Daemon, supervision and vault
This project can be develop a specific tool that will detect anomalous activity by monitoring different operating system parameters.
parameters of the operating system.
Unfortunately, there is no fully effective way to prevent a ransomware attack.
ransomware attack, but with this project you will be able to understand the weaknesses of a computer system against this type of infection.
system in the face of this type of infection.
You will create a program called irondome that meets the following specifications.
- The program will run in the background as a daemon.o
service.
- The program will only run if executed by the root user.
- The program will monitor a critical zone perpetually. This path must be
must be specified as an argument.
- If more than one argument is specified, they will correspond to the file extensions to be observed.
file extensions to be monitored. Otherwise, all files will be monitored.
- The program will detect disk reading abuse.
- The program will detect intensive use of cryptographic activity.
- The program will detect changes in file entropy.
- The program shall never exceed 100 MB of memory in use.
All alerts shall be reported in the /var/log/irondome/irondome.log file.
The program will be executed using the following command:
python3
docker exec -it irondoma bash