it": "Actualitzar ara"
|
||||
}
|
||||
}
|
||||
@ -78,5 +78,12 @@
|
||||
"tap_msg": "You can tap the USB key to start a new capture.",
|
||||
"capture_download": "The capture download is going to start...",
|
||||
"start_capture_btn": "Start another capture"
|
||||
},
|
||||
"update": {
|
||||
"tinycheck_needs": "TinyCheck needs to be updated to the next version",
|
||||
"please_click": "Please click on the button below to update it.",
|
||||
"the_process": "The process can take few minutes, please wait...",
|
||||
"update_finished": "Update finished, let's refresh the interface...",
|
||||
"update_it": "Update it now"
|
||||
}
|
||||
}
|
||||
@ -78,5 +78,12 @@
|
||||
"tap_msg": "Puede tocar la llave USB para iniciar una nueva captura",
|
||||
"capture_download": "La descarga de la captura va a comenzar ...",
|
||||
"start_capture_btn": "Iniciar otra captura"
|
||||
},
|
||||
"update": {
|
||||
"tinycheck_needs": "TinyCheck debe actualizarse a la próxima versión",
|
||||
"please_click": "Haga click en el botón de abajo para actualizar",
|
||||
"the_process": "El proceso puede tardar unos minutos, por favor espere ...",
|
||||
"update_finished": "Actualización finalizada, actualizando la interfaz...",
|
||||
"update_it": "Actualizar ahora"
|
||||
}
|
||||
}
|
||||
@ -78,5 +78,12 @@
|
||||
"tap_msg": "Vous pouvez appuyer sur l'animation pour lancer une nouvelle capture.",
|
||||
"capture_download": "Le téléchargement de la capture va se lancer...",
|
||||
"start_capture_btn": "Lancer une nouvelle capture"
|
||||
},
|
||||
"update": {
|
||||
"tinycheck_needs": "Une nouvelle mise à jour de TinyCheck est disponible",
|
||||
"please_click": "Cliquez sur le bouton ci-dessous pour le mettre à jour",
|
||||
"the_process": "La mise à jour peut prendre plusieurs minutes, merci d'attendre...",
|
||||
"update_finished": "Mise à jour terminée, vous allez être redirigé...",
|
||||
"update_it": "Mettre TinyCheck à jour"
|
||||
}
|
||||
}
|
||||
@ -25,8 +25,7 @@ export default {
|
||||
question: true,
|
||||
running: false,
|
||||
check_alerts: false,
|
||||
long_waiting: false,
|
||||
translation: {}
|
||||
long_waiting: false
|
||||
}
|
||||
},
|
||||
props: {
|
||||
|
||||
@ -29,8 +29,7 @@ export default {
|
||||
loading: false,
|
||||
stats_interval: false,
|
||||
chrono_interval: false,
|
||||
sparklines: false,
|
||||
translation: {}
|
||||
sparklines: false
|
||||
}
|
||||
},
|
||||
props: {
|
||||
|
||||
@ -55,8 +55,7 @@ export default {
|
||||
interval: false,
|
||||
error: false,
|
||||
reboot_option: window.config.reboot_option,
|
||||
attempts: 3,
|
||||
translation: {}
|
||||
attempts: 3
|
||||
}
|
||||
},
|
||||
methods: {
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<template>
|
||||
<div class="center">
|
||||
<h3 class="lobster">{{ $t("home.welcome_msg") }}</h3>
|
||||
<h3 class="lobster">{{ $t("home.welcome_msg") }}<sup>{{current_version}}</sup></h3>
|
||||
<p>{{ $t("home.help_msg") }}</p>
|
||||
<button class="btn btn-primary" v-on:click="next()">{{ $t("home.start_btn") }}</button>
|
||||
</div>
|
||||
@ -14,7 +14,7 @@ export default {
|
||||
props: { saved_ssid: String, list_ssids: Array, internet: Boolean },
|
||||
data() {
|
||||
return {
|
||||
translation: {},
|
||||
current_version:""
|
||||
}
|
||||
},
|
||||
methods: {
|
||||
@ -31,6 +31,10 @@ export default {
|
||||
internet: internet } });
|
||||
}
|
||||
}
|
||||
},
|
||||
created: function() {
|
||||
if ('current_version' in window)
|
||||
this.current_version = window.current_version
|
||||
}
|
||||
}
|
||||
</script>
|
||||
|
||||
@ -99,8 +99,7 @@ export default {
|
||||
name: 'report',
|
||||
data() {
|
||||
