security growler 2.3 with minor fixes and option to check for updates

Security Growler Light.app/Contents/Info.plist

@@ -17,11 +17,11 @@
 	<key>CFBundlePackageType</key>
 	<string>APPL</string>
 	<key>CFBundleShortVersionString</key>
-	<string>2.2</string>
+	<string>2.3</string>
 	<key>CFBundleSignature</key>
 	<string>????</string>
 	<key>CFBundleVersion</key>
-	<string>2.2</string>
+	<string>2.3</string>
 	<key>LSMinimumSystemVersion</key>
 	<string>10.7.0</string>
 	<key>LSUIElement</key>

Security Growler Light.app/Contents/Resources/AppSettings.plist

@@ -20644,13 +20644,13 @@
 	<key>Suffixes</key>
 	<array/>
 	<key>TextBackground</key>
-	<string>#dadada</string>
+	<string>#ffffff</string>
 	<key>TextEncoding</key>
 	<integer>4</integer>
 	<key>TextFont</key>
 	<string>Menlo-Regular</string>
 	<key>TextForeground</key>
-	<string>#1b1b1b</string>
+	<string>#000000</string>
 	<key>TextSize</key>
 	<real>12</real>
 	<key>UniformTypes</key>

Security Growler Light.app/Contents/Resources/parsers/connections.py

@@ -13,7 +13,7 @@ def parse_connection(log_line, port=None):
     return {
         'tcp_version': tcp_vers,
         'port': port or '',
-        'state': state[1:-1],  # remove parens (LISTEN) -> LISTEN
+        'state': state[1:-1],  # removes parens (LISTEN) -> LISTEN
         'user': user,
         'process': str(proc),
         'pid': pid,
@@ -25,5 +25,8 @@ def parse_connection(log_line, port=None):
 def parse(line, source=None):
     conn = parse_connection(line, source)
     if conn:
-        return ('notify', TITLE.format(**conn), BODY.format(**conn))
+        return ('notify',
+            TITLE.format(**conn),
+            BODY.format(**conn))
+
     return (None, '', '')

Security Growler Light.app/Contents/Resources/parsers/ostiarius.py

@@ -1,6 +1,6 @@
 import re
 
-#27/04/16 09:42:38,000 kernel[0]: OSTIARIUS: /Applications/Xoib.app/Contents/MacOS/Xoib is from the internet & is unsigned -> BLOCKING!
+# 27/04/16 09:42:38,000 kernel[0]: OSTIARIUS: /Applications/Xoib.app/Contents/MacOS/Xoib is from the internet & is unsigned -> BLOCKING!
 OSTIARIUS_EVENT_FILTER = re.compile('OSTIARIUS: .+BLOCKING')
 
 def parse(line, source=None):

Security Growler Light.app/Contents/Resources/parsers/ssh.py

@@ -13,13 +13,15 @@
 
 
 def word_after(line, word):
+    """'a black sheep', 'black' -> 'sheep'"""
     return line.split(word, 1)[-1].split(' ', 1)[0]
 
 def parse_summary(line):
-    # truncated error msg
+    """get the summary of an SSH failure from an SSH log event line"""
     return line.split(' sshd[', 1)[-1].split(' ', 1)[-1][:40] + '...'
 
 def parse_line(line):
+    """parse out the user and connection source from an SSH log event line"""
     user = (
         word_after(line, ' for ')
         if ' for ' in line else ' '

Security Growler Light.app/Contents/Resources/parsers/sudo.py

@@ -4,11 +4,14 @@
 
 SUDO_EVENT_FILTER = re.compile('sudo')
 
