anti/DECNET
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9350ce195a0f1777d41cf1abfa4594989b8964cc
DECNET/decnet
History
anti 9350ce195a fix(collector,correlation): extract attacker IP from sshd/pam free-form prose 
Native sshd and pam_unix lines route through rsyslog without the
relay@55555 SD wrapper and without key=value pairs, so attacker_ip
fell through to "Unknown". Add a prose-IP fallback to both parsers:
anchored patterns (from/rhost/client/src) win first so we never pick
the local listener in "Connection from X port Y on Z port 22", with
a bare-IPv4 scan as the last resort.
2026-04-27 23:16:42 -04:00
..
agent
fix(agent): pass --always-recreate-deps so service netns shares stay fresh
2026-04-27 22:55:48 -04:00
asn
feat(asn): IP→ASN enrichment via iptoasn.com bulk dump
2026-04-25 03:58:58 -04:00
bus
feat(bus): canary token bus topics (placed/triggered/revoked)
2026-04-27 12:43:23 -04:00
canary
feat(canary): kind reflects trip surface per generator
2026-04-27 17:40:37 -04:00
cli
fix(web): proxy follows DECNET_API_HOST instead of hardcoding 127.0.0.1
2026-04-27 22:55:25 -04:00
clustering
test(clustering): full-bound passes through production campaign clusterer
2026-04-26 09:13:59 -04:00
collector
fix(collector,correlation): extract attacker IP from sshd/pam free-form prose
2026-04-27 23:16:42 -04:00
correlation
fix(collector,correlation): extract attacker IP from sshd/pam free-form prose
2026-04-27 23:16:42 -04:00
engine
feat(deploy): seed canary baseline at deploy time + tests
2026-04-27 13:19:08 -04:00
fleet
feat(fleet): systemd unit + bus signal for fleet reconciler
2026-04-26 21:21:36 -04:00
geoip
feat(attackers): PTR record (reverse DNS) enrichment
2026-04-24 17:26:40 -04:00
intel
refactor(intel): re-key attacker_intel on attacker_uuid (closes DEBT-041)
2026-04-26 05:35:29 -04:00
logging
refactor: strip DECNET tokens from container-visible surface
2026-04-17 22:57:53 -04:00
mutator
fix(topology/allocator): widen default subnet base to /12 for mass-scale
2026-04-24 18:57:55 -04:00
net
feat(net): stealth-egress httpx client factory
2026-04-26 04:59:34 -04:00
orchestrator
feat(realism): operator-tunable planner weights via realism_config
2026-04-27 18:00:08 -04:00
prober
feat(sniffer): ISN sequence classifier (reuses seq_class helper)
2026-04-26 20:30:24 -04:00
profiler
feat(sniffer): ISN sequence classifier (reuses seq_class helper)
2026-04-26 20:30:24 -04:00
realism
feat(realism): operator-tunable planner weights via realism_config
2026-04-27 18:00:08 -04:00
services
feat(creds): DEBT-040 Phase 3 — RDP NLA / CredSSP NTLMv2 capture
2026-04-25 07:42:52 -04:00
sniffer
feat(sniffer): ISN sequence classifier (reuses seq_class helper)
2026-04-26 20:30:24 -04:00
swarm
sec(env): refuse to start master API with footgun public-binding config
2026-04-27 21:15:15 -04:00
templates
feat(templates): standalone NTLMSSP Type 3 parser + decnet-init wrapper
2026-04-27 10:12:30 -04:00
topology
Revert "feat(mazenet): host resolution + cross-host bridge guard"
2026-04-25 03:26:19 -04:00
updater
sec(updater): harden tarball extraction and verify sha256 before extract
2026-04-27 21:14:48 -04:00
vectorstore
feat(creds): cred-reuse foundation + vectorstore scaffold
2026-04-26 03:18:34 -04:00
web
sec(api): mode-gate and eager-load JWT secret in lifespan
2026-04-27 21:26:03 -04:00
webhook
fix(webhook/worker): self-heal when bus starts late or restarts
2026-04-24 16:39:38 -04:00
__init__.py
feat(env): run decnet.ini loader at package import; expose DECNET_MODE
2026-04-19 03:17:25 -04:00
archetypes.py
refactor(ssh): consolidate real_ssh into ssh, remove duplication
2026-04-11 19:51:41 -04:00
composer.py
fix(collector): label-based fleet container discovery
2026-04-25 08:11:21 -04:00
config_ini.py
fix(config-ini): strip inline # and ; comments from values
2026-04-27 22:55:58 -04:00
config.py
fix(logging): don't crash the process if the system log can't be opened
2026-04-24 01:00:42 -04:00
custom_service.py
Add per-service customization, stealth hardening, and BYOS support
2026-04-04 04:08:27 -03:00
distros.py
fix: stabilize tests with synchronous DB init and handle Bandit security findings
2026-04-09 01:33:15 -04:00
env.py
sec(env): refuse to start master API with footgun public-binding config
2026-04-27 21:15:15 -04:00
ini_loader.py
fix: align tests with model validation and API error reporting
2026-04-13 01:43:52 -04:00
models.py
feat(swarm): DeckyConfig.host_uuid + fix agent log/status field refs
2026-04-18 19:10:25 -04:00
network.py
fix(network): sweep orphan Docker bridges that squat on our subnet
2026-04-20 23:19:42 -04:00
os_fingerprint.py
feat(os_fingerprint): Phase 2 — add icmp_ratelimit + icmp_ratemask sysctls
2026-04-10 16:41:23 -04:00
privdrop.py
fix: chown log files to sudo-invoking user so non-root API can append
2026-04-17 13:39:09 -04:00
telemetry.py
fix: resolve all ruff and bandit lint/security issues
2026-04-16 01:04:57 -04:00