module Console1984

Console 1984¶ ↑

Console1984 is an IRB-based Rails console extension that does three things:

Record console sessions with their user, reason and commands.
Protect encrypted data by showing the ciphertexts when you visualize it.
Protect access to external systems that contain sensitive information (such as Redis or Elasticsearch).

Session logging¶ ↑

The console will record the session, its user and the commands entered. The logic to persist sessions is handled by the configured session logger, which is Console1984::SessionsLogger::Database by default.

Execution of commands¶ ↑

The console will work in two modes:

Protected: It won't show encrypted information (it will show the ciphertexts instead) and it won't allow connections to protected urls.
Unprotected: it allows access to encrypted information and protected urls. The commands executed in this mode as flagged as sensitive.

Console1984::CommandExecutor handles the execution of commands applying the corresponding protection mechanisms.´

Internal tampering prevention¶ ↑

Finally, console1984 includes protection mechanisms against internal tampering while using the console. For example, to prevent the user from deleting audit trails. See Console1984::Shield and Console1984::CommandValidator to learn more.

Constants

VERSION

Public Class Methods

running_protected_environment?() click to toggle source

Returns whether the console is currently running in protected mode or not.

# File lib/console1984.rb, line 55
def running_protected_environment?
  protected_environments.collect(&:to_sym).include?(Rails.env.to_sym)
end