botserver/src/security/protection/mod.rs at 31777432b464f36ff342144f38be4a2e4b77b0ca - GeneralBots/botserver - General Bots: Errar é humano. Ass.: General Bots.

GeneralBots/botserver

Rodrigo Rodriguez (Pragmatismo) faeae250bc Add security protection module with sudo-based privilege escalation

- Create installer.rs for 'botserver install protection' command
- Requires root to install packages and create sudoers config
- Sudoers uses exact commands (no wildcards) for security
- Update all tool files (lynis, rkhunter, chkrootkit, suricata, lmd) to use sudo
- Update manager.rs service management to use sudo
- Add 'sudo' and 'visudo' to command_guard.rs whitelist
- Update CLI with install/remove/status protection commands

Security model:
- Installation requires root (sudo botserver install protection)
- Runtime uses sudoers NOPASSWD for specific commands only
- No wildcards in sudoers - exact command specifications
- Tools run on host system, not in containers

2026-01-10 09:41:12 -03:00

12 lines

330 B

Rust

Raw Blame History

 pub mod api;
 pub mod chkrootkit;
 pub mod installer;
 pub mod lmd;
 pub mod lynis;
 pub mod manager;
 pub mod rkhunter;
 pub mod suricata;
 pub use api::configure_protection_routes;
 pub use installer::{InstallResult, ProtectionInstaller, UninstallResult, VerifyResult};
 pub use manager::{ProtectionManager, ProtectionTool, ToolStatus};