
Show HN: Trailbot – Monitor Your Data and Act Upon Unwanted Modifications - adansdpc
https://github.com/trailbot/client
======
adansdpc
Hi community!

We have just open sourced Trailbot, a files and logs tracking daemon for
GNU/Linux that triggers Smart Policies upon unwanted modifications.

Current security solutions are based on an obsolete paradigm: building walls
and fences. Companies advertise their overcomplicated perimeter security
systems as if they were impenetrable. But nevertheless we hear everyday about
cyber security breaches at even the largest corporations. It’s not a matter of
“if” but “when” the perimeter will get breached.

In any case walls and fences will not protect you at all from internal
breaches and insider threats. Furthermore, most data resides nowadays in the
cloud, where walls, borders and fences fade and blur.

With Trailbot you can rest assured of the integrity of your data, being it a
system log or any other important file. It doesn't matter if an outsider got
access to your systems or an insider decided to go rogue—you are now in
control.

Would love to hear your thoughts and feedback!

~~~
im_dario
How does it compare to Tripwire or AIDE? At first look it seems Trailbot is
closer to "real time" detection than the others.

~~~
adansdpc
Hi Darío,

When compared to Tripwire, AIDE, Graylog or other conventional SEM solutions,
Trailbot offers a much more extensible and powerful policies engine that
allows anyone to write, fork, customize and share their own smart policies
written in javascript or coffeescript.

Other big point in favor of Trailbot is that we are strong believers and
supporters of the technological sovereignty movement, so we open sourced all
the components in Trailbot's stack so that you can self-host the whole thing
in case you don't want to trust any third party.

In addition, all traffic going between Trailbot Watcher and Trailbot Client is
encrypted end-to-end using asymmetric cryptography (PGP with 4096 bits keys).

Thanks a lot for your interest, we hope you find Trailbot useful :)

------
narrowrail
It's too bad this submission didn't get more attention. It seems like these
files/logs could help inform the "walls and fences" to better fight intrusion
in the first place (root cause analysis). I think at the enterprise level,
intrusion detection is used to help prevent intrusion in the first place.
Minimizing the latency b/w these two functions seems like the thing to
optimize for.

~~~
dlevi
Thank you! We focused on building a product that is very easy to extend. Smart
policies bringing the functionalities you describe can and will be built.

