AUTARCH v1.9 — remote monitoring, SSH manager, daemon, vault, cleanup

- Add Remote Monitoring Station with PIAP device profile system - Add SSH/SSHD manager with fail2ban integration - Add privileged daemon architecture for safe root operations - Add encrypted vault, HAL memory, HAL auto-analyst - Add network security suite, module creator, codex training - Add start.sh launcher script and GTK3 desktop launcher - Remove Output/ build artifacts, installer files, loose docs - Update .gitignore for runtime data and build artifacts - Update README for v1.9 with new launch method, screenshots, and features Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-24 06:59:06 -07:00
parent 1092689f45
commit da53899f66
382 changed files with 15277 additions and 493964 deletions
--- a/core/wireshark.py
+++ b/core/wireshark.py
@@ -59,14 +59,19 @@ class WiresharkManager:

    @property
    def can_capture(self):
-        """Check if live capture is possible (needs root + libpcap)."""
-        if not SCAPY_AVAILABLE:
-            return False
+        """Check if live capture is possible (via capture agent, daemon, or root)."""
+        # Check daemon (handles capture via __capture__ builtin)
+        try:
+            from core.daemon import is_daemon_running
+            if is_daemon_running():
+                return True
+        except Exception:
+            pass
+        # Check root
        try:
            return os.geteuid() == 0
        except AttributeError:
-            # Windows - check differently
-            return True
+            return True  # Windows — assume capture is possible

    def get_status(self) -> Dict[str, Any]:
        """Get engine status."""
@@ -165,23 +170,84 @@ class WiresharkManager:

        def _do_capture():
            try:
-                kwargs = {
-                    'timeout': duration,
-                    'prn': self._packet_handler,
-                    'store': True,
-                }
-                if interface:
-                    kwargs['iface'] = interface
-                if bpf_filter:
-                    kwargs['filter'] = bpf_filter
+                # Method 1: Direct scapy capture (if root)
+                is_root = False
+                try:
+                    is_root = os.geteuid() == 0
+                except AttributeError:
+                    pass

-                packets = sniff(**kwargs)
-                self._last_packets = packets
-
-                # Save to pcap
-                if self._capture_file and packets:
-                    wrpcap(self._capture_file, packets)
-                    self._capture_stats['output_file'] = self._capture_file
+                if is_root:
+                    kwargs = {'timeout': duration, 'prn': self._packet_handler, 'store': True}
+                    if interface:
+                        kwargs['iface'] = interface
+                    if bpf_filter:
+                        kwargs['filter'] = bpf_filter
+                    packets = sniff(**kwargs)
+                    self._last_packets = packets
+                    if self._capture_file and packets:
+                        wrpcap(self._capture_file, packets)
+                        self._capture_stats['output_file'] = self._capture_file
+                else:
+                    # Method 3: scapy via daemon (daemon runs as root, can sniff)
+                    from core.daemon import root_exec
+                    r = root_exec(
+                        ['__capture__'],
+                        timeout=duration + 10,
+                        stdin=json.dumps({
+                            'interface': interface or '',
+                            'filter': bpf_filter or '',
+                            'duration': duration,
+                            'max_packets': 500,
+                            'file': self._capture_file,
+                        })
+                    )
+                    # root_exec sends __capture__ as the cmd, but the daemon
+                    # handles it as a built-in — it reads params from the request
+                    # Let's call it properly through the socket
+                    import socket as _sock
+                    DAEMON_SOCK = '/var/run/autarch-daemon.sock'
+                    if os.path.exists(DAEMON_SOCK):
+                        sock = _sock.socket(_sock.AF_UNIX, _sock.SOCK_STREAM)
+                        sock.settimeout(duration + 15)
+                        sock.connect(DAEMON_SOCK)
+                        payload = json.dumps({
+                            'cmd': ['__capture__'],
+                            'interface': interface or '',
+                            'filter': bpf_filter or '',
+                            'duration': duration,
+                            'max_packets': 500,
+                            'file': self._capture_file,
+                        })
+                        # Sign if secret available
+                        from core.daemon import _load_daemon_secret, _sign_request
+                        import secrets as _secrets
+                        secret = _load_daemon_secret()
+                        if secret:
+                            nonce = f"{time.time()}:{_secrets.token_hex(8)}"
+                            sig = _sign_request(payload.encode(), secret)
+                            envelope = json.dumps({'payload': payload, 'sig': sig, 'nonce': nonce})
+                        else:
+                            envelope = payload
+                        sock.sendall((envelope + '\n').encode())
+                        data = b''
+                        while True:
+                            chunk = sock.recv(8192)
+                            if not chunk:
+                                break
+                            data += chunk
+                            if b'\n' in data:
+                                break
+                        sock.close()
+                        if data:
+                            result = json.loads(data.decode().strip())
+                            if result.get('ok') and os.path.exists(self._capture_file):
+                                packets = rdpcap(self._capture_file)
+                                self._last_packets = packets
+                                self._capture_stats['output_file'] = self._capture_file
+                                self._capture_stats['packet_count'] = len(packets)
+                                for pkt in packets:
+                                    self._packet_handler(pkt)

            except Exception as e:
                self._capture_stats['error'] = str(e)