• Stars
    star
    609
  • Rank 73,614 (Top 2 %)
  • Language
    Ruby
  • License
    MIT License
  • Created over 4 years ago
  • Updated 5 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

The Rails console you love, 1984 style

example workflow

Console1984

A Rails console extension that protects sensitive accesses and makes them auditable.

โ€œIf you want to keep a secret, you must also hide it from yourself.โ€

โ€• George Orwell, 1984

If you are looking for the auditing tool, check audits1984.

Terminal screenshot showing console1984 asking for a reason for the session

Installation

Important: console1984 depends on Active Record encryption which is a Rails 7 feature.

Add it to your Gemfile:

gem 'console1984'

Create tables to store console activity in the database:

rails console1984:install:migrations
rails db:migrate

By default, console1984 is only enabled in production. You can configure the target environments in your application.rb:

config.console1984.protected_environments = %i[ production staging ]

Finally, you need to configure Active Record Encryption in your project. This is because the library stores the tracked console commands encrypted.

How it works

Session activity logging

When starting a console session, it will ask for a reason. Internally, it will use this reason to document the console session and record all the commands executed in it.

$ rails c

You have access to production data here. That's a big deal. As part of our promise to keep customer data safe and private, we audit the commands you type here. Let's get started!



Commands:

* decrypt!: enter unprotected mode with access to encrypted information

Unnamed, why are you using this console today?

> ...

Auditing sessions

Check out audits1984, a companion auditing tool prepared to work with console1984 database session trails.

Access to encrypted data

By default, console1984 won't decrypt data encrypted with Active Record encryption. Users will just see the ciphertexts.

To decrypt data, enter the command decrypt!. It will ask for a justification, and these accesses will be flagged internally as sensitive.

irb(main)> Topic.last.name
  Topic Load (1.4ms)  SELECT `topics`.* FROM `topics` ORDER BY `topics`.`id` DESC LIMIT 1
=> "{\"p\":\"iu6+LfnNlurC6sL++JyOIDvedjNSz/AvnZQ=\",\"h\":{\"iv\":\"BYa86+JNM/LdkC18\",\"at\":\"r4sQNoSyIlAjJdZEKHVMow==\",\"k\":{\"p\":\"7L1l/5UiYsFQqqo4jfMZtLwp90KqcrIgS7HqgteVjuM=\",\"h\":{\"iv\":\"ItwRYxZAerKIoSZ8\",\"at\":\"ZUSNVfvtm4wAYWLBKRAx/g==\",\"e\":\"QVNDSUktOEJJVA==\"}},\"i\":\"OTdiOQ==\"}}"
irb(main)> decrypt!
Before you can access personal information, you need to ask for and get explicit consent from the user(s). Unnamed, where can we find this consent (a URL would be great)?

> ...

Ok! You have access to encrypted information now. We pay extra close attention to any commands entered while you have this access. You can go back to protected mode with 'encrypt!'

WARNING: Make sure you don`t save objects that were loaded while in protected mode, as this can result in saving the encrypted texts.
irb(main)> Topic.last.name
  Topic Load (1.2ms)  SELECT `topics`.* FROM `topics` ORDER BY `topics`.`id` DESC LIMIT 1
=> "Thanks for the inspiration"

You can type encrypt! to go back to protected mode again.

irb(main):004:0> encrypt!
Great! You are back in protected mode. When we audit, we may reach out for a conversation about the commands you entered. What went well? Did you solve the problem without accessing personal data?
irb(main)> Topic.last.name
  Topic Load (1.4ms)  SELECT `topics`.* FROM `topics` ORDER BY `topics`.`id` DESC LIMIT 1
=> "{\"p\":\"iu6+LfnNlurC6sL++JyOIDvedjNSz/AvnZQ=\",\"h\":{\"iv\":\"BYa86+JNM/LdkC18\",\"at\":\"r4sQNoSyIlAjJdZEKHVMow==\",\"k\":{\"p\":\"7L1l/5UiYsFQqqo4jfMZtLwp90KqcrIgS7HqgteVjuM=\",\"h\":{\"iv\":\"ItwRYxZAerKIoSZ8\",\"at\":\"ZUSNVfvtm4wAYWLBKRAx/g==\",\"e\":\"QVNDSUktOEJJVA==\"}},\"i\":\"OTdiOQ==\"}}"

While in protected mode, you can't modify encrypted data, but can save unencrypted attributes normally. If you try to modify an encrypted column it will raise an error.