-TITLE = 'SUDO EVENT: {0} [{1}]'
-BODY = '{0}\n@ {1}'
+TITLE = 'SUDO EVENT: {user} [{tty}]'
+BODY = '{command}\n@ {pwd}'
+
+EXCLUDE_LINES = ('/usr/sbin/lsof +c 0',)  # dont alert on sudo events that contain these strings
+
 
 def parse(line, source=None):
-    if SUDO_EVENT_FILTER.findall(line) and '/usr/sbin/lsof +c 0' not in line:
+    if SUDO_EVENT_FILTER.findall(line) and not any(pattern in line for pattern in EXCLUDE_LINES):
         pre, pwd, _, command = line.split(' ; ', 3)
 
         user = pre.split(' : ', 1)[0].split(' ')[-1]
@@ -17,7 +20,7 @@ def parse(line, source=None):
         pwd = pwd.split('PWD=', 1)[-1].split('/Users/', 1)[-1]
 
         return ('alert',
-            TITLE.format(user, tty),
-            BODY.format(command, pwd))
+            TITLE.format(user=user, tty=tty),
+            BODY.format(command=command, pwd=pwd))
 
     return (None, '', '')

Security Growler Light.app/Contents/Resources/parsers/vnc.py

@@ -1,13 +1,13 @@
 from .connections import parse_connection
 
-TITLE = 'VNC CONNECTED {0}'
-BODY = 'To: {0} {1} ({2}) on {3}'
+TITLE = 'VNC CONNECTED {source}'
+BODY = 'To: {user} {process} ({pid}) on {target}'
 
 def parse(line, source=None):
     conn = parse_connection(line, source)
     if conn:
         return ('alert',
-            TITLE.format(conn['source']),
-            BODY.format(conn['user'], conn['process'], conn['pid'], conn['target']),
+            TITLE.format(**conn),
+            BODY.format(**conn),
         )
     return (None, '', '')

Security Growler Light.app/Contents/Resources/script

@@ -8,6 +8,13 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 [[ $1 == "Settings..."* || $1 == *" Started Watching Sources"* || $1 == "port "* ]] &&
     open "$DIR"/settings.py
 
+[[ $1 == "Check for updates" ]] &&
+    open "https://github.com/pirate/security-growler/releases"
+
+# once sc auto-starts on launch instead of requiring a click on the menu icon
+# [[ $1 == "Start Security Growler at login" ]] &&
+    # defaults write loginwindow AutoLaunchedApplicationDictionary -array-add '{ "Path" = "/Applications/Security Growler.app"; "Hide" = 0; }'
+
 [[ $1 == "View the full log..."* ]] &&
     open $OUTFILE
 
@@ -29,7 +36,7 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 [[ $1 == " information: "* || $1 == "About Security Growler" ]] &&
     open 'https://pirate.github.io/security-growler/'
 
-[[ $1 == " support: "* || $1 == "Request a Feature" ]] &&
+[[ $1 == " support: "* || $1 == "Request a feature" ]] &&
     open 'https://github.com/pirate/security-growler/issues'
 
 # Helpful logfile line actions
@@ -52,9 +59,11 @@ then
     echo "—————————————————————————————————————————————————————————"
     sed -n 'H; / --------$/h; ${g;p;}' $OUTFILE | tail +2 | tail -30
     echo "—————————————————————————————————————————————————————————"
-    echo "Request a Feature"
+    echo "Check for updates"
+    echo "Request a feature"
     echo "About Security Growler"
-    echo "Stop the background agent & Quit"
+    # echo "Start Security Growler at login"
+    echo "Stop the background agent & quit"
 
 # Otherwise start it and display the loading output
 else

Security Growler.app/Contents/Info.plist

@@ -17,11 +17,11 @@
 	<key>CFBundlePackageType</key>
 	<string>APPL</string>
 	<key>CFBundleShortVersionString</key>
-	<string>2.2</string>
+	<string>2.3</string>
 	<key>CFBundleSignature</key>
 	<string>????</string>
 	<key>CFBundleVersion</key>
-	<string>2.2</string>
+	<string>2.3</string>
 	<key>LSMinimumSystemVersion</key>
 	<string>10.7.0</string>
 	<key>LSUIElement</key>