return {
|
||||
results: true,
|
||||
translation: {}
|
||||
results: true
|
||||
}
|
||||
},
|
||||
props: {
|
||||
|
||||
@ -144,8 +144,7 @@ export default {
|
||||
usb: false,
|
||||
saved: false,
|
||||
save_usb: false,
|
||||
init: false,
|
||||
translation: {}
|
||||
init: false
|
||||
}
|
||||
},
|
||||
props: {
|
||||
|
||||
@ -20,7 +20,7 @@
|
||||
},
|
||||
methods: {
|
||||
internet_check: function() {
|
||||
axios.get('/api/network/status', { timeout: 10000 })
|
||||
axios.get('/api/network/status', { timeout: 30000 })
|
||||
.then(response => {
|
||||
if (response.data.internet) this.internet = true
|
||||
if (window.config.iface_out.charAt(0) == 'e') {
|
||||
@ -32,7 +32,7 @@
|
||||
.catch(err => (console.log(err)))
|
||||
},
|
||||
get_wifi_networks: function() {
|
||||
axios.get('/api/network/wifi/list', { timeout: 10000 })
|
||||
axios.get('/api/network/wifi/list', { timeout: 30000 })
|
||||
.then(response => {
|
||||
this.list_ssids = response.data.networks
|
||||
this.goto_home();
|
||||
@ -46,7 +46,7 @@
|
||||
}
|
||||
},
|
||||
created: function() {
|
||||
setTimeout(function () { this.internet_check(); }.bind(this), 1000);
|
||||
setTimeout(function () { this.internet_check(); }.bind(this), 5000);
|
||||
}
|
||||
}
|
||||
</script>
|
||||
|
||||
@ -1,20 +1,11 @@
|
||||
<template>
|
||||
<div class="center">
|
||||
<div v-if="update_possible">
|
||||
<div v-if="update_available">
|
||||
<p><span class="orange-strong">TinyCheck needs to be updated.</span><br />
|
||||
<span v-if="!update_launched">Please click on the button below to update it.</span>
|
||||
<span v-else>The process can take few minutes, please wait...</span>
|
||||
</p>
|
||||
<button class="btn btn-primary" :class="[ update_launched ? 'loading' : '' ]" v-on:click="launch_update()">Update it now</button>
|
||||
</div>
|
||||
<div v-else>
|
||||
<p><span class="green-strong">Your TinyCheck instance is up-to-date!</span><br />You'll be redirected in few seconds.</p>
|
||||
</div>
|
||||
</div>
|
||||
<div v-else>
|
||||
<p><strong>You dont have Internet or the rights to update Tinycheck.</strong><br />You'll be redirected in few seconds.</p>
|
||||
</div>
|
||||
<p><strong>{{ $t("update.tinycheck_needs") }} ({{next_version}}).</strong><br />
|
||||
<span v-if="!update_launched">{{ $t("update.please_click") }}</span>
|
||||
<span v-if="update_launched&&!update_finished">{{ $t("update.the_process") }}</span>
|
||||
<span v-if="update_launched&&update_finished" class="color-green">✓ {{ $t("update.update_finished") }}</span>
|
||||
</p>
|
||||
<button class="btn btn-primary" :class="[ update_launched ? 'loading' : '' ]" v-on:click="launch_update()" v-if="!update_finished">{{ $t("update.update_it") }}</button>
|
||||
</div>
|
||||
</template>
|
||||
|
||||
@ -26,30 +17,24 @@
|
||||
data() {
|
||||
return {
|
||||
translation: {},
|
||||
update_available: null,
|
||||
update_possible: true,
|
||||
update_launched: null,
|
||||
check_interval: null
|
||||
check_interval: null,
|
||||
next_version: null,
|
||||
current_version: null,
|
||||
update_finished: false
|
||||
}
|
||||
},
|
||||
methods: {
|
||||
check_update: function() {
|
||||
axios.get('/api/update/check', { timeout: 60000 })
|
||||
check_version: function() {
|
||||
axios.get('/api/update/get-version', { timeout: 60000 })
|
||||
.then(response => {
|
||||
console.log(response.data.status)
|
||||
if(response.data.status) {
|
||||
if(response.data.message == "A new version is available"){
|
||||
this.update_available = true
|
||||
this.update_possible = true
|
||||
} else if (response.data.message == "This is the latest version"){
|
||||
