A comprehensive Infrastructure as Code (IaC) solution with container orchestration, deployment versioning, security management, and ML-based intrusion detection system (IDS).
- Deploy and manage Docker containers
- Real-time health monitoring
- Container lifecycle management (create, start, stop, delete)
- Network connectivity testing
- Multi-container orchestration
- Version control for deployments
- Configuration versioning with git integration
- Automated rollback capabilities
- Deployment history tracking
- Configuration change detection
- SSH key management and rotation
- Firewall rule configuration
- Security policy enforcement
- Encrypted credential storage
- Access control management
- Web Server Threat Detection: Admin access, path traversal, XSS, SQL injection, suspicious tools
- Database Attack Detection: SQL injection patterns, dangerous operations, stacked queries
- Email Threat Detection: Phishing patterns, spam, malware payloads, suspicious clients
- Hybrid detection: Manual rules + ML model fallback
- Real-time alert generation and reporting
- Continuous system health checks
- CPU, memory, and disk monitoring
- Service availability checks
- Health report generation
- Alert notifications
- Real-time status monitoring
- Interactive deployment controls
- IDS alert management
- System logs and diagnostics
- Configuration management interface
├── cms/
│ ├── main.py # CMS core initialization
│ ├── config_manager.py # Configuration management
│ ├── deployment_manager.py # Deployment orchestration
│ ├── security.py # Security operations
│ ├── enhanced_security.py # Extended security features
│ ├── health_monitor.py # Health monitoring system
│ ├── network.py # Network operations
│ ├── communication.py # Inter-component communication
│ ├── ids_manager.py # IDS core with ML models
│ ├── config.yaml # Configuration file
│ └── config_versions/ # Configuration history
├── models/
│ ├── web_model.pkl # Web threat ML model
│ ├── db_model.pkl # Database threat ML model
│ ├── email_model.pkl # Email threat ML model
│ └── preprocess.py # Feature extraction
├── templates/
│ └── dashboard.html # Web dashboard
├── static/
│ ├── css/style.css # Dashboard styles
│ ├── js/dashboard.js # Dashboard functionality
│ └── js/ui.js # UI utilities
├── keys/ # SSH keys (in .gitignore)
├── scripts/
│ └── deploy_infrastructure.sh # Deployment script
├── health_reports/ # Generated health reports
├── deployments/ # Deployment artifacts
├── enhanced_api.py # Flask API server
├── docker-compose.yml # Docker composition
└── requirements.txt # Python dependencies
- Python 3.8+
- Docker & Docker Compose
- Git
- Virtual Environment (recommended)
- Clone the repository:
git clone <repository-url>
cd help- Create and activate virtual environment:
python3 -m venv venv
source venv/bin/activate- Install dependencies:
pip install -r requirements.txt- Configure the system:
cp cms/config.yaml.example cms/config.yaml
# Edit config.yaml with your settings- Deploy infrastructure:
./scripts/deploy_infrastructure.sh- Start Docker services:
docker-compose up -d- Run the Flask API server:
python3 enhanced_api.py- Access the dashboard:
http://localhost:5001
- Deploy complete infrastructure
- Create client containers
- Cleanup all resources
- Check configuration changes
- Redeploy on configuration change
- Test network connectivity
- View system health status
- Monitor container resources
- Check service availability
- Download health reports
- Manage SSH keys
- Configure firewall rules
- View security policies
- Manage access controls
- Web Server Tests: Normal Logs, Attack Logs
- Database Tests: Normal Queries, Attack Queries
- Email Server Tests: Normal Emails, Phishing Emails
- View real-time alerts
- Filter and search alerts
- Clear alert history
- View deployment history
- Compare configurations
- Rollback deployments
- Manage versions
- Edit system configuration
- Validate configuration
- Apply configuration changes
- View configuration history
GET /api/ids/status- Get IDS status and model informationGET /api/ids/alerts- Get all detected alertsPOST /api/ids/analyze- Analyze a single log entryPOST /api/ids/generate-logs- Generate and analyze normal web logsPOST /api/ids/generate-db-logs- Generate and analyze normal database logsPOST /api/ids/generate-email-logs- Generate and analyze normal email logsPOST /api/ids/generate-attacks- Generate and analyze attack patternsGET /api/ids/test-attack- Test attack detection
