defense-mcp-server 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +471 -0
- package/LICENSE +21 -0
- package/README.md +242 -0
- package/build/core/auto-installer.d.ts +102 -0
- package/build/core/auto-installer.d.ts.map +1 -0
- package/build/core/auto-installer.js +833 -0
- package/build/core/backup-manager.d.ts +63 -0
- package/build/core/backup-manager.d.ts.map +1 -0
- package/build/core/backup-manager.js +189 -0
- package/build/core/changelog.d.ts +75 -0
- package/build/core/changelog.d.ts.map +1 -0
- package/build/core/changelog.js +123 -0
- package/build/core/command-allowlist.d.ts +129 -0
- package/build/core/command-allowlist.d.ts.map +1 -0
- package/build/core/command-allowlist.js +849 -0
- package/build/core/config.d.ts +79 -0
- package/build/core/config.d.ts.map +1 -0
- package/build/core/config.js +193 -0
- package/build/core/dependency-validator.d.ts +106 -0
- package/build/core/dependency-validator.d.ts.map +1 -0
- package/build/core/dependency-validator.js +405 -0
- package/build/core/distro-adapter.d.ts +177 -0
- package/build/core/distro-adapter.d.ts.map +1 -0
- package/build/core/distro-adapter.js +481 -0
- package/build/core/distro.d.ts +68 -0
- package/build/core/distro.d.ts.map +1 -0
- package/build/core/distro.js +457 -0
- package/build/core/encrypted-state.d.ts +76 -0
- package/build/core/encrypted-state.d.ts.map +1 -0
- package/build/core/encrypted-state.js +209 -0
- package/build/core/executor.d.ts +56 -0
- package/build/core/executor.d.ts.map +1 -0
- package/build/core/executor.js +350 -0
- package/build/core/installer.d.ts +92 -0
- package/build/core/installer.d.ts.map +1 -0
- package/build/core/installer.js +1072 -0
- package/build/core/logger.d.ts +102 -0
- package/build/core/logger.d.ts.map +1 -0
- package/build/core/logger.js +132 -0
- package/build/core/parsers.d.ts +151 -0
- package/build/core/parsers.d.ts.map +1 -0
- package/build/core/parsers.js +479 -0
- package/build/core/policy-engine.d.ts +170 -0
- package/build/core/policy-engine.d.ts.map +1 -0
- package/build/core/policy-engine.js +656 -0
- package/build/core/preflight.d.ts +157 -0
- package/build/core/preflight.d.ts.map +1 -0
- package/build/core/preflight.js +638 -0
- package/build/core/privilege-manager.d.ts +108 -0
- package/build/core/privilege-manager.d.ts.map +1 -0
- package/build/core/privilege-manager.js +363 -0
- package/build/core/rate-limiter.d.ts +67 -0
- package/build/core/rate-limiter.d.ts.map +1 -0
- package/build/core/rate-limiter.js +129 -0
- package/build/core/rollback.d.ts +73 -0
- package/build/core/rollback.d.ts.map +1 -0
- package/build/core/rollback.js +278 -0
- package/build/core/safeguards.d.ts +58 -0
- package/build/core/safeguards.d.ts.map +1 -0
- package/build/core/safeguards.js +448 -0
- package/build/core/sanitizer.d.ts +118 -0
- package/build/core/sanitizer.d.ts.map +1 -0
- package/build/core/sanitizer.js +459 -0
- package/build/core/secure-fs.d.ts +67 -0
- package/build/core/secure-fs.d.ts.map +1 -0
- package/build/core/secure-fs.js +143 -0
- package/build/core/spawn-safe.d.ts +55 -0
- package/build/core/spawn-safe.d.ts.map +1 -0
- package/build/core/spawn-safe.js +146 -0
- package/build/core/sudo-guard.d.ts +145 -0
- package/build/core/sudo-guard.d.ts.map +1 -0
- package/build/core/sudo-guard.js +349 -0
- package/build/core/sudo-session.d.ts +100 -0
- package/build/core/sudo-session.d.ts.map +1 -0
- package/build/core/sudo-session.js +319 -0
- package/build/core/tool-dependencies.d.ts +61 -0
- package/build/core/tool-dependencies.d.ts.map +1 -0
- package/build/core/tool-dependencies.js +571 -0
- package/build/core/tool-registry.d.ts +111 -0
- package/build/core/tool-registry.d.ts.map +1 -0
- package/build/core/tool-registry.js +656 -0
- package/build/core/tool-wrapper.d.ts +73 -0
- package/build/core/tool-wrapper.d.ts.map +1 -0
- package/build/core/tool-wrapper.js +296 -0
- package/build/index.d.ts +3 -0
- package/build/index.d.ts.map +1 -0
- package/build/index.js +247 -0
- package/build/tools/access-control.d.ts +9 -0
- package/build/tools/access-control.d.ts.map +1 -0
- package/build/tools/access-control.js +1818 -0
- package/build/tools/api-security.d.ts +12 -0
- package/build/tools/api-security.d.ts.map +1 -0
- package/build/tools/api-security.js +901 -0
- package/build/tools/app-hardening.d.ts +11 -0
- package/build/tools/app-hardening.d.ts.map +1 -0
- package/build/tools/app-hardening.js +768 -0
- package/build/tools/backup.d.ts +8 -0
