Performs validation of remote filesystem integrity and executes health checks. Supports self-repair commands
Project description
ssh-server-audit
================
Tiny application for centralized monitoring of remote servers.
In comparison to traditional health checks `ssh-server-audit` is executing commands using _SSH_.
Functionality:
- SOCKS proxy support: Possibility to hide service in the internet using TOR
- Health checks: Execute remote command, check exit code. Execute other command on failure to repair simple things
- Authenticity check: Check if remote filesystem is untouched by third-party (eg. by hosting provider, by other hosting users, by the government)
### Quick start
1. Create a configuration file, example:
```
test_vagrant_volume: # name it as you want
socks_host: "" # (optional) leave empty if not using socks
socks_port: 9150 # (optional) but needs to be valid
host: "localhost"
port: 2422
user: root
password: "root"
auth_method: password
public_key: ""
passphrase: ""
checksum_method: "sha256sum" # command name on remote server that will be doing checksums (eg. md5sum, sha256 sum)
# files to verify on remote server, leave just "[]" without "" to not use checksums validation
checksum_files:
sh: '/bin/sh'
bash: '/bin/bash'
losetup: '$(whereis losetup|awk "{print \$2}")'
# when at least one checksum would not match, then you can run a "repair command"
# for example unmount an encrypted volume with logs, user identities, databases
on_security_violation: "echo 'Something on security violation'"
# health checks, use "[]" without "" to not use health checks.
healthchecks:
- command: "ps aux |grep nginx"
on_failure: "echo 'Something on failure'"
- command: "ps aux |grep bash"
on_failure: "echo 'This should not show'"
```
================
Tiny application for centralized monitoring of remote servers.
In comparison to traditional health checks `ssh-server-audit` is executing commands using _SSH_.
Functionality:
- SOCKS proxy support: Possibility to hide service in the internet using TOR
- Health checks: Execute remote command, check exit code. Execute other command on failure to repair simple things
- Authenticity check: Check if remote filesystem is untouched by third-party (eg. by hosting provider, by other hosting users, by the government)
### Quick start
1. Create a configuration file, example:
```
test_vagrant_volume: # name it as you want
socks_host: "" # (optional) leave empty if not using socks
socks_port: 9150 # (optional) but needs to be valid
host: "localhost"
port: 2422
user: root
password: "root"
auth_method: password
public_key: ""
passphrase: ""
checksum_method: "sha256sum" # command name on remote server that will be doing checksums (eg. md5sum, sha256 sum)
# files to verify on remote server, leave just "[]" without "" to not use checksums validation
checksum_files:
sh: '/bin/sh'
bash: '/bin/bash'
losetup: '$(whereis losetup|awk "{print \$2}")'
# when at least one checksum would not match, then you can run a "repair command"
# for example unmount an encrypted volume with logs, user identities, databases
on_security_violation: "echo 'Something on security violation'"
# health checks, use "[]" without "" to not use health checks.
healthchecks:
- command: "ps aux |grep nginx"
on_failure: "echo 'Something on failure'"
- command: "ps aux |grep bash"
on_failure: "echo 'This should not show'"
```
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
ssh-server-audit-1.0.2.tar.gz
(40.9 kB
view hashes)
Built Distribution
Close
Hashes for ssh_server_audit-1.0.2-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | ecd061acf8b417d634e32d9e715b4d3a62980f6ea17f8fb2a7eb9040e8ec9d6e |
|
MD5 | ed4344a4ab0347cb1c61b5723c689bc0 |
|
BLAKE2b-256 | e83d821a169d6f83f3764e5349fd1c217975d3f4ef69e9dfd8d0e12c00259523 |