p

MINOR PROJECT 1

END SEMESTER REPORT

ON

ENTROPY BASED PASSWORD GENERATOR

Submitted By

GAURAV ARORA ANAND SHARMA

SAPID: 500053038 SAPID: 500053795

Roll No. : R134216055 Roll No.: R134216020

Under the guidance of

Ms. Tripti Misra

Assistant Professor
Department of Systemics,
School of Computer Science

Department of Systemics,
School of Computer Science
UNIVERSITY OF PETROLEUM AND ENERGY STUDIES
Dehradun-248007
May-2019
 CANDIDATES DECLARATION

We hereby certify that the project work entitled System Security Advisor in partial
fulfilment of the requirements for the award of the Degree of Bachelor of Technology in
Computer Science And Engineering with Specialization in Cyber Security and Forensics and
submitted to the Department of Systemics at School of Computer Science, University of
Petroleum And Energy Studies, Dehradun, is an authentic record of our work carried out during
a period from February, 2018 to May, 2018 under the supervision of Ms. Tripti Misra, Assistant
Professor, Department of Systemics, UPES.

The matter presented in this project has not been submitted by me/us for the award of any other
degree of this or any other University.

Gaurav Arora Anand Sharma

Roll No.- R134216055 Roll No.- R134216020

This is to certify that the above statement made by the candidate is correct to the best of my
knowledge.

(Date: May 3, 2019)

(Ms. Tripti Misra) Dr. Neelu Jyoti Ahuja

Project Guide Professor & Head

Department of Systemics

School of Computer Science

University of Petroleum and

Energy Studies

Dehradun - 248001
 ACKNOWLEDGEMENT

We wish to express our deep gratitude to our guide Ms. Tripti Misra, for all advice,
encouragement and constant support she has given us throughout our project work. This work
would not have been possible without her support and valuable suggestions.

We sincerely thank to our Head of the Department, Dr. Neelu Jyoti Ahuja, for her great support
in doing our project System Security Advisor at SoCS.

We are also grateful to Dr. Manish Prateek Professor and Dean SoCS and Dr. Kamal Bansal
Dean CoES, UPES for giving us the necessary facilities to carry out our project work
successfully.

We would like to thank all our friends for their help and constructive criticism during our
project work. Finally, we have no words to express our sincere gratitude to our parents who
have shown us this world and for every support they have given us.

GAURAV ARORA ANAND SHARMA

SAPID: 500053038 SAPID: 500053795

Roll No. : R134216055 Roll No.: R134216020

[II]
 ABSTRACT

With the continuing frequency, intensity, and adverse consequences of cyber-attacks, disruptions,
hazards, and other threats to federal, state, and local governments, the military, businesses, and the
critical infrastructure, the need for trustworthy secure systems has never been more important to
the long-term economic and national security interests. Besides each of security incidents have
much more impact on our social life than before, the number of security incident is increasing
every year because of the complexity of information systems for their wide application and the
explosive growth of the number of nodes connected to the Internet. Our project aims to develop a
tool which will gather the hardware information, software information, network information,
gather logs for information on usage of removable devices and authentication. This tool will also
help gather information for the controls required for hardening a new system to protect it from any
kind of attack.

Keywords: Authentication; Benchmarks; Hardening; Vulnerability.

[III]
 TABLE OF CONTENTS

1. Candidate’s Declaration…………………………………………………………….…......I
2. Acknowledgement………………………………………………………………………...II
3. Abstract………………………………………………………………………….......…...III
4. Introduction………………………………………………………………………………. 1
5. Literature Review………………………………………………………………………….2
6. Objective……………………………………………………………………………...…...2
7. Problem statement…………………………………………………………………………2
8. Design Methodology…………...……………….…………………………………………3
a. Gathering system information……………………………….………………………..4
b. Integration………………………………………….………………………………….4
9. Implementation……………………………………………………………………………6
a. Algorithm…………………………………………………………………………......7
b. Output screen………………………………………………………………………….8
c. Result analysis……………………………………………………………………...…9
10. Conclusion and future scope………………………………………………………………9
11. References…………………………………………………………………………………9
12. APPENDIX – I: CODE WITH OUTPUTS

[ IV ]
 LIST OF FIGURES

1. System Security……………………………………………………………………..1
2. PERT Chart………………………………………………………………………....3
3. Level-1 DFD ……………………………………………………………………….4
4. Use Case Diagram…………………………………………………………………..5
5. Sequence Diagram.…………………………………………………………………6
6. Output Screen……………………………………………………………………….8,9