- package/build/tools/backup.d.ts.map +1 -0
- package/build/tools/backup.js +381 -0
- package/build/tools/cloud-security.d.ts +17 -0
- package/build/tools/cloud-security.d.ts.map +1 -0
- package/build/tools/cloud-security.js +739 -0
- package/build/tools/compliance.d.ts +10 -0
- package/build/tools/compliance.d.ts.map +1 -0
- package/build/tools/compliance.js +1225 -0
- package/build/tools/container-security.d.ts +14 -0
- package/build/tools/container-security.d.ts.map +1 -0
- package/build/tools/container-security.js +788 -0
- package/build/tools/deception.d.ts +13 -0
- package/build/tools/deception.d.ts.map +1 -0
- package/build/tools/deception.js +763 -0
- package/build/tools/dns-security.d.ts +93 -0
- package/build/tools/dns-security.d.ts.map +1 -0
- package/build/tools/dns-security.js +745 -0
- package/build/tools/drift-detection.d.ts +8 -0
- package/build/tools/drift-detection.d.ts.map +1 -0
- package/build/tools/drift-detection.js +326 -0
- package/build/tools/ebpf-security.d.ts +15 -0
- package/build/tools/ebpf-security.d.ts.map +1 -0
- package/build/tools/ebpf-security.js +294 -0
- package/build/tools/encryption.d.ts +9 -0
- package/build/tools/encryption.d.ts.map +1 -0
- package/build/tools/encryption.js +1667 -0
- package/build/tools/firewall.d.ts +9 -0
- package/build/tools/firewall.d.ts.map +1 -0
- package/build/tools/firewall.js +1398 -0
- package/build/tools/hardening.d.ts +10 -0
- package/build/tools/hardening.d.ts.map +1 -0
- package/build/tools/hardening.js +2654 -0
- package/build/tools/ids.d.ts +9 -0
- package/build/tools/ids.d.ts.map +1 -0
- package/build/tools/ids.js +624 -0
- package/build/tools/incident-response.d.ts +10 -0
- package/build/tools/incident-response.d.ts.map +1 -0
- package/build/tools/incident-response.js +1180 -0
- package/build/tools/logging.d.ts +12 -0
- package/build/tools/logging.d.ts.map +1 -0
- package/build/tools/logging.js +454 -0
- package/build/tools/malware.d.ts +10 -0
- package/build/tools/malware.d.ts.map +1 -0
- package/build/tools/malware.js +532 -0
- package/build/tools/meta.d.ts +11 -0
- package/build/tools/meta.d.ts.map +1 -0
- package/build/tools/meta.js +2278 -0
- package/build/tools/network-defense.d.ts +12 -0
- package/build/tools/network-defense.d.ts.map +1 -0
- package/build/tools/network-defense.js +760 -0
- package/build/tools/patch-management.d.ts +3 -0
- package/build/tools/patch-management.d.ts.map +1 -0
- package/build/tools/patch-management.js +708 -0
- package/build/tools/process-security.d.ts +12 -0
- package/build/tools/process-security.d.ts.map +1 -0
- package/build/tools/process-security.js +784 -0
- package/build/tools/reporting.d.ts +11 -0
- package/build/tools/reporting.d.ts.map +1 -0
- package/build/tools/reporting.js +559 -0
- package/build/tools/secrets.d.ts +9 -0
- package/build/tools/secrets.d.ts.map +1 -0
- package/build/tools/secrets.js +596 -0
- package/build/tools/siem-integration.d.ts +18 -0
- package/build/tools/siem-integration.d.ts.map +1 -0
- package/build/tools/siem-integration.js +754 -0
- package/build/tools/sudo-management.d.ts +18 -0
- package/build/tools/sudo-management.d.ts.map +1 -0
- package/build/tools/sudo-management.js +737 -0
- package/build/tools/supply-chain-security.d.ts +8 -0
- package/build/tools/supply-chain-security.d.ts.map +1 -0
- package/build/tools/supply-chain-security.js +256 -0
- package/build/tools/threat-intel.d.ts +22 -0
- package/build/tools/threat-intel.d.ts.map +1 -0
- package/build/tools/threat-intel.js +749 -0
- package/build/tools/vulnerability-management.d.ts +11 -0
- package/build/tools/vulnerability-management.d.ts.map +1 -0
- package/build/tools/vulnerability-management.js +667 -0
- package/build/tools/waf.d.ts +12 -0
- package/build/tools/waf.d.ts.map +1 -0
- package/build/tools/waf.js +843 -0
- package/build/tools/wireless-security.d.ts +19 -0
- package/build/tools/wireless-security.d.ts.map +1 -0
- package/build/tools/wireless-security.js +826 -0
- package/build/tools/zero-trust-network.d.ts +8 -0
- package/build/tools/zero-trust-network.d.ts.map +1 -0
- package/build/tools/zero-trust-network.js +367 -0
- package/docs/SAFEGUARDS.md +518 -0
- package/docs/TOOLS-REFERENCE.md +665 -0
- package/package.json +87 -0
|
@@ -0,0 +1,518 @@
|
|
|
1
|
+
# Safeguards Reference
|
|
2
|
+
|
|
3
|
+
This document describes the `SafeguardRegistry` system, application detection logic, operation-level safety checks, dry-run usage, and the backup/rollback subsystem for the defense-mcp-server.
