GeneralBots/botbook
2
2
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add security protection tools documentation

Browse source 
- Create protection-tools.md with comprehensive documentation
- Explain root access requirement and security model
- Document sudoers configuration (no wildcards)
- Add API reference and troubleshooting guide
- Update SUMMARY.md with new entry
This commit is contained in:
Rodrigo Rodriguez (Pragmatismo) 2026-01-10 09:41:19 -03:00
parent 6964eae250
commit 965456b777
6 changed files with 1329 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

225
src/04-gbui/apps/billing.md Normal file
View file

@ -0,0 +1,225 @@
# Billing - Invoices, Payments & Quotes
> **Manage your financial transactions from quote to payment**
---
## Overview
Billing is your complete invoicing solution following Microsoft Dynamics nomenclature. Create quotes for opportunities, convert them to invoices, and track payments through to completion.
---
## Key Concepts (Dynamics Nomenclature)
| Entity | Description |
|--------|-------------|
| **Quote** | Price quotation sent to prospect/customer |
| **Invoice** | Bill sent to customer for payment |
| **Payment** | Payment received against an invoice |
### Entity Flow
```
Quote ──(accept)──► Invoice ──(pay)──► Payment
```
---
## Features
### Invoices Management
Track all your billing documents:
- **Invoice Number** - Unique identifier
- **Account** - Customer being billed
- **Date** - Invoice creation date
- **Due Date** - Payment deadline
- **Amount** - Total invoice value
- **Status** - Draft, Sent, Paid, Overdue, Cancelled
### Invoice Statuses
| Status | Description |
|--------|-------------|
| **Draft** | Invoice being prepared, not yet sent |
| **Sent** | Invoice delivered to customer |
| **Paid** | Payment received in full |
| **Overdue** | Past due date, unpaid |
| **Cancelled** | Invoice voided |
### Payments
Record and track incoming payments:
- **Payment ID** - Unique identifier
- **Invoice** - Associated invoice
- **Account** - Paying customer
- **Date** - Payment received date
- **Amount** - Payment amount
- **Method** - Payment method used
### Payment Methods
| Method | Description |
|--------|-------------|
| **Bank Transfer** | Wire/ACH transfer |
| **Credit Card** | Card payment |
| **PIX** | Brazilian instant payment |
| **Boleto** | Brazilian bank slip |
| **Cash** | Cash payment |
### Quotes
Create proposals for potential deals:
- **Quote Number** - Unique identifier
- **Account** - Customer receiving quote
- **Opportunity** - Associated sales opportunity
- **Date** - Quote creation date
- **Valid Until** - Expiration date
- **Amount** - Total quoted value
- **Status** - Draft, Sent, Accepted, Rejected, Expired
---
## Summary Dashboard
Real-time financial metrics:
| Metric | Description |
|--------|-------------|
| **Pending** | Total value of unpaid invoices |
| **Overdue** | Total value past due date |
| **Paid This Month** | Payments received this month |
| **Revenue This Month** | Total revenue for current month |
---
## Navigation Tabs
| Tab | View |
|-----|------|
| **Invoices** | All invoice records |
| **Payments** | Payment history |
| **Quotes** | Price quotations |
---
## API Endpoints
| Endpoint | Method | Description |
|----------|--------|-------------|
| `/api/billing/invoices` | GET | List invoices with filters |
| `/api/billing/invoices` | POST | Create new invoice |
| `/api/billing/invoices/:id` | GET | Get invoice details |
| `/api/billing/invoices/:id` | PUT | Update invoice |
| `/api/billing/invoices/:id/send` | POST | Mark invoice as sent |
| `/api/billing/invoices/:id/cancel` | POST | Cancel invoice |
| `/api/billing/invoices/export` | GET | Export invoices |
| `/api/billing/payments` | GET | List payments |
| `/api/billing/payments` | POST | Record new payment |
| `/api/billing/quotes` | GET | List quotes |
| `/api/billing/quotes` | POST | Create new quote |
| `/api/billing/quotes/:id/accept` | POST | Convert quote to invoice |
| `/api/billing/search` | GET | Search billing records |
| `/api/billing/stats/*` | GET | Get billing statistics |
---
## @ Mentions in Chat
Reference billing entities directly in chat:
| Mention | Example |
|---------|---------|
| `@invoice:` | @invoice:INV-2024-001 |
Hover over a mention to see invoice details. Click to navigate to the record.
