information

2025-01-18 11:56:17 -05:00
commit b84b748c03
26 changed files with 7461 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -0,0 +1,416 @@
+# bell
+---
+title: Bell Privilege Escalation System
+author: Bellande Architecture Mechanism Research Innovation Center
+version: 0.0.1
+date: 2024
+---
+
+## Website Crates
+- https://crates.io/crates/bell_system
+
+### Installation
+- `cargo add bell_system`
+
+```
+Name: bell_system
+Summary: Bell is a comprehensive privilege escalation system designed for secure command execution with granular access controls, robust auditing, and compliance features
+Home-page: github.com/Architecture-Mechanism/bell
+Author: Ronaldson Bellande
+Author-email: ronaldsonbellande@gmail.com
+License: GNU General Public License v3.0
+```
+
+# Bell Privilege Escalation System
+
+Bell is a comprehensive privilege escalation system designed for secure command execution with granular access controls, robust auditing, and compliance features
+
+## Table of Contents
+
+1. [Overview](#overview)
+2. [Installation](#installation)
+3. [Usage](#usage)
+4. [Configuration](#configuration)
+5. [Security Features](#security-features)
+6. [OS-Specific Features](#os-specific-features)
+7. [Best Practices](#best-practices)
+8. [Troubleshooting](#troubleshooting)
+9. [API Reference](#api-reference)
+10. [License](#license)
+
+## Overview
+
+Bell is an advanced privilege escalation system designed for secure enterprise environments. It integrates hardware security modules, multi-factor authentication, and comprehensive audit logging.
+
+### Key Features
+
+* Multi-level privilege management
+* Hardware Security Module (HSM) integration
+* Two-factor authentication (TOTP)
+* Network isolation capabilities
+* Fine-grained access control
+* Comprehensive audit logging
+* Cross-platform support (Linux, MacOS, BellandeOS)
+
+### Architecture
+```
+------------------+     +------------------+     +------------------+
+|    Bell Client   | --> |    Bell Core    | --> |  Security Layer  |
+------------------+     +------------------+     +------------------+
+         |                       |                        |
+         v                       v                        v
+------------------+     +------------------+     +------------------+
+|   Auth Module    |     |    HSM Module   |     |   Audit Module   |
+------------------+     +------------------+     +------------------+
+```
+
+## Installation
+Prerequisites
+
+- Rust 1.70 or higher
+- OpenSSL development libraries
+- Hardware Security Module (optional)
+- TOTP device/app for 2FA
+
+git clone https://github.com/Architecture-Mechanism/bell.git
+cd bell-system
+
+# Build in release mode
+cargo build --release
+
+# Run tests
+cargo test --all-features
+
+# Install system-wide
+sudo make install
+
+
+## System Requirements
+
+### Hardware Requirements
+
+| Component | Minimum Specification |
+|-----------|---------------------|
+| CPU | x86_64 or ARM64 |
+| RAM | 512MB |
+| Disk Space | 1GB free |
+
+### Operating System Support
+
+| OS | Minimum Version |
+|----|----------------|
+| Linux | 4.19+ |
+| MacOS | 10.15+ |
+| BellandeOS | 0.1+ |
+
+# Running Commands
+```
+bell run --privilege-level <level> --command <command> --args <args...>
+bell run --privilege-level admin --command "/usr/bin/systemctl" --args "restart" "nginx"
+bell run --privilege-level root --command "/usr/bin/apt" --args "update"
+```
+# User Management
+## Adding Users
+
+```
+bell user add <username> --privilege <level>
+
+# Examples
+bell user add johndoe --privilege admin
+bell user add service-account --privilege user
+
+```
+## Modifying Users
+```
+# Change password
+bell user change-password <username>
+
+# Change privilege
+bell user change-privilege <username> <new-privilege>
+
