ghostline

command module
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 1, 2026 License: MIT Imports: 3 Imported by: 0

README

Ghostline

A local system observability and security monitoring platform built in Go.

Features

  • Real-time Monitoring: Process, network, and filesystem monitoring with high-frequency updates
  • Security Scanning: Detect high-entropy binaries, suspicious mounts, ELF modifications, and FIFO injections
  • Recording & Replay: Capture system state snapshots and replay for analysis
  • Interactive Dashboard: Terminal-based UI for viewing system metrics
  • Decoy System: Deploy honeypots to detect intrusion attempts
  • Rule Engine: Custom detection rules with YAML-based configuration

Installation

# From source
go install github.com/TFMV/ghostline@latest

# Or build from source
git clone https://github.com/TFMV/ghostline.git
cd ghostline
go build -o ghostline

Usage

# Start the TUI dashboard
ghostline dashboard

# Run a security scan
ghostline scan --path /usr/bin

# Record system state
ghostline record --output session.ghost --duration 1h

# Replay a recording
ghostline replay --file session.ghost

# Compare two snapshots
ghostline diff --before state1.ghost --after state2.ghost

# Deploy honeypots
ghostline decoy deploy --type ssh,http --port 2222

Commands

Command Description
dashboard Interactive TUI dashboard
scan Security scan (entropy, ELF, mounts, FIFO)
record Record system state to file
replay Replay recorded session
diff Compare two snapshots
watch Monitor processes or files
decoy Deploy honeypot services
rules Manage detection rules

Configuration

# ghostline.yaml
monitoring:
  process_interval: "10ms"
  network_interval: "5ms"

database:
  path: "./ghostline.db"
  batch_size: 100

Architecture

Ghostline
├── cmd/           # CLI commands
├── internal/
│   ├── core/      # Core monitoring and database
│   ├── scanner/   # Security scanning
│   ├── decoy/     # Honeypot management
│   ├── rules/     # Rule engine
│   └── tui/       # Terminal dashboard
└── benchmarks/    # Performance tests

Development

# Build
go build ./...

# Test
go test ./...

# Lint
golangci-lint run ./...

License

MIT License - see LICENSE file for details.

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
internal
core
decoy
rules
scanner
tui

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.