Skip to content

Releases: stacknil/systems-foundations

v0.2.0: Second Credible Mini-Lab

19 May 18:45
@stacknil stacknil
v0.2.0
36c4f1b

Choose a tag to compare

View all tags
v0.2.0: Second Credible Mini-Lab Latest
Latest

v0.2.0 Release Notes

Title

Second Credible Mini-Lab

Summary

systems-foundations adds a second focused mini-lab: projects/linux-socket-observe.

This release packages a narrow workflow for reviewing local Linux networking state from saved command-output snapshots:

  • build one normalized JSON snapshot from ss plus selected iproute2 outputs
  • compare two snapshots deterministically
  • generate a Markdown diff report for added, removed, and changed state
  • keep the workflow local-file-based and reviewable

Included in v0.2.0

  • support for ss text input
  • support for ip -j addr show
  • support for ip -j link show
  • support for ip -j neigh show
  • optional support for ip -s -s link show
  • one normalized snapshot artifact with sockets, interfaces, addresses, and neighbors
  • CLI workflow for snapshot and diff
  • golden regression coverage for baseline and changed snapshots
  • malformed input coverage for ss parsing and ip -j link show parsing

Validation Snapshot

  • python -m pytest -q currently passes in projects/linux-socket-observe
  • current tests cover parser basics for ss text and iproute2 JSON inputs
  • current tests cover golden snapshot regression for both baseline and changed fixtures
  • current tests cover snapshot diff basics for added, removed, and changed state
  • current tests cover CLI smoke behavior and bounded error reporting for malformed inputs

Not in Scope

  • /proc/net/tcp
  • pcap parsing
  • live monitoring
  • raw sockets or packet sockets
  • network namespaces
  • ip monitor

Notes

  • The snapshot schema remains intentionally small and currently centers on sockets, interfaces, addresses, and neighbors
  • interfaces[].stats is only populated when ip -s -s link show input is provided
  • The current diff report is meant for state comparison, not traffic inspection or packet forensics
Assets 2
Loading

v0.1.0: First Credible Mini-Lab

09 Apr 17:55
@stacknil stacknil
v0.1.0
5557556

Choose a tag to compare

View all tags
v0.1.0: First Credible Mini-Lab

v0.1.0 Release Notes

Title

First Credible Mini-Lab

Summary

systems-foundations now has its first focused mini-lab: projects/linux-auth-observe.

This release packages a narrow, tested workflow for Linux auth evidence review:

  • normalize supported journald and auth syslog fixtures into JSONL
  • filter normalized rows by user, IP, and service
  • generate a Markdown summary report
  • optionally emit structured parse failures as JSONL during normalization

Included in v0.1.0

  • support for exported journald JSON lines
  • support for Ubuntu or Debian auth.log
  • support for RHEL or CentOS secure
  • normalized JSONL output with preserved raw evidence
  • CLI workflow for normalize, filter, and summary
  • pytest coverage for parsing, CLI behavior, summary generation, golden regression, and syslog year rollover

Validation Snapshot

  • pytest -q passes in the current repository state
  • current tests cover all three supported fixture families
  • current tests cover Dec 31 -> Jan 1 syslog rollover behavior
  • current tests cover optional --error-output generation for malformed lines

Not in Scope

  • audit.log
  • real-time monitoring or tailing
  • databases or storage backends
  • packaging or publishing workflows

Notes

  • Syslog timestamps are yearless and timezone-less in the source files, so v0.1.0 documents and tests the current year inference and rollover rules explicitly
  • _PID is preserved as contextual metadata when present, not as a standalone identity guarantee
Loading