Clauditor
Security watchdog that monitors filesystem activity and creates tamper-evident logs. Even if Clawdbot is compromised, it cannot stop the watchdog, forge entries, or delete evidence.
Installation (Guided)
Use the CLI wizard to guide users through installation:
CODEBLOCK0
Agent Workflow
- 1. Check status: �INLINECODE0
- Returns JSON with
current_step (1-6) and
complete (true/false)
- 2. Get next step: �INLINECODE3
- Shows WHAT it does, WHY it matters, and the exact COMMAND to run
- 3. User runs the sudo command
- 4. Verify: �INLINECODE4
- Confirms step completed
- 5. Repeat until
complete: true
Example Interaction
CODEBLOCK1
After Installation
Check status
�CODEBLOCK2
Generate digest
�CODEBLOCK3
Quick Install (Power Users)
CODEBLOCK4
Configuration
- - Config: �INLINECODE6
- Key: �INLINECODE7
- Logs: �INLINECODE8
Edit config to customize watch_paths and target_uid.
Clauditor
安全监控工具,用于监视文件系统活动并创建防篡改日志。即使Clawdbot被攻破,也无法阻止监控程序、伪造条目或删除证据。
安装(引导式)
使用CLI向导引导用户完成安装:
bash
cd /path/to/clauditor
cargo build --release
代理工作流程
- 1. 检查状态: ./target/release/clauditor wizard status
- 返回包含 current_step(1-6)和 complete(true/false)的JSON
- 2. 获取下一步: ./target/release/clauditor wizard next
- 显示操作内容、重要性说明以及需要运行的确切命令
- 3. 用户运行sudo命令
- 4. 验证: ./target/release/clauditor wizard verify
- 确认步骤已完成
- 5. 重复直至 complete: true
交互示例
用户:安装clauditor
代理:[运行wizard status → current_step: 1]
代理:第1步,共6步:创建系统用户
这将创建一个运行监控程序的sysaudit用户。即使系统被攻破,
也无法终止其他用户拥有的进程。
请运行以下命令:
sudo useradd --system --shell /usr/sbin/nologin --no-create-home sysaudit
完成后请告知。
用户:完成
代理:[运行wizard verify → 成功]
代理:[运行wizard next → 第2步...]
安装后
检查状态
bash
systemctl status systemd-journaldd
生成摘要
bash
./target/release/clauditor digest \
--log /var/lib/.sysd/.audit/events.log \
--key /etc/sysaudit/key \
--format markdown
快速安装(高级用户)
bash
sudo bash wizard/wizard.sh
配置
- - 配置文件:/etc/sysaudit/config.toml
- 密钥:/etc/sysaudit/key
- 日志:/var/lib/.sysd/.audit/events.log
编辑配置文件以自定义 watchpaths 和 targetuid。
