ScriptSentinel //a feature prototype for @WorkHorz
ScriptSentinel is a desktop utility that ensures the integrity of your script files. It leverages runtime hash comparison to detect any unauthorized changes. Upon detecting a mismatch, the application can be configured to automatically move the potentially compromised script to a designated quarantine directory, protecting your system from tampered code. Keep your operations secure and your mind at ease with ScriptSentinel.
- Keeping the list of authorised and validates files/scripts save and only allowing those to live in their dedicated directory is a key function.
- Controlling the file's integrity from an external sentinel app makes this possible.
- The final app has several layers of security to ensure a high degree of protection from the webapp running your sensitive data, to the OS running on your server.
- Public-Key Encryption is an additional layer that can give you more safety of your files/scripts
- And if possible the files can be kept in-memory to make sure the reading of their contents is fast but also safer than from the disk.
The example code here is modern C++23 open source code under GPL3, the Windows binary shows some more features that can be achieved with this concept. The binaries can be used for free but not be sold or used in any commercial context without written permission or license.
This concept of protecting scripts before execution, meaning before they could cause harm if tampered, will be included into the WorkHorz project eventually. This will include additional features to harden your scripts and the ScriptSentinel on the server or the desktop.
If your business has high needs for securing code and data, then ScriptSentinel could be the solution for you. Contact us to get this tool bespoken to your needs.