---
## Filtering Options
### Invoice Filters
| Filter | Options |
|--------|---------|
| **Status** | All, Draft, Sent, Paid, Overdue, Cancelled |
| **Period** | All Time, This Month, This Quarter, This Year |
### Payment Filters
| Filter | Options |
|--------|---------|
| **Method** | All Methods, Bank Transfer, Credit Card, PIX, Boleto, Cash |
### Quote Filters
| Filter | Options |
|--------|---------|
| **Status** | All, Draft, Sent, Accepted, Rejected, Expired |
---
## Keyboard Shortcuts
| Shortcut | Action |
|----------|--------|
| `N` | New invoice (when in Billing) |
| `Escape` | Close modal |
| `/` | Focus search |
---
## Integration with CRM
Billing integrates seamlessly with CRM:
1. **Quote from Opportunity** - Create quotes linked to opportunities
2. **Convert on Win** - When opportunity is won, convert quote to invoice
3. **Account Linking** - Invoices automatically linked to customer accounts
---
## Best Practices
### Invoice Management
1. **Send promptly** - Issue invoices immediately after delivery
2. **Set clear terms** - Include payment terms and due dates
3. **Follow up** - Track overdue invoices proactively
### Payment Tracking
1. **Record immediately** - Log payments as soon as received
2. **Match correctly** - Ensure payments match the right invoices
3. **Reconcile regularly** - Review payment records weekly
### Quote Management
1. **Include details** - List all line items with descriptions
2. **Set expiration** - Use reasonable validity periods
3. **Follow up** - Check on pending quotes before expiration
---
## Reports
Available in Analytics:
| Report | Description |
|--------|-------------|
| **Revenue Summary** | Total revenue over time |
| **Aging Report** | Overdue invoices by age |
| **Payment History** | Payments received over time |
| **Monthly Revenue** | Month-over-month comparison |
---
## See Also
- [CRM](./crm.md) — Link invoices to accounts and opportunities
- [Products](./products.md) — Add products to invoices and quotes
- [Analytics](./analytics.md) — Billing reports and dashboards

205
src/04-gbui/apps/crm.md Normal file
View file

@ -0,0 +1,205 @@
# CRM - Customer Relationship Management
> **Manage your sales pipeline from lead to close**
---
## Overview
CRM is your complete sales management solution following Microsoft Dynamics nomenclature. Track leads through qualification, manage opportunities in a visual pipeline, and convert them to accounts and contacts when deals close.
---
## Key Concepts (Dynamics Nomenclature)
| Entity | Description |
|--------|-------------|
| **Lead** | Unqualified prospect - someone who might become a customer |
| **Opportunity** | Qualified lead in the active sales process |
| **Account** | Company/organization (converted customer) |
| **Contact** | Person at an Account |
| **Activity** | Tasks, calls, emails linked to any entity |
### Entity Flow
```
Lead ──(qualify)──► Opportunity ──(convert)──► Account + Contact
```
---
## Features
### Pipeline View (Kanban)
The default view shows your sales pipeline as a Kanban board with drag-and-drop functionality:
| Stage | Description |
|-------|-------------|
| **Lead** | New unqualified prospects |
| **Qualified** | Leads that meet your criteria |
| **Proposal** | Opportunities with sent proposals |
| **Negotiation** | Active deal discussions |
| **Won** | Successfully closed deals |
| **Lost** | Deals that didn't close |
**Drag cards between columns** to update opportunity stages instantly.
### Leads Management
Track and qualify incoming prospects:
- **Name** - Contact name
- **Company** - Organization name
- **Email** - Primary contact email
- **Phone** - Contact phone number
- **Source** - Where the lead came from (web, referral, event, etc.)
- **Status** - New, Contacted, Qualified
### Opportunities
Manage active sales deals:
- **Opportunity Name** - Deal identifier
- **Account** - Associated company
- **Value** - Expected deal amount
- **Stage** - Current pipeline position
- **Probability** - Win likelihood percentage
- **Expected Close** - Target close date
- **Owner** - Sales representative
### Accounts
Company records for your customers:
- **Account Name** - Company name
- **Industry** - Business sector
- **Phone** - Main phone number
- **City** - Location
- **Annual Revenue** - Company size indicator
- **Contacts** - Number of associated contacts
### Contacts
People at your customer accounts:
- **Name** - Full name
- **Account** - Associated company
- **Title** - Job title/role
- **Email** - Contact email
- **Phone** - Direct phone
---
## Pipeline Summary Metrics
Real-time dashboard showing:
| Metric | Description |
|--------|-------------|
| **Total Pipeline Value** | Sum of all active opportunity values |
| **Conversion Rate** | Percentage of leads that convert to wins |
| **Avg Deal Size** | Average value of won opportunities |
| **Won This Month** | Total value closed this month |
---
## Navigation Tabs
| Tab | View |
|-----|------|
| **Pipeline** | Kanban board of opportunities |
| **Leads** | Table of all leads |
| **Opportunities** | Table of all opportunities |
| **Accounts** | Table of all accounts |
| **Contacts** | Table of all contacts |
---
## API Endpoints
| Endpoint | Method | Description |
|----------|--------|-------------|
| `/api/crm/leads` | GET | List leads with filters |
| `/api/crm/leads` | POST | Create new lead |
| `/api/crm/leads/:id` | GET | Get lead details |
| `/api/crm/leads/:id` | PUT | Update lead |
| `/api/crm/leads/:id/qualify` | POST | Qualify lead to opportunity |
| `/api/crm/opportunities` | GET | List opportunities |
| `/api/crm/opportunities` | POST | Create opportunity |
| `/api/crm/opportunity/:id/stage` | POST | Update opportunity stage |
| `/api/crm/accounts` | GET | List accounts |
| `/api/crm/accounts` | POST | Create account |
| `/api/crm/contacts` | GET | List contacts |
| `/api/crm/contacts` | POST | Create contact |
| `/api/crm/pipeline` | GET | Get pipeline data by stage |
| `/api/crm/count` | GET | Get counts by stage |
| `/api/crm/stats/*` | GET | Get various statistics |
| `/api/crm/search` | GET | Search across all CRM entities |
---
## @ Mentions in Chat
Reference CRM entities directly in chat conversations:
| Mention | Example |
|---------|---------|
| `@lead:` | @lead:John Smith |
| `@opportunity:` | @opportunity:Enterprise Deal |
| `@account:` | @account:Acme Corp |
| `@contact:` | @contact:Jane Doe |
Hover over a mention to see entity details. Click to navigate to the record.
