Some beginner questions

[Florian Heigl]

Hi,

I've had a link to sandstorm on my desktop for two or three years and just found the moment to finally re-visit and try out some more.

There was a few things I couldn't find out:

- fail2ban or similar method to avoid people hammering their way in

- is there a file versioning somewhere?

- is there an audit log (I can see https://docs.sandstorm.io/en/latest/administering/for-work/ has it in features coming soon), likely not that 'soon' now, but how did people solve it for the time?

- has group management (next item there) progressed

- has someone played with integrating of shiny new things like KASM workspaces?

Finally, I wish the project and everyone enjoying it that itwill pick up again, the short test drive made clear that it would be well deserved.

[Jacob Weisz]

Hey, welcome!

Currently you'd have to put some other solution in front of Sandstorm to get fail2ban-like functionality. I don't believe Sandstorm itself logs anything you could look at for most authentication failures as in many cases they are punted out to other authentication providers, but depending on your login method of choice you probably have some options. (For instance, I use LDAP, so fail2ban could monitor the LDAP service's logs.)

For file versioning are you looking for like an automatic ability to revert to older versions of grains?

Unfortunately right now the "features coming soon" are all more of "hopefully someday" to be honest. Right now the tree of capability sharing all exists in the context of the database, but it would probably be a somewhat painful process to extract that data into something visible if you needed it. Ideally it'd show up on the "Grain Settings" tab with has room for more detailed information than the sharing dropdown. Group management will hopefully be something addressed more heavily in Tempest than it was in Sandstorm. There are some concepts around "keyrings" to make it easier to share capabilities between people.

I know of at least one or two experimental projects involving bridging desktop screens or screen sharing into Sandstorm apps, but nothing that is production-ready. I think there's a deeply untapped market of apps and tools that could be integrated into Sandstorm's model but in many cases, nobody has even tried! The powerbox is one of those things that came very late in Sandstorm's more active development period, not a ton has been built on top of it despite it opening up such a wider array of possibilities.

Note also that we are moving to https://groups.io/g/sandstorm-user-group and https://groups.io/g/sandstorm-dev-group though we will generally keep responding here as well. =)

--

  Jacob Weisz

  goo...@jacobweisz.com

--

You received this message because you are subscribed to the Google Groups "Sandstorm Development" group.

To unsubscribe from this group and stop receiving emails from it, send an email to sandstorm-de...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/sandstorm-dev/c50420c0-c4c7-461c-a196-ce2ffc392ac2n%40googlegroups.com.