1 unstable release
0.1.6 | Jul 13, 2019 |
#8 in #white

Le-Guichet is a prototype of a decontamination station aka "white station" written in Rust, fast, secure and multithreaded.
Untrusted files are deposited (via a chrooted sftp) in the entry window (in) and scanned by an antivirus server (clamd API). If a file is considered unhealthy, it is logged and immediately deleted. Files considered as healthy are logged and hashed (sha512) and sent to the transit window through a unidirectional software diode (named pipe) where they are logged and hashed again. Finally, files in transit are transfered to the output window through another software diode.
No unsafe block
Tested with cargo audit & Clippy
Systemd protections:
- SystemCallFilter=~ptrace ( Disable ptrace )
- PrivateDevices=yes ( Limited access to /dev )
- ProtectSystem=full ( /usr, /boot and /etc are mounted read-only )
- InaccessiblePaths=/proc ( /proc is simply unreachable )
- RemoveIPC=true (All POSIX IPCs are removed when the unit is stopped)
- RestrictSUIDSGID=true (SUID/SGID are simply forbidden)
- ProtectKernelModules=true (Explicit module loading is denied)
Network flow charts:

graph LR
A(Untrusted files) -- sftp --> B
B[Guichet-In] -- Scan --> C((Clamd))
C -- Ok/Suppress --> B
B -- Write only access --> E{Diode}
F[Guichet-Transit] -- Read only access --> E
F -- Write only access --> G{Diode}
H[Guichet-Out] -- Read only access --> G
H -- sftp --> I(Trusted files + sha512)
Demo Video
- You must have cargo and rustc already installed.
git clone https://gitlab.com/r3dlight/leguichet.git
- Get some help:
make help
- Test the code:
make test
- Audit the code (run cargo install cargo-audit before):
make audit
- Build Le-Guichet binaries:
make build
- Install on Debian/Ubuntu (not tested on other GNU/Linux distributions)
sudo make install
To uninstall Le-Guichet:
sudo make uninstall
To do:
Create bindings for yara / static analysis
Switch from fifo to posix mqueues
Be able to read a config.toml
Debian packaging via Cargo
Namespaces / cgroups
~569K SLoC