Lib.rs

Command line utilities
#audit-logs #resistant #log #block #session #tamper #tr1pctl

bin+lib tr1pd

tamper resistant audit log

by kpcyrd

4 releases (2 breaking)

Uses old Rust 2015

0.3.1 Feb 15, 2018
0.3.0 Feb 9, 2018
0.2.0 Jan 13, 2018
0.1.0 Jan 1, 2018

#2650 in Command line utilities

AGPL-3.0

150KB
3.5K SLoC

tr1pd Build Status Crates.io docs.rs

Status: Very unstable, do not use

tr1pd is a tamper resistant audit log.

Usage

# setup your keyring
tr1pctl init
# start the tr1pd daemon
systemctl start tr1pd
# start a sensor
./sensor01 | tr1pctl write &
# verify your logs
tr1pctl fsck
# view the logs of your current session
tr1pctl ls @..

Installation

Make sure you have the following dependencies installed: Debian/Ubuntu: libsodium-dev libseccomp-dev libzmq3-dev, Archlinux: libsodium libseccomp zeromq, Alpine: make libsodium-dev libseccomp-dev zeromq-dev, OpenBSD: libsodium zeromq.

cargo install tr1pd

Setup

If possible, use your package manager to setup the system (Archlinux AUR). After that you need to add the users that should have access to tr1pctl to the tr1pd group with usermod -aG tr1pd youruser.

If no package is available, you can also run a standalone setup (this is also recommended for development). Edit the paths as needed.

# standalone configuration (~/.config/tr1pd.toml)

[daemon]
socket = "ipc:///home/user/.tr1pd/tr1pd.sock"
datadir = "/home/user/.tr1pd/"

pub_key = "/home/user/.tr1pd/pub.key"
sec_key = "/home/user/.tr1pd/sec.key"

Run tr1pctl init to setup the keyring in your homefolder and tr1pd in a seperate terminal. Verify everything is working correctly by executing tr1pctl ping.

Writing sensors

Sensors can be written in any language using stdio. tr1pctl write is a simple line based interface that writes each line into a block. You can also enable binary mode with tr1pctl write -s 65535. To monitor your auth.log you can simply write:

tail -f /var/log/auth.log | tr1pctl write

The program says block a lot, is this a blockchain?

No. tr1pd uses merkle tree like constructs that are heavily inspired by bitcoin, but lacks some essential properties to qualify as a blockchain.

Trivia

The initial draft for the protocol was designed in 2014 for perimeter intrustion detection to verify integrity of buildings. Multiple prototypes have been written in 2017 and the first deployment was on a server located at the 34C3 to ensure integrity inside the congress colocation.

License

AGPLv3+

Dependencies

~25–37MB
~316K SLoC