Keychest agent
Project description
KEYCHEST Agent (keychest_agent)
Lightweight agent for internal network audits
Copyright (C) Smart Arcs Ltd, registered in the United Kingdom.
Unauthorized copying of this file, via any medium is strictly prohibited
Function
keychest_agent is a lightweight Python proxy for management of intranet encryption keys with a control enforced via its local configuration file.
Installation
keychest_agent --register
- an optional parameter (--staging
); this command will print the agent's registration ID in the form of<random string>@keychest.net
- run
keychest_agent
as a daemon using a supervisor or other tool ensuring it is restarted if it terminates. - register the agent's ID in your KeyChest account so you can define its audit scope.
Operational Files
keychest_agent
creates a set of files in the $HOME folder of the effective user. All its files are in a folder .keychest
. The file structure follows a Linux file structure with:
var/log/keychest_agent
- for log filesetc/keychest_agent
- configuration filesvar/sock
- a sock file for multiprocessing logging modulevar/run
- runtime related files
Overview
The core of KeyChest agents comprises the following 3 subsystems:
- Logging - a robust logging, which stores activity logs locally as well as posts them to the KeyChest service is simply a must for efficient management. Detailed information is what you need when in trouble - whether it's for KeyChest users or for our support helping you out.
- Proxy operation - the actual audit of secure services requires a strong control over the networking, something that is platform dependent and we are regularly updating it. It means agents must work as transparent proxies for traffic generated by the KeyChest Audit Engines.
- Local control - agents are gateways into your internal networks and we want to give you as much control as possible over what they can be used for. We are putting restrictions on the ports they can connect to, the address ranges they can use, and so on. This information is in local configuration files, which can be locked-down so only you can change them. We also plan to give as wide access to the source codes of agents as possible.
Proxy Operation
Each agent controls the traffic and any requests coming from the KeyChest.net service. Details of audit requests are sent to agents so they can block those not complying with agent's local configuration file.
Agents regularly connect to keychest.net to request audit "jobs". When they receive a valid description of an audit job, they will launch a proxy, which connects to the audit target (downstream) and to KeyChest (upstream). Once the audit is completed, the proxy is terminated and the agent can re-use its port.
Internal network discovery is treated separately. We plan to implement a range of discovery methods based either on:
- internal database of certificates (e.g., LDAP storage of your PKI system); or
- internal DNS zone.
Discovered services are sent to the KeyChest service so it can start scheduling regular audits.
Links
- more info - https://keychest.net/stories/keychest-unifying-public-and-private-keys
- support - support@keychest.net
- KeyChest's founder blog - https://magicofsecurity.com
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file keychest_agent-1.3.13.tar.gz
.
File metadata
- Download URL: keychest_agent-1.3.13.tar.gz
- Upload date:
- Size: 60.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/2.0.0 pkginfo/1.5.0.1 requests/2.21.0 setuptools/41.6.0 requests-toolbelt/0.9.1 tqdm/4.32.2 CPython/3.7.3
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 84f47bb489515cd1edb4e9d86f34ecb17213833462eb32b757b5c423f8444c49 |
|
MD5 | 305acfc5ebba002faf04c848f0b8447d |
|
BLAKE2b-256 | f047abbc0103d21a9d86d61b6b8c923555088cbc2fc3f73ae7c57802b0d651b2 |