|
|
4
|
+
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
## Table of Contents
|
|
8
|
+
|
|
9
|
+
1. [Overview](#overview)
|
|
10
|
+
2. [SafeguardRegistry Architecture](#safeguardregistry-architecture)
|
|
11
|
+
3. [Application Detection](#application-detection)
|
|
12
|
+
- [VS Code Detection](#vs-code-detection)
|
|
13
|
+
- [Docker Detection](#docker-detection)
|
|
14
|
+
- [MCP Server Detection](#mcp-server-detection)
|
|
15
|
+
- [Database Detection](#database-detection)
|
|
16
|
+
- [Web Server Detection](#web-server-detection)
|
|
17
|
+
4. [Operations That Trigger Checks](#operations-that-trigger-checks)
|
|
18
|
+
5. [Warning vs Blocker Levels](#warning-vs-blocker-levels)
|
|
19
|
+
6. [Dry-Run Mode](#dry-run-mode)
|
|
20
|
+
- [Enabling Dry-Run](#enabling-dry-run)
|
|
21
|
+
- [Per-Call dry_run Parameter](#per-call-dry_run-parameter)
|
|
22
|
+
- [Dry-Run Output Examples](#dry-run-output-examples)
|
|
23
|
+
7. [Backup Storage](#backup-storage)
|
|
24
|
+
- [BackupManager Storage Layout](#backupmanager-storage-layout)
|
|
25
|
+
- [Manifest Format](#manifest-format)
|
|
26
|
+
- [Backup Lifecycle](#backup-lifecycle)
|
|
27
|
+
8. [Rollback and Restore Guide](#rollback-and-restore-guide)
|
|
28
|
+
- [RollbackManager Overview](#rollbackmanager-overview)
|
|
29
|
+
- [Change Types](#change-types)
|
|
30
|
+
- [Rollback by Operation ID](#rollback-by-operation-id)
|
|
31
|
+
- [Rollback by Session ID](#rollback-by-session-id)
|
|
32
|
+
- [Restore from BackupManager](#restore-from-backupmanager)
|
|
33
|
+
- [Manual Rollback Commands](#manual-rollback-commands)
|
|
34
|
+
9. [Changelog and Audit Trail](#changelog-and-audit-trail)
|
|
35
|
+
|
|
36
|
+
---
|
|
37
|
+
|
|
38
|
+
## Overview
|
|
39
|
+
|
|
40
|
+
The safeguard system has two independent layers:
|
|
41
|
+
|
|
42
|
+
| Layer | Class | Purpose |
|
|
43
|
+
|-------|-------|---------|
|
|
44
|
+
| Pre-execution detection | `SafeguardRegistry` | Detect running applications; emit warnings before modifying operations run |
|
|
45
|
+
| Post-execution recovery | `RollbackManager` + `BackupManager` | Track changes; restore original state on demand |
|
|
46
|
+
|
|
47
|
+
Both systems operate as singletons loaded at server startup. Neither requires additional configuration beyond the environment variables described in this document.
|
|
48
|
+
|
|
49
|
+
---
|
|
50
|
+
|
|
51
|
+
## SafeguardRegistry Architecture
|
|
52
|
+
|
|
53
|
+
`SafeguardRegistry` is a singleton (`src/core/safeguards.ts`) that runs five detection probes in parallel whenever a modifying tool is invoked:
|
|
54
|
+
|
|
55
|
+
```
|
|
56
|
+
SafeguardRegistry.getInstance().checkSafety(operation, params)
|
|
57
|
+
-> detectVSCode() (process check + filesystem + IPC sockets)
|
|
58
|
+
-> detectDocker() (socket + docker ps)
|
|
59
|
+
-> detectMCPServers() (.mcp.json config + node process scan)
|
|
60
|
+
-> detectDatabases() (TCP port probes: 5432, 3306, 27017, 6379)
|
|
61
|
+
-> detectWebServers() (pgrep for nginx, apache2, httpd)
|
|
62
|
+
```
|
|
63
|
+
|
|
64
|
+
The result is a `SafetyResult` object:
|
|
65
|
+
|
|
66
|
+
```typescript
|
|
67
|
+
interface SafetyResult {
|
|
68
|
+
safe: boolean; // false only when blockers.length > 0
|
|
69
|
+
warnings: string[]; // non-blocking advisory messages
|
|
70
|
+
blockers: string[]; // operation-halting conditions
|
|
71
|
+
impactedApps: string[]; // names of apps that could be affected
|
|
72
|
+
}
|
|
73
|
+
```
|
|
74
|
+
|
|
75
|
+
---
|
|
76
|
+
|
|
77
|
+
## Application Detection
|
|
78
|
+
|
|
79
|
+
### VS Code Detection
|
|
80
|
+
|
|
81
|
+
Three independent signals are combined (any one is sufficient for detection):
|
|
82
|
+
|
|
83
|
+
| Signal | Method | Detail |
|
|
84
|
+
|--------|--------|--------|
|
|
85
|
+
| Running process | `pgrep -f code` | Detects the `code` binary in process table |
|
|
86
|
+
| Config directory | Filesystem check for `~/.vscode` | Indicates VS Code is or was installed |
|
|
87
|
+
| IPC sockets | `readdirSync(/run/user/<uid>)` filtered by `vscode-ipc-*` | Indicates active VS Code session |
|
|
88
|
+
|
|
89
|
+
VS Code detection is always **informational only** — it never produces a blocker. A warning is emitted stating that VS Code is active so operators are aware before making service or firewall changes.