---
## Keyboard Shortcuts
| Shortcut | Action |
|----------|--------|
| `N` | New lead (when in CRM) |
| `Escape` | Close modal |
| `/` | Focus search |
---
## Filtering Options
### Leads Filter
- All Leads
- New
- Contacted
- Qualified
---
## Best Practices
### Lead Management
1. **Respond quickly** - Follow up on new leads within 24 hours
2. **Qualify early** - Move quality leads to Opportunities promptly
3. **Track source** - Know where your best leads come from
### Pipeline Health
1. **Update stages daily** - Keep pipeline accurate
2. **Set realistic close dates** - Update Expected Close as needed
3. **Review weekly** - Identify stuck opportunities
### Data Quality
1. **Complete profiles** - Fill in all available information
2. **Link contacts to accounts** - Maintain relationships
3. **Log activities** - Track all customer interactions
---
## See Also
- [Billing](./billing.md) — Create invoices from won opportunities
- [Products](./products.md) — Add products to quotes and invoices
- [Analytics](./analytics.md) — CRM reports and dashboards
- [Tasks](./tasks.md) — Create follow-up tasks from CRM

244
src/04-gbui/apps/products.md Normal file
View file

@ -0,0 +1,244 @@
# Products - Product & Service Catalog
> **Manage your complete product and service offerings**
---
## Overview
Products is your catalog management solution following Microsoft Dynamics nomenclature. Maintain your product inventory, service offerings, and price lists for use across CRM quotes and billing invoices.
---
## Key Concepts (Dynamics Nomenclature)
| Entity | Description |
|--------|-------------|
| **Product** | Physical or digital item for sale |
| **Service** | Service offering (hourly, fixed, recurring) |
| **Price List** | Pricing tier with currency and validity dates |
### Entity Relationships
```
Product/Service ──► Price List ──► Quote/Invoice Line Items
```
---
## Features
### Product Catalog
Manage your product inventory:
- **Name** - Product name
- **Description** - Product details
- **SKU** - Stock keeping unit code
- **Category** - Product classification
- **Price** - Base price
- **Unit** - Unit of measure
- **Status** - Active or Inactive
### Product Categories
| Category | Description |
|----------|-------------|
| **Software** | Software licenses and subscriptions |
| **Hardware** | Physical equipment and devices |
| **Subscription** | Recurring subscription products |
| **Consulting** | Consulting packages |
| **Training** | Training courses and materials |
| **Support** | Support packages and plans |
### Services
Track your service offerings:
- **Name** - Service name
- **Description** - Service details
- **Type** - Billing type (hourly, fixed, recurring)
- **Price** - Service rate
- **Unit** - Billing unit (hour, project, month)
- **Status** - Active or Inactive
### Service Types
| Type | Description |
|------|-------------|
| **Hourly** | Billed per hour worked |
| **Fixed Price** | One-time fixed amount |
| **Recurring** | Monthly/annual subscription |
### Price Lists
Manage pricing across different contexts:
- **Name** - Price list name
- **Description** - Purpose or context
- **Currency** - USD, EUR, BRL, GBP, etc.
- **Items** - Number of products/services included
- **Valid From** - Start date
- **Valid To** - End date
- **Default** - Is this the default price list?