this.update_available = false
|
||||
this.update_possible = true
|
||||
if(response.data.current_version == window.next_version){
|
||||
window.current_version = response.data.current_version
|
||||
this.update_finished = true
|
||||
clearInterval(this.check_interval);
|
||||
setTimeout(function () { window.location.href = "/"; }.bind(this), 3000);
|
||||
setTimeout(function () { window.location.href = "/"; }, 10000)
|
||||
}
|
||||
} else {
|
||||
this.update_possible = false
|
||||
setTimeout(function () { window.location.href = "/"; }.bind(this), 3000);
|
||||
}
|
||||
})
|
||||
.catch(error => { console.log(error) });
|
||||
@ -60,7 +45,7 @@
|
||||
if(response.data.status) {
|
||||
if(response.data.message == "Update successfully launched"){
|
||||
this.update_launched = true
|
||||
this.check_interval = setInterval(function(){ this.check_update(); }.bind(this), 3000);
|
||||
this.check_interval = setInterval(function(){ this.check_version(); }.bind(this), 3000);
|
||||
}
|
||||
}
|
||||
})
|
||||
@ -68,7 +53,16 @@
|
||||
}
|
||||
},
|
||||
created: function() {
|
||||
this.check_update();
|
||||
if ('next_version' in window && 'current_version' in window){
|
||||
if (window.current_version != window.next_version){
|
||||
this.next_version = window.next_version
|
||||
this.current_version = window.current_version
|
||||
} else {
|
||||
window.location.href = "/";
|
||||
}
|
||||
} else {
|
||||
window.location.href = "/";
|
||||
}
|
||||
}
|
||||
}
|
||||
</script>
|
||||
|
||||
@ -72,8 +72,7 @@ export default {
|
||||
virtual_keyboard: window.config.virtual_keyboard,
|
||||
have_internet: false,
|
||||
enter_creds: false,
|
||||
refreshing: false,
|
||||
translation: {}
|
||||
refreshing: false
|
||||
}
|
||||
},
|
||||
props: {
|
||||
|
||||
@ -118,7 +118,7 @@ create_directory() {
|
||||
}
|
||||
|
||||
get_version() {
|
||||
git tag | tail -n 1 > /usr/share/tinycheck/VERSION
|
||||
git tag | tail -n 1 | xargs echo -n > /usr/share/tinycheck/VERSION
|
||||
}
|
||||
|
||||
generate_certificate() {
|
||||
@ -283,7 +283,7 @@ install_package() {
|
||||
rm Release.key && sudo apt-get update
|
||||
apt-get install zeek -y
|
||||
elif [[ $1 == "nodejs" ]]; then
|
||||
curl -sL https://deb.nodesource.com/setup_12.x | bash
|
||||
curl -sL https://deb.nodesource.com/setup_14.x | bash
|
||||
apt-get install -y nodejs
|
||||
elif [[ $1 == "dig" ]]; then
|
||||
apt-get install -y dnsutils
|
||||
@ -436,7 +436,7 @@ change_configs() {
|
||||
}
|
||||
|
||||
feeding_iocs() {
|
||||
echo -e "\e[39m[+] Feeding your TinyCheck instance with fresh IOCs and whitelist."
|
||||
echo -e "\e[39m[+] Feeding your TinyCheck instance with fresh IOCs and whitelist, please wait."
|
||||
python3 /usr/share/tinycheck/server/backend/watchers.py
|
||||
}
|
||||
|
||||
@ -465,6 +465,7 @@ else
|
||||
set_userlang
|
||||
set_credentials
|
||||
set_kioskmode
|
||||
set_update
|
||||
check_dependencies
|
||||
configure_dnsmask
|
||||
configure_dhcpcd
|
||||
@ -479,4 +480,4 @@ else
|
||||
feeding_iocs
|
||||
cleaning
|
||||
reboot_box
|
||||
fi
|
||||
fi
|
||||
|
||||
@ -13,6 +13,12 @@ def check():
|
||||
return jsonify(Update().check_version())
|
||||
|
||||
|
||||
@update_bp.route("/get-version", methods=["GET"])
|
||||
def get_version():
|
||||
""" Check the current version """
|
||||
return jsonify(Update().get_current_version())
|
||||
|
||||
|
||||
@update_bp.route("/process", methods=["GET"])
|
||||
def process():
|
||||
""" Check the presence of new version """
|
||||
|
||||
@ -290,8 +290,14 @@ class Network(object):
|
||||
try:
|
||||
sp.Popen("echo 1 > /proc/sys/net/ipv4/ip_forward",
|
||||
shell=True).wait()