|
|
90
|
+
|
|
91
|
+
### Docker Detection
|
|
92
|
+
|
|
93
|
+
| Signal | Method | Detail |
|
|
94
|
+
|--------|--------|--------|
|
|
95
|
+
| Docker socket | `existsSync("/var/run/docker.sock")` | Primary indicator that Docker daemon is running |
|
|
96
|
+
| Running containers | `docker ps --format {{.Names}}` | Lists up to 5 container names in the warning |
|
|
97
|
+
|
|
98
|
+
Docker warnings are emitted when operations touch any of: `container`, `docker`, `apparmor`, `seccomp`, `namespace`, `image`, `rootless`, `firewall`, `iptables`, `nftables`, `ufw`, `port`, `chain`, `microsegmentation`, `wireguard`, `service`, `systemd`, `systemctl`, `enable`, `disable`, `start`, `stop`, `restart`, `daemon`.
|
|
99
|
+
|
|
100
|
+
### MCP Server Detection
|
|
101
|
+
|
|
102
|
+
| Signal | Method | Detail |
|
|
103
|
+
|--------|--------|--------|
|
|
104
|
+
| MCP config file | Reads `/home/robert/kali-mcp-workspace/.mcp.json` | Counts configured MCP servers |
|
|
105
|
+
| Node processes | `pgrep -a node` filtered for `mcp` in command line | Detects running MCP-related node processes |
|
|
106
|
+
|
|
107
|
+
MCP server warnings are emitted when firewall operations are detected, because iptables/ufw rule changes can break the stdio transport that MCP servers rely on.
|
|
108
|
+
|
|
109
|
+
### Database Detection
|
|
110
|
+
|
|
111
|
+
TCP port probing with a 1-second timeout per port:
|
|
112
|
+
|
|
113
|
+
| Port | Database |
|
|
114
|
+
|------|----------|
|
|
115
|
+
| 5432 | PostgreSQL |
|
|
116
|
+
| 3306 | MySQL/MariaDB |
|
|
117
|
+
| 27017 | MongoDB |
|
|
118
|
+
| 6379 | Redis |
|
|
119
|
+
|
|
120
|
+
All four probes run in parallel. Only open ports are reported. Database warnings are triggered when operation keywords include `database`, `postgres`, `mysql`, `mongo`, `redis`, or `port`.
|
|
121
|
+
|
|
122
|
+
### Web Server Detection
|
|
123
|
+
|
|
124
|
+
| Process Name | Detection Method |
|
|
125
|
+
|-------------|-----------------|
|
|
126
|
+
| `nginx` | `pgrep -f nginx` |
|
|
127
|
+
| `apache2` | `pgrep -f apache2` |
|
|
128
|
+
| `httpd` | `pgrep -f httpd` |
|
|
129
|
+
|
|
130
|
+
Web server warnings are triggered when operation keywords include `nginx`, `apache`, `httpd`, `webserver`, `tls`, `cert`, or when firewall operations are combined with detected web server activity.
|
|
131
|
+
|
|
132
|
+
---
|
|
133
|
+
|
|
134
|
+
## Operations That Trigger Checks
|
|
135
|
+
|
|
136
|
+
The registry maps tool name keywords to affected application categories:
|
|
137
|
+
|
|
138
|
+
| Keyword Group | Triggers Warning For |
|
|
139
|
+
|--------------|---------------------|
|
|
140
|
+
| `container`, `docker`, `apparmor`, `seccomp`, `namespace`, `image`, `rootless` | Docker |
|
|
141
|
+
| `firewall`, `iptables`, `nftables`, `ufw`, `port`, `chain`, `microsegmentation`, `wireguard` | Docker, Databases, Web Servers, MCP Servers |
|
|
142
|
+
| `service`, `systemd`, `systemctl`, `enable`, `disable`, `start`, `stop`, `restart`, `daemon` | Docker, Web Servers |
|
|
143
|
+
| `database`, `postgres`, `mysql`, `mongo`, `redis`, `port` | Databases |
|
|
144
|
+
| `nginx`, `apache`, `httpd`, `webserver`, `tls`, `cert` | Web Servers |
|
|
145
|
+
|
|
146
|
+
The matching is case-insensitive substring matching against the full operation name. For example, the tool name `firewall_iptables_add` matches the `firewall` and `iptables` keyword groups.
|
|
147
|
+
|
|
148
|
+
---
|
|
149
|
+
|
|
150
|
+
## Warning vs Blocker Levels
|
|
151
|
+
|
|
152
|
+
The safeguard system uses two severity levels:
|
|
153
|
+
|
|
154
|
+
### Warnings (Non-Blocking)
|
|
155
|
+
|
|
156
|
+
Warnings are advisory messages appended to the tool response. They do not prevent execution. All current safeguard conditions produce warnings, not blockers.
