End Sem Final Report
End Sem Final Report
MINOR PROJECT 1
ON
Submitted By
Department of Systemics,
School of Computer Science
UNIVERSITY OF PETROLEUM AND ENERGY STUDIES
Dehradun-248007
May-2019
CANDIDATES DECLARATION
We hereby certify that the project work entitled System Security Advisor in partial
fulfilment of the requirements for the award of the Degree of Bachelor of Technology in
Computer Science And Engineering with Specialization in Cyber Security and Forensics and
submitted to the Department of Systemics at School of Computer Science, University of
Petroleum And Energy Studies, Dehradun, is an authentic record of our work carried out during
a period from February, 2018 to May, 2018 under the supervision of Ms. Tripti Misra, Assistant
Professor, Department of Systemics, UPES.
The matter presented in this project has not been submitted by me/us for the award of any other
degree of this or any other University.
This is to certify that the above statement made by the candidate is correct to the best of my
knowledge.
Department of Systemics
Dehradun - 248001
ACKNOWLEDGEMENT
We wish to express our deep gratitude to our guide Ms. Tripti Misra, for all advice,
encouragement and constant support she has given us throughout our project work. This work
would not have been possible without her support and valuable suggestions.
We sincerely thank to our Head of the Department, Dr. Neelu Jyoti Ahuja, for her great support
in doing our project System Security Advisor at SoCS.
We are also grateful to Dr. Manish Prateek Professor and Dean SoCS and Dr. Kamal Bansal
Dean CoES, UPES for giving us the necessary facilities to carry out our project work
successfully.
We would like to thank all our friends for their help and constructive criticism during our
project work. Finally, we have no words to express our sincere gratitude to our parents who
have shown us this world and for every support they have given us.
[II]
ABSTRACT
With the continuing frequency, intensity, and adverse consequences of cyber-attacks, disruptions,
hazards, and other threats to federal, state, and local governments, the military, businesses, and the
critical infrastructure, the need for trustworthy secure systems has never been more important to
the long-term economic and national security interests. Besides each of security incidents have
much more impact on our social life than before, the number of security incident is increasing
every year because of the complexity of information systems for their wide application and the
explosive growth of the number of nodes connected to the Internet. Our project aims to develop a
tool which will gather the hardware information, software information, network information,
gather logs for information on usage of removable devices and authentication. This tool will also
help gather information for the controls required for hardening a new system to protect it from any
kind of attack.
[III]
TABLE OF CONTENTS
1. Candidate’s Declaration…………………………………………………………….…......I
2. Acknowledgement………………………………………………………………………...II
3. Abstract………………………………………………………………………….......…...III
4. Introduction………………………………………………………………………………. 1
5. Literature Review………………………………………………………………………….2
6. Objective……………………………………………………………………………...…...2
7. Problem statement…………………………………………………………………………2
8. Design Methodology…………...……………….…………………………………………3
a. Gathering system information……………………………….………………………..4
b. Integration………………………………………….………………………………….4
9. Implementation……………………………………………………………………………6
a. Algorithm…………………………………………………………………………......7
b. Output screen………………………………………………………………………….8
c. Result analysis……………………………………………………………………...…9
10. Conclusion and future scope………………………………………………………………9
11. References…………………………………………………………………………………9
12. APPENDIX – I: CODE WITH OUTPUTS
[ IV ]
LIST OF FIGURES
1. System Security……………………………………………………………………..1
2. PERT Chart………………………………………………………………………....3
3. Level-1 DFD ……………………………………………………………………….4
4. Use Case Diagram…………………………………………………………………..5
5. Sequence Diagram.…………………………………………………………………6
6. Output Screen……………………………………………………………………….8,9
[V]
1. INTRODUCTION:
With the continuing frequency, intensity, and adverse consequences of cyber-attacks, disruptions,
hazards, and other threats to federal, state, and local governments, the military, businesses, and the
critical infrastructure, the need for trustworthy secure systems has never been more important to
the long-term economic and national security interests. Besides each of security incidents have
much more impact on our social life than before, the number of security incident is increasing
every year because of the complexity of information systems for their wide application and the
explosive growth of the number of nodes connected to the Internet. The basic problem can be
simply stated—today’s systems have dimensions and an inherent complexity which can be
effectively managed within the practical and feasible limits of human capability and certainty. The
level of trustworthiness that can be achieved in today’s complex systems is a function of our ability
to think about system security across every aspect of every activity. Our project aims to develop a
tool which will gather the system information hardware, software and network and gives
information about the system to user from past days.
(1)
2. LITERATURE REVIEW:
[2] A survey of Security Research for Operating Systems: This talks about how important is to
secure operating system for system security and how can it be done. It describes why it an
important aspect of system security.
[3] Describes on how Belarc Security advisor works for windows and what all information is
displayed in the report which is generated after scanning the system. How that information is
important from security point of view and how it can be used to make the system secure.