---
## Summary Dashboard
Real-time catalog metrics:
| Metric | Description |
|--------|-------------|
| **Total Products** | Number of products in catalog |
| **Total Services** | Number of services offered |
| **Active Items** | Currently active products and services |
| **Price Lists** | Number of configured price lists |
---
## Navigation Tabs
| Tab | View |
|-----|------|
| **Catalog** | Product grid/list view |
| **Services** | Service table |
| **Price Lists** | Price list management |
---
## View Options
The catalog supports two view modes:
| View | Description |
|------|-------------|
| **Grid** | Visual card layout (default) |
| **List** | Compact table layout |
Toggle between views using the view buttons in the toolbar.
---
## API Endpoints
| Endpoint | Method | Description |
|----------|--------|-------------|
| `/api/products/items` | GET | List products with filters |
| `/api/products/items` | POST | Create new product |
| `/api/products/items/:id` | GET | Get product details |
| `/api/products/items/:id` | PUT | Update product |
| `/api/products/items/:id` | DELETE | Delete product |
| `/api/products/services` | GET | List services |
| `/api/products/services` | POST | Create new service |
| `/api/products/services/:id` | GET | Get service details |
| `/api/products/pricelists` | GET | List price lists |
| `/api/products/pricelists` | POST | Create new price list |
| `/api/products/pricelists/:id` | GET | Get price list details |
| `/api/products/pricelists/:id/items` | GET | Get items in price list |
| `/api/products/search` | GET | Search products and services |
| `/api/products/stats/*` | GET | Get catalog statistics |
---
## @ Mentions in Chat
Reference products directly in chat:
| Mention | Example |
|---------|---------|
| `@product:` | @product:Enterprise License |
Hover over a mention to see product details. Click to navigate to the record.
---
## Filtering Options
### Catalog Filters
| Filter | Options |
|--------|---------|
| **Category** | All, Software, Hardware, Subscription, Consulting, Training, Support |
| **Status** | Active, All, Inactive |
### Service Filters
| Filter | Options |
|--------|---------|
| **Type** | All Types, Hourly, Fixed Price, Recurring |
### Price List Filters
| Filter | Options |
|--------|---------|
| **Currency** | All Currencies, USD, EUR, BRL, GBP |
---
## Keyboard Shortcuts
| Shortcut | Action |
|----------|--------|
| `N` | New product (when in Products) |
| `Escape` | Close modal |
| `/` | Focus search |
| `G` | Toggle grid/list view |
---
## Integration with Billing
Products integrate with the billing system:
1. **Quote Line Items** - Add products/services to quotes
2. **Invoice Line Items** - Products appear on invoices
3. **Price List Selection** - Choose appropriate price list per quote/invoice
4. **Automatic Pricing** - Prices pulled from selected price list
---
## Best Practices
### Catalog Management
1. **Use clear names** - Make products easily identifiable
2. **Complete descriptions** - Include all relevant details
3. **Assign SKUs** - Use consistent SKU naming conventions
4. **Categorize properly** - Assign appropriate categories
### Pricing Strategy
1. **Multiple price lists** - Create lists for different markets/customers
2. **Set validity dates** - Use date ranges for promotional pricing
3. **Mark defaults** - Designate default price list per currency
4. **Review regularly** - Update pricing as needed
### Service Offerings
1. **Define scope** - Clear descriptions prevent misunderstandings
2. **Set appropriate units** - Choose billing units that match delivery
3. **Track utilization** - Monitor which services sell best
---
## Multi-Currency Support
Price lists support multiple currencies:
| Currency | Code |
|----------|------|
| US Dollar | USD |
| Euro | EUR |
| Brazilian Real | BRL |
| British Pound | GBP |
Create separate price lists for each currency you operate in.
---
## See Also
- [CRM](./crm.md) — Add products to opportunities
- [Billing](./billing.md) — Include products in invoices and quotes
- [Analytics](./analytics.md) — Product performance reports

252
src/04-gbui/apps/tickets.md Normal file
View file

@ -0,0 +1,252 @@
# Tickets - AI-Assisted Support Cases
> **Manage customer support with AI-powered resolution suggestions**
---
## Overview
Tickets is your AI-assisted support system following Microsoft Dynamics nomenclature. Create and manage support cases, track resolution times, and leverage AI to suggest solutions and automate common responses.