|
|
157
|
+
|
|
158
|
+
Examples of warning messages:
|
|
159
|
+
- `"Docker is active (Docker socket exists; 3 container(s): web, db, cache) — operation may affect containers"`
|
|
160
|
+
- `"Firewall changes may disrupt Docker networking"`
|
|
161
|
+
- `"Database connectivity may be affected (Active: PostgreSQL, Redis)"`
|
|
162
|
+
- `"Web server traffic may be affected (Running: nginx)"`
|
|
163
|
+
- `"Firewall changes may affect MCP server communication"`
|
|
164
|
+
- `"VS Code is active (.vscode config dir exists; 2 IPC socket(s) found)"`
|
|
165
|
+
|
|
166
|
+
### Blockers (Operation-Halting)
|
|
167
|
+
|
|
168
|
+
Blockers set `safe: false` and prevent the operation from proceeding. As of v0.6.0, blockers are generated by:
|
|
169
|
+
|
|
170
|
+
- **Input validation failures**: Invalid operation name (fails `OperationSchema` validation), invalid chain name, invalid path, shell metacharacters
|
|
171
|
+
- **Real runtime blockers**: The safeguard system now includes real blocking conditions beyond validation errors. These are enforced via the `checkSafety()` method which evaluates operation context against detected application state.
|
|
172
|
+
- **Pre-flight validation failures**: Missing required binaries or unsatisfied privilege requirements block tool execution before the handler runs (see PREFLIGHT-ARCHITECTURE.md)
|
|
173
|
+
|
|
174
|
+
### Safety Check Error Handling
|
|
175
|
+
|
|
176
|
+
If any detection probe throws an exception (for example, due to permission errors reading `/run/user/<uid>`), the error is caught and converted to a warning rather than crashing the server:
|
|
177
|
+
|
|
178
|
+
```
|
|
179
|
+
"Safety check encountered an error: <error message>"
|
|
180
|
+
```
|
|
181
|
+
|
|
182
|
+
This ensures that safeguard failures are never fatal to tool execution.
|
|
183
|
+
|
|
184
|
+
---
|
|
185
|
+
|
|
186
|
+
## Dry-Run Mode
|
|
187
|
+
|
|
188
|
+
Dry-run mode causes all modifying operations to print the exact command that would be executed without actually running it. The tool still logs the planned change to the changelog.
|
|
189
|
+
|
|
190
|
+
### Enabling Dry-Run
|
|
191
|
+
|
|
192
|
+
**Default behavior**: The server reads `KALI_DEFENSE_DRY_RUN` at startup. The default is `false` in code, but the provided `.mcp.json` configuration sets it to `true` for safety.
|
|
193
|
+
|
|
194
|
+
```bash
|
|
195
|
+
# Enable dry-run globally (safe — no changes applied)
|
|
196
|
+
KALI_DEFENSE_DRY_RUN=true node build/index.js
|
|
197
|
+
|
|
198
|
+
# Disable dry-run globally (live changes will be applied)
|
|
199
|
+
KALI_DEFENSE_DRY_RUN=false node build/index.js
|
|
200
|
+
```
|
|
201
|
+
|
|
202
|
+
When dry-run is active, the server prints to stderr at startup:
|
|
203
|
+
```
|
|
204
|
+
[KALI-DEFENSE] DRY_RUN mode is ACTIVE — no changes will be applied
|
|
205
|
+
```
|
|
206
|
+
|
|
207
|
+
### Per-Call dry_run Parameter
|
|
208
|
+
|
|
209
|
+
Tools that support dry-run accept an optional `dry_run` boolean parameter. When provided, it overrides the global `KALI_DEFENSE_DRY_RUN` environment variable for that single call.
|
|
210
|
+
|
|
211
|
+
Tools that support `dry_run`:
|
|
212
|
+
|
|
213
|
+
| Category | Tools |
|
|
214
|
+
|----------|-------|
|
|
215
|
+
| Firewall | `firewall_iptables_add`, `firewall_iptables_delete`, `firewall_ufw_rule`, `firewall_save`, `firewall_restore`, `firewall_set_policy`, `firewall_create_chain`, `firewall_persistence` |
|
|
216
|
+
| Hardening | `harden_sysctl_set`, `harden_file_permissions`, `harden_service_manage`, `harden_umask_set`, `harden_coredump_disable`, `harden_banner_set`, `harden_bootloader_configure`, `harden_systemd_apply` |