Access to external systems

While Active Record encryption can protect personal information in the database, there are other systems can contain very sensitive information. For example: Elasticsearch indexing user information or Redis caching template fragments.

To protect the access to such systems, you can add their URLs to config.console1984.protected_urls in the corresponding environment config file (e.g: production.rb):

config.console1984.protected_urls = [ "https://my-app-us-east-1-whatever.us-east-1.es.amazonaws.com", "redis://my-app-cache-1.whatever.cache.amazonaws.com:6379" ]

In the default protected mode, trying to read data from a protected system will be aborted with an error:

irb(main)> Rails.cache.read("some key") # raises Console1984::Errors::ProtectedConnection

Running decrypt! will switch you to unprotected mode and let you access these systems normally. The system will ask for a justification and will flag those accesses as sensitive.

This will work for systems that use Ruby sockets as the underlying communication mechanism.

Automatic scheduled incineration for sessions

By default, sessions will be incinerated with a job 30 days after they are created. You can configure this period by setting config.console1984.incinerate_after = 1.year and you can disable incineration completely by setting config.console1984.incinerate = false.

Eager loading

When starting a console session, console1984 will eager load all the application classes if necessary. In practice, production environments already load classes eagerly, so this won't represent any change for those.

Configuration

These config options are namespaced in config.console1984:

Name Description
protected_environments The list of environments where console1984 will act on. Defaults to %i[ production ].
protected_urls The list of URLs corresponding with external systems to protect.
session_logger The system used to record session data. The default logger is Console1984::SessionsLogger::Database.
username_resolver Configure how the current user is determined for a given console session. The default is Console1984::Username::EnvResolver.new("CONSOLE_USER"), which returns the value of the environment variable CONSOLE_USER.
ask_for_username_if_empty If true, the console will ask for a username if it is empty. If false, it will raise an error if no username is set. Defaults to false.
production_data_warning The text to show when a console session starts.
enter_unprotected_encryption_mode_warning The text to show when user enters into unprotected mode.
enter_protected_mode_warning The text to show when user go backs to protected mode.
incinerate Whether incinerate sessions automatically after a period of time or not. Default to true.
incinerate_after The period to keep sessions around before incinerate them. Default 30.days.
incineration_queue The name of the queue for session incineration jobs. Default console1984_incineration.

SSH Config

To automatically set the CONSOLE_USER env var for sessions, you'll need to configure SSH on the server to accept the environment variable.

On the server, edit /etc/ssh/sshd_config to accept the environment variable:

AcceptEnv LANG LC_* CONSOLE_USER

Restart the SSH server to use the new config:

service sshd restart

On the client side, you can provide this env var from your clients by adding the variable to the ssh config:

Host *
  SetEnv CONSOLE_USER=david

About built-in protection mechanisms

console1984 adds many protection mechanisms to prevent tampering. This includes attempts to alter data in auditing tables or monkey patching certain classes to change how the system works. If you find a way to circumvent these tampering controls, please report an issue.

We aim to make these defense mechanisms as robust as possible, but there might always be open doors because Ruby is highly dynamic. If your organization needs bullet-proof protection against malicious actors using the console, you should consider additional security measures. An example would be using a read-only database user for auditing data while in a console. The gem doesn't offer direct support for doing this, but it's on our radar for future improvement.

Running the test suite

The test suite runs against SQLite by default, but can be run against Postgres and MySQL too. It will run against the three in the CI server.

To run the suite in your computer, first, run bin/setup to create the docker containers for MySQL/PostgreSQL and create the databases. Then run:

bin/rails test # against SQLite (default) 
bin/rails test TARGET_DB=mysql 
bin/rails test TARGET_DB=postgres 
bin/rails test TARGET_DB=sqlite  

More Repositories

1

trix

A rich text editor for everyday writing
JavaScript
17,847
star
2

kamal

Deploy web apps anywhere.
Ruby
9,584
star
3

handbook

Basecamp Employee Handbook
6,165
star
4

omakub

Opinionated Ubuntu Setup
Shell
4,152
star
5

pow

Zero-configuration Rack server for Mac OS X
CoffeeScript
3,423
star
6

policies

37signals policies, terms, and legal. Share them; reuse them; contribute to them.
1,863
star
7

local_time

Rails engine for cache-friendly, client-side local time
CoffeeScript
1,791
star
8

