{ "info": { "author": "gr0und-s3ct0r", "author_email": "contact@groundsector.com", "bugtrack_url": null, "classifiers": [ "Intended Audience :: Information Technology", "License :: OSI Approved :: MIT License", "Operating System :: POSIX", "Programming Language :: Python", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.6" ], "description": "======\nCerber\n======\n\n.. image:: https://travis-ci.org/gr0und-s3ct0r/cerber.svg?branch=devel\n :target: https://travis-ci.org/gr0und-s3ct0r/cerber\n.. image:: https://badge.fury.io/py/cerber.svg\n :target: https://badge.fury.io/py/cerber\n\nA straightforward command line tool for generate seccomp json profile\n\nOverview\n========\nSeccomp (short for secure computing mode) is a computer security \nfacility in the Linux kernel.\nSeccomp allows a process to make a one-way transition into a \"secure\"\nstate where it cannot make any system calls except exit(),\nsigreturn(), read() and write() to already-open file descriptors.\nShould it attempt any other system calls, the kernel will terminate\nthe process with SIGKILL or SIGSYS.\nIn this sense, it does not virtualize the system's resources but isolates \nthe process from them entirely.\n\nSeccomp profile is used with by a lot of applications like:\n\n- docker\n- firefox\n- systemd\n- openssh\n- chrome\n- and more...\n\nCerber help you to generate seccomp profile that you can\nuse with docker per example.\n\nPrerequisites\n=============\n\n- Linux\n- Python3.5+\n- Strace\n\nInstall\n=======\n.. code:: shell\n\n $ pip install cerber\n\nUsage\n=====\n\nGenerate a seccomp_profile.json in your current directory:\n\n.. code:: shell\n\n $ cerber docker run hello-world\n $ ls\n seccomp_profile.json\n $ cat seccomp_profile.json\n {\n \"defaultAction\": \"SCMP_ACT_ERRNO\", \n \"architecture\": [\n \"SCMP_ARCH_X86_64\", \n \"SCMP_ARCH_X86\", \n \"SCMP_ARCH_X32\"\n ], \n \"syscalls\": [\n {\n \"action\": \"SCMP_ACT_ALLOW\", \n \"args\": [], \n \"name\": \"read\"\n }, \n ...\n {\n \"action\": \"SCMP_ACT_ALLOW\", \n \"args\": [], \n \"name\": \"execve\"\n }, \n {\n \"action\": \"SCMP_ACT_ALLOW\", \n \"args\": [], \n \"name\": \"arch_prctl\"\n }\n ]\n }\n\nNow you can assign this seccomp profile to your container at run:\n\n.. code:: shell\n\n $ docker run \\\n --rm \\\n --security-opt=\"no-new-privileges\" \\\n --security-opt seccomp=seccomp_profile.json \\\n hello-world # you can get the following output for docker hello world\n\n Hello from Docker!\n This message shows that your installation appears to be working correctly.\n\n To generate this message, Docker took the following steps:\n 1. The Docker client contacted the Docker daemon.\n ...\n For more examples and ideas, visit:\n https://docs.docker.com/engine/userguide/\n\nBecareful to generate seccomp profile with cerber on the same cpu architecture\nthat your production environment (where you want run your container).\n\nFeatures\n========\n\n- detect syscalls\n- generate seccomp profile from detected syscalls\n\nContribute\n==========\n\n.. code:: shell\n\n $ git clone https://github.com/gr0und-s3ct0r/cerber\n $ cd cerber\n $ pipenv install pbr\n $ pipenv shell # generate a virtual environment\n $ python setup.py develop # install cerber in development mode\n $ pip install -e .[test] # install testing dependencies\n $ # make your changes\n $ tox\n\nFurther readings\n================\n- `docker security seccomp documentation `_\n- `docker seccomp json format `_\n- `docker no new privileges security flag `_\n\nOriginal Authors\n================\n- `S\u00e9bastien Boyron (dj4ngo) `_\n- `Herv\u00e9 Beraud (4383) `_\n\nCHANGES\n=======\n\n0.2.0\n-----\n\n* install from pypi\n* fix license classifier\n* update changelog\n\n0.1.0\n-----\n\n* adding build badge\n* fix pep8 errors\n* ignore pyc\n* fix pep8 errors\n* adding overview about seccomp\n* adding further readings\n* example on how to use security profil\n* fix filename output on documentation\n* fix install\n* fix contribute guide\n* update usage with seccomp.json file generated\n* use restructuredText for readme instead of markdown\n* packaging + TU + CI\n* introduce CI\n* keep strace statistics\n* add gitignore\n* rename tmpfile and create seccomp profile in a file\n* do not touch stdout and stderr to be transparent on execution\n* further reading and contributors\n* update doc with command\n* pass command to execute to bouncer\n* improve usage\n* rename tool\n* initialize repository\n\nHerv\u00e9 Beraud \nSebastien Boyron \n\n\n\n", "description_content_type": null, "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/gr0und-s3ct0r/cerber/", "keywords": "", "license": "", "maintainer": "", "maintainer_email": "", "name": "cerber", "package_url": "https://pypi.org/project/cerber/", "platform": "", "project_url": "https://pypi.org/project/cerber/", "project_urls": { "Homepage": "https://github.com/gr0und-s3ct0r/cerber/" }, "release_url": "https://pypi.org/project/cerber/0.3.0/", "requires_dist": [ "fixtures; extra == 'test'", "tox; extra == 'test'" ], "requires_python": "", "summary": "Command line tool to generate secure computing mode", "version": "0.3.0" }, "last_serial": 3356549, "releases": { "0.1.0": [ { "comment_text": "", "digests": { "md5": "638398f44282b0bb2e0e8ce61f873488", "sha256": "e180b80ed5ac62131f5a84bf53017c65874284e991cbb889b9a929e1f6ef03f5" }, "downloads": -1, "filename": "cerber-0.1.0-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "638398f44282b0bb2e0e8ce61f873488", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 7169, "upload_time": "2017-11-20T22:24:56", "url": "https://files.pythonhosted.org/packages/90/03/ff0c39d2e0f5bda8e7042b293f37a213d216586fbd37434b52265ad6bbcb/cerber-0.1.0-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "8b4f3e1e687bb7c159100113f478703c", "sha256": "cb713b66d60d65701371786cb7ff27f1258a0e95e608f15d7daa89192c8fc71e" }, "downloads": -1, "filename": "cerber-0.1.0.tar.gz", "has_sig": false, "md5_digest": "8b4f3e1e687bb7c159100113f478703c", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5884, "upload_time": "2017-11-20T22:24:57", "url": "https://files.pythonhosted.org/packages/85/a1/6dda947de55009e3341b02919b71c01a7a3a79e8bdce757c7a11316f4f39/cerber-0.1.0.tar.gz" } ], "0.2.0": [ { "comment_text": "", "digests": { "md5": "5c17e445dd597a59a69d0241f20302e0", "sha256": "3647118ed8f75df4c3e5bea8ca93bcd0e7a33e75e023dac0fcc3f5874195c823" }, "downloads": -1, "filename": "cerber-0.2.0-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "5c17e445dd597a59a69d0241f20302e0", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 7163, "upload_time": "2017-11-20T22:36:29", "url": "https://files.pythonhosted.org/packages/21/48/b7fc373f7f6657b5c4533dfdfecc1766edd817eb8e7edb69a53b651a4ee8/cerber-0.2.0-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "c578ed7ef2a06634bbf73cf0cf37e3ff", "sha256": "6a3ead698dac1ed13604e406435901b873c7bf2088391ae64283780b4361f2d3" }, "downloads": -1, "filename": "cerber-0.2.0.tar.gz", "has_sig": false, "md5_digest": "c578ed7ef2a06634bbf73cf0cf37e3ff", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5916, "upload_time": "2017-11-20T22:36:30", "url": "https://files.pythonhosted.org/packages/fe/5c/7516476839910c6e9f7428af33841524424cc67e3e227f5c399e2ac99e01/cerber-0.2.0.tar.gz" } ], "0.3.0": [ { "comment_text": "", "digests": { "md5": "e3076b539df4d100d0cf8f7046b1048d", "sha256": "33e8648fd82254b98a01ac3fe47894318d078cee4a7d7dd2c164e9c4ec4ac9a9" }, "downloads": -1, "filename": "cerber-0.3.0-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "e3076b539df4d100d0cf8f7046b1048d", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 8321, "upload_time": "2017-11-22T22:34:16", "url": "https://files.pythonhosted.org/packages/a5/97/39225ba8bee90b190e4ba92bf8a5fada7d7e87c986466a4cd9e28a1a79e8/cerber-0.3.0-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "ae5ec8e8d0e03c75c7d139e7466c5ab4", "sha256": "0fb764047dc72f6a5a7d5ab1d6b1b01e9ba6719bdd9c0b084183ebf7f5709754" }, "downloads": -1, "filename": "cerber-0.3.0.tar.gz", "has_sig": false, "md5_digest": "ae5ec8e8d0e03c75c7d139e7466c5ab4", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 6445, "upload_time": "2017-11-22T22:34:18", "url": "https://files.pythonhosted.org/packages/c4/ff/70c14d92ae8652bff21a238fb7079f98b7fb698abdda91d698c646cb21b3/cerber-0.3.0.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "e3076b539df4d100d0cf8f7046b1048d", "sha256": "33e8648fd82254b98a01ac3fe47894318d078cee4a7d7dd2c164e9c4ec4ac9a9" }, "downloads": -1, "filename": "cerber-0.3.0-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "e3076b539df4d100d0cf8f7046b1048d", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 8321, "upload_time": "2017-11-22T22:34:16", "url": "https://files.pythonhosted.org/packages/a5/97/39225ba8bee90b190e4ba92bf8a5fada7d7e87c986466a4cd9e28a1a79e8/cerber-0.3.0-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "ae5ec8e8d0e03c75c7d139e7466c5ab4", "sha256": "0fb764047dc72f6a5a7d5ab1d6b1b01e9ba6719bdd9c0b084183ebf7f5709754" }, "downloads": -1, "filename": "cerber-0.3.0.tar.gz", "has_sig": false, "md5_digest": "ae5ec8e8d0e03c75c7d139e7466c5ab4", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 6445, "upload_time": "2017-11-22T22:34:18", "url": "https://files.pythonhosted.org/packages/c4/ff/70c14d92ae8652bff21a238fb7079f98b7fb698abdda91d698c646cb21b3/cerber-0.3.0.tar.gz" } ] }