Security Growler.app/Contents/Resources/AppSettings.plist

@@ -20644,13 +20644,13 @@
 	<key>Suffixes</key>
 	<array/>
 	<key>TextBackground</key>
-	<string>#1b1b1b</string>
+	<string>#6d676b</string>
 	<key>TextEncoding</key>
 	<integer>4</integer>
 	<key>TextFont</key>
 	<string>Menlo-Regular</string>
 	<key>TextForeground</key>
-	<string>#dadada</string>
+	<string>#c1c1c3</string>
 	<key>TextSize</key>
 	<real>12</real>
 	<key>UniformTypes</key>

Security Growler.app/Contents/Resources/parsers/connections.py

@@ -13,7 +13,7 @@ def parse_connection(log_line, port=None):
     return {
         'tcp_version': tcp_vers,
         'port': port or '',
-        'state': state[1:-1],  # remove parens (LISTEN) -> LISTEN
+        'state': state[1:-1],  # removes parens (LISTEN) -> LISTEN
         'user': user,
         'process': str(proc),
         'pid': pid,
@@ -25,5 +25,8 @@ def parse_connection(log_line, port=None):
 def parse(line, source=None):
     conn = parse_connection(line, source)
     if conn:
-        return ('notify', TITLE.format(**conn), BODY.format(**conn))
+        return ('notify',
+            TITLE.format(**conn),
+            BODY.format(**conn))
+
     return (None, '', '')

Security Growler.app/Contents/Resources/parsers/ostiarius.py

@@ -1,6 +1,6 @@
 import re
 
-#27/04/16 09:42:38,000 kernel[0]: OSTIARIUS: /Applications/Xoib.app/Contents/MacOS/Xoib is from the internet & is unsigned -> BLOCKING!
+# 27/04/16 09:42:38,000 kernel[0]: OSTIARIUS: /Applications/Xoib.app/Contents/MacOS/Xoib is from the internet & is unsigned -> BLOCKING!
 OSTIARIUS_EVENT_FILTER = re.compile('OSTIARIUS: .+BLOCKING')
 
 def parse(line, source=None):

Security Growler.app/Contents/Resources/parsers/ssh.py

@@ -13,13 +13,15 @@
 
 
 def word_after(line, word):
+    """'a black sheep', 'black' -> 'sheep'"""
     return line.split(word, 1)[-1].split(' ', 1)[0]
 
 def parse_summary(line):
-    # truncated error msg
+    """get the summary of an SSH failure from an SSH log event line"""
     return line.split(' sshd[', 1)[-1].split(' ', 1)[-1][:40] + '...'
 
 def parse_line(line):
+    """parse out the user and connection source from an SSH log event line"""
     user = (
         word_after(line, ' for ')
         if ' for ' in line else ' '

Security Growler.app/Contents/Resources/parsers/sudo.py

@@ -4,11 +4,14 @@
 
 SUDO_EVENT_FILTER = re.compile('sudo')
 
-TITLE = 'SUDO EVENT: {0} [{1}]'
-BODY = '{0}\n@ {1}'
+TITLE = 'SUDO EVENT: {user} [{tty}]'
+BODY = '{command}\n@ {pwd}'
+
+EXCLUDE_LINES = ('/usr/sbin/lsof +c 0',)  # dont alert on sudo events that contain these strings
+
 
 def parse(line, source=None):
-    if SUDO_EVENT_FILTER.findall(line) and '/usr/sbin/lsof +c 0' not in line:
+    if SUDO_EVENT_FILTER.findall(line) and not any(pattern in line for pattern in EXCLUDE_LINES):
         pre, pwd, _, command = line.split(' ; ', 3)
 
         user = pre.split(' : ', 1)[0].split(' ')[-1]
@@ -17,7 +20,7 @@ def parse(line, source=None):
         pwd = pwd.split('PWD=', 1)[-1].split('/Users/', 1)[-1]
 
         return ('alert',
-            TITLE.format(user, tty),
-            BODY.format(command, pwd))
+            TITLE.format(user=user, tty=tty),
+            BODY.format(command=command, pwd=pwd))
 
     return (None, '', '')