|
||||
|
||||
# Enable forwarding.
|
||||
sp.Popen(["iptables", "-A", "POSTROUTING", "-t", "nat", "-o",
|
||||
self.iface_out, "-j", "MASQUERADE"]).wait()
|
||||
|
||||
# Prevent the device to reach the 80 of TinyCheck.
|
||||
sp.Popen(["iptables", "-A", "INPUT", "-i", self.iface_in, "-d",
|
||||
"192.168.100.1", "-p", "tcp", "--dport", "80", "-j" "DROP"]).wait()
|
||||
return True
|
||||
except:
|
||||
return False
|
||||
|
||||
@ -20,7 +20,8 @@ class Update(object):
|
||||
"""
|
||||
Check if a new version of TinyCheck is available
|
||||
by quering the Github api and comparing the last
|
||||
tag with the VERSION file content.
|
||||
tag inside the VERSION file.
|
||||
:return: dict containing the available versions.
|
||||
"""
|
||||
if read_config(("frontend", "update")):
|
||||
try:
|
||||
@ -28,23 +29,44 @@ class Update(object):
|
||||
res = json.loads(res.content.decode("utf8"))
|
||||
|
||||
with open(os.path.join(self.app_path, "VERSION")) as f:
|
||||
if f.read() != res[0]["name"]:
|
||||
cv = f.read()
|
||||
if cv != res[0]["name"]:
|
||||
return {"status": True,
|
||||
"message": "A new version is available"}
|
||||
"message": "A new version is available",
|
||||
"current_version": cv,
|
||||
"next_version": res[0]["name"]}
|
||||
else:
|
||||
return {"status": True,
|
||||
"message": "This is the latest version"}
|
||||
"message": "This is the latest version",
|
||||
"current_version": cv}
|
||||
except:
|
||||
return {"status": False,
|
||||
"message": "Something went wrong (no internet nor version file)"}
|
||||
"message": "Something went wrong (no API access nor version file)"}
|
||||
else:
|
||||
return {"status": False,
|
||||
"message": "You don't have rights to do this operation."}
|
||||
|
||||
def get_current_version(self):
|
||||
"""
|
||||
Get the current version of the TinyCheck instance
|
||||
:return: dict containing the current version or error.
|
||||
"""
|
||||
if read_config(("frontend", "update")):
|
||||
try:
|
||||
with open(os.path.join(self.app_path, "VERSION")) as f:
|
||||
return {"status": True,
|
||||
"current_version": f.read()}
|
||||
except:
|
||||
return {"status": False,
|
||||
"message": "Something went wrong - no version file ?"}
|
||||
else:
|
||||
return {"status": False,
|
||||
"message": "You don't have rights to do this operation."}
|
||||
|
||||
def update_instance(self):
|
||||
"""
|
||||
Update the instance by executing
|
||||
the update script.
|
||||
Update the instance by executing the update script.
|
||||
:return: dict containing the update status.
|
||||
"""
|
||||
if read_config(("frontend", "update")):
|
||||
try:
|
||||
|
||||
@ -7,7 +7,7 @@ fi
|
||||
if [ $PWD = "/usr/share/tinycheck" ]; then
|
||||
echo "[+] Cloning the current repository to /tmp/"
|
||||
rm -rf /tmp/tinycheck/ &> /dev/null
|
||||
cd /tmp/ && git clone --branch update-feature https://github.com/KasperskyLab/tinycheck
|
||||
cd /tmp/ && git clone https://github.com/KasperskyLab/tinycheck
|
||||
cd /tmp/tinycheck && bash update.sh
|
||||
elif [ $PWD = "/tmp/tinycheck" ]; then
|
||||
|
||||
@ -75,7 +75,7 @@ elif [ $PWD = "/tmp/tinycheck" ]; then
|
||||
service tinycheck-watchers restart
|
||||
|
||||
echo "[+] Updating the TinyCheck version"
|
||||
cd /tmp/tinycheck && git tag | tail -n 1 > /usr/share/tinycheck/VERSION
|
||||
cd /tmp/tinycheck && git tag | tail -n 1 | xargs echo -n > /usr/share/tinycheck/VERSION
|
||||
|
||||
echo "[+] TinyCheck updated!"
|
||||
fi
|
||||
Reference in New Issue
Block a user