{"id":19272298,"url":"https://github.com/sdslabs/watchdog","last_synced_at":"2025-04-21T22:31:23.649Z","repository":{"id":45163215,"uuid":"181332054","full_name":"sdslabs/watchdog","owner":"sdslabs","description":":key: Lightweight server access management system, written in Rust","archived":false,"fork":false,"pushed_at":"2022-01-04T13:27:19.000Z","size":158,"stargazers_count":43,"open_issues_count":12,"forks_count":3,"subscribers_count":14,"default_branch":"master","last_synced_at":"2024-04-09T22:03:25.449Z","etag":null,"topics":["cloud","devops","rust"],"latest_commit_sha":null,"homepage":"https://watchdog.sdslabs.co","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sdslabs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-04-14T15:48:03.000Z","updated_at":"2024-04-09T22:03:25.450Z","dependencies_parsed_at":"2022-08-28T13:40:58.675Z","dependency_job_id":null,"html_url":"https://github.com/sdslabs/watchdog","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sdslabs%2Fwatchdog","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sdslabs%2Fwatchdog/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sdslabs%2Fwatchdog/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sdslabs%2Fwatchdog/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sdslabs","download_url":"https://codeload.github.com/sdslabs/watchdog/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223881295,"owners_count":17219262,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cloud","devops","rust"],"created_at":"2024-11-09T20:36:12.550Z","updated_at":"2024-11-09T20:36:13.115Z","avatar_url":"https://github.com/sdslabs.png","language":"Rust","readme":"# Watchdog\n\n\u003e Lightweight server access management system\n\n[![License](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/sdslabs/watchdog/blob/master/LICENSE.md)\n\nWatchdog is a personalised server access management tool (and a slack bot) which keeps a track of all the administrative rights attempts (like sudo and su) on server (via SSH) and allows/disallows log-in attempts based on public key of user and logs all activity in form of slack message. It provides easy granting/revoking access to servers to team members through pull requests on a keyhouse repository.\n\nCheck out this blog post to know how watchdog works and design methodologies behind it: https://blog.sdslabs.co/2020/04/watchdog\n\n## Contents\n\n* [Features](#features)\n* [Dependencies](#dependencies)\n* [Installation](#installation)\n* [Usage](#usage)\n* [Development](#development)\n* [Contact](#contact)\n\n\n## Features\n\n* Request SSH access to a server just by creating a PR to the Keyhouse repository.\n* Stateless and serverless. Watchdog runs on a single binary.\n* Optional server activity logs to your favourite workspace like Slack or Discord.\n* Easy Installation and Configuration\n* Get notified when someone escalates privileges or performs administrative tasks using `sudo` or `su`\n\n## Dependencies\n\nThe following softwares are required for running Watchdog:-\n\n* PAM\n* OpenSSH server\n\n## Installation\n\n1. Create a Keyhouse Repository using the template repository [here](https://github.com/sdslabs/keyhouse-template).\n\n2. Clone the watchdog repository\n\n    `git clone https://github.com/sdslabs/watchdog.git`\n\n3. Change into the repository directory and build the latest binaries using Cargo\n\n    `cargo build --release`\n\n4. Copy `sample.config.toml` to `config.toml` and make changes to the config this way:\n\n    ```toml\n    # Hostname of the machine running watchdog. Note that this should be\n    # same as the file you create in the `hosts` directory in keyhouse.\n    hostname = 'virtual-machine'\n\n    # Keyhouse repository configuration\n    [keyhouse]\n\n    # URL of the Keyhouse repository, it should be of the format\n    # `https://api.github.com/repos/\u003cORGANIZATION\u003e/\u003cKEYHOUSE-REPOSITORY\u003e/contents`\n    base_url = 'https://api.github.com/repos/sdslabs/keyhouse-template/contents'\n\n    # This should be a personal access token made by a member of organization on his/her\n    # behalf who can read the Keyhouse repository. Go to this\n    # https://github.com/settings/tokens/new?description=Keyhouse%20Token\u0026scopes=repo\n    # to make a new token with correct scopes.\n    token = 'secret_token'\n\n    # Webhook APIs corresponding to various notifiers\n    [notifiers]\n\n    # Make an incoming hook to your Slack workspace from this\n    # app(https://slack.com/apps/A0F7XDUAZ-incoming-webhooks)\n    # and paste the hook URL here. You can customize the icon and name as you like.\n    slack = 'https://hooks.slack.com/services/ABCDEFGHI/ABCDEFGHI/abcdefghijklmnopqrstuvwx'\n    ```\n\n5. Once you are done configuring, run this command with root(sudo) privileges\n\n    `cd install \u0026\u0026 sudo ./install.sh`\n\n6. Add `/opt/watchdog/bin` to your PATH variable.\n\n## Usage\n\n```\n$ watchdog --help\n\nWatchdog 0.1.0\nSDSLabs \u003ccontact@sdslabs.co\u003e\nSimple server access management system on a binary\n\nUSAGE:\n    watchdog [SUBCOMMAND]\n\nFLAGS:\n    -h, --help       Prints help information\n    -V, --version    Prints version information\n\nSUBCOMMANDS:\n    auth      Authorizes users based on from keyhouse repository. This command is passed through\n              `AuthorizedKeysCommand` in sshd_config.\n    config    Get or set Watchdog configuration\n    help      Prints this message or the help of the given subcommand(s)\n    logs      Get the global watchdog logs\n    ssh       Handles the PAM SSH calls by pam_exec for Watchdog\n    su        Handles the PAM su calls by pam_exec for Watchdog\n    sudo      Handles the PAM sudo calls by pam_exec for Watchdog\n```\n\nThough most of the commands are for internal use of PAM, you can edit configuration of Watchdog any time\n\n```sh\n$ watchdog config --help\n```\n\n_NOTE:_ config can be fetched/edited only with `root` (`sudo`) access.\n\nTo view logs\n\n```sh\n$ watchdog logs --help\n```\n\n## Development\n\nYou need to have [Rust](https://www.rust-lang.org/tools/install) installed along with the mentioned [dependencies](#dependencies)\n\nOpen your favourite terminal and perform the following tasks:-\n\n1. Clone this repository.\n\n```bash\n$ git clone https://github.com/sdslabs/watchdog\n```\n\n2. Make the required changes inside the source code directory ([src/](src/))\n\n3. Run `cargo test` to test your changes.\n\n4. Rebuild the binary using `cargo build` command.\n\n## Contact\n\nIf you have a query regarding the product or just want to say hello then feel free to visit\n[chat.sdslabs.co](http://chat.sdslabs.co/) or drop a mail at [contact@sdslabs.co.in](mailto:contact@sdslabs.co.in)\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsdslabs%2Fwatchdog","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsdslabs%2Fwatchdog","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsdslabs%2Fwatchdog/lists"}