|
|
|
This section tries to outline Bashhub's practices to address Security and Privacy.
|
|
|
|
|
|
|
|
##Communication
|
|
|
|
####HTTPS
|
|
|
|
## Communication
|
|
|
|
#### HTTPS
|
|
|
|
|
|
|
|
|
|
|
|
All communication to Bashhub is over HTTPS. Bashhub's client uses [requests](https://github.com/kennethreitz/requests) to communicate with the server.
|
|
|
|
|
|
|
|
##Storage
|
|
|
|
## Storage
|
|
|
|
|
|
|
|
####Storage Level Encryption
|
|
|
|
#### Storage Level Encryption
|
|
|
|
All commands are stored in a non-relational database that is encrypted at rest using [storage level encryption via LUKS](https://gist.github.com/jamiekurtz/8f8d1f95da58bf741ee5).
|
|
|
|
|
|
|
|
####Text Search
|
|
|
|
#### Text Search
|
|
|
|
To support text search on the server side, commands are not encrypted at the application layer. Searching would require decrypting commands on demand. A full search experience requires there to be a text index on the commands themselves.
|
|
|
|
|
|
|
|
## Privacy
|
| ... | ... | @@ -38,7 +38,7 @@ Instead of prompting, you could also set an environment variable. |
|
|
|
$ mysql -u "$DB_USER" -p "$DB_PASSWORD" # This is better practice.
|
|
|
|
```
|
|
|
|
|
|
|
|
##Filtering Commands
|
|
|
|
## Filtering Commands
|
|
|
|
You can filter commands from being recorded to Bashhub via a regex set to the environment variable `BH_FILTER`. These commands will be ignored and omittted from Bashhub.
|
|
|
|
|
|
|
|
```bash
|
| ... | ... | @@ -58,7 +58,7 @@ mysql -u root -p plain-text-password |
|
|
|
Is Filtered. Matched ['-p']
|
|
|
|
```
|
|
|
|
|
|
|
|
##Disabling recording commands
|
|
|
|
## Disabling recording commands
|
|
|
|
You can turn on/off recording to Bashhub via `bashhub on` and `bashhub off`. By default this only affects the current bash session.
|
|
|
|
|
|
|
|
```bash
|
| ... | ... | |
