wallguard

WallGuard is a server designed to manage agents installed on target machines to monitor system state, network activity, and provide secure remote access. The server interfaces with a datastore service for persistence and exposes data and remote capabilities through its API. Typical usage involves starting the WallGuard server (via Docker or a local build) and ensuring the datastore backend is reachable, so agents can register, collect metrics, and respond to remote sessions. Once running, you can monitor configuration changes, view basic network traffic data, and initiate remote sessions (SSH, TTY, or UI-based access) to managed devices. The server is designed to work with firewall-oriented deployments (PfSense, OPNSense) and supports both monitoring and remote access workflows for machines that are not easily reachable directly.

Key capabilities you can leverage include:

• Configuration Monitoring: detect changes in critical system and network configuration files to alert on drift or unauthorized modifications.
• Network Traffic Monitoring: observe baseline traffic and detect anomalies or spikes that may indicate issues or intrusions.
• System Monitoring: collect metrics such as CPU, memory, disk usage, and process information to keep the fleet healthy.
• Remote Access: establish secure sessions via SSH, TTY, or UI-based remote access to manage target devices remotely. Ensure the connected targets have the WallGuard agents installed and registered with the server for full functionality.

Prerequisites:

• A Linux-based host (Debian/Ubuntu recommended) or a compatible runtime environment
• Docker installed on the host (for the recommended deployment method)
• A datastore service (as WallGuard relies on a separate datastore for database operations)

Option A: Run WallGuard via Docker (recommended)

1. Ensure Docker is installed and running on your host.
2. Pull and run the WallGuard image: docker pull nullnet-ai-wallguard docker run -d --name wallguard -p 8080:8080 -p 9000:9000 --restart unless-stopped nullnet-ai-wallguard
3. Configure the WallGuard server to connect to your datastore (see datastore docs) via environment variables or configuration files as required by the image. Typical env vars might include DATASTORE_URL, DATASTORE_CREDENTIALS, etc. Check the image docs for exact names.
4. Verify the server is up by curling the API endpoint (e.g., http://localhost:8080/health).

Option B: Build from source (if you prefer a local build with Rust)

1. Install prerequisites: Rust toolchain, protobuf compiler, and development libraries (libpcap-dev, libprotobuf-dev).
2. Clone the WallGuard repository and follow the project-specific build steps (usually something like cargo build --release).
3. Run the built binary, ensuring it can reach the datastore service (set appropriate environment variables for datastore connectivity).
4. Expose the necessary ports and start the server, then verify with the health endpoint.

Note: WallGuard relies on a separate datastore service. Ensure your datastore instance is installed and accessible before starting WallGuard. See the datastore project at https://github.com/NullNet-ai/datastore for setup and configuration details.

Tips and common considerations:

• Datastore must be running before starting WallGuard; WallGuard will not function properly without it.
• If you run WallGuard in Docker, ensure network connectivity between the WallGuard container and the datastore container/service (consider using a Docker network or proper host networking as appropriate).
• Check environment variables for datastore connection details (URL, credentials, database name) and security settings (TLS, authentication).
• For remote access features, ensure the target agents are properly installed and registered with WallGuard, and verify firewall rules allow the necessary communication ports.
• Review the license (GNU Affero General Public License v3.0) and ensure compliance when deploying in your environment.