trailbot / client Goto Github PK

Trailbot tracks files and logs in your servers and triggers Smart Policies upon unwanted modification.

License: Other

JavaScript 16.71% CoffeeScript 83.29%

client's Introduction

Trailbot Client ^{_{^{_{DEVELOPER PREVIEW}}}}

Trailbot tracks your server's logs and files, triggers Smart Policies upon potentially unwanted modifications and generates a tamper-proof audit trail of everything happening in the system.

Smart Policies are simple scripts that get called every time a tracked file changes. They trigger actions such as emailing someone, rolling files back to a previous state or even shutting the system down. There are plenty of them ready to use, and you can even create your own.

Trailbot has three components:

Watcher: a server daemon that monitors your files and logs, registers file events and enforces smart policies.
Client: (this repository) desktop app for managing watchers, defining policies and reading file events.
Vault: a backend that works as a relay for the watcher's settings and the server events.

Why Trailbot?

Current security solutions are based on an obsolete paradigm: building walls and fences. Companies advertise their overcomplicated perimeter security systems as if they were impenetrable. But nevertheless we hear everyday about cyber security breaches at even the largest corporations.

In any case walls and fences will not protect you at all from internal breaches and insider threats. Furthermore, most data resides nowadays in the cloud, where walls, borders and fences fade and blur. It is not a matter of “if” but “when” the perimeter will get breached.

With Trailbot you can rest assured of the integrity of your data, being it a system log or any other important file. It doesn't matter if an outsider got access to your systems or an insider decided to go rogue—you are now in control.

Installation

Please refer to our Getting Started guide for detailed installation instructions.

Get Involved

We'd love for you to help us build Trailbot. If you'd like to be a contributor, check out our Contributing guide.

FAQ

Check out our FAQ at the wiki.

LICENSE

MIT

client's People

Stargazers

Watchers

client's Issues

View for editing policies

trailbot-watcher service will not start, missing sleep module?

/var/log/trailbot-watcher.log shows:
module.js:457
throw err;
^
Error cannot find module sleep

how is the tamper-proof feature guaranteed?

I have been looking into tamper-evident audit/logging mechanisms for systemd/syslog, and your product
seems to make a very interesting claim, tamper-proof. how is this done exactly, is there any relation to the work of crosby (http://tamperevident.cs.rice.edu/Logging.html)?
This in my opinion is a rather novel feature, and if it is as you say should be more prominently stated, and explained in docs/faq.

View for editing file settings

Issue installing on Ubuntu 16.04

I'm trying to install the server agent, but I'm getting "1060 warn notsup Not compatible with your operating system or architecture: [email protected]" when using npm install in the watcher directory on my servers.

I'm rather new with npm so I may be missing something.

An additional question I have is where exactly should the 'railbot_client.pub.asc' go on the server?

npm-debug.txt

Option for archiving old events

Make public keys exchange simpler

This is a proposal on how to exchange public keys between Trailbot Watcher and Trailbot Client without the need to transfer the whole PGP armors via clipboard, scp, rsync, ftp or similar.

Prerequisites

Trailbot Client and Trailbot Watcher have been already installed.
Trailbot Client setup has been initiated and client_public.key.asc has been generated.

Procedure

User runs sudo npm run setup to setup the watcher.
Watcher setup script generates its watcher_public.key.asc.
Watcher calculates a random 8 bytes sequence called channel and maps it to a biometric sentence by using a PGP word list. E.g.: fcc5fa9b is mapped to wayside resistor wallet Norwegian.
Watcher inserts its public key into the vault's exchange collection in a document formatted like example [1], and subscribes to such document.
The user manually writes the sentence wayside resistor wallet Norwegian into Trailbot Client.
Client maps the sentence back to get the original fingerprint (fcc5fa9b).
Client gets Watcher's public key by querying exchange collection with {channel: "fcc5fa9b"}.
Client updates exchange collection's document by adding its own public key.
Watcher receives the updated document, reads Client's public key and immediately removes the document.

Considerations

exchange collection's documents should be deleted by Watcher after a few minutes timeout to avoid brute force attacks.
exchange collection must reject operations that do not query for a specific channel.
exchange collection must only allow document deletion if it is done by the document's creator.

JSON Examples

[1]:

  {
    "channel": "fcc5fa9b",
    "creator": "eb7a167ac9bb06eadacb07f14fdb109dfcc5fa9b",
    "watcher": "-----BEGIN PGP PUBLIC KEY BLOCK-----[...]",
    "expires": "Mon Aug 08 2016 03:09:01 GMT+00:00"
  }

Option in client for upgrading smart policies

In addition to #5, it would be great to have an option in the client for forcing the watcher to pull latest version of the configured smart policies.

Automatically assign a reference to every event and file revision

Decouple event decryption from renderer process

Enforce "policy" attribute in package.json

Ability for setting smart policies execution order

Option in client for pausing/resuming smart policies

It would be cool to have the option to freeze a smart policy for a certain amount of time (or until it is manually reactivated).

API for raising arbitrary events from inside smart policies

Error

Can you look into what is causing this:
validation of public artifact baas-artifacts/linux-stampery-trailbot-watcher failed with 1 errors. 1: Location: InstanceDocument Kind: Syntax ErrorType: UnexpectedCommaAfterLastMemeber Start: 0 Length: 0 Message: UnexpectedCommaAfterLastMemeber