How to get started with GrapheneX?
To get started with GrapheneX, you will need to install the framework to your device. There are a couple of ways that we can perform this action. The first way is through Python’s pip package manager and the second one is with Docker.
I’ll personally install it the Python way and use the Linux Ubuntu distro as this is what you will most often use for trading, especially on the cloud. To install GrapheneX with pip, we run the following command:
Collecting graphenex
Downloading GrapheneX-1.3.1-py3-none-any.whl (1.5 MB)...If you face any issues, you can try this command too:
python3 -m pip install graphenexTo install GrapheneX with Docker, we first need to clone the GitHub repository by running the following command:
sudo git clone https://github.com/grapheneX/grapheneX.gitAfter that, we can build and run the Docker image:
docker build -t graphenex .
docker run --rm --name graphenex -p 8080:8080 --privileged graphenexTo start GrapheneX from the CLI, we run sudo grapheneX. If it doesn’t start, you might need to cd to where it is executable by running cd /home/USERNAME/.local/bin. Then run ./graphenex. If you are using Ubuntu 22.04 and facing issues, visit this example guide.
If you want to use the command line, the main arguments of GrapheneX are these:
positional arguments:
host:port host and port to run the web interface
optional arguments:
-h, --help show this help message and exit
-v, --version show version information
-w, --web run the grapheneX web server
--open open browser on web server startI’m more interested in the GUI and you might be too, so let us start it up.
How to add GrapheneX modules?
You will notice that your GUI features several modules that have to do with different categories of your system such as the user, network and etc. To add a new module, you can edit the modules namespaces in the modules.json file.
When a new element is created in the JSON file, it will show up as a new module. An example looks like the following:
"namespace": [
{
"name": "Module_Name",
"desc": "module description.",
"command": "echo 'hardening command'",
"require_superuser": "True/False",
"target_os": "linux/win"
}
]You can also add modules through the GUI by clicking the “Add Module” button in the lower left side of your screen. It is highly recommended to use either the CLI or GUI for adding modules and not editing the modules.json file directly.
How to harden and secure your system user with GrapheneX?
To harden and secure your system user with GrapheneX, navigate to the user tab and click on the modules you want to enable. When you click on them, execute the run command that will enable this feature for your system.
To harden your trading server, I recommend enabling all three modules (Auto_Logout, Enable_Password_Control, and Set_File_Permissions). This will ensure that you are logged out after a period of inactivity, that your passwords are rotated, and that the file permissions are adequate.
How to harden and secure your system network with GrapheneX?
To harden and secure your system network with GrapheneX, navigate to the network tab and click on the modules you want to enable. When you click on them, execute the run command that will enable this feature for your system.
Here, you will want to be careful when enabling features as your system might need some of them depending on your trading instance architecture. Because most traders only use one instance for trading with their cloud providers, I will enable the following modules:
- Cookie protection – we don’t want to hinder our privacy by enabling cookies to track us and share data with third parties.
- Disable IP Source Routing – Malicious users can use source routing to probe the network by forcing packets into specific parts of the network.
- Drop Null – we drop any malfunctioned packets that hit our network
- Set Permissions Network Settings – let’s not have the network settings be permissionless
- Set Permissions Users – give permission to adequate user info commands
- Set Permissions System Configuration – set permissions of the system configuration
There are more modules that you might want to explore and do research on. It all depends on what you’re aiming for.
How to harden and secure your filesystem with GrapheneX?
To harden and secure your system network with GrapheneX, navigate to the filesystem tab and enable the modules of your liking. I’ll personally enable both of them.
The Hard/Soft Link Protection secures our system from common exploits to these links. First, let’s cover what they are.
A soft link is a link to the original file, whilst a hard link is a mirror copy of the original file. If you delete the original file, the soft link has no value, because it points to a non-existent file. But in the case of hard link, it is the opposite.
A common vulnerability is the symlink race. It comes about when a program insecurely creates files (e.g., temporary files), and a malicious system user can create a symbolic (soft) link to such a file.
Disable Uncommon FS will disable filesystems that aren’t commonly used. If you are an average trader that doesn’t tinker with your filesystems, you shouldn’t face any issues by enabling this module.