|
|
217
|
+
| Access Control | `access_ssh_harden`, `access_password_policy`, `access_pam_configure`, `access_restrict_shell` |
|
|
218
|
+
| Compliance | `compliance_cron_restrict`, `compliance_tmp_hardening` |
|
|
219
|
+
| Logging | `log_auditd_rules`, `log_auditd_cis_rules` |
|
|
220
|
+
| Zero-Trust | `setup_wireguard`, `configure_microsegmentation`, `setup_mtls` |
|
|
221
|
+
| Container Advanced | `generate_seccomp_profile`, `apply_apparmor_container`, `setup_rootless_containers` |
|
|
222
|
+
| Automation | `defense_scheduled_audit` (actions: `create`, `remove`) |
|
|
223
|
+
|
|
224
|
+
### Dry-Run Output Examples
|
|
225
|
+
|
|
226
|
+
**Adding an iptables rule with global dry-run active:**
|
|
227
|
+
|
|
228
|
+
```
|
|
229
|
+
[DRY-RUN] Would execute:
|
|
230
|
+
sudo iptables -t filter -I INPUT -p tcp --dport 22 -j ACCEPT
|
|
231
|
+
|
|
232
|
+
Rollback command:
|
|
233
|
+
sudo iptables -t filter -D INPUT -p tcp --dport 22 -j ACCEPT
|
|
234
|
+
```
|
|
235
|
+
|
|
236
|
+
**Overriding dry-run per-call (live mode even when KALI_DEFENSE_DRY_RUN=true):**
|
|
237
|
+
|
|
238
|
+
```json
|
|
239
|
+
{
|
|
240
|
+
"tool": "harden_sysctl_set",
|
|
241
|
+
"params": {
|
|
242
|
+
"key": "net.ipv4.tcp_syncookies",
|
|
243
|
+
"value": "1",
|
|
244
|
+
"persistent": true,
|
|
245
|
+
"dry_run": false
|
|
246
|
+
}
|
|
247
|
+
}
|
|
248
|
+
```
|
|
249
|
+
|
|
250
|
+
**Previewing compliance cron restriction:**
|
|
251
|
+
|
|
252
|
+
```json
|
|
253
|
+
{
|
|
254
|
+
"tool": "compliance_cron_restrict",
|
|
255
|
+
"params": {
|
|
256
|
+
"action": "create",
|
|
257
|
+
"allowed_users": ["root", "backup"],
|
|
258
|
+
"dry_run": true
|
|
259
|
+
}
|
|
260
|
+
}
|
|
261
|
+
```
|
|
262
|
+
|
|
263
|
+
Output:
|
|
264
|
+
```
|
|
265
|
+
[DRY-RUN] Would create /etc/cron.allow with users: root, backup
|
|
266
|
+
[DRY-RUN] Would create /etc/at.allow with users: root, backup
|
|
267
|
+
```
|
|
268
|
+
|
|
269
|
+
**Running compliance check in dry-run to preview which checks will run:**
|
|
270
|
+
|
|
271
|
+
```json
|
|
272
|
+
{
|
|
273
|
+
"tool": "run_compliance_check",
|
|
274
|
+
"params": {
|
|
275
|
+
"framework": "pci-dss-v4",
|
|
276
|
+
"dryRun": true
|
|
277
|
+
}
|
|
278
|
+
}
|
|
279
|
+
```
|
|
280
|
+
|
|
281
|
+
---
|
|
282
|
+
|
|
283
|
+
## Backup Storage
|
|
284
|
+
|
|
285
|
+
### BackupManager Storage Layout
|
|
286
|
+
|
|
287
|
+
The `BackupManager` (`src/core/backup-manager.ts`) stores all file backups under:
|
|
288
|
+
|
|
289
|
+
```
|
|
290
|
+
~/.kali-mcp-backups/
|
|
291
|
+
├── manifest.json
|
|
292
|
+
├── 2026-02-21_10-30-45_sshd_config
|
|
293
|
+
├── 2026-02-21_10-31-02_login.defs
|
|
294
|
+
├── 2026-02-21_11-05-17_iptables-rules.v4
|
|
295
|
+
└── ...
|
|
296
|
+
```
|
|
297
|
+
|
|
298
|
+
The directory is created automatically on first use. No pre-configuration is required.
|
|
299
|
+
|
|
300
|
+
Backup filenames follow the pattern: `<ISO-timestamp>_<original-filename>`
|
|
301
|
+
|
|
302
|
+
Timestamps use the format `YYYY-MM-DD_HH-MM-SS` derived from ISO 8601 with colons and dots replaced by hyphens.
|
|
303
|
+
|
|
304
|
+
The `KALI_DEFENSE_BACKUP_DIR` environment variable overrides the default `~/.kali-mcp-backups` location:
|
|
305
|
+
|
|
306
|
+
```bash
|
|
307
|
+
KALI_DEFENSE_BACKUP_DIR=/mnt/secure-backup/kali-mcp node build/index.js
|
|
308
|
+
```
|
|
309
|
+
|
|
310
|
+
Note: The `RollbackManager` uses a separate storage path at `~/.kali-defense/rollback-state.json` for tracking change records. The `BackupManager` at `~/.kali-mcp-backups/` is specifically for explicit file backups triggered by tools.
