Skip to main content

teler

Metadata

Identifier: teler
Maturity: Production

Categories

Web Intrusion Detection System

Description

teler is a real-time intrusion detection and threat alert based on web log. Targets only nginx installed on Ubuntu.

Actions

Identifier	Description	Expected Parameters Keys and Types
`start_process`	Start teler's process
`stop_process`	Stop teler's process

Information

Identifier	Description	Type	Properties	Default Value
`alerts_count`	Total number of generated alerts	`INTEGER`	`METRIC`, `READ_ONLY`
`architecture`	Binary's architecture	`STRING`	`CONFIGURATION`, `READ_ONLY`, `AUTO_GENERATED_BEFORE_INSTALL`
`command`	Command used to create teler's process and crontab	`STRING`	`CONFIGURATION`, `READ_ONLY`, `AUTO_GENERATED_BEFORE_INSTALL`
`daily_alerts_count`	Total number of alerts generated today	`INTEGER`	`METRIC`, `READ_ONLY`
`fail2ban_integration`	Whether the integration with Fail2ban is activated	`BOOLEAN`	`CONFIGURATION`, `MANDATORY`, `WITH_DEFAULT_VALUE`, `NON_DEDUCTIBLE`, `WRITABLE`	`False`
`log_format`	Format in which the messages are logged	`STRING`	`CONFIGURATION`, `MANDATORY`, `WITH_DEFAULT_VALUE`, `NON_DEDUCTIBLE`, `WRITABLE`	$`remote_addr` $`remote_user` - [$`time_local`] "$`request_method` $`request_uri` $`request_protocol`" $`status` $`body_bytes_sent` "$`http_referer`" "$`http_user_agent`"
`log_location`	Location in which nginx logs messages	`STRING`	`CONFIGURATION`, `MANDATORY`, `WITH_DEFAULT_VALUE`, `NON_DEDUCTIBLE`, `WRITABLE`	/`var`/`log`/`nginx`/`access.log`
`port`	Port on which the web server runs	`INTEGER`	`CONFIGURATION`, `MANDATORY`, `WITH_DEFAULT_VALUE`, `NON_DEDUCTIBLE`, `WRITABLE`	`80`
`top_attackers`	Top 3 attackers	`LIST_OF_STRINGS`	`METRIC`, `READ_ONLY`
`top_attacks_types`	Top 3 types of web attacks	`LIST_OF_STRINGS`	`METRIC`, `READ_ONLY`
`version`	Installed version	`STRING`	`METRIC`, `READ_ONLY`

Logs

Identifier	Description	Location	Format
`json_alerts`	Generated alerts in JSON format	/`var`/`log`/`teler.json.log`	`JSON`
`text_alerts`	Generated alerts in plaintext format	/`var`/`log`/`teler.text.log`	`TEXT`

Tests

Identifier	Description	Type
`bad_user_agent_detection`	Checks if teler detects a request with a bad user agent.	`SECURITY`
`internet_access`	Checks if host has Internet access.	`REQUIREMENT`
`nginx_active`	Checks if nginx is installed and the service is active.	`REQUIREMENT`
`presence`	Checks if a file is present.	`PRESENCE`
`process_running`	Checks if teler's process is running.	`OPERATIONAL`
`supported_architecture`	Checks if there is any build for this architecture.	`REQUIREMENT`

References

Metadata
- Categories
Description
Actions
Information
Logs
Tests
References