GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects â†’ sdslabs â†’ Watchdog

sdslabs / Watchdog

Licence: mit
🔑 Lightweight server access management system, written in Rust

Programming Languages

rust
11053 projects

Labels

devopscloud

Projects that are alternatives of or similar to Watchdog

My Links
Knowledge seeks no man
Stars: ✭ 311 (+740.54%)
Mutual labels:  cloud, devops
Terratag
Terratag is a CLI tool that enables users of Terraform to automatically create and maintain tags across their entire set of AWS, Azure, and GCP resources
Stars: ✭ 385 (+940.54%)
Mutual labels:  cloud, devops
Adapt
ReactJS for your infrastructure. Create and deploy full-stack apps to any infrastructure using the power of React.
Stars: ✭ 317 (+756.76%)
Mutual labels:  cloud, devops
Vagrant Openstack Provider
Use Vagrant to manage OpenStack Cloud instances.
Stars: ✭ 229 (+518.92%)
Mutual labels:  cloud, devops
Awless
A Mighty CLI for AWS
Stars: ✭ 4,821 (+12929.73%)
Mutual labels:  cloud, devops
Ccodashboard
Welcome to the Continuous Cloud Optimization Power BI Dashboard GitHub Project. In this repository you will find all the guidance and files needed to deploy the Dashboard in your environment to take benefit of a single pane of glass to get insights about your Azure resources and services.
Stars: ✭ 256 (+591.89%)
Mutual labels:  cloud, devops
Cipi
An Open Source Control Panel for your Cloud! Deploy and manage LEMP apps in one click!
Stars: ✭ 376 (+916.22%)
Mutual labels:  cloud, devops
Lastbackend
System for containerized apps management. From build to scaling.
Stars: ✭ 1,536 (+4051.35%)
Mutual labels:  cloud, devops
Terracognita
Reads from existing Cloud Providers (reverse Terraform) and generates your infrastructure as code on Terraform configuration
Stars: ✭ 452 (+1121.62%)
Mutual labels:  cloud, devops
Devops Readme.md
What to Read to Learn More About DevOps
Stars: ✭ 398 (+975.68%)
Mutual labels:  cloud, devops
Cloud Ops Sandbox
Cloud Operations Sandbox is an open source tool that helps practitioners to learn Service Reliability Engineering practices from Google and apply them on their cloud services using Cloud Operations suite of tools.
Stars: ✭ 191 (+416.22%)
Mutual labels:  cloud, devops
K8s On Raspbian
Kubernetes on Raspbian (Raspberry Pi)
Stars: ✭ 839 (+2167.57%)
Mutual labels:  cloud, devops
Terrahub
Terraform Automation and Orchestration Tool (Open Source)
Stars: ✭ 148 (+300%)
Mutual labels:  cloud, devops
K3sup
bootstrap Kubernetes with k3s over SSH < 1 min 🚀
Stars: ✭ 4,012 (+10743.24%)
Mutual labels:  cloud, devops
Training
Container, Monitoring & Logging, Cloud & DevOps Tutorials and Labs
Stars: ✭ 121 (+227.03%)
Mutual labels:  cloud, devops
Beeva Best Practices
Best Practices and Style Guides in BEEVA
Stars: ✭ 335 (+805.41%)
Mutual labels:  cloud, devops
Mist Ce
Mist is an open source, multi-cloud management platform
Stars: ✭ 1,391 (+3659.46%)
Mutual labels:  cloud, devops
Hashi Up
bootstrap HashiCorp Consul, Nomad, or Vault over SSH < 1 minute
Stars: ✭ 113 (+205.41%)
Mutual labels:  cloud, devops
Howtheyaws
A curated collection of publicly available resources on how technology and tech-savvy organizations around the world use Amazon Web Services (AWS)
Stars: ✭ 389 (+951.35%)
Mutual labels:  cloud, devops
Nixops
NixOps is a tool for deploying to NixOS machines in a network or cloud.
Stars: ✭ 838 (+2164.86%)
Mutual labels:  cloud, devops
View All Similar Projects âž”

Watchdog

Lightweight server access management system

License

Watchdog is a personalised server access management tool (and a slack bot) which keeps a track of all the administrative rights attempts (like sudo and su) on server (via SSH) and allows/disallows log-in attempts based on public key of user and logs all activity in form of slack message. It provides easy granting/revoking access to servers to team members through pull requests on a keyhouse repository.

