TARS (Transparent Auditable Resilience System) is an open-source solution for secure and verifiable deployment of WireGuard VPN servers. It ensures server integrity and provenance through cryptographic birth certificates and proof-of-life mechanisms. Designed to treat servers as disposable appliances, TARS allows for dynamic scaling while preserving user privacy and anonymity.
- Cryptographic Birth Certificates: Verifies the server's initial state upon deployment.
- Proof-of-Life Signals: Regularly confirms server integrity and detects tampering.
- User Privacy Assurance: Excludes dynamic configurations from integrity checks to maintain anonymity.
- Scalability: Supports dynamic addition and removal of servers.
- Open-Source: Built entirely with open-source tools and libraries.
- Blockchain Integration: Publishes proofs to a public blockchain for transparency.
- Deployment: Each server generates a cryptographic birth certificate containing its initial state.
- Monitoring: The server monitors every bit of its system, excluding specified dynamic files.
- Proof Publishing: At regular intervals, the server publishes a proof-of-life hash to a public blockchain.
- Verification: Any party can verify the server's integrity using the public proofs.
- Tamper Detection: Unauthorized changes trigger verification failures and initiate alerts.
- Operating System: Linux-based OS
- Dependencies:
- WireGuard
- OpenSSL
- Python 3.8+
- Git
-
Clone the Repository
git clone https://github.com/BlorpBleep/TARS.git cd TARS -
Install Dependencies
sudo apt-get update sudo apt-get install wireguard openssl python3 python3-pip
-
Install Python Packages
pip3 install -r requirements.txt
-
Configure TARS
- Edit the
config.yamlfile to suit your environment. - Specify dynamic files to exclude in the birth certificate.
- Edit the
Run the following command to generate a cryptographic birth certificate:
python3 tars.py --generate-birth-certificateTo start the regular proof-of-life checks and publish proofs:
python3 tars.py --start-monitoringUse the verification script to check server integrity:
python3 verify.py --server <server_id>server_id: Unique identifier for the server.excluded_files: List of dynamic files to exclude from integrity checks.proof_interval: Time interval (in seconds) between proof-of-life publications.blockchain_endpoint: API endpoint for publishing proofs to the blockchain.
server_id: "server-12345"
excluded_files:
- "/etc/wireguard/wg0.conf"
- "/var/log/*"
proof_interval: 3600
blockchain_endpoint: "https://blockchain.example.com/api/publish"We welcome contributions from the community!
-
Fork the Repository
Click the "Fork" button at the top right of this page.
-
Create a Feature Branch
git checkout -b feature/YourFeature
-
Commit Your Changes
git commit -am 'Add your feature' -
Push to the Branch
git push origin feature/YourFeature
-
Open a Pull Request
Submit your pull request for review.
Please read our Code of Conduct before contributing.
This project is licensed under the MIT License. See the LICENSE file for details.
- Project Maintainer: Your Name
- GitHub Issues: Create an Issue
- Discussion Forum: GitHub Discussions
- WireGuard: https://www.wireguard.com
- Ed25519 Libraries: For cryptographic operations.
- Open-Source Community: For continuous support and contributions.
If you encounter any issues or have questions, please open an issue on GitHub or contact the project maintainer.
By reimagining server deployment with cryptographic assurances, TARS aims to enhance the security and trustworthiness of VPN infrastructures in an increasingly connected world.