Module: Console1984

Includes:: Messages

Defined in:: lib/console1984.rb,
lib/console1984/engine.rb,
lib/console1984/errors.rb,
lib/console1984/version.rb,
app/models/console1984/base.rb,
app/models/console1984/user.rb,
app/models/console1984/command.rb,
app/models/console1984/session.rb,
app/jobs/console1984/incineration_job.rb,
app/models/console1984/sensitive_access.rb

Overview

Console 1984

Console1984 is an IRB-based Rails console extension that does three things:

Record console sessions with their user, reason and commands.
Protect encrypted data by showing the ciphertexts when you visualize it.
Protect access to external systems that contain sensitive information (such as Redis or Elasticsearch).

Session logging

The console will record the session, its user and the commands entered. The logic to persist sessions is handled by the configured session logger, which is Console1984::SessionsLogger::Database by default.

Execution of commands

The console will work in two modes:

Protected: It won’t show encrypted information (it will show the ciphertexts instead) and it won’t allow connections to protected urls.
Unprotected: it allows access to encrypted information and protected urls. The commands executed in this mode as flagged as sensitive.

Console1984::CommandExecutor handles the execution of commands applying the corresponding protection mechanisms.´

Internal tampering prevention

Finally, console1984 includes protection mechanisms against internal tampering while using the console. For example, to prevent the user from deleting audit trails. See Console1984::Shield and Console1984::CommandValidator to learn more.

Defined Under Namespace

Modules: Errors, Freezeable, InputOutput, Messages Classes: Base, Command, CommandExecutor, CommandValidator, Config, Engine, IncinerationJob, ProtectionsConfig, Refrigerator, SensitiveAccess, Session, Shield, Supervisor, User

Constant Summary collapse

VERSION =

"0.1.31"

Constants included from Messages

Messages::COMMANDS, Messages::DEFAULT_ENTER_PROTECTED_MODE_WARNING, Messages::DEFAULT_ENTER_UNPROTECTED_ENCRYPTION_MODE_WARNING, Messages::DEFAULT_PRODUCTION_DATA_WARNING

Class Method Summary collapse

.running_protected_environment? ⇒ Boolean

Returns whether the console is currently running in protected mode or not.

Class Method Details

.running_protected_environment? ⇒ `Boolean`

Returns whether the console is currently running in protected mode or not.

Returns:

(Boolean)



55
56
57

# File 'lib/console1984.rb', line 55

def running_protected_environment?
  protected_environments.collect(&:to_sym).include?(Rails.env.to_sym)
end