|
|
311
|
+
|
|
312
|
+
### Manifest Format
|
|
313
|
+
|
|
314
|
+
`~/.kali-mcp-backups/manifest.json` is a JSON file maintained by the BackupManager:
|
|
315
|
+
|
|
316
|
+
```json
|
|
317
|
+
{
|
|
318
|
+
"backups": [
|
|
319
|
+
{
|
|
320
|
+
"id": "550e8400-e29b-41d4-a716-446655440000",
|
|
321
|
+
"originalPath": "/etc/ssh/sshd_config",
|
|
322
|
+
"backupPath": "/home/user/.kali-mcp-backups/2026-02-21_10-30-45_sshd_config",
|
|
323
|
+
"timestamp": "2026-02-21T10:30:45.123Z",
|
|
324
|
+
"sizeBytes": 3421
|
|
325
|
+
}
|
|
326
|
+
]
|
|
327
|
+
}
|
|
328
|
+
```
|
|
329
|
+
|
|
330
|
+
| Field | Type | Description |
|
|
331
|
+
|-------|------|-------------|
|
|
332
|
+
| `id` | UUID v4 | Unique identifier for restore operations |
|
|
333
|
+
| `originalPath` | string | Absolute path of the source file |
|
|
334
|
+
| `backupPath` | string | Absolute path of the backup copy |
|
|
335
|
+
| `timestamp` | ISO 8601 | When the backup was created |
|
|
336
|
+
| `sizeBytes` | number | Size of the backed-up file in bytes |
|
|
337
|
+
|
|
338
|
+
### Backup Lifecycle
|
|
339
|
+
|
|
340
|
+
1. **Creation**: A tool calls `BackupManager.backup(filePath)` before modifying a file. The backup is created, the manifest is updated, and the backup ID is returned.
|
|
341
|
+
|
|
342
|
+
2. **Pruning**: Old backups can be pruned using `BackupManager.pruneOldBackups(daysOld)`. This removes backup files from disk and removes their entries from the manifest.
|
|
343
|
+
|
|
344
|
+
3. **Restoration**: Call `BackupManager.restore(backupId)` with the UUID from the manifest. The backup file is copied back to its original path.
|
|
345
|
+
|
|
346
|
+
---
|
|
347
|
+
|
|
348
|
+
## Rollback and Restore Guide
|
|
349
|
+
|
|
350
|
+
### RollbackManager Overview
|
|
351
|
+
|
|
352
|
+
The `RollbackManager` (`src/core/rollback.ts`) tracks system changes made during a session and provides structured rollback for four change types. State is persisted to `~/.kali-defense/rollback-state.json`.
|
|
353
|
+
|
|
354
|
+
Each server startup generates a new `sessionId` (UUID). Changes are tagged with both an `operationId` (per tool invocation) and the `sessionId`, enabling rollback at two granularities.
|
|
355
|
+
|
|
356
|
+
### Change Types
|
|
357
|
+
|
|
358
|
+
| Type | Target | Original Value Stored | Rollback Mechanism |
|
|
359
|
+
|------|--------|-----------------------|-------------------|
|
|
360
|
+
| `file` | Absolute file path | Path to backup file | `copyFileSync(backupPath, targetPath)` |
|
|
361
|
+
| `sysctl` | Sysctl key (e.g., `kernel.randomize_va_space`) | Previous value string | `sysctl -w key=originalValue` |
|
|
362
|
+
| `service` | Service name (e.g., `nginx`) | Previous state (`active`/`inactive`) | `systemctl start/stop serviceName` |
|
|
363
|
+
| `firewall` | Chain/table description | Rollback command string | Execute stored rollback command via `spawn` |
|
|
364
|
+
|
|
365
|
+
### Rollback by Operation ID
|
|
366
|
+
|
|
367
|
+
Every tool invocation that creates a change entry logs an `operationId` to the changelog. To roll back a specific operation:
|
|
368
|
+
|
|
369
|
+
```bash
|
|
370
|
+
# Find the operation ID in the changelog
|
|
371
|
+
cat ~/.kali-defense/changelog.json | python3 -m json.tool | grep -A5 '"operationId"'
|
|
372
|
+
```
|
|
373
|
+
|
|
374
|
+
Use the `defense_change_history` tool to list recent changes with their operation IDs:
|
|
375
|
+
|
|
376
|
+
```json
|
|
377
|
+
{
|
|
378
|
+
"tool": "defense_change_history",
|
|
379
|
+
"params": {}
|
|
380
|
+
}
|
|
381
|
+
```
|
|
382
|
+
|
|
383
|
+
To roll back, the RollbackManager API is called programmatically. Expose via an MCP tool if needed:
|
|
384
|
+
|
|
385
|
+
```typescript
|
|
386
|
+
const rb = RollbackManager.getInstance();
|
|
387
|
+
await rb.rollback("operation-uuid-here");
|
|
388
|
+
```
|
|
389
|
+
|
|
390
|
+
Rollback applies changes in **reverse chronological order** within the operation.
|
|
391
|
+
|
|
392
|
+
### Rollback by Session ID
|
|
393
|
+
|
|
394
|
+
To roll back all changes from the current session:
|
|
395
|
+
|
|
396
|
+
```typescript
|
|
397
|
+
const rb = RollbackManager.getInstance();
|
|
398
|
+
const sessionId = rb.getSessionId();
|
|
399
|
+
await rb.rollbackSession(sessionId);
|
|
400
|
+
```
|
|
401
|
+
|
|
402
|
+
This is the safest recovery path after a failed hardening session — it undoes all changes in reverse order.
