diff --git a/Cargo.lock b/Cargo.lock index a7ca42f..577a202 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2193,7 +2193,7 @@ dependencies = [ [[package]] name = "socktop" -version = "0.1.24" +version = "0.1.25" dependencies = [ "anyhow", "assert_cmd", @@ -2220,7 +2220,7 @@ dependencies = [ [[package]] name = "socktop_agent" -version = "0.1.24" +version = "0.1.25" dependencies = [ "anyhow", "assert_cmd", diff --git a/README.md b/README.md index bb47669..69cc800 100644 --- a/README.md +++ b/README.md @@ -126,7 +126,8 @@ Notes: - After installing Rust via rustup, reload your shell (e.g., exec bash) so cargo is on PATH. - Windows: you can also grab prebuilt EXEs from GitHub Actions artifacts if rustup scares you. It shouldn’t. Be brave. -Option B: System-wide agent (Linux) +System-wide agent (Linux) + ```bash # If you installed with cargo, binaries are in ~/.cargo/bin sudo install -o root -g root -m 0755 "$HOME/.cargo/bin/socktop_agent" /usr/local/bin/socktop_agent @@ -137,6 +138,36 @@ sudo systemctl daemon-reload sudo systemctl enable --now socktop-agent ``` +```bash + +# Enable SSL + +# Stop service +sudo systemctl stop socktop-agent + +# Edit service to append SSL option and port +sudo micro /etc/systemd/system/socktop-agent.service + +-- +ExecStart=/usr/local/bin/socktop_agent --enableSSL --port 8443 +-- + +# Reload +sudo systemctl daemon-reload + +# Restart +sudo systemctl start socktop-agent + +# check logs for certificate location +sudo journalctl -u socktop-agent -f + +-- +Aug 22 22:25:26 rpi-master socktop_agent[2913998]: socktop_agent: generated self-signed TLS certificate at /var/lib/socktop/.config/socktop_agent/tls/cert.pem +-- + +``` + + --- ## Usage diff --git a/socktop/Cargo.toml b/socktop/Cargo.toml index 6aea50b..b17ba0e 100644 --- a/socktop/Cargo.toml +++ b/socktop/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "socktop" -version = "0.1.24" +version = "0.1.25" authors = ["Jason Witty "] description = "Remote system monitor over WebSocket, TUI like top" edition = "2021" diff --git a/socktop/src/ws.rs b/socktop/src/ws.rs index 79209ae..101d859 100644 --- a/socktop/src/ws.rs +++ b/socktop/src/ws.rs @@ -3,9 +3,9 @@ use flate2::bufread::GzDecoder; use futures_util::{SinkExt, StreamExt}; use prost::Message as _; -use rustls::{ClientConfig, RootCertStore}; -use rustls::client::danger::{ServerCertVerified, ServerCertVerifier, HandshakeSignatureValid}; +use rustls::client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier}; use rustls::pki_types::{CertificateDer, ServerName, UnixTime}; +use rustls::{ClientConfig, RootCertStore}; use rustls::{DigitallySignedStruct, SignatureScheme}; use rustls_pemfile::Item; use std::io::Read; @@ -70,19 +70,25 @@ async fn connect_with_ca(url: &str, ca_path: &str) -> Result Result { Ok(ServerCertVerified::assertion()) } + ) -> Result { + Ok(ServerCertVerified::assertion()) + } fn verify_tls12_signature( &self, _message: &[u8], _cert: &CertificateDer<'_>, _dss: &DigitallySignedStruct, - ) -> Result { Ok(HandshakeSignatureValid::assertion()) } + ) -> Result { + Ok(HandshakeSignatureValid::assertion()) + } fn verify_tls13_signature( &self, _message: &[u8], _cert: &CertificateDer<'_>, _dss: &DigitallySignedStruct, - ) -> Result { Ok(HandshakeSignatureValid::assertion()) } + ) -> Result { + Ok(HandshakeSignatureValid::assertion()) + } fn supported_verify_schemes(&self) -> Vec { // Provide common schemes; not strictly needed for skipping but keeps API happy vec![ @@ -96,7 +102,9 @@ async fn connect_with_ca(url: &str, ca_path: &str) -> Result"] description = "Remote system monitor over WebSocket, TUI like top" edition = "2021"