3. PROBLEM STATEMENT:
System’s vulnerabilities are the root cause for any attack on the system. Vulnerability is a flaw in
a system that can leave it open to attack. It can be easily exploited once known by the attacker.
4. OBJECTIVE:
To develop a secure system advisor which will gather hardware, software information,
network information, authentication logs etc.
It will also gather the use of removable media in past days.
Generate a report of the finding.
(2)
5. DESIGN METHODOLOGY:
We are following waterfall software development life cycle model. Waterfall is a linear,
sequential design approach where progress flows downwards in one direction — like a waterfall.
STEP 1
• 1st February 2019 TO
25th February 2019
STEP 2
• 26th February 2019 TO
15th March 2019
STEP 3
• 16th March 2019 TO
5th April 2019
STEP 4
• 6th April 2019 TO
30th April 2019
This step aimed at capturing different system information which include hardware, software
information, network information, authentication logs(auth.log), user logs(user.log), fail
logs(fail.log). These log files are in sys/var/logs. Parse them all and generate a report using Java
language.
In this step we aimed to design the programs to capture the system information by capturing the
system’s hardware information, system’s software information like number of cores and speed
etc., system’s network information which include its IP address and other information, log files
such as auth.log, user.log, fail.log. Once the system information is captured we will parse the
information to past 15 days and then store the generated information in a file using a java program.
We basically divided our project into 4 modules namely:
1. Hardware information retrieval
2. Software information retrieval
3. Network information retrieval
4. Log parsing and storing information in file.
All the modules are compiled together and then the file is generated which consists of all the
information collected and the logs that are parsed.
(5)
Fig :5 Sequence Diagram
6. IMPLEMENTATION:
Our implementation is object oriented and uses Java language. As described earlier in the design
phase our project is divided into four modules. The first ones aim at capturing the hardware
information, second one aims at the capturing software information, the third one aims at capturing
the network information and finally parsing logs and generating a report.
(6)
6.a Algorithm:
(7)
6.b Output Screen:
Outputs clearly shows the generation of a random number each and every time the program is run.
For reference see figures.
(8)
Figure 6,7,8
With the continuing frequency, intensity, and adverse consequences of cyber-attacks, disruptions,
hazards, and other threats to federal, state, and local governments, the military, businesses, and the
critical infrastructure, the need for trustworthy secure systems has never been more important to the
long-term economic and national security interests. With increasing dangers, it is important to secure
the systems that we use. Our project will help the user get information necessary to secure the system
in a single report. Thus, our project would be of use when it comes to see how secure the system is
towards the threats posed.
References:
[1] - Ron Ross, Michael McEVilley, Janet Carrier Oren: System Security Engineering,
multidisciplinary approach, November 2016, Computer Security Division NIST.
[2] – Masaki Hashimoto: A survey of Security research for Operating Systems, 2013.
[3] – “About Belarc”, https://www.belarc.com/en/about_us, Accessed February 2019.
[4] – “About CIS”, https://www.belarc.com/en/CIS, Accessed February 2019.
(9)
A: APPENDIX I PROJECT CODE WITH OUTPUTS:
class hardware{
InetAddress ip;
try {
ip = InetAddress.getLocalHost();
System.out.println("Current host name : " + ip.getHostName());
System.out.println("Current IP address : " +
ip.getHostAddress());
String nameOS= System.getProperty("os.name");
System.out.println("Operating system Name=>"+ nameOS);
String osType= System.getProperty("os.arch");
System.out.println("Operating system type =>"+ osType);
String osVersion= System.getProperty("os.version");
System.out.println("Operating system version =>"+ osVersion);
System.out.println("Available processors (cores): " +
Runtime.getRuntime().availableProcessors());
(A-1)
TO CAPTURE CPU INFORMATION:
class testprog {
public static void main(String args[]) {
try {
Process p = Runtime.getRuntime().exec("lscpu");
BufferedReader buf = new BufferedReader(new InputStreamReader(
p.getInputStream()));
String line = "";
String output = "";
while ((line = buf.readLine()) != null) {
System.out.println(line);
output += line + "\n";
}
String path = System.getProperty("user.dir") +
"//root//Documents//minor";
try {
FileWriter fw = new FileWriter(path, true);
fw.write("\n"+output);
fw.close();
}
catch(IOException e) {
}}
catch(IOException e) {
}}}
(A-2)
TO CAPTURE NETWORK INFORMATION:
class network{
(A-3)
Log parsing and generating a report:
class parse_a{
try {
requests.close();
s.close();
} catch (IOException ioex) {
// handle exception...
}
class parse_u{
try {
requests.close();
s.close();
} catch (IOException ioex) {
// handle exception...
}
(A-4)
OUTPUTS:
(A-5)