Lib.rs

#named-pipe #sha-512 #station #sftp #white #le-guichet #diode

app leguichet-in

One way diode with antiviral scanning

Owned by sn-anssi.

1 unstable release

0.1.6 Jul 13, 2019

#7 in #white

BSD-3-Clause

240KB
1K SLoC

codecov

LeGuichet RER

Le-Guichet

Le-Guichet is a prototype of a decontamination station aka "white station" written in Rust, fast, secure and multithreaded.

Untrusted files are deposited (via a chrooted sftp) in the entry window (in) and scanned by an antivirus server (clamd API). If a file is considered unhealthy, it is logged and immediately deleted. Files considered as healthy are logged and hashed (sha512) and sent to the transit window through a unidirectional software diode (named pipe) where they are logged and hashed again. Finally, files in transit are transfered to the output window through another software diode.

Security

  • Memory-safe

  • Thread-safe

  • No unsafe block

  • Tested with cargo audit & Clippy

  • Systemd protections:

    • SystemCallFilter=~ptrace ( Disable ptrace )
    • PrivateDevices=yes ( Limited access to /dev )
    • ProtectSystem=full ( /usr, /boot and /etc are mounted read-only )
    • InaccessiblePaths=/proc ( /proc is simply unreachable )
    • RemoveIPC=true (All POSIX IPCs are removed when the unit is stopped)
    • RestrictSUIDSGID=true (SUID/SGID are simply forbidden)
    • ProtectKernelModules=true (Explicit module loading is denied)

Network flow charts:

LeGuichet schema 

graph LR

A(Untrusted files) -- sftp --> B

B[Guichet-In] -- Scan --> C((Clamd))

C -- Ok/Suppress --> B

B -- Write only access --> E{Diode}

F[Guichet-Transit] -- Read only access --> E

F -- Write only access --> G{Diode}

H[Guichet-Out] -- Read only access --> G

H -- sftp --> I(Trusted files + sha512)

Demo Video

Le-Guichet demo video

Installation

  • You must have cargo and rustc already installed.
git clone https://gitlab.com/r3dlight/leguichet.git
  • Get some help:
make help
  • Test the code:
make test
  • Audit the code (run cargo install cargo-audit before):
make audit
  • Build Le-Guichet binaries:
make build
  • Install on Debian/Ubuntu (not tested on other GNU/Linux distributions)
sudo make install

To uninstall Le-Guichet:

sudo make uninstall

To do:

  • Create bindings for yara / static analysis

  • Switch from fifo to posix mqueues

  • Be able to read a config.toml

  • Debian packaging via Cargo

  • Namespaces / cgroups

Dependencies

~19–28MB
~555K SLoC