+# Remove user
+bell user remove <username>
+```
+
+## Group Management
+```
+# Add to group
+bell user add-to-group <username> <group>
+
+# Remove from group
+bell user remove-from-group <username> <group>
+
+# List group members
+bell group list-members <group>
+```
+## File Locations
+```
+/etc/bell/
+├── config.bellande     # Main configuration
+├── users/              # User configurations
+│   ├── admin.bellande
+│   └── service.bellande
+├── groups/             # Group configurations
+│   ├── admins.bellande
+│   └── services.bellande
+└── security/           # Security policies
+    ├── policy.bellande
+    └── rules.bellande
+```
+
+## Section Management
+```
+# View active sessions
+bell session list
+
+# Terminate session
+bell session terminate <session-id>
+
+# Refresh session
+bell session refresh
+```
+
+## Log Management
+```
+# View logs
+bell logs view --level error --since "1 hour ago"
+
+# Export logs
+bell logs export --format json --start "2024-01-01" --end "2024-01-31"
+
+# Analyze logs
+bell logs analyze --pattern "failed_auth" --report detailed
+```
+
+## MacOS Intergration
+```
+# FileVault management
+bell run --privilege-level admin --command "fdesetup" --args "status"
+
+# SIP verification
+bell run --privilege-level bell --command "csrutil" --args "status"
+
+# Keychain access
+bell run --privilege-level admin --command "security" --args "list-keychains"
+```
+
+## Linux Security
+```
+# SELinux management
+bell run --privilege-level admin --command "semanage" --args "login" "-l"
+
+# AppArmor profiles
+bell run --privilege-level root --command "aa-status"
+
+# Kernel parameters
+bell run --privilege-level bell --command "sysctl" --args "-a"
+```
+
+## BellandeOS Features
+```
+# Security status
+bell run --privilege-level bell --command "bellctl" --args "security" "status"
+
+# Kernel protection
+bell run --privilege-level admin --command "bellctl" --args "kernel" "protect"
+
+# System integrity
+bell run --privilege-level root --command "bellctl" --args "verify" "system"
+```
+
+## Bellande Operating System Access
+```
+EXTENDED 5-LEVEL PERMISSION SYSTEM (77777)
+========================================
+
+BASIC PERMISSION VALUES
+----------------------
+Read (r)    = 4
+Write (w)   = 2
+Execute (x) = 1
+
+PERMISSION NUMBER MEANINGS
+------------------------
+0 = --- = no access
+1 = --x = execute only
+2 = -w- = write only
+3 = -wx = write and execute
+4 = r-- = read only
+5 = r-x = read and execute
+6 = rw- = read and write
+7 = rwx = read, write, and execute (full access)
+
+POSITION MEANINGS (LEFT TO RIGHT)
+-------------------------------
+Position 1 (leftmost) = Owner/Bell
+Position 2           = Root
+Position 3           = Administration
+Position 4           = Group
+Position 5 (rightmost)= User
+
+STANDARD PERMISSION: 77531
+-------------------------
+Owner (7)         = rwx = 4+2+1 = 7
+Root (7)          = rwx = 4+2+1 = 7
+Administration (5) = r-x = 4+0+1 = 5
+Group (3)         = -wx = 0+2+1 = 3
+User (1)          = --x = 0+0+1 = 1
+
+DETAILED ACCESS LEVELS
+--------------------
+OWNER/BELL (Position 1)
+- Value: 7 (rwx)
+- Calculation: 4(read) + 2(write) + 1(execute) = 7
+- Access:
+  * All system files and directories
+  * Core components
+  * Kernel level access
+  * Hardware level access
+  * Can override all permissions
+  * Complete system control
+
+ROOT (Position 2)
+- Value: 7 (rwx)
+- Calculation: 4(read) + 2(write) + 1(execute) = 7
+- Access:
+  * System files
+  * Configuration files
+  * Installation files
+  * Startup sequences
+  * Cannot access core components
+  * Cannot modify kernel
+
+ADMINISTRATION (Position 3)
+- Value: 5 (r-x)
+- Calculation: 4(read) + 0(write) + 1(execute) = 5
+- Access:
+  * Read system configurations
+  * Execute administrative tasks
+  * Manage users
