README
¶
Envdb - Environment Database
- NOTE: envdb is still beta software.
Envdb turns your production, dev, cloud, etc environments into a database cluster you can search using osquery as the foundation.
Envdb allows you to register each computer, server or asset as a node in a cluster. Once a new node is connected it becomes available for search from the Envdb ui.
Envdb was built using golang so the whole application, node client and server comes as one single binary. This makes it really easy to deploy and get working in seconds.
Video Intro: https://youtu.be/ydYr7Ykwzy8
How it works.
Envdb wraps the osquery process with an agent that can communicate back to a central location. When an agent gets a new query, it's executed and then sent back to the tcp server for rendering. Once the request is processed it's then sent to any avaliable web clients using websockets.
Envdb has an embedded sqlite database for node storage and saved searches.
ui --websockets--> server --tcp--> node client.
Moving Forward
I plan to add support and a plugin interface for extending what Envdb can request from a node. Currently that list of planned extentions includes: yara, bro and memory. The hope is to wrap these processes and query them using sql like osquery and allowing you to join on similar data points.
Example: select * from listening_ports a join bro_conn b on a.port = b.source_port;
Download
Pre-built versions of envdb are avaliable for linux 386/amd64. linux downloads
Building on macosx is easy tho, checkout the section below.
Building
git clone https://github.com/mephux/envdb.gitcd envdbmake
Usage
usage: envdb [<flags>] <command> [<flags>] [<args> ...]
The Environment Database - SELECT * FROM awesome;
Flags:
--help Show help.
--debug Enable debug logging.
--dev Enable dev mode. (read assets from disk and enable debug
output)
-q, --quiet Remove all output logging.
Commands:
help [<command>]
Show help for a command.
server [<flags>]
Start the tcp server for node connections.
node --server=127.0.0.1 [<flags>] <node-name>
Register a new node.
-
Server
envdb server- Note: By default this will start the tcp server on port 3636 and the web server on port 8080.
-
Node Client
sudo envdb node --server <ip to server> SomeBoxName -
That's it - it's really that simple.
More UI
Self-Promotion
Like envdb? Follow the repository on GitHub and if you would like to stalk me, follow mephux on Twitter and GitHub.
TODO
- Tests. Sorry :(
- TLS for the agent/server communications (top of list)
- Node/Server auth, verification and validation.
- Code cleanup (will continue forever).
Documentation
¶
There is no documentation for this package.
Source Files
¶
Directories
¶
| Path | Synopsis |
|---|---|
|
Godeps
|
|
|
_workspace/src/github.com/alecthomas/units
Package units provides helpful unit multipliers and functions for Go.
|
Package units provides helpful unit multipliers and functions for Go. |
|
_workspace/src/github.com/elazarl/go-bindata-assetfs
assetfs allows packages to serve static content embedded with the go-bindata tool with the standard net/http package.
|
assetfs allows packages to serve static content embedded with the go-bindata tool with the standard net/http package. |
|
_workspace/src/github.com/go-xorm/xorm
Package xorm is a simple and powerful ORM for Go.
|
Package xorm is a simple and powerful ORM for Go. |
|
_workspace/src/github.com/mattn/go-sqlite3
Package sqlite3 provides interface to SQLite3 databases.
|
Package sqlite3 provides interface to SQLite3 databases. |
|
_workspace/src/github.com/nu7hatch/gouuid
This package provides immutable UUID structs and the functions NewV3, NewV4, NewV5 and Parse() for generating versions 3, 4 and 5 UUIDs as specified in RFC 4122.
|
This package provides immutable UUID structs and the functions NewV3, NewV4, NewV5 and Parse() for generating versions 3, 4 and 5 UUIDs as specified in RFC 4122. |
|
_workspace/src/github.com/rsms/gotalk/examples/pipe
command
A simple example of two connected sockets communicating with eachother
|
A simple example of two connected sockets communicating with eachother |
|
_workspace/src/github.com/rsms/gotalk/examples/stream
command
Demonstrates using streaming requests and results Demonstrates
|
Demonstrates using streaming requests and results Demonstrates |
|
_workspace/src/golang.org/x/net/websocket
Package websocket implements a client and server for the WebSocket protocol as specified in RFC 6455.
|
Package websocket implements a client and server for the WebSocket protocol as specified in RFC 6455. |
|
_workspace/src/gopkg.in/alecthomas/kingpin.v1
Package kingpin provides command line interfaces like this: $ chat usage: chat [<flags>] <command> [<flags>] [<args> ...] Flags: --debug enable debug mode --help Show help.
|
Package kingpin provides command line interfaces like this: $ chat usage: chat [<flags>] <command> [<flags>] [<args> ...] Flags: --debug enable debug mode --help Show help. |
|
_workspace/src/gopkg.in/alecthomas/kingpin.v1/examples/curl
command
A curl-like HTTP command-line client.
|
A curl-like HTTP command-line client. |