WatchMe is a high level file system watcher built in top of watchdog python module for watching file changes on a specific path and give alerts based on an event.
If you are working for an enterprise and you have lots of web-servers "doesn't matter if they are IIS, apache or whatever", you can just mount them remotely and make WatchMe notify incase some files were added, modified, moved or even deleted.
Install system dependencies:
sudo apt-get update
sudo apt-get install python-pip cifs-utils rabbitmq-server
sudo pip install virtualenvSetup RabbitMQ virtual server:
sudo rabbitmqctl add_vhost watcher
sudo rabbitmqctl add_user watcher "Raya_123!"
sudo rabbitmqctl set_permissions -p watcher watcher ".*" ".*" ".*"Clone the GitHub repo:
git clone https://github.com/lnxg33k/watchme.gitCreate a Python virtual environment and activate it:
cd watchme
virtualenv virt
source virt/bin/activateInstall Python dependencies:
pip install -r requirements.txtPlease note, for development deployments only
Configure the Django application:
python manage.py createsuperuser --username admin --email administrator@localhost
python manage.py runserverSetup a debug SMTP server for alerting:
python -m smtpd -n -c DebuggingServer localhost:1025Create the configs for the mount points:
WatchMe provides a CLI along with the web-app, so to create a mountpoint and start watching it, you can do it in two different ways:
- http://localhost:8000/APIs/watcherconfig/ and create the config
- From the cli:
python manage.py config -s "TestServer#1" -sharepath ~/Desktop/mountpoint/ -patterns "*.aspx" --tags "iis" --comment "Server IP: 192.168.1.23"
Watch the created config:
python manage.py watcher -c start -s TestServer#1
For more help, you can run
python manage.py watcher -h
python manage.py config -h
- Add an alerting functionality.
- Check if the file was seen before.
- Save the content of the file in the DB.
- Use Yara rules on the content of the file.
- The task should be per event along with the Q.
- Yara rules should be per tag or the server.