anti/DECNET
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

refactor: strip DECNET tokens from container-visible surface

Browse Source 
Rename the container-side logging module decnet_logging → syslog_bridge
(canonical at templates/syslog_bridge.py, synced into each template by
the deployer). Drop the stale per-template copies; setuptools find was
picking them up anyway. Swap useradd/USER/chown "decnet" for "logrelay"
so no obvious token appears in the rendered container image.

Apply the same cloaking pattern to the telnet template that SSH got:
syslog pipe moves to /run/systemd/journal/syslog-relay and the relay
is cat'd via exec -a "systemd-journal-fwd". rsyslog.d conf rename
99-decnet.conf → 50-journal-forward.conf. SSH capture script:
/var/decnet/captured → /var/lib/systemd/coredump (real systemd path),
logger tag decnet-capture → systemd-journal. Compose volume updated
to match the new in-container quarantine path.

SD element ID shifts decnet@55555 → relay@55555; synced across
collector, parser, sniffer, prober, formatter, tests, and docs so the
host-side pipeline still matches what containers emit.
This commit is contained in:
anti
2026-04-17 22:57:53 -04:00
parent 69510fb880
commit 8dd4c78b33
114 changed files with 220 additions and 2712 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
tests/test_ssh.py
View File

@@ -127,7 +127,7 @@ def test_dockerfile_runs_as_root():
def test_dockerfile_rsyslog_conf_created():
df = _dockerfile_text()
assert "99-decnet.conf" in df
assert "50-journal-forward.conf" in df
assert "RFC5424fmt" in df
@@ -231,7 +231,8 @@ def test_dockerfile_does_not_ship_decnet_capture_name():
def test_dockerfile_creates_quarantine_dir():
df = _dockerfile_text()
assert "/var/decnet/captured" in df
# In-container path masquerades as the real systemd-coredump dir.
assert "/var/lib/systemd/coredump" in df
assert "chmod 700" in df
@@ -265,8 +266,8 @@ def test_capture_script_uses_close_write_and_moved_to():
def test_capture_script_skips_quarantine_path():
body = _capture_text()
# Must not loop on its own writes.
assert "/var/decnet/" in body
# Must not loop on its own writes — quarantine lives under /var/lib/systemd.
assert "/var/lib/systemd/" in body
def test_capture_script_resolves_writer_pid():
@@ -329,7 +330,7 @@ def test_fragment_mounts_quarantine_volume():
frag = _fragment()
vols = frag.get("volumes", [])
assert any(
v.endswith(":/var/decnet/captured:rw") for v in vols
v.endswith(":/var/lib/systemd/coredump:rw") for v in vols
), f"quarantine volume missing: {vols}"