immuproof

command module
v0.0.9 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 11, 2022 License: Apache-2.0 Imports: 1 Imported by: 0

README

Immuproof

Coverage Status

Simple audit tool for CAS.

When immuproof is launched it fetches a fresh status from CAS backed by immudb and it verifies the integrity compared to an older one stored locally. The idea is to check if previous state is "included" in the new one. A REST service is also provided to allow the user to query the status of the audit. A simple web UI is also provided to visualize data.

Golang version

Currently supported golang version is 1.17

Build

go build -o immuproof main.go

Usage

Local environment

immuproof serve --api-key {your api key} --port 3324 --no-tls

CAS environment

immuproof serve --api-key {your api key} --port 443 --host admin.cas.codenotary.com --skip-tls-verify

Usage with docker

docker pull codenotary/immuproof:latest
docker run -p 8091:8091 codenotary/immuproof serve --api-key {your api key} --port 443 --host admin.cas.codenotary.com --skip-tls-verify --audit-interval 1h --state-history-size 72

In order to not lose the audit history and immudb status file it's recommended to run the service with a volume mount using following flags:

--audit-state-folder={my docker volume}
--state-history-file={my docker volume}

or environment variables:

IMMUPROOF_AUDIT_STATE_FOLDER={my docker volume}
IMMUPROOF_STATE_HISTORY_FILE={my docker volume}

HTTPS

Following commands can be used to generate a self-signed certificate for the local server.

openssl ecparam -genkey -name secp384r1 -out server.key
openssl req -new -x509 -sha256 -key server.key -out server.crt -days 3650

Launch immuproof with the generated certificate:

immuproof serve --api-key {your api key} --port 443 --host admin.cas.codenotary.com --audit-interval 1s --state-history-size 72 --web-cert-file server.crt --web-key-file server.key

## Environment variables
```shell
  IMMUPROOF_API_KEY=
  IMMUPROOF_PORT=
  IMMUPROOF_HOST=
  IMMUPROOF_SKIP_TLS_VERIFY=
  IMMUPROOF_NO_TLS=
  IMMUPROOF_CERT=
  IMMUPROOF_HOST=
  IMMUPROOF_AUDIT_INTERVAL=
  IMMUPROOF_AUDIT_STATE_FOLDER=
  IMMUPROOF_STATE_HISTORY_SIZE=
  IMMUPROOF_STATE_HISTORY_FILE=
  IMMUPROOF_WEB_PORT=
  IMMUPROOF_WEB_ADDRESS=
  IMMUPROOF_WEB_KEY_FILE=
  IMMUPROOF_WEB_CERT_FILE=
  IMMUPROOF_WEB_TITLE_TEXT=
  IMMUPROOF_WEB_HOSTED_BY_LOGO_URL=
  IMMUPROOF_WEB_HOSTED_BY_TEXT=

Others serve options

Audit a ledger and launch an HTTP rest server to show audit results.

Eg:
# Collect 3 days of status checks (1 per hour) from CAS server
  immuproof serve --api-key {your api-key} --port 443 --host admin.cas.codenotary.com --skip-tls-verify --audit-interval 1h --state-history-size 72

Usage:
  immuproof serve [flags]

Flags:
  --audit-interval duration         interval between audit runs (default 1h0m0s)
  --audit-state-folder string       folder to store immudb immutable state (default "/root/.local/state/immuproof")
  -h, --help                            help for serve
  --state-history-file string       absolute file path to store history of immutable states. (JSON format) (default "/root/.local/state/immuproof/state-history.json")
  --state-history-size int          max size of the history of immutable states. (default 90)
  --web-address string              rest server address (default "localhost")
  --web-cert-file string            certificate file absolute path
  --web-hosted-by-logo-url string   URL to hosted by logo
  --web-hosted-by-text string       displayed subtitle for hosted by logo (default "Hosted by:")
  --web-key-file string             key file absolute path
  --web-port string                 rest server port (default "8091")
  --web-title-text string           displayed title text (default "COMMUNITY ATTESTATION SERVICE VALIDATOR")

Global Flags:
  --api-key strings   CAS api-keys. Can be specified multiple times. First key is used for signing. For each key provided related ledger is audit. If no key is provided, no audit is performed
  --cert string       local or absolute path to a certificate file needed to set up tls connection to a CAS server
  --config string     config file (default is /root/.config/immuproof/.immuproof.yaml) (default "/root/.config/immuproof")
  -a, --host string       CAS server host address (default "localhost")
  --no-tls            allow insecure connections when connecting to a CAS server
  -p, --port int          CAS server port number (default 443)
  --skip-tls-verify   disables tls certificate verification when connecting to a CAS server

Documentation

Overview

Copyright © 2022 CodeNotary, Inc. All rights reserved

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Source Files

View all Source files

Directories

Path Synopsis
cnc
cnctest

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.