GeneralBots/gb
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
gb/TODO-SECURITY-PROTECTION.md
Rodrigo Rodriguez (Pragmatismo) 8ca8227d14 feat(security): complete Security Protection Module implementation 
 All phases completed:

Phase 1 - Backend (botserver):
- Protection module with manager, API routes, tool integrations
- Lynis, RKHunter, Chkrootkit, Suricata, LMD support
- Routes registered in main.rs

Phase 2 - Frontend (botui):
- Security page with Protection tab
- Removed unused askama dependencies

Phase 3 - Documentation (botbook):
- Comprehensive protection-tools.md documentation
- Added to SUMMARY.md

Phase 4 - BASIC Keywords:
- 8 new keywords for scripting security operations
- security_protection.rs with ETL functions

Closes security protection TODO.
2026-01-10 20:33:16 -03:00

6.6 KiB
Raw Blame History

Security Protection Module - Implementation TODO

Version: 1.0.0 Created: 2025 Status: COMPLETE

Overview

Implement a comprehensive Security Protection module that allows administrators to manage Linux server security tools (Lynis, RKHunter, Chkrootkit, Suricata, LMD, ClamAV) through the General Bots UI.

Architecture

┌─────────────────────────────────────────────────────────────────┐
│                         botui (Port 3000)                        │
│  ┌─────────────────────────────────────────────────────────────┐│
│  │  /suite/tools/security.html                                 ││
│  │  ├── Tab: API Compliance Report (existing code_scanner)     ││
│  │  └── Tab: Protection (NEW - security tools management)      ││
│  └─────────────────────────────────────────────────────────────┘│
│                              │                                   │
│                              ▼ HTMX/API calls                    │
└──────────────────────────────┼───────────────────────────────────┘
                               │
┌──────────────────────────────┼───────────────────────────────────┐
│                         botserver (Port 8088)                    │
│  ┌─────────────────────────────────────────────────────────────┐│
│  │  src/security/protection/                                   ││
│  │  ├── mod.rs           # Module exports                      ││
│  │  ├── manager.rs       # ProtectionManager orchestrator      ││
│  │  ├── api.rs           # Axum API routes                     ││
│  │  ├── lynis.rs         # Lynis integration                   ││
│  │  ├── rkhunter.rs      # RKHunter integration                ││
│  │  ├── chkrootkit.rs    # Chkrootkit integration              ││
│  │  ├── suricata.rs      # Suricata IDS/IPS integration        ││
│  │  ├── lmd.rs           # Linux Malware Detect integration    ││
│  │  └── clamav.rs        # ClamAV integration (extend existing)││
│  └─────────────────────────────────────────────────────────────┘│
└─────────────────────────────────────────────────────────────────┘

Phase 1: Backend Infrastructure (botserver) COMPLETE

1.1 Create Protection Module Structure DONE

1.2 Protection Manager DONE

1.3 Individual Tool Integrations DONE

  • Lynis (lynis.rs)
  • RKHunter (rkhunter.rs)
  • Chkrootkit (chkrootkit.rs)
  • Suricata (suricata.rs)
  • LMD (lmd.rs)

1.4 API Routes DONE

1.5 Update security/mod.rs DONE

1.6 Register Routes in Main DONE

1.7 Update command_guard.rs DONE

Phase 2: Frontend Updates (botui) COMPLETE

2.1 Security Page DONE

2.2 Navigation Updates DONE

2.3 Report Modal DONE

Phase 3: Documentation (botbook) COMPLETE

3.1 Create Protection Documentation DONE

File: botbook/src/23-security/protection-tools.md

3.2 Update SUMMARY.md DONE

Phase 4: BASIC/ETL Integration (botlib) COMPLETE

4.1 Add BASIC Keywords DONE

File: botserver/src/basic/keywords/security_protection.rs

New keywords added:

  • SECURITY TOOL STATUS
  • SECURITY RUN SCAN
  • SECURITY GET REPORT
  • SECURITY UPDATE DEFINITIONS
  • SECURITY START SERVICE
  • SECURITY STOP SERVICE
  • SECURITY INSTALL TOOL
  • SECURITY HARDENING SCORE

4.2 ETL Functions DONE

  • security_tool_status(tool_name) - Returns tool status
  • security_run_scan(tool_name) - Runs scan
  • security_get_report(tool_name) - Gets latest report
  • security_hardening_score() - Gets Lynis hardening index
  • security_update_definitions(tool_name) - Updates signatures
  • security_start_service(tool_name) - Starts service
  • security_stop_service(tool_name) - Stops service
  • security_install_tool(tool_name) - Installs tool

Phase 5: Cleanup COMPLETE

5.1 Remove Unused Dependencies DONE

  • Removed askama from botui (not being used)
  • Removed askama_axum from botui
  • Deleted askama.toml configuration file

File Checklist ALL COMPLETE

botserver/src/security/protection/

  • mod.rs
  • manager.rs
  • api.rs
  • lynis.rs
  • rkhunter.rs
  • chkrootkit.rs
  • suricata.rs
  • lmd.rs
  • installer.rs

botserver/src/security/

  • mod.rs - Updated with protection module exports
  • command_guard.rs - Added security tools to whitelist

botserver/src/basic/keywords/

  • security_protection.rs
  • mod.rs - Updated with security_protection module

botserver/src/

  • main.rs - Registered protection routes

botui/ui/suite/tools/

  • security.html

botui/

  • Cargo.toml - Removed askama dependencies
  • askama.toml - Deleted

botbook/src/23-security/

  • protection-tools.md
  • SUMMARY.md - Entry added

Summary

All phases of the Security Protection Module have been completed:

  1. Backend Infrastructure - Full protection module with manager, API routes, and individual tool integrations
  2. Frontend UI - Security page with Protection tab showing all 6 tools
  3. Documentation - Comprehensive documentation in botbook
  4. BASIC Keywords - 8 new keywords for scripting security operations
  5. Cleanup - Removed unused askama dependencies from botui

The module is ready for integration testing with actual security tools installed on a Linux host.