romtuck/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1a76740851
openclaw/docs/security/clauditor.md
Ryan (via Clawdbot) 1a76740851 docs: add Clauditor security watchdog documentation 
- Add dedicated Clauditor doc in docs/security/
- Add VPS hardening section referencing Clauditor
- Clauditor provides tamper-evident logging for production deployments
2026-01-27 07:49:24 +01:00

106 lines
3.4 KiB
Markdown
Raw Blame History

---
summary: "Tamper-resistant audit watchdog for VPS deployments"
read_when:
- You want to detect if your agent is compromised
- You need tamper-evident logging for Clawdbot activity
- You're running Clawdbot on a production VPS
---
# Clauditor
Clauditor is a security watchdog that monitors filesystem activity and creates tamper-evident logs. Even if Clawdbot is compromised, it cannot stop the watchdog, forge log entries, or delete evidence.
**GitHub:** [apollostreetcompany/clauditor](https://github.com/apollostreetcompany/clauditor)
**ClawdHub:** `clawdhub install clauditor`
## Why Clauditor?
When you give an AI agent access to your system, you're trusting it not to:
- Exfiltrate sensitive data (credentials, keys, personal files)
- Install persistence mechanisms (cron jobs, SSH keys)
- Cover its tracks by deleting logs
Clauditor creates an independent audit trail that the agent **cannot tamper with**, even if fully compromised.
## Security Model
| Component | Owner | Clawdbot Access |
|-----------|-------|-----------------|
| Daemon | sysaudit user | ❌ Cannot kill |
| HMAC Key | root:sysaudit | ❌ Cannot read |
| Log Directory | sysaudit | ❌ Cannot write |
| Logs | sysaudit | ✅ Can read (tamper-evident) |
The watchdog runs as a separate system user (`sysaudit`). Even with full control of the `clawdbot` account, an attacker cannot:
- Stop the monitoring daemon
- Forge log entries (no access to HMAC key)
- Delete evidence (no write access to logs)
## Features
- **HMAC hash-chained logs** — Any tampering breaks the chain
- **Exec monitoring** — Tracks all command executions
- **Exfiltration detection** — Flags credential reads followed by network commands
- **Baseline tracking** — Alerts on first-time command usage
- **Orphan detection** — Flags commands running when no Clawdbot session is active
- **Digest reports** — Human-readable security summaries
## Installation
Clauditor includes an interactive wizard that guides you through installation:
```bash
# Clone and build
git clone https://github.com/apollostreetcompany/clauditor.git
cd clauditor
cargo build --release
# Run the wizard (follow prompts)
./target/release/clauditor wizard status
./target/release/clauditor wizard next
# Run the sudo command it shows, then:
./target/release/clauditor wizard verify
# Repeat until complete
```
Or use the automated script:
```bash
sudo bash wizard/wizard.sh
```
## Usage
### Check daemon status
```bash
systemctl status systemd-journaldd
```
### Generate security report
```bash
# Silent mode (only outputs if issues found)
clauditor digest --log /var/lib/.sysd/.audit/events.log --key /etc/sysaudit/key
# Verbose mode (full report)
clauditor digest --log /var/lib/.sysd/.audit/events.log --key /etc/sysaudit/key --verbose
```
### Automated daily digest
```bash
# Add to root's crontab
0 6 * * * /usr/local/sbin/systemd-journaldd digest --log /var/lib/.sysd/.audit/events.log --key /etc/sysaudit/key || echo "Anomalies detected" | mail -s "Clauditor Alert" you@example.com
```
## Requirements
- Linux with systemd
- Rust toolchain (for building)
- Root access (for installation)
## Recommended For
- **Production VPS deployments** — Where Clawdbot has access to sensitive data
- **Multi-user environments** — Where audit trails matter
- **High-trust setups** — Where you've given Clawdbot elevated permissions
For local development or sandboxed environments, Clauditor is optional but still useful for understanding agent behavior patterns.
Reference in New Issue View Git Blame Copy Permalink