[V]
 1. INTRODUCTION:
With the continuing frequency, intensity, and adverse consequences of cyber-attacks, disruptions,
hazards, and other threats to federal, state, and local governments, the military, businesses, and the
critical infrastructure, the need for trustworthy secure systems has never been more important to
the long-term economic and national security interests. Besides each of security incidents have
much more impact on our social life than before, the number of security incident is increasing
every year because of the complexity of information systems for their wide application and the
explosive growth of the number of nodes connected to the Internet. The basic problem can be
simply stated—today’s systems have dimensions and an inherent complexity which can be
effectively managed within the practical and feasible limits of human capability and certainty. The
level of trustworthiness that can be achieved in today’s complex systems is a function of our ability
to think about system security across every aspect of every activity. Our project aims to develop a
tool which will gather the system information hardware, software and network and gives
information about the system to user from past days.

Fig:1 System Security

(1)
 2. LITERATURE REVIEW:

[1] Systems Security Engineering, Considerations for a Multidisciplinary Approach in System

Security: This document gives an overview of system security and different approaches on
how to engineer a secure system. This is a document approved by NIST (National Institute of
Standards and Technology). It depicts how system security in important while designing a
system.

[2] A survey of Security Research for Operating Systems: This talks about how important is to
secure operating system for system security and how can it be done. It describes why it an
important aspect of system security.

[3] Describes on how Belarc Security advisor works for windows and what all information is
displayed in the report which is generated after scanning the system. How that information is
important from security point of view and how it can be used to make the system secure.

3. PROBLEM STATEMENT:

System’s vulnerabilities are the root cause for any attack on the system. Vulnerability is a flaw in
a system that can leave it open to attack. It can be easily exploited once known by the attacker.

4. OBJECTIVE:

 To develop a secure system advisor which will gather hardware, software information,
network information, authentication logs etc.
 It will also gather the use of removable media in past days.
 Generate a report of the finding.

(2)
 5. DESIGN METHODOLOGY:
We are following waterfall software development life cycle model. Waterfall is a linear,
sequential design approach where progress flows downwards in one direction — like a waterfall.

1. Step 1: Requirement Gathering and Analysis (Capturing different system

information such as hardware & software information, authentication logs, user logs,
fail logs)
These analyzed requirements are documented in a software requirement specification
(SRS) document.

2. Step 2: System Design

The aim of the design phase is to transform the requirements specified in the SRS document
into a structure that is suitable for implementation in some programming language. In this
step a possible pseudo code and an algorithm for the software was written.

3. Step 3: Integration and testing

In this phase software design is translated into source code using any suitable programming
language (JAVA Language). Thus each designed module is coded. In this phase all the
codes for retrieval of Authentication logs, failure logs, user logs and missing security
updates were written and the integrated with the parsing algorithm.

4. Step 4: Deployment of system

Once the code is tested in the environment; the product is deployed in the environment.

STEP 1
• 1st February 2019 TO
25th February 2019

STEP 2
• 26th February 2019 TO
15th March 2019

STEP 3
• 16th March 2019 TO
5th April 2019

STEP 4
• 6th April 2019 TO
30th April 2019

Fig:2 PERT CHART

(3)
5.a: STEP – 1: Capturing different system information such as hardware & software
information, authentication logs, user logs, fail logs

This step aimed at capturing different system information which include hardware, software
information, network information, authentication logs(auth.log), user logs(user.log), fail
logs(fail.log). These log files are in sys/var/logs. Parse them all and generate a report using Java
language.

5.b: Step - 2: Integration

In this step we aimed to design the programs to capture the system information by capturing the
system’s hardware information, system’s software information like number of cores and speed
etc., system’s network information which include its IP address and other information, log files
such as auth.log, user.log, fail.log. Once the system information is captured we will parse the
information to past 15 days and then store the generated information in a file using a java program.
We basically divided our project into 4 modules namely:
1. Hardware information retrieval
2. Software information retrieval
3. Network information retrieval
4. Log parsing and storing information in file.
All the modules are compiled together and then the file is generated which consists of all the
information collected and the logs that are parsed.

Fig:3 DFD LEVEL-1

(4)
Fig :4 UML Diagram

(5)
 Fig :5 Sequence Diagram

6. IMPLEMENTATION:

Our implementation is object oriented and uses Java language. As described earlier in the design
phase our project is divided into four modules. The first ones aim at capturing the hardware
information, second one aims at the capturing software information, the third one aims at capturing
the network information and finally parsing logs and generating a report.

(6)
6.a Algorithm:

(7)
6.b Output Screen:
Outputs clearly shows the generation of a random number each and every time the program is run.
For reference see figures.