---
## Key Concepts (Dynamics Nomenclature)
| Entity | Description |
|--------|-------------|
| **Case** | Support ticket/request from a customer |
| **Resolution** | AI-suggested or manual solution to a case |
| **Activity** | Actions taken on a case (responses, calls, etc.) |
---
## Features
### Case Management
Track and resolve customer support requests:
- **Case Number** - Unique identifier
- **Subject** - Brief description of the issue
- **Account** - Customer reporting the issue
- **Contact** - Person who reported the issue
- **Priority** - Urgency level
- **Status** - Current case state
- **Category** - Issue classification
- **Description** - Full issue details
- **Assigned To** - Support agent handling the case
### Case Statuses
| Status | Description |
|--------|-------------|
| **Open** | New case awaiting attention |
| **Pending** | Waiting for customer response or external input |
| **In Progress** | Being actively worked on |
| **Resolved** | Solution provided, awaiting confirmation |
| **Closed** | Case completed and closed |
### Priority Levels
| Priority | Description |
|----------|-------------|
| **Critical** | System down, immediate attention required |
| **High** | Major issue affecting business operations |
| **Medium** | Standard issue with workaround available |
| **Low** | Minor issue or general inquiry |
### AI Assistance
The AI assistant helps with:
- **Auto-categorization** - Automatically classify incoming cases
- **Solution Suggestions** - Recommend resolutions based on similar cases
- **Response Templates** - Generate contextual reply drafts
- **Priority Detection** - Identify urgent cases from description
- **Knowledge Search** - Find relevant KB articles automatically
---
## Summary Dashboard
Real-time support metrics:
| Metric | Description |
|--------|-------------|
| **Open Cases** | Number of unresolved cases |
| **Urgent** | Cases with critical/high priority |
| **Resolved Today** | Cases closed today |
| **AI Resolved** | Percentage of cases resolved by AI |
---
## Navigation Tabs
| Tab | View |
|-----|------|
| **All Cases** | Complete case list |
| **Open** | Only open cases |
| **Pending** | Cases awaiting response |
| **Resolved** | Completed cases |
---
## API Endpoints
| Endpoint | Method | Description |
|----------|--------|-------------|
| `/api/tickets` | GET | List cases with filters |
| `/api/tickets` | POST | Create new case |
| `/api/tickets/:id` | GET | Get case details |
| `/api/tickets/:id` | PUT | Update case |
| `/api/tickets/:id/resolve` | POST | Mark case as resolved |
| `/api/tickets/:id/close` | POST | Close case |
| `/api/tickets/:id/reopen` | POST | Reopen closed case |
| `/api/tickets/:id/assign` | POST | Assign to agent |
| `/api/tickets/:id/activities` | GET | Get case activities |
| `/api/tickets/:id/activities` | POST | Add activity to case |
| `/api/tickets/:id/ai-suggest` | GET | Get AI resolution suggestions |
| `/api/tickets/search` | GET | Search cases |
| `/api/tickets/stats/*` | GET | Get support statistics |
---
## @ Mentions in Chat
Reference cases directly in chat conversations:
| Mention | Example |
|---------|---------|
| `@case:` | @case:CS-2024-001 |
Hover over a mention to see case details. Click to navigate to the record.
---
## Filtering Options
### Status Filters
| Filter | Options |
|--------|---------|
| **Status** | All, Open, Pending, In Progress, Resolved, Closed |
### Priority Filters
| Filter | Options |
|--------|---------|
| **Priority** | All, Critical, High, Medium, Low |
### Category Filters
| Filter | Options |
|--------|---------|
| **Category** | All, Technical, Billing, General, Feature Request |
---
## Keyboard Shortcuts
| Shortcut | Action |
|----------|--------|
| `N` | New case (when in Tickets) |
| `Escape` | Close modal |
| `/` | Focus search |
| `R` | Reply to selected case |
---
## AI Resolution Flow
1. **Case Created** - Customer submits support request
2. **AI Analysis** - System analyzes case description
3. **Auto-Categorize** - Priority and category assigned
4. **Suggest Solutions** - AI finds similar resolved cases
5. **Generate Response** - Draft reply created for review
6. **Agent Review** - Support agent approves or modifies
7. **Resolution** - Customer receives response
---
## Integration with CRM
Tickets integrates with your CRM data:
1. **Account Linking** - Cases linked to customer accounts
2. **Contact Association** - Track who reported each issue
3. **History Access** - View customer's previous cases
4. **Activity Sync** - Support activities appear in CRM timeline
---
## Best Practices
### Case Management
1. **Respond quickly** - Acknowledge cases within SLA
2. **Set accurate priority** - Ensure urgent issues get attention
3. **Document thoroughly** - Record all resolution steps
4. **Update status** - Keep case status current
### Using AI Assistance
1. **Review suggestions** - Always verify AI recommendations
2. **Train the model** - Mark good suggestions to improve accuracy
3. **Personalize responses** - Edit AI drafts for customer context
4. **Escalate when needed** - Don't rely on AI for complex issues
### SLA Management
1. **Define SLAs** - Set response and resolution time targets
2. **Monitor compliance** - Track SLA performance
3. **Escalate proactively** - Flag cases approaching SLA breach
---
## Reports
Available in Analytics:
| Report | Description |
|--------|-------------|
| **Open Cases by Priority** | Distribution of active cases |
| **Resolution Time** | Average time to resolve by category |
| **Cases by Category** | Volume breakdown by issue type |
| **AI Resolution Rate** | Percentage resolved with AI assistance |
| **Agent Performance** | Cases handled per agent |
| **SLA Compliance** | Percentage meeting SLA targets |
---
## Case Categories
| Category | Description |
|----------|-------------|
| **Technical** | Product bugs, errors, technical issues |
| **Billing** | Invoice questions, payment issues |
| **General** | General inquiries, how-to questions |
| **Feature Request** | Suggestions for new features |
---
## Activity Types
Activities logged on cases:
| Activity | Description |
|----------|-------------|
| **Email** | Email sent to/from customer |
| **Phone Call** | Phone conversation logged |
| **Note** | Internal note added |
| **Status Change** | Case status updated |
| **Assignment** | Case reassigned |
| **Resolution** | Solution provided |
---
## See Also
- [CRM](./crm.md) — Link cases to accounts and contacts
- [Chat](./chat.md) — AI assistant for support queries
- [Analytics](./analytics.md) — Support reports and dashboards
- [Tasks](./tasks.md) — Create follow-up tasks from cases

398
src/23-security/protection-tools.md Normal file
View file

@ -0,0 +1,398 @@
# Security Protection Tools
The Security Protection module provides comprehensive host-level security through integration with industry-standard Linux security tools. This module allows administrators to manage security audits, rootkit detection, intrusion detection, and malware scanning through the General Bots UI.