POST /api/deploy- Deploy infrastructureGET /api/deployments- List deploymentsPOST /api/cleanup- Cleanup resourcesPOST /api/check-config-changes- Check for configuration changes
GET /api/health- Get overall system healthGET /api/health/detailed- Get detailed health reportGET /api/containers- List all containersGET /api/logs- Get system logs
GET /api/security/keys- List SSH keysPOST /api/security/keys- Generate new SSH keyGET /api/security/firewall- Get firewall rulesPOST /api/security/firewall- Configure firewall rule
The system includes three pre-trained scikit-learn models for threat detection:
- Detects: Admin access, command execution, path traversal, XSS, SQL injection, scanner tools
- Confidence: 0.95 for manual rules, variable for ML predictions
- Detects: SQL injection, UNION attacks, dangerous operations, stacked queries
- Confidence: 0.95 for manual rules, variable for ML predictions
- Detects: Phishing attempts, spam, malware payloads, suspicious email clients
- Confidence: 0.90 for manual patterns
- Manual pattern matching for known attacks (fast, 0.95 confidence)
- ML model fallback for anomalous patterns (0.5-0.8 confidence)
- Comprehensive logging of all detection decisions
Edit cms/config.yaml to customize:
system:
name: Enhanced CMS
version: 1.0
mode: full
deployment:
auto_redeploy: false
health_check_interval: 30
log_level: INFO
security:
enable_firewall: true
ssh_key_rotation_days: 90
enforce_tls: true
ids:
enable_monitoring: true
alert_threshold: 0.85
models_path: ./modelsGenerated health reports are stored in health_reports/ with timestamps:
health_report_20251128_143022.json
All detected threats are logged and can be:
- Viewed in the dashboard
- Filtered by severity and type
- Exported for analysis
- Cleared after review
server.log- Flask API server logsstartup.log- Deployment startup logsdeployments/- Detailed deployment logs
python3 comprehensive_ids_test.pyThe codebase has been cleaned to remove comments and emojis while maintaining all functionality.
- Place trained model in
models/directory - Update
cms/ids_manager.pyto load the model - Add analysis method following the pattern of existing models
cd /home/ahad/Desktop/help
git init
git add .
git commit -m "Initial commit: Enhanced CMS with IDS"
git branch -M main
git remote add origin <your-github-repo-url>
git push -u origin mainThe .gitignore file excludes:
- Python cache and virtual environments
- Sensitive files (keys, secrets, credentials)
- Generated logs and reports
- Build artifacts
- IDE configurations
- OS-specific files
- Store sensitive data (SSH keys, credentials) outside the repository
- Use
.envfiles for local development (excluded from git) - Rotate SSH keys regularly
- Keep ML models updated with new threat patterns
- Review and approve all configuration changes before deployment
- Enable firewall rules in production
- Use TLS/HTTPS for all communications
- Verify model files exist in
models/directory - Check scikit-learn version compatibility
- Review alert thresholds in configuration
- Check logs for model loading errors
- Verify Docker daemon is running
- Check Docker Compose configuration
- Review deployment logs in
deployments/ - Ensure sufficient system resources
- Verify Flask server is running on port 5001
- Check firewall rules allowing port 5001
- Review API server logs
- Clear browser cache and refresh
- Fork the repository
- Create feature branch (
git checkout -b feature/AmazingFeature) - Commit changes (
git commit -m 'Add AmazingFeature') - Push to branch (
git push origin feature/AmazingFeature) - Open Pull Request
This project is licensed under the MIT License - see LICENSE file for details.
For issues, questions, or contributions:
- Create an issue on GitHub
- Contact the development team
- Check the documentation in project root
- Initial release with full IaC support
- ML-based IDS with 3 pre-trained models
- Comprehensive dashboard
- Security management
- Health monitoring
- Deployment versioning
- Code cleanup (removed comments and emojis)
- GitHub deployment ready
- Kubernetes support
- Enhanced ML model training
- API authentication and authorization
- Advanced analytics dashboard
- Automated incident response
- Integration with external monitoring tools
- Webhook support for CI/CD