Skip to content

hinetapora/TARS

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 

Repository files navigation

TARS: Transparent Auditable Resilience System for WireGuard Deployment

TARS Logo


License: MIT Version GitHub Stars GitHub Forks GitHub Issues GitHub Pull Requests GitHub Contributors GitHub Last Commit Codecov Coverage Open Source Love Chat on Discord GitHub Sponsors

Table of Contents


Introduction

TARS (Transparent Auditable Resilience System) is an open-source solution for secure and verifiable deployment of WireGuard VPN servers. It ensures server integrity and provenance through cryptographic birth certificates and proof-of-life mechanisms. Designed to treat servers as disposable appliances, TARS allows for dynamic scaling while preserving user privacy and anonymity.


Features

  • Cryptographic Birth Certificates: Verifies the server's initial state upon deployment.
  • Proof-of-Life Signals: Regularly confirms server integrity and detects tampering.
  • User Privacy Assurance: Excludes dynamic configurations from integrity checks to maintain anonymity.
  • Scalability: Supports dynamic addition and removal of servers.
  • Open-Source: Built entirely with open-source tools and libraries.
  • Blockchain Integration: Publishes proofs to a public blockchain for transparency.

How It Works

  1. Deployment: Each server generates a cryptographic birth certificate containing its initial state.
  2. Monitoring: The server monitors every bit of its system, excluding specified dynamic files.
  3. Proof Publishing: At regular intervals, the server publishes a proof-of-life hash to a public blockchain.
  4. Verification: Any party can verify the server's integrity using the public proofs.
  5. Tamper Detection: Unauthorized changes trigger verification failures and initiate alerts.

Installation

Prerequisites

  • Operating System: Linux-based OS
  • Dependencies:
    • WireGuard
    • OpenSSL
    • Python 3.8+
    • Git

Steps

  1. Clone the Repository

    git clone https://github.com/BlorpBleep/TARS.git
    cd TARS
  2. Install Dependencies

    sudo apt-get update
    sudo apt-get install wireguard openssl python3 python3-pip
  3. Install Python Packages

    pip3 install -r requirements.txt
  4. Configure TARS

    • Edit the config.yaml file to suit your environment.
    • Specify dynamic files to exclude in the birth certificate.

Usage

Generating a Birth Certificate

Run the following command to generate a cryptographic birth certificate:

python3 tars.py --generate-birth-certificate

Starting Proof-of-Life Monitoring

To start the regular proof-of-life checks and publish proofs:

python3 tars.py --start-monitoring

Verifying Server Integrity

Use the verification script to check server integrity:

python3 verify.py --server <server_id>

Configuration

config.yaml Parameters

  • server_id: Unique identifier for the server.
  • excluded_files: List of dynamic files to exclude from integrity checks.
  • proof_interval: Time interval (in seconds) between proof-of-life publications.
  • blockchain_endpoint: API endpoint for publishing proofs to the blockchain.

Example config.yaml

server_id: "server-12345"
excluded_files:
  - "/etc/wireguard/wg0.conf"
  - "/var/log/*"
proof_interval: 3600
blockchain_endpoint: "https://blockchain.example.com/api/publish"

Contributing

We welcome contributions from the community!

How to Contribute

  1. Fork the Repository

    Click the "Fork" button at the top right of this page.

  2. Create a Feature Branch

    git checkout -b feature/YourFeature
  3. Commit Your Changes

    git commit -am 'Add your feature'
  4. Push to the Branch

    git push origin feature/YourFeature
  5. Open a Pull Request

    Submit your pull request for review.

Code of Conduct

Please read our Code of Conduct before contributing.


License

This project is licensed under the MIT License. See the LICENSE file for details.


Contact


Acknowledgments

  • WireGuard: https://www.wireguard.com
  • Ed25519 Libraries: For cryptographic operations.
  • Open-Source Community: For continuous support and contributions.

Support

If you encounter any issues or have questions, please open an issue on GitHub or contact the project maintainer.


By reimagining server deployment with cryptographic assurances, TARS aims to enhance the security and trustworthiness of VPN infrastructures in an increasingly connected world.


About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published