+  * Cannot modify system files
+  * No core component access
+  * No kernel modifications
+
+GROUP (Position 4)
+- Value: 3 (-wx)
+- Calculation: 0(read) + 2(write) + 1(execute) = 3
+- Access:
+  * Modify group files
+  * Execute group programs
+  * Share within group
+  * No read outside group
+  * No system modifications
+  * Limited to group scope
+
+USER (Position 5)
+- Value: 1 (--x)
+- Calculation: 0(read) + 0(write) + 1(execute) = 1
+- Access:
+  * Execute allowed programs
+  * Access own directory
+  * Use basic utilities
+  * No system modifications
+  * No file modifications
+  * No read access outside home
+
+COMMON PERMISSION COMBINATIONS
+----------------------------
+77000 - System Critical Files
+Owner:  7 (rwx) = 4+2+1 : Full control
+Root:   7 (rwx) = 4+2+1 : Full control
+Admin:  0 (---) = 0+0+0 : No access
+Group:  0 (---) = 0+0+0 : No access
+User:   0 (---) = 0+0+0 : No access
+Use: Core system files, kernel components
+
+77530 - Administrative Tools
+Owner:  7 (rwx) = 4+2+1 : Full control
+Root:   7 (rwx) = 4+2+1 : Full control
+Admin:  5 (r-x) = 4+0+1 : Read + Execute
+Group:  3 (-wx) = 0+2+1 : Write + Execute
+User:   0 (---) = 0+0+0 : No access
+Use: System management tools, configuration files
+
+75531 - Standard Applications
+Owner:  7 (rwx) = 4+2+1 : Full control
+Root:   5 (r-x) = 4+0+1 : Read + Execute
+Admin:  5 (r-x) = 4+0+1 : Read + Execute
+Group:  3 (-wx) = 0+2+1 : Write + Execute
+User:   1 (--x) = 0+0+1 : Execute only
+Use: Standard applications, user programs
+
+PERMISSION GUIDELINES
+-------------------
+1. New Files/Directories
+   - Start restrictive (77000 for system)
+   - Add permissions as needed
+   - Document changes
+
+2. Directory Requirements
+   - Need execute (x) to access
+   - Need read (r) to list contents
+   - Need write (w) to create/delete
+
+3. Security Practices
+   - Use minimum needed permissions
+   - Regular permission checks
+   - Document all changes
+   - Monitor access patterns
+
+4. Important Rules
+   - Higher positions override lower
+   - Cannot exceed upper level permissions
+   - Execute needed for directories
+   - Write permission alone is rarely used
+
+EXAMPLES AND USE CASES
+---------------------
+77777 - NOT RECOMMENDED
+- Gives full access to all levels
+- Security risk
+- Never use in production
+
+77531 - STANDARD SECURE
+- Owner: Full control
+- Root: Full control
+- Admin: Limited control
+- Group: Write in scope
+- User: Execute only
+
+77000 - SYSTEM FILES
+- Only Owner and Root access
+- Maximum security
+- Use for critical files
+
+75531 - USER APPLICATIONS
+- Limited Root access
+- Admin can manage
+- Group collaboration
+- User can execute
+```
+
+# Command Line 
+```
+bell [OPTIONS] COMMAND [ARGS]
+
+Commands:
+  run                Execute privileged command
+  user               User management
+  group              Group management
+  session            Session management
+  logs               Log management
+  debug              Debug tools
+  help               Show help information
+
+Options:
+  -d, --debug        Enable debug mode
+  -c, --config       Config file location
+  -q, --quiet        Suppress output
+  -v, --version      Show version
+  -h, --help         Show help
+```
+## License
+Bell is distributed under the [GNU General Public License v3.0](https://www.gnu.org/licenses/gpl-3.0.en.html), see [LICENSE](https://github.com/Architecture-Mechanism/bell/blob/main/LICENSE) and [NOTICE](https://github.com/Architecture-Mechanism/bell/blob/main/LICENSE) for more information.
+
+## Code of Conduct
+Bell is distributed under the [CODE_OF_CONDUCT](https://github.com/Architecture-Mechanism/bell/blob/main/CODE_OF_CONDUCT.md) and [NOTICE](https://github.com/Architecture-Mechanism/bell/blob/main/CODE_OF_CONDUCT.md) for more information.