|
|
403
|
+
|
|
404
|
+
### Restore from BackupManager
|
|
405
|
+
|
|
406
|
+
**Step 1**: List available backups using the `backup_list` tool or by reading the manifest:
|
|
407
|
+
|
|
408
|
+
```json
|
|
409
|
+
{
|
|
410
|
+
"tool": "backup_list",
|
|
411
|
+
"params": {}
|
|
412
|
+
}
|
|
413
|
+
```
|
|
414
|
+
|
|
415
|
+
The output includes backup IDs and original paths:
|
|
416
|
+
```json
|
|
417
|
+
{
|
|
418
|
+
"backups": [
|
|
419
|
+
{
|
|
420
|
+
"id": "550e8400-e29b-41d4-a716-446655440000",
|
|
421
|
+
"originalPath": "/etc/ssh/sshd_config",
|
|
422
|
+
"backupPath": "/home/user/.kali-mcp-backups/2026-02-21_10-30-45_sshd_config",
|
|
423
|
+
"timestamp": "2026-02-21T10:30:45.123Z",
|
|
424
|
+
"sizeBytes": 3421
|
|
425
|
+
}
|
|
426
|
+
]
|
|
427
|
+
}
|
|
428
|
+
```
|
|
429
|
+
|
|
430
|
+
**Step 2**: Restore using the `backup_restore` tool:
|
|
431
|
+
|
|
432
|
+
```json
|
|
433
|
+
{
|
|
434
|
+
"tool": "backup_restore",
|
|
435
|
+
"params": {
|
|
436
|
+
"backup_id": "550e8400-e29b-41d4-a716-446655440000"
|
|
437
|
+
}
|
|
438
|
+
}
|
|
439
|
+
```
|
|
440
|
+
|
|
441
|
+
The BackupManager copies the backup file back to its original path. The target directory is created if it does not exist.
|
|
442
|
+
|
|
443
|
+
**Step 3**: Verify the restore using `backup_verify`:
|
|
444
|
+
|
|
445
|
+
```json
|
|
446
|
+
{
|
|
447
|
+
"tool": "backup_verify",
|
|
448
|
+
"params": {
|
|
449
|
+
"backup_id": "550e8400-e29b-41d4-a716-446655440000"
|
|
450
|
+
}
|
|
451
|
+
}
|
|
452
|
+
```
|
|
453
|
+
|
|
454
|
+
### Manual Rollback Commands
|
|
455
|
+
|
|
456
|
+
Every tool that modifies state logs a `rollbackCommand` to the changelog. To manually reverse a change:
|
|
457
|
+
|
|
458
|
+
1. Find the rollback command in `~/.kali-defense/changelog.json`:
|
|
459
|
+
```bash
|
|
460
|
+
cat ~/.kali-defense/changelog.json | python3 -c "
|
|
461
|
+
import json, sys
|
|
462
|
+
entries = json.load(sys.stdin)
|
|
463
|
+
for e in entries[-10:]:
|
|
464
|
+
if e.get('rollbackCommand'):
|
|
465
|
+
print(e['timestamp'], e['tool'], e['rollbackCommand'])
|
|
466
|
+
"
|
|
467
|
+
```
|
|
468
|
+
|
|
469
|
+
2. Execute the rollback command directly. Examples:
|
|
470
|
+
```bash
|
|
471
|
+
# Undo an iptables rule addition
|
|
472
|
+
sudo iptables -t filter -D INPUT -p tcp --dport 22 -j ACCEPT
|
|
473
|
+
|
|
474
|
+
# Restore a backed-up file
|
|
475
|
+
sudo cp /home/user/.kali-mcp-backups/2026-02-21_10-30-45_sshd_config /etc/ssh/sshd_config
|
|
476
|
+
|
|
477
|
+
# Revert a sysctl change
|
|
478
|
+
sudo sysctl -w kernel.randomize_va_space=1
|
|
479
|
+
|
|
480
|
+
# Revert a chain policy change
|
|
481
|
+
sudo iptables -P INPUT ACCEPT
|
|
482
|
+
```
|
|
483
|
+
|
|
484
|
+
---
|
|
485
|
+
|
|
486
|
+
## Changelog and Audit Trail
|
|
487
|
+
|
|
488
|
+
All changes are logged to `~/.kali-defense/changelog.json` (configurable via `KALI_DEFENSE_CHANGELOG_PATH`).
|
|
489
|
+
|
|
490
|
+
Each entry contains:
|
|
491
|
+
|
|
492
|
+
```json
|
|
493
|
+
{
|
|
494
|
+
"id": "uuid-v4",
|
|
495
|
+
"operationId": "uuid-v4",
|
|
496
|
+
"tool": "harden_sysctl_set",
|
|
497
|
+
"action": "Set net.ipv4.tcp_syncookies = 1",
|
|
498
|
+
"target": "net.ipv4.tcp_syncookies",
|
|
499
|
+
"before": "0",
|
|
500
|
+
"after": "1",
|
|
501
|
+
"timestamp": "2026-02-21T10:30:45.123Z",
|
|
502
|
+
"dryRun": false,
|
|
503
|
+
"success": true,
|
|
504
|
+
"rollbackCommand": "sudo sysctl -w net.ipv4.tcp_syncookies=0",
|
|
505
|
+
"backupPath": null
|
|
506
|
+
}
|
|
507
|
+
```
|
|
508
|
+
|
|
509
|
+
Use the `defense_change_history` tool to view the audit trail in a formatted way:
|
|
510
|
+
|
|
511
|
+
```json
|
|
512
|
+
{
|
|
513
|
+
"tool": "defense_change_history",
|
|
514
|
+
"params": {
|
|
515
|
+
"limit": 20
|
|
516
|
+
}
|
|
517
|
+
}
|
|
518
|
+
```
|