RFlow
Pipe-able collection of tasks for routine server and WordPress maintenance, making security research accessible.

Client: Originally EHDA, expanded

Year: 2016+

Work: Backend / Linux server security & maintenance, WordPress security

Platform: LAMP, ELKs, Ruby, Bash

What it is: Collection of methods used for server and WordPress maintenance on a daily basis, pipe-able according to needs. Written in Ruby.

What it does: Shifts time expenditures from routine tasks to actually noticing vulnerabilities and attacks.

How it works: RFlow connects several loosely-laying libraries with thematically related methods in Ruby and Bash. Combining two languages like this is a mortal sin, I know - the script is written for admins, not saints.

There is a basic config where you define your directory structure and package dependencies. You can have custom dependencies for each routine, same goes for alerting via Slack.

name: 'RFlow'
version: '1.3.0'
env: 'SERVER-ID-PROD'

static:
  # default notifications
  slack: 'https://hooks.slack.com/some/info-level/channel'
  # packaged dependencies
  packages:
    security: ['pv', 'ipset', 'geoip-bin', 'apf', 'rkhunter']
    backup: ['git', 'some-cloud-backup']
  # always ban hits in access.log that contain these strings...  
  always_ban: ['xmlrpc', 'netcraft', 'masscan', 'zgrab']

pipes:
  lamp:
    # more pipe-specific configs available...
    slack: 'https://hooks../some/info-level/notif/channel'
  backups:
    slack: 'https://hooks../other/channel/only/when/fail'
  wp:
    slack: 'https://hooks../channel/only/for/vulnerabilities'

server:
...

Once configured, you can play with the pre-defined pipes (routine sequences), mainly built for quick and efficient server look-around and log analysis with API calls to abuse lists for your routine checks. You can quickly add your own pipes as you go, as child classes of RFlow.

Run them from separate pipe files or line them up in a main for regular maintenance routines.

Piping the methods makes it easy to configure similar routines for either manual, interactive run or as cron jobs.

Written in pure Ruby, easily extended by adding new libraries and piping their methods as child classes.
More Work

RFlow

Backend

JAMStack

IA

WordPress Security / Pentest / Routines

Backend