Check out this blog post to know how watchdog works and design methodologies behind it: https://blog.sdslabs.co/2020/04/watchdog

Contents

Features

  • Request SSH access to a server just by creating a PR to the Keyhouse repository.
  • Stateless and serverless. Watchdog runs on a single binary.
  • Optional server activity logs to your favourite workspace like Slack or Discord.
  • Easy Installation and Configuration
  • Get notified when someone escalates privileges or performs administrative tasks using sudo or su

Dependencies

The following softwares are required for running Watchdog:-

  • PAM
  • OpenSSH server

Installation

  1. Create a Keyhouse Repository using the template repository here.

  2. Clone the watchdog repository

    git clone https://github.com/sdslabs/watchdog.git

  3. Change into the repository directory and build the latest binaries using Cargo

    cargo build --release

  4. Copy sample.config.toml to config.toml and make changes to the config this way:

    # Hostname of the machine running watchdog. Note that this should be
# same as the file you create in the `hosts` directory in keyhouse.
hostname = 'virtual-machine'

# Keyhouse repository configuration
[keyhouse]

# URL of the Keyhouse repository, it should be of the format
# `https://api.github.com/repos/<ORGANIZATION>/<KEYHOUSE-REPOSITORY>/contents`
base_url = 'https://api.github.com/repos/sdslabs/keyhouse-template/contents'

# This should be a personal access token made by a member of organization on his/her
# behalf who can read the Keyhouse repository. Go to this
# https://github.com/settings/tokens/new?description=Keyhouse%20Token&scopes=repo
# to make a new token with correct scopes.
token = 'secret_token'

# Webhook APIs corresponding to various notifiers
[notifiers]

# Make an incoming hook to your Slack workspace from this
# app(https://slack.com/apps/A0F7XDUAZ-incoming-webhooks)
# and paste the hook URL here. You can customize the icon and name as you like.
slack = 'https://hooks.slack.com/services/ABCDEFGHI/ABCDEFGHI/abcdefghijklmnopqrstuvwx'

  5. Once you are done configuring, run this command with root(sudo) privileges

    cd install && sudo ./install.sh

  6. Add /opt/watchdog/bin to your PATH variable.

Usage

$ watchdog --help

Watchdog 0.1.0
SDSLabs <[email protected]>
Simple server access management system on a binary

USAGE:
    watchdog [SUBCOMMAND]

FLAGS:
    -h, --help       Prints help information
    -V, --version    Prints version information

SUBCOMMANDS:
    auth      Authorizes users based on from keyhouse repository. This command is passed through
              `AuthorizedKeysCommand` in sshd_config.
    config    Get or set Watchdog configuration
    help      Prints this message or the help of the given subcommand(s)
    logs      Get the global watchdog logs
    ssh       Handles the PAM SSH calls by pam_exec for Watchdog
    su        Handles the PAM su calls by pam_exec for Watchdog
    sudo      Handles the PAM sudo calls by pam_exec for Watchdog

Though most of the commands are for internal use of PAM, you can edit configuration of Watchdog any time

$ watchdog config --help

NOTE: config can be fetched/edited only with root (sudo) access.

To view logs

$ watchdog logs --help

Development

You need to have Rust installed along with the mentioned dependencies

Open your favourite terminal and perform the following tasks:-

  1. Clone this repository.
$ git clone https://github.com/sdslabs/watchdog

  1. Make the required changes inside the source code directory (src/)

  2. Run cargo test to test your changes.

  3. Rebuild the binary using cargo build command.

Contact

If you have a query regarding the product or just want to say hello then feel free to visit chat.sdslabs.co or drop a mail at [email protected]

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].