Add docs

phrocker · phrocker · commit 760ee5bbb87e · 2025-03-06T06:28:49.000-05:00
diff --git a/README.md b/README.md
@@ -1,10 +1,14 @@
 Sentrius
 
 ![image](docs/images/mainscreen.png)
-Sentrius is a secure shell (SSH) access management solution that integrates zero trust principles to protect your infrastructure. It is split into two primary Maven sub-projects:
+Sentrius zero trust (and if you want AI assisted) management system. to protect your infrastructure. It is split into 
+two primary Maven. Currently we only support SSH, but RDP is in the works.
+sub-projects:
 
-    core – Handles the core functionalities (e.g., SSH session management, zero trust policy enforcement).
+    core – Handles the core functionalities (e.g., SSH session management, RDP, zero trust policy enforcement).
     api – Provides a RESTful API layer to interface with the core module.
+    java-agent -- java based agent to monitor and control the ssh sessions.
+    python-agent -- python based agent to monitor and control the ssh sessions.
 
 Internally, Sentrius may still be referenced by its former name, SSO (SecureShellOps), in certain scripts or configurations.
 Table of Contents
@@ -27,7 +31,7 @@ Key Features
     Zero Trust Security
     Sentrius enforces zero trust policies, ensuring that every SSH connection is authenticated, authorized, and constantly monitored.
 
-    SSH Enclaves
+    Enclaves
     Group hosts into logical enclaves and apply role-based access control for fine-grained permissions. Simplify security oversight by separating and organizing your infrastructure.
 
     Dynamic Rules Enforcement
@@ -71,7 +75,9 @@ Prerequisites
     Java 11 or later
     Apache Maven 3.6+
     Database (PostgreSQL, MySQL, etc.) for storing session and configuration data
+    Keycloak for user authentication and authorization
     (Optional) Docker & Kubernetes if you plan to deploy on a containerized environment
+    (Optional) python 3.6+ for the python agent
 
 Installation
 
diff --git a/api/src/main/resources/application.properties b/api/src/main/resources/application.properties
@@ -57,24 +57,25 @@ spring.servlet.multipart.max-request-size=10MB
 
 #Jira integration
 #jira.base-url=https://dataguardians-team.atlassian.net/
-#jira.api-token=ATATT3xFfGF0V9aL4sFXPPWOdBpjSi_AC1zJnCj7sqgvodWu4K8lTjCNn4THIelFuKklIAlJPMDEkRORQgkuAU67wIxUycu
-# -1cIrQkr8aasnWZMq-_BJjOWaBl4Fj_ymgyuLKjLvO3LVyOmxmVRlMQovli9it298sF8FED2gzmtdJ8zKjflvYDM=9B77C294
+#jira.api-token=<your-token>
 server.error.whitelabel.enabled=false
 
 
 
 keycloak.realm=sentrius
-keycloak.base-url=http://192.168.1.162:8180
+keycloak.base-url=${KEYCLOAK_BASE_URL:http://localhost:8180}
+spring.security.oauth2.client.registration.keycloak.client-secret=${KEYCLOAK_SECRET:defaultSecret}
 
 spring.security.oauth2.client.registration.keycloak.client-id=sentrius-api
-spring.security.oauth2.client.registration.keycloak.client-secret=nGkEukexSWTvDzYjSkDmeUlM0FJ5Jhh0
 spring.security.oauth2.client.registration.keycloak.authorization-grant-type=authorization_code
-spring.security.oauth2.client.registration.keycloak.redirect-uri=http://192.168.1.162:8080/login/oauth2/code/keycloak
+spring.security.oauth2.client.registration.keycloak.redirect-uri=${BASE_URL:http://localhost:8080}/login/oauth2/code/keycloak
 spring.security.oauth2.client.registration.keycloak.scope=openid,profile,email
 
-spring.security.oauth2.resourceserver.jwt.issuer-uri=http://192.168.1.162:8180/realms/sentrius
-spring.security.oauth2.client.provider.keycloak.issuer-uri=http://192.168.1.162:8180/realms/sentrius
+spring.security.oauth2.resourceserver.jwt.issuer-uri=${KEYCLOAK_BASE_URL:http://localhost:8180}/realms/sentrius
+spring.security.oauth2.client.provider.keycloak.issuer-uri=${KEYCLOAK_BASE_URL:http://localhost:8180}/realms/sentrius
 
 management.endpoints.web.exposure.include=health
 management.endpoint.health.show-details=always
-https.required=false
+
+### change for production environments
+https.required=${HTTP_REQUIRED:true}
diff --git a/docs/images/mainscreen.png b/docs/images/mainscreen.png
diff --git a/ops-scripts/local/run-sentrius.sh b/ops-scripts/local/run-sentrius.sh
@@ -0,0 +1,75 @@
+#!/usr/bin/env bash
+
+##
+# run-sentrius.sh
+#
+# Simple script to launch Sentrius locally using Maven and environment variables.
+#
+# Usage:
+#   ./run-sentrius.sh
+#
+# You can export environment variables before calling this script or define them inline below.
+##
+
+# Fail on any error
+set -e
+
+######################################
+# 0. Parse script arguments
+######################################
+BUILD=false
+
+while [[ "$#" -gt 0 ]]; do
+  case $1 in
+    --build)
+      BUILD=true
+      ;;
+    *)
+      echo "Unknown parameter passed: $1"
+      exit 1
+      ;;
+  esac
+  shift
+done
+
+######################################
+# 1. (Optional) Build the project
+######################################
+if $BUILD; then
+  echo "Building the project..."
+  # Build from the root. If you only want to build the 'api' module, you can use:
+  #   mvn clean install -pl api -am
+  mvn clean install
+fi
+
+######################################
+# 2. Set environment variables here
+######################################
+
+# You can set these externally (e.g., via `export KEYCLOAK_SECRET=...`),
+# or define them right here:
+export KEYCLOAK_SECRET="${KEYCLOAK_SECRET:-defaultSecret}"
+export KEYCLOAK_BASE_URL="${KEYCLOAK_BASE_URL:-http://localhost:8180}"
+export HTTP_REQUIRED="${HTTP_REQUIRED:-false}"
+export BASE_URL="${BASE_URL:-http://localhost:8080}"
+
+# Adjust memory settings for your local environment
+export MIN_HEAP="${MIN_HEAP:-4096m}"
+export MAX_HEAP="${MAX_HEAP:-8192m}"
+
+######################################
+# 3. Run Maven with these settings
+######################################
+
+# build the project
+
+pushd api
+
+mvn spring-boot:run \
+  -Dspring-boot.run.jvmArguments="-Xms${MIN_HEAP} -Xmx${MAX_HEAP}"
+
+# Explanation:
+#   -Xms${MIN_HEAP} sets the initial (minimum) heap to 4GB (by default).
+#   -Xmx${MAX_HEAP} sets the maximum heap to 8GB (by default).
+
+popd
