Say we have a nice cozy shell command that solves our problem. Kapow! lets us easily turn that into an HTTP API.
We want to expose log entries for files not found on our Apache Web Server, as an HTTP API. With Kapow! we just need to write this executable script:
[apache-host]$ cat search-apache-errors
#!/usr/bin/env sh
kapow route add /apache-errors - <<-'EOF'
cat /var/log/apache2/access.log | grep 'File does not exist' | kapow set /response/body
EOF
[apache-host]$ chmod +x search-apache-errors
and then, run it using Kapow!
[apache-host]$ kapow server search-apache-errors
finally, we can read from the just-defined endpoint:
[another-host]$ curl http://apache-host:8080/apache-errors
[Fri Feb 01 22:07:57.154391 2019] [core:info] [pid 7:tid 140284200093440] [client 172.17.0.1:50756] AH00128: File does not exist: /usr/var/www/mysite/favicon.ico
[Fri Feb 01 22:07:57.808291 2019] [core:info] [pid 8:tid 140284216878848] [client 172.17.0.1:50758] AH00128: File does not exist: /usr/var/www/mysite/favicon.ico
[Fri Feb 01 22:07:57.878149 2019] [core:info] [pid 8:tid 140284208486144] [client 172.17.0.1:50758] AH00128: File does not exist: /usr/var/www/mysite/favicon.ico
...
- We can share information without having to grant SSH access to anybody.
- We can share information easily over HTTP.
- We can effectively limit what gets executed.
You can find the complete documentation and examples here.
Please consider the following Security Concerns before using Kapow!
If you are not 100% sure about what you are doing we recommend not using Kapow!
Kapow! is being developed by BBVA-Labs Security team members.
Kapow! is Open Source Software and available under the Apache 2 license.
Contributions are of course welcome. See CONTRIBUTING or skim existing tickets to see where you could help out.
- Did you spot the UUoC? Congrats! We are hoping to win this year :)