## Overview
### Architecture
```
┌─────────────────────────────────────────────────────────────┐
│ Browser / UI │
│ (Security → Protection tab) │
└─────────────────────────────────────────────────────────────┘
▼ HTMX/API calls
┌─────────────────────────────────────────────────────────────┐
│ botserver (port 8088) │
│ /api/v1/security/protection/* │
└─────────────────────────────────────────────────────────────┘
▼ sudo (via sudoers)
┌─────────────────────────────────────────────────────────────┐
│ Host System (Linux) │
│ ┌─────────┐ ┌─────────┐ ┌──────────┐ ┌─────────┐ │
│ │ Lynis │ │RKHunter │ │Chkrootkit│ │Suricata │ │
│ └─────────┘ └─────────┘ └──────────┘ └─────────┘ │
│ ┌─────────┐ ┌─────────┐ │
│ │ ClamAV │ │ LMD │ │
│ └─────────┘ └─────────┘ │
└─────────────────────────────────────────────────────────────┘
```
### Tools Included
| Tool | Purpose | Type |
|------|---------|------|
| **Lynis** | Security auditing and hardening | Audit |
| **RKHunter** | Rootkit detection | Scanner |
| **Chkrootkit** | Rootkit detection | Scanner |
| **Suricata** | Network intrusion detection/prevention | IDS/IPS |
| **ClamAV** | Antivirus scanning | Antivirus |
| **LMD** | Linux Malware Detect | Malware Scanner |
## Installation
### Requirements
> **⚠️ IMPORTANT: Root Access Required**
>
> Unlike other botserver components that run in containers, Security Protection tools run on the **host system** and require **root privileges** for installation.
The installation process:
1. Installs security packages via `apt-get`
2. Installs Linux Malware Detect (LMD) from source
3. Creates a sudoers configuration for runtime execution
4. Updates security databases
### Install Command
```bash
sudo botserver install protection
```
This command must be run as root (via `sudo`) because it:
- Installs system packages
- Writes to `/etc/sudoers.d/`
- Updates system security databases
### What Gets Installed
**Packages (via apt-get):**
- `lynis` - Security auditing tool
- `rkhunter` - Rootkit Hunter
- `chkrootkit` - Rootkit checker
- `suricata` - Network IDS/IPS
- `clamav` - Antivirus engine
- `clamav-daemon` - ClamAV daemon service
**From Source:**
- Linux Malware Detect (LMD/maldetect)
**Configuration:**
- `/etc/sudoers.d/gb-protection` - Allows botserver to execute security commands without password
### Verify Installation
Check the status of installed protection tools:
```bash
botserver status protection
```
This shows:
- Which tools are installed
- Whether sudoers is properly configured
- Tool versions
## Security Model
### Why Root Access?
Security tools need elevated privileges because they:
1. **Scan system files** - Access to `/etc`, `/var`, `/usr` requires root
2. **Manage services** - Starting/stopping Suricata/ClamAV requires systemctl
3. **Update databases** - Signature updates write to protected directories
4. **Detect rootkits** - Checking kernel modules and hidden processes needs root
### Sudoers Configuration
The installation creates `/etc/sudoers.d/gb-protection` with **exact command specifications** (no wildcards):
```sudoers
# Lynis - security auditing
gbuser ALL=(ALL) NOPASSWD: /usr/bin/lynis audit system
gbuser ALL=(ALL) NOPASSWD: /usr/bin/lynis audit system --quick
gbuser ALL=(ALL) NOPASSWD: /usr/bin/lynis audit system --quick --no-colors
gbuser ALL=(ALL) NOPASSWD: /usr/bin/lynis audit system --no-colors
# RKHunter - rootkit detection
gbuser ALL=(ALL) NOPASSWD: /usr/bin/rkhunter --check --skip-keypress
gbuser ALL=(ALL) NOPASSWD: /usr/bin/rkhunter --check --skip-keypress --report-warnings-only
gbuser ALL=(ALL) NOPASSWD: /usr/bin/rkhunter --update
# Chkrootkit - rootkit detection
gbuser ALL=(ALL) NOPASSWD: /usr/bin/chkrootkit
gbuser ALL=(ALL) NOPASSWD: /usr/bin/chkrootkit -q
# Suricata - IDS/IPS service management
gbuser ALL=(ALL) NOPASSWD: /usr/bin/systemctl start suricata
gbuser ALL=(ALL) NOPASSWD: /usr/bin/systemctl stop suricata
gbuser ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart suricata
gbuser ALL=(ALL) NOPASSWD: /usr/bin/systemctl enable suricata
gbuser ALL=(ALL) NOPASSWD: /usr/bin/systemctl disable suricata
gbuser ALL=(ALL) NOPASSWD: /usr/bin/systemctl is-active suricata
gbuser ALL=(ALL) NOPASSWD: /usr/bin/suricata-update
# ClamAV - antivirus service management
gbuser ALL=(ALL) NOPASSWD: /usr/bin/systemctl start clamav-daemon
gbuser ALL=(ALL) NOPASSWD: /usr/bin/systemctl stop clamav-daemon
gbuser ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart clamav-daemon
gbuser ALL=(ALL) NOPASSWD: /usr/bin/systemctl enable clamav-daemon
gbuser ALL=(ALL) NOPASSWD: /usr/bin/systemctl disable clamav-daemon
gbuser ALL=(ALL) NOPASSWD: /usr/bin/systemctl is-active clamav-daemon
gbuser ALL=(ALL) NOPASSWD: /usr/bin/freshclam
# LMD - Linux Malware Detect
gbuser ALL=(ALL) NOPASSWD: /usr/local/sbin/maldet -a /home
gbuser ALL=(ALL) NOPASSWD: /usr/local/sbin/maldet -a /var/www
gbuser ALL=(ALL) NOPASSWD: /usr/local/sbin/maldet -a /tmp
gbuser ALL=(ALL) NOPASSWD: /usr/local/sbin/maldet --update-sigs
gbuser ALL=(ALL) NOPASSWD: /usr/local/sbin/maldet --update-ver
```
### Security Considerations
**Why exact commands instead of wildcards?**
Using wildcards (e.g., `lynis *`) would allow:
- Arbitrary argument injection
- Potential abuse if botserver is compromised
- Unintended command execution
Exact commands ensure only predefined operations are allowed.
## Usage
### Via UI
Access the Security Protection panel:
1. Navigate to **Tools → Security**
2. Select the **Protection** tab
3. Each tool card shows:
- Installation status
- Version
- Last scan time
- Available actions
**Available Actions:**
- **Run Scan** - Execute the tool's scan
- **Start/Stop** - Manage services (Suricata, ClamAV)
- **Update** - Update signatures/databases
- **View Report** - See latest scan results
### Via API
All endpoints are under `/api/v1/security/protection/`
**Get Status of All Tools:**
```http
GET /api/v1/security/protection/status
```
**Get Specific Tool Status:**
```http
GET /api/v1/security/protection/lynis/status
```
**Run a Scan:**
```http
POST /api/v1/security/protection/lynis/run
```
**Start/Stop Services:**
```http
POST /api/v1/security/protection/suricata/start
POST /api/v1/security/protection/suricata/stop
```
**Update Definitions:**
```http
POST /api/v1/security/protection/clamav/update
```
**Get Scan Report:**
```http
GET /api/v1/security/protection/rkhunter/report
```
## Tool Details
### Lynis
Security auditing tool that performs comprehensive system hardening assessments.
**Scan Types:**
- Quick audit (`lynis audit system --quick`)
- Full audit (`lynis audit system`)
**Output:**
- Hardening index (0-100)
- Warnings count
- Suggestions count
- Detailed findings
**Report Location:** `/var/log/lynis-report.dat`
### RKHunter
Rootkit Hunter scans for rootkits, backdoors, and local exploits.
**Features:**
- Rootkit signature detection
- File property checks
- Hidden process detection
- Network port analysis
**Commands Available:**
- Scan: `rkhunter --check --skip-keypress`
- Update: `rkhunter --update`
**Report Location:** `/var/log/rkhunter.log`
### Chkrootkit
Lightweight rootkit detection tool.
