codecov

LeGuichet RER

Le-Guichet

Le-Guichet is a prototype of a decontamination station aka "white station" written in Rust, fast, secure and multithreaded.

Untrusted files are deposited (via a chrooted sftp) in the entry window (in) and scanned by an antivirus server (clamd API). If a file is considered unhealthy, it is logged and immediately deleted. Files considered as healthy are logged and hashed (sha512) and sent to the transit window through a unidirectional software diode (named pipe) where they are logged and hashed again. Finally, files in transit are transfered to the output window through another software diode.

Security

Network flow charts:

LeGuichet schema

```mermaid

graph LR

A(Untrusted files) -- sftp --> B

B[Guichet-In] -- Scan --> C((Clamd))

C -- Ok/Suppress --> B

B -- Write only access --> E{Diode}

F[Guichet-Transit] -- Read only access --> E

F -- Write only access --> G{Diode}

H[Guichet-Out] -- Read only access --> G

H -- sftp --> I(Trusted files + sha512)

```

Demo Video

Le-Guichet demo video

Installation

bash git clone https://gitlab.com/r3dlight/leguichet.git - Get some help:

bash make help

bash make test

bash make audit

bash make build

bash sudo make install

To uninstall Le-Guichet:

bash sudo make uninstall

To do: