Skip to main content

Keychest agent

Project description

KEYCHEST Agent (keychest_agent)

Lightweight agent for internal network audits

Copyright (C) Smart Arcs Ltd, registered in the United Kingdom.
Unauthorized copying of this file, via any medium is strictly prohibited

Function

keychest_agent is a lightweight Python proxy for management of intranet encryption keys with a control enforced via its local configuration file.

Installation

  1. keychest_agent --register - an optional parameter (--staging); this command will print the agent's registration ID in the form of <random string>@keychest.net
  2. run keychest_agent as a daemon using a supervisor or other tool ensuring it is restarted if it terminates.
  3. register the agent's ID in your KeyChest account so you can define its audit scope.

Operational Files

keychest_agent creates a set of files in the $HOME folder of the effective user. All its files are in a folder .keychest. The file structure follows a Linux file structure with:

  • var/log/keychest_agent - for log files
  • etc/keychest_agent - configuration files
  • var/sock - a sock file for multiprocessing logging module
  • var/run - runtime related files

Overview

The core of KeyChest agents comprises the following 3 subsystems:

  1. Logging - a robust logging, which stores activity logs locally as well as posts them to the KeyChest service is simply a must for efficient management. Detailed information is what you need when in trouble - whether it's for KeyChest users or for our support helping you out.
  2. Proxy operation - the actual audit of secure services requires a strong control over the networking, something that is platform dependent and we are regularly updating it. It means agents must work as transparent proxies for traffic generated by the KeyChest Audit Engines.
  3. Local control - agents are gateways into your internal networks and we want to give you as much control as possible over what they can be used for. We are putting restrictions on the ports they can connect to, the address ranges they can use, and so on. This information is in local configuration files, which can be locked-down so only you can change them. We also plan to give as wide access to the source codes of agents as possible.

Proxy Operation

Each agent controls the traffic and any requests coming from the KeyChest.net service. Details of audit requests are sent to agents so they can block those not complying with agent's local configuration file.

Agents regularly connect to keychest.net to request audit "jobs". When they receive a valid description of an audit job, they will launch a proxy, which connects to the audit target (downstream) and to KeyChest (upstream). Once the audit is completed, the proxy is terminated and the agent can re-use its port.

Internal network discovery is treated separately. We plan to implement a range of discovery methods based either on:

  1. internal database of certificates (e.g., LDAP storage of your PKI system); or
  2. internal DNS zone.

Discovered services are sent to the KeyChest service so it can start scheduling regular audits.

Links

  1. more info - https://keychest.net/stories/keychest-unifying-public-and-private-keys
  2. support - support@keychest.net
  3. KeyChest's founder blog - https://magicofsecurity.com

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

keychest_agent-1.3.13.tar.gz (60.8 kB view details)

Uploaded Source

File details

Details for the file keychest_agent-1.3.13.tar.gz.

File metadata

  • Download URL: keychest_agent-1.3.13.tar.gz
  • Upload date:
  • Size: 60.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/2.0.0 pkginfo/1.5.0.1 requests/2.21.0 setuptools/41.6.0 requests-toolbelt/0.9.1 tqdm/4.32.2 CPython/3.7.3

File hashes

Hashes for keychest_agent-1.3.13.tar.gz
Algorithm Hash digest
SHA256 84f47bb489515cd1edb4e9d86f34ecb17213833462eb32b757b5c423f8444c49
MD5 305acfc5ebba002faf04c848f0b8447d
BLAKE2b-256 f047abbc0103d21a9d86d61b6b8c923555088cbc2fc3f73ae7c57802b0d651b2

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page