**Checks For:**
- Known rootkit signatures
- Suspicious file modifications
- Hidden processes
- Network interfaces in promiscuous mode
**Commands Available:**
- Quick scan: `chkrootkit -q`
- Standard scan: `chkrootkit`
### Suricata
Network Intrusion Detection/Prevention System (IDS/IPS).
**Features:**
- Real-time traffic analysis
- Signature-based detection
- Protocol anomaly detection
- Rule-based alerting
**Service Management:**
- Start/Stop/Restart via systemctl
- Rule updates via `suricata-update`
**Log Location:** `/var/log/suricata/eve.json`
### ClamAV
Open-source antivirus engine.
**Features:**
- Virus signature scanning
- Malware detection
- Automatic signature updates
**Service Management:**
- `clamav-daemon` - Background scanning service
- `freshclam` - Signature updates
### LMD (Linux Malware Detect)
Malware scanner designed for shared hosting environments.
**Features:**
- PHP malware detection
- Backdoor/shell detection
- Quarantine functionality
**Scan Paths Allowed:**
- `/home`
- `/var/www`
- `/tmp`
**Commands Available:**
- Scan: `maldet -a <path>`
- Update signatures: `maldet --update-sigs`
- Update version: `maldet --update-ver`
## Troubleshooting
### Installation Fails
**Symptom:** `apt-get install` errors
**Solutions:**
1. Update package lists: `sudo apt-get update`
2. Check disk space: `df -h`
3. Verify internet connectivity
4. Check for conflicting packages
### Permission Denied at Runtime
**Symptom:** Security scans fail with permission errors
**Solutions:**
1. Verify sudoers file exists: `ls -la /etc/sudoers.d/gb-protection`
2. Check sudoers syntax: `sudo visudo -c -f /etc/sudoers.d/gb-protection`
3. Verify file permissions: should be `0440`
4. Reinstall: `sudo botserver install protection`
### Service Won't Start
**Symptom:** Suricata or ClamAV fails to start
**Solutions:**
1. Check service status: `systemctl status suricata`
2. View logs: `journalctl -u suricata`
3. Verify configuration files exist
4. Check for port conflicts
### Outdated Signatures
**Symptom:** Scans report "database outdated"
**Solutions:**
1. Run update via UI or API
2. Manually update:
- ClamAV: `sudo freshclam`
- RKHunter: `sudo rkhunter --update`
- Suricata: `sudo suricata-update`
- LMD: `sudo maldet --update-sigs`
## Uninstallation
### Remove Sudoers Configuration
```bash
sudo botserver remove protection
```
This removes the sudoers file but **does not uninstall packages**.
### Full Removal (Manual)
To completely remove protection tools:
```bash
# Remove sudoers
sudo botserver remove protection
# Remove packages
sudo apt-get remove --purge lynis rkhunter chkrootkit suricata clamav clamav-daemon
# Remove LMD
sudo rm -rf /usr/local/maldetect
sudo rm /usr/local/sbin/maldet
```
## Best Practices
1. **Schedule Regular Scans** - Use auto-scan features or cron jobs
2. **Keep Signatures Updated** - Enable auto-update for all tools
3. **Review Reports** - Don't just run scans; analyze the results
4. **Act on Findings** - High/Critical findings need immediate attention
5. **Monitor Suricata Alerts** - Network threats require quick response
6. **Backup Before Quarantine** - LMD quarantine moves files; ensure backups exist
## Related Documentation
- [RBAC & Security Design](./rbac-design.md)
- [SOC 2 Compliance](./soc2-compliance.md)
- [Security Matrix Reference](./security-matrix.md)

5
src/SUMMARY.md
View file

@ -73,6 +73,10 @@
- [Player - Media Viewer](./04-gbui/apps/player.md)
- [Paper - AI Writing](./04-gbui/apps/paper.md)
- [Research - AI Search](./04-gbui/apps/research.md)
- [CRM - Sales Pipeline](./04-gbui/apps/crm.md)
- [Billing - Invoices & Payments](./04-gbui/apps/billing.md)
- [Products - Catalog Management](./04-gbui/apps/products.md)
- [Tickets - Support Cases](./04-gbui/apps/tickets.md)
- [Analytics - Dashboards](./04-gbui/apps/analytics.md)
- [Dashboards - Custom BI](./04-gbui/apps/dashboards.md)
- [Designer - Visual Builder](./04-gbui/apps/designer.md)
@ -343,6 +347,7 @@
- [Organization Multi-Tenancy](./23-security/organizations.md)
- [Knowledge Base Permissions](./23-security/kb-permissions.md)
- [Knowledge Base Security](./23-security/kb-security.md)
- [Protection Tools](./23-security/protection-tools.md)
- [SOC 2 Compliance](./23-security/soc2-compliance.md)
- [Security Matrix Reference](./23-security/security-matrix.md)