As I wait for my developer account for Hound, I have an opportunity that I rarely capitalize on as a programmer. Planning. Also, before I start I want to say this isn’t a lot of hardcore programming… yet.
If I were to have an awesome electronic sidekick, what would he do for me? Well everything. However, for this conversation let’s talk about host security. This is a dual-purpose programming project because I also have a drive to create a quality host based security appliance without having Galahad. I don’t want to do a lot of work though because let’s be honest, there are some solid programs out there. Here’s the plan:
I’m going to leverage another Raspberry Pi as the brain. I’ll hook up some storage to it so the logs can be retained for at least a little while. This is definitely going to be the weakest link in the chain. Step one is to set up a syslog server. This will store logs from each one of my devices on my home network including the firewall. The next step is to build the database that will really act as Galahad’s brain. Most importantly, this server needs to be accessible from everywhere in my internal network. That way, as things change on my network they will be updated there. Thus allowing Galahad to have perfect situational awareness of everything on the network.
The programming part will come in to play when I actually link to this database and start taking actions based off of specific events. We’ll get a little crazy when it comes time for that. Ideally, all of this will be publicly available some day too.