Security Growler.app/Contents/Resources/parsers/vnc.py

@@ -1,13 +1,13 @@
 from .connections import parse_connection
 
-TITLE = 'VNC CONNECTED {0}'
-BODY = 'To: {0} {1} ({2}) on {3}'
+TITLE = 'VNC CONNECTED {source}'
+BODY = 'To: {user} {process} ({pid}) on {target}'
 
 def parse(line, source=None):
     conn = parse_connection(line, source)
     if conn:
         return ('alert',
-            TITLE.format(conn['source']),
-            BODY.format(conn['user'], conn['process'], conn['pid'], conn['target']),
+            TITLE.format(**conn),
+            BODY.format(**conn),
         )
     return (None, '', '')

Security Growler.app/Contents/Resources/script

@@ -8,6 +8,13 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 [[ $1 == "Settings..."* || $1 == *" Started Watching Sources"* || $1 == "port "* ]] &&
     open "$DIR"/settings.py
 
+[[ $1 == "Check for updates" ]] &&
+    open "https://github.com/pirate/security-growler/releases"
+
+# once sc auto-starts on launch instead of requiring a click on the menu icon
+# [[ $1 == "Start Security Growler at login" ]] &&
+    # defaults write loginwindow AutoLaunchedApplicationDictionary -array-add '{ "Path" = "/Applications/Security Growler.app"; "Hide" = 0; }'
+
 [[ $1 == "View the full log..."* ]] &&
     open $OUTFILE
 
@@ -29,7 +36,7 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 [[ $1 == " information: "* || $1 == "About Security Growler" ]] &&
     open 'https://pirate.github.io/security-growler/'
 
-[[ $1 == " support: "* || $1 == "Request a Feature" ]] &&
+[[ $1 == " support: "* || $1 == "Request a feature" ]] &&
     open 'https://github.com/pirate/security-growler/issues'
 
 # Helpful logfile line actions
@@ -52,9 +59,11 @@ then
     echo "—————————————————————————————————————————————————————————"
     sed -n 'H; / --------$/h; ${g;p;}' $OUTFILE | tail +2 | tail -30
     echo "—————————————————————————————————————————————————————————"
-    echo "Request a Feature"
+    echo "Check for updates"
+    echo "Request a feature"
     echo "About Security Growler"
-    echo "Stop the background agent & Quit"
+    # echo "Start Security Growler at login"
+    echo "Stop the background agent & quit"
 
 # Otherwise start it and display the loading output
 else

Security Growler.platypus

@@ -20681,13 +20681,13 @@
 	<key>Suffixes</key>
 	<array/>
 	<key>TextBackground</key>
-	<string>#1b1b1b</string>
+	<string>#ffffff</string>
 	<key>TextEncoding</key>
 	<integer>4</integer>
 	<key>TextFont</key>
 	<string>Menlo-Regular</string>
 	<key>TextForeground</key>
-	<string>#dadada</string>
+	<string>#000000</string>
 	<key>TextSize</key>
 	<real>12</real>
 	<key>UniformTypes</key>
@@ -20698,6 +20698,6 @@
 	<key>UseXMLPlistFormat</key>
 	<false/>
 	<key>Version</key>
-	<string>2.1</string>
+	<string>2.3</string>
 </dict>
 </plist>

menubar.sh

@@ -36,7 +36,7 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 [[ $1 == " information: "* || $1 == "About Security Growler" ]] &&
     open 'https://pirate.github.io/security-growler/'
 
-[[ $1 == " support: "* || $1 == "Request a Feature" ]] &&
+[[ $1 == " support: "* || $1 == "Request a feature" ]] &&
     open 'https://github.com/pirate/security-growler/issues'
 
 # Helpful logfile line actions