marginalia

Attach comments to ActiveRecord's SQL queries
Ruby
1,676
star
9

mail_view

Visual email testing
Ruby
1,341
star
10

xip-pdns

PowerDNS pipe backend adapter powering xip.io
Shell
1,159
star
11

geared_pagination

Paginate Active Record sets at variable speeds
Ruby
758
star
12

wysihat

A WYSIWYG JavaScript framework
JavaScript
681
star
13

bcx-api

API documentation and wrappers for Basecamp 2
672
star
14

name_of_person

Presenting names of people in full, familiar, abbreviated, and initialized forms (but without titulation etc)
Ruby
647
star
15

google_sign_in

Sign in (or up) with Google for Rails applications
Ruby
494
star
16

bc3-api

API documentation for Basecamp 4
472
star
17

intermission

intermission helps you perform zero down time application maintenance
Lua
364
star
18

audits1984

Auditing tool for Rails console sessions
Ruby
336
star
19

snapback_cache

A client side page cache for jquery.
JavaScript
316
star
20

full_request_logger

Make full request logs accessible via web UI
Ruby
305
star
21

mysql_role_swap

(Nearly) Zero interruption mysql maintenance script.
Ruby
282
star
22

concerning

Bite-sized separation of concerns
Ruby
201
star
23

api

API integration and more for Basecamp products (Basecamp, Highrise, Campfire, Backpack)
192
star
24

easymon

Easy Monitoring
Ruby
191
star
25

trashed

Tell StatsD about request time, GC, objects and more. Latest Rails 4 and Ruby 2.1 support, and ancient Rails 2 and Ruby 1.8 support.
Ruby
189
star
26

highrise-api

Official API documentation for Highrise
130
star
27

fast_remote_cache

A faster version of Capistrano's remote_cache deployment strategy
Ruby
125
star
28

mass_encryption

Ruby
106
star
29

platform_agent

Parse user agent to deduce the platform
Ruby
103
star
30

cached_externals

Symlink to external dependencies, rather than bloating your repositories with them
Ruby
100
star
31

homographic_spoofing

Toolkit to both detect and sanitize homographic spoofing attacks in URLs and Email addresses
Ruby
98
star
32

campfire-api

Official API documentation for Campfire
97
star
33

basecamp-classic-api

Official API documentation for Basecamp Classic
87
star
34

lufo

Tracks the most recent options chosen on a `<select>` element and displays them at the top of the list
JavaScript
87
star
35

powprox

Pow .dev sites, meet SSL and HTTP/2
Shell
83
star
36

libmemcached_store

ActiveSupport::Cache wrapper for libmemcached
Ruby
81
star
37

action_profiler

Profile Rails requests on a live app
Ruby
75
star
38

bc3-integrations

Ruby
73
star
39

project_search

Rails plugin that adds a script/find command for searching your project
Ruby
71
star
40

activestorage-office-previewer

Active Storage previewer for Microsoft Office files based on LibreOffice
Ruby
67
star
41

turbo-8-morphing-demo

Ruby
58
star
42

dumpsterfire-2020

Code that runs the dumpster
HTML
47
star
43

cognition

Match text; run commands. Works great for building a chatbot!
Ruby
37
star
44

snapshot

A rails plugin that provides tasks for creating and restoring snapshots of development data.
Ruby
34
star
45

backpack-api

Official API documentation for Backpack
Ruby
20
star
46

ruby-dev

Old Rubies on new Macs
15
star
47

orc

Orc(hestrator) - A really bad pow.cx clone for linux
Shell
10
star
48

cleversafe

Ruby
7
star
49

accessibility

Guidelines and tools we use at 37signals to make sure our apps are accessible
7
star
50

memcached_bench

Ruby
6
star
51

duo-api

Ruby Gem for communicating with the Duo Api
Ruby
6
star
52

Xamarin.iOS.OnePasswordExtension

1Password bindings for Xamarin.iOS
C#
5
star
53

mail

Ruby
4
star
54

composed_of_ipaddr

Compact IPv4 attributes for Active Record. Presents an unsigned int (4 bytes) as an IPAddr.
Ruby
4
star
55

house-style

37signals house style
Ruby
3
star
56

deep_hash_transform

Re-key a nested Hash to all-Symbol or -String keys. Rails 4+ backport.
Ruby
3
star
57

assets-redirect

Ruby
2
star
58

github-issues

Github Issue query CLI
Go
2
star
59

homebrew-dev

Old software to build old stuff on new Macs
Ruby
1
star
60

nsone

A stupid simple API client for NS1
Ruby
1
star