anti/DECNET
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c37d1f09c62c77cd1faa39c1131e5db42b84b0eb
DECNET/decnet
History
anti c37d1f09c6 feat(deployer): warn when userland-proxy masks attacker source IPs 
MazeNET publishes gateway ports on the host via Docker. With the
default userland-proxy enabled, attacker connections appear to
originate from the bridge gateway instead of the real remote IP.
Log a soft warning at deploy time when the topology publishes any
ports and docker info reports UserlandProxy=true, pointing the
operator at the daemon.json toggle. Best-effort: daemon talk
failures silently no-op.
2026-04-20 23:37:59 -04:00
..
agent
fix(agent-routes): added undocumented responses
2026-04-20 01:24:05 -04:00
cli
feat(mazenet): step 7 — topology_mutations queue + mutator reconciler
2026-04-20 18:02:37 -04:00
collector
feat(collector): parse real PROCID and extract IPs from logger kv pairs
2026-04-18 05:37:08 -04:00
correlation
refactor: strip DECNET tokens from container-visible surface
2026-04-17 22:57:53 -04:00
engine
feat(deployer): warn when userland-proxy masks attacker source IPs
2026-04-20 23:37:59 -04:00
logging
refactor: strip DECNET tokens from container-visible surface
2026-04-17 22:57:53 -04:00
mutator
feat(mazenet): step 7 — topology_mutations queue + mutator reconciler
2026-04-20 18:02:37 -04:00
prober
refactor: strip DECNET tokens from container-visible surface
2026-04-17 22:57:53 -04:00
profiler
chores: cleanup; added: viteconfig
2026-04-16 02:09:30 -04:00
services
fix(packaging): move templates/ into decnet/ package so they ship with pip install
2026-04-19 19:30:04 -04:00
sniffer
feat(sniffer): probe ipvlan host iface when macvlan is absent
2026-04-18 05:37:20 -04:00
swarm
feat(swarmctl): --tls with auto-issued or BYOC server cert
2026-04-19 21:46:32 -04:00
templates
fix(sniffer): mark JA3/JA3S MD5 hashing as non-security
2026-04-20 23:06:31 -04:00
topology
fix(topology): backfill decky_config name and ips_by_lan in hydrate
2026-04-20 23:19:32 -04:00
updater
feat(swarm): unbundle master-only code from agent tarball + sync systemd units on update
2026-04-19 19:19:17 -04:00
web
feat(mazenet): auto-bridge new LANs to the DMZ gateway
2026-04-20 23:07:19 -04:00
__init__.py
feat(env): run decnet.ini loader at package import; expose DECNET_MODE
2026-04-19 03:17:25 -04:00
archetypes.py
refactor(ssh): consolidate real_ssh into ssh, remove duplication
2026-04-11 19:51:41 -04:00
composer.py
feat: fleet-wide MACVLAN sniffer microservice
2026-04-14 15:02:34 -04:00
config_ini.py
feat(enroll): systemd units for agent/forwarder/engine + log-directory INI key
2026-04-19 05:46:08 -04:00
config.py
chores: fix linting
2026-04-18 06:46:10 -04:00
custom_service.py
Add per-service customization, stealth hardening, and BYOS support
2026-04-04 04:08:27 -03:00
distros.py
fix: stabilize tests with synchronous DB init and handle Bandit security findings
2026-04-09 01:33:15 -04:00
env.py
feat(swarm): ship host_uuid + swarmctl-port in agent enroll bundle
2026-04-19 21:44:23 -04:00
fleet.py
feat: fleet-wide MACVLAN sniffer microservice
2026-04-14 15:02:34 -04:00
ini_loader.py
fix: align tests with model validation and API error reporting
2026-04-13 01:43:52 -04:00
models.py
feat(swarm): DeckyConfig.host_uuid + fix agent log/status field refs
2026-04-18 19:10:25 -04:00
network.py
fix(network): sweep orphan Docker bridges that squat on our subnet
2026-04-20 23:19:42 -04:00
os_fingerprint.py
feat(os_fingerprint): Phase 2 — add icmp_ratelimit + icmp_ratemask sysctls
2026-04-10 16:41:23 -04:00
privdrop.py
fix: chown log files to sudo-invoking user so non-root API can append
2026-04-17 13:39:09 -04:00
telemetry.py
fix: resolve all ruff and bandit lint/security issues
2026-04-16 01:04:57 -04:00