(8)
 Figure 6,7,8

6.c Result Analysis:

From the output results it is visible that a file is generated which consists of all the system
information. The report consists of hardware information, CPU information, network information
and the log information which include auth.log, user.log, fail.log. It also consists of the details of
removable devices used in past 15 days. This information can be used to further analyze the system.

7: CONCLUSION AND FUTURE SCOPE

With the continuing frequency, intensity, and adverse consequences of cyber-attacks, disruptions,
hazards, and other threats to federal, state, and local governments, the military, businesses, and the
critical infrastructure, the need for trustworthy secure systems has never been more important to the
long-term economic and national security interests. With increasing dangers, it is important to secure
the systems that we use. Our project will help the user get information necessary to secure the system
in a single report. Thus, our project would be of use when it comes to see how secure the system is
towards the threats posed.

References:

[1] - Ron Ross, Michael McEVilley, Janet Carrier Oren: System Security Engineering,
multidisciplinary approach, November 2016, Computer Security Division NIST.
[2] – Masaki Hashimoto: A survey of Security research for Operating Systems, 2013.
[3] – “About Belarc”, https://www.belarc.com/en/about_us, Accessed February 2019.
[4] – “About CIS”, https://www.belarc.com/en/CIS, Accessed February 2019.
(9)
A: APPENDIX I PROJECT CODE WITH OUTPUTS:

To Capture Hardware Information:

class hardware{

public static void main(String[] args){

InetAddress ip;
try {

ip = InetAddress.getLocalHost();
System.out.println("Current host name : " + ip.getHostName());
System.out.println("Current IP address : " +
ip.getHostAddress());
String nameOS= System.getProperty("os.name");
System.out.println("Operating system Name=>"+ nameOS);
String osType= System.getProperty("os.arch");
System.out.println("Operating system type =>"+ osType);
String osVersion= System.getProperty("os.version");
System.out.println("Operating system version =>"+ osVersion);
System.out.println("Available processors (cores): " +
Runtime.getRuntime().availableProcessors());

System.out.println("Total memory (bytes): " +

Runtime.getRuntime().totalMemory());
}}

(A-1)
TO CAPTURE CPU INFORMATION:

class testprog {
public static void main(String args[]) {
try {
Process p = Runtime.getRuntime().exec("lscpu");
BufferedReader buf = new BufferedReader(new InputStreamReader(
p.getInputStream()));
String line = "";
String output = "";
while ((line = buf.readLine()) != null) {
System.out.println(line);
output += line + "\n";
}
String path = System.getProperty("user.dir") +
"//root//Documents//minor";
try {
FileWriter fw = new FileWriter(path, true);
fw.write("\n"+output);
fw.close();
}
catch(IOException e) {
}}
catch(IOException e) {
}}}

(A-2)
TO CAPTURE NETWORK INFORMATION:

class network{

public static void main(String args[]) throws SocketException {

Enumeration<NetworkInterface> nets =
NetworkInterface.getNetworkInterfaces();
for (NetworkInterface netint : Collections.list(nets))
displayInterfaceInformation(netint);
}

static void displayInterfaceInformation(NetworkInterface netint)

throws SocketException {
out.printf("Display name: %s\n", netint.getDisplayName());
out.printf("Name: %s\n", netint.getName());
Enumeration<InetAddress> inetAddresses =
netint.getInetAddresses();
for (InetAddress inetAddress : Collections.list(inetAddresses)) {
out.printf("InetAddress: %s\n", inetAddress);
}
out.printf("\n");
}
}

(A-3)
Log parsing and generating a report:

class parse_a{

public static void main(String[] args) {

try {

PrintWriter requests = new PrintWriter("auth.txt");

PrintWriter currentLog = null;

Scanner s = new Scanner(new File("/var/log/auth.log"));

while (s.hasNextLine()) {
String line = s.nextLine();
if (line.startsWith("Apr"))
currentLog = requests;
else if (currentLog != null)
currentLog.println(line);
}

requests.close();
s.close();
} catch (IOException ioex) {
// handle exception...
}

class parse_u{

public static void main(String[] args) {

try {

PrintWriter requests = new PrintWriter("user.txt");

PrintWriter currentLog = null;

Scanner s = new Scanner(new File("/var/log/user.log"));

while (s.hasNextLine()) {
String line = s.nextLine();
if (line.startsWith("Apr"))
currentLog = requests;
else if (currentLog != null)
currentLog.println(line);
}

requests.close();
s.close();
} catch (IOException ioex) {
// handle exception...
}
(A-4)
OUTPUTS:

(A-5)