envdb

README

Envdb - Environment Database

• NOTE: envdb is still beta software.

Envdb turns your production, dev, cloud, etc environments into a database cluster you can search using osquery as the foundation.

Envdb allows you to register each computer, server or asset as a node in a cluster. Once a new node is connected it becomes available for search from the Envdb ui.

Envdb was built using golang so the whole application, node client and server comes as one single binary. This makes it really easy to deploy and get working in seconds.

Video Intro: https://youtu.be/ydYr7Ykwzy8

How it works.

Envdb wraps the osquery process with a node agent (node as in cluster node) that can communicate back to a central location. When that node gets a new query, it's executed and then sent back to the tcp server for rendering. Once the request is processed it's then sent to any avaliable web clients using websockets.

Envdb has an embedded sqlite database for node storage and saved searches.

ui --websockets--> server --tcp--> node client.

Moving Forward

I plan to add support for a plugin interface for extending what Envdb can request from a node. Currently that list of planned extentions includes: yara (osquery is adding support for this), bro and memory. The hope is to wrap these processes and query them using sql like osquery and allowing you to join on similar data points.

Example: select * from listening_ports a join bro_conn b on a.port = b.source_port;

Download

Pre-built versions of envdb are avaliable for linux 386/amd64. linux downloads

Building on macosx is easy tho, checkout the section below.

apt-get

curl https://packagecloud.io/install/repositories/mephux/envdb/script.deb | sudo bash sudo apt-get install envdb

• View all deb packages: https://packagecloud.io/mephux/envdb

Building

Make sure you have Go installed. I used Go version 1.4.1.

• go get github.com/jteeuwen/go-bindata/...
• go get github.com/elazarl/go-bindata-assetfs
• go get github.com/tools/godep
• git clone https://github.com/mephux/envdb.git
• cd envdb
• make

Usage

• NOTICE: The default username and password for the UI.
  • username: admin@envdb.io
  • password: envdb

usage: envdb [<flags>] <command> [<flags>] [<args> ...]

The Environment Database - SELECT * FROM awesome;

Flags:
  --help       Show help.
  --debug      Enable debug logging.
  --dev        Enable dev mode. (read assets from disk and enable debug
               output)
  -q, --quiet  Remove all output logging.

Commands:
  help [<command>]
    Show help for a command.

  server [<flags>]
    Start the tcp server for node connections.

  node --server=127.0.0.1 [<flags>] <node-name>
    Register a new node.

• Server

  envdb server

  • Note: By default this will start the tcp server on port 3636 and the web server on port 8080.

• Node Client

  sudo envdb node --server <ip to server> SomeBoxName

• That's it - it's really that simple.

More UI

Self-Promotion

Like envdb? Follow the repository on GitHub and if you would like to stalk me, follow mephux on Twitter and GitHub.

TODO

• TLS for the agent/server communications (top of list)
• Node/Server auth, verification and validation.
• Code cleanup (will continue forever).