From 7eaff1d08c435a2eb2ed75fc1f617a4f63051777 Mon Sep 17 00:00:00 2001 From: Spencer Date: Tue, 19 Aug 2025 15:57:31 -0500 Subject: [PATCH] Added NMAP planning and updated constraints --- CONSTRAINTS.md | 17 ++++++++++++----- PROGRESS.md | 25 +++++++++++++++++++++++-- log_position.txt | 2 +- 3 files changed, 36 insertions(+), 8 deletions(-) diff --git a/CONSTRAINTS.md b/CONSTRAINTS.md index 7bb5d76..731b681 100644 --- a/CONSTRAINTS.md +++ b/CONSTRAINTS.md @@ -1,10 +1,17 @@ ## LLM Constraints and Guidelines +- Please do not report on anything that is older then 48 hours. +- The server uses a custom DNS server at 192.168.2.112. +### Important Things to Focus On: +- Security-related events such as failed login attempts, unauthorized access, or unusual network connections. +- Events indicating loss of connectivity or unreachable hosts. +- Unexpected network additions or unusual traffic patterns. + +### Less Important Things: - Do not flag minor fluctuations in network Round Trip Time (RTT) as anomalies. These are considered normal network variance. -- Prioritize security-related events such as failed login attempts, unauthorized access, or unusual network connections. -- Focus on events indicating loss of connectivity or unreachable hosts. -- Highlight any unexpected network additions or unusual traffic patterns. - The DNS server 8.8.8.8 is Google's public DNS server and is a legitimate destination. Do not flag requests to 8.8.8.8 as anomalous. + +### Actions Taken: - The following IP's have been banned based on your feedback: - 77.83.240.46 - 45.88.8.215 @@ -12,6 +19,6 @@ - 120.48.49.12 - 23.137.255.140 - 101.89.148.7 -- On August 18th, 2025, a firewall was set up to prevent all unknown IP's from SSH access. The Only IP's that have SSH access are 192.168.2.0/24 and 100.64.0.0/10 -- Please do not report on anything that is older then 48 hours. +- On August 19th, 2025, a firewall was set up to prevent all unknown IP's from SSH access. The Only IP's that have SSH access are 192.168.2.0/24 and 100.64.0.0/10 + diff --git a/PROGRESS.md b/PROGRESS.md index ea04230..5753287 100644 --- a/PROGRESS.md +++ b/PROGRESS.md @@ -33,11 +33,32 @@ 20. [x] Removed `jc` library as a dependency 21. [x] Implemented manual parsing of `sensors` command output -## TODO +## Tasks Already Done [x] Ensure we aren't using mockdata for get_system_logs() and get_network_metrics() [x] Improve `get_system_logs()` to read new lines since last check [x] Improve `get_network_metrics()` by using a library like `pingparsing` [x] Ensure we are including CONSTRAINTS.md in our analyze_data_with_llm() function [x] Summarize entire report into a single sentence to said to Home Assistant -[x] Figure out why Home Assitant isn't using the speaker \ No newline at end of file +[x] Figure out why Home Assitant isn't using the speaker + +## Keeping track of Current Objectives + +[ ] Improve "high" priority detection by explicitly instructing LLM to output severity in structured JSON format. +[ ] Implement dynamic contextual information (Known/Resolved Issues Feed) for LLM to improve severity detection. + +## Network Scanning (Nmap Integration) + +1. [ ] Add `python-nmap` to `requirements.txt` and install. +2. [ ] Define `NMAP_TARGETS` and `NMAP_SCAN_OPTIONS` in `config.py`. +3. [ ] Create a new function `get_nmap_scan_results()` in `monitor_agent.py`: + * [ ] Use `python-nmap` to perform a scan on the defined targets with the specified options. + * [ ] Return the parsed results. +4. [ ] Integrate `get_nmap_scan_results()` into the main monitoring loop: + * [ ] Call this function periodically (e.g., less frequently than other metrics). + * [ ] Add the `nmap` results to the `combined_data` dictionary. +5. [ ] Update `data_storage.py` to store `nmap` results. +6. [ ] Extend `calculate_baselines()` in `data_storage.py` to include `nmap` baselines: + * [ ] Compare current `nmap` results with historical data to identify changes. +7. [ ] Modify `analyze_data_with_llm()` prompt to include `nmap` scan results for analysis. +8. [ ] Consider how to handle `nmap` permissions. \ No newline at end of file diff --git a/log_position.txt b/log_position.txt index f5b7e55..e3f7a05 100644 --- a/log_position.txt +++ b/log_position.txt @@ -1 +1 @@ -11989560 \ No newline at end of file +12165512 \ No newline at end of file