teserakt-io / c2 Goto Github PK

All outputs are currently sent to stderr by default, no matter if it's a regular command output or an error.

We must properly forward the regular outputs to stdout instead of stderr, and keep errors on stderr.

example:

$ ./bin/c2cli client list | head -n 2
client1
client2
client3 # head filter stdout, not stderr, so we get more
client4
$ ./bin/c2cli client list 2>&1 | head -n 2
client1
client2
$ ./bin/c2cli client list 2>/dev/null | head -n 2
# <empty>

expected:

$ ./bin/c2cli client list | head -n 2
client1
client2
$ ./bin/c2cli client list 2>/dev/null | head -n 2
client1
client2

We would need the C2 to have a /check or similar endpoint allowing to check the application availability

Can just reply with a {"status":"ok"} for now, and later provide additionnal health metrics. But for now an endpoint allowing a load balancer / heartbeat service / docker daemon to check for the application status would be great.

The C2 currently does not, and should, support the RemovePubKey, ResetPubKeys and SetC2Keys command documented in the specification here.

From the spec:

RemovePubKey: 0x04 | ID (16): removes the given client id and associated public key from the client's clientkeys table.
ResetPubKeys: 0x05: Empties the client's clientkeys table.
SetC2Key: 0x07 | PubKey (32): Instructs the device to replace the current C2 public key with the newly transmitted one (must be use with care).

cc @daeMOn63 @veorq

While testing, I ran several time in an issue, where I was creating clients with symmetric keys, with a C2 server running in pubkey mode.

 $ cat configs/config.yaml | grep crypto-mode
crypto-mode: pubkey
$ ./bin/c2cli -c ./configs/c2-cert.pem -e 127.0.0.1:5555 client create --name testClient --password <(echo -n superSecretPassword)
Client testClient created successfully

With current develop, the password is only derived to a symkey, and #17 added an extra --pubkey flag allowing to derive the password into a ed25519 key. But forgetting this flag won't throw any error until the client receive commands from the C2, which is not ideal.

Instead, we could improve by replacing the --pubkey flag by a call to the C2 server via a new http GET /e4/crypto-mode or a grpc getCryptoMode() endpoint, and deduce the derivation function to use from the response we get, and avoid any user errors.

See: https://github.com/teserakt-io/c2/blob/fb/missing-e4-commands/internal/cli/commands/clients/create.go#L50-L55

Hello Team,
I'm having difficulty setting up the server as shown in the website main page video.

can you please help? 😃

I have followed bellow steps:

./script/build.sh
docker-compose up -d
./bin/c2

P.S: If this is not the correct repo to report. please guide. Thank you. 🙏