Skip to content

ryujin-security/ryujin-manager

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
cmd
cmd
 
 
config
config
 
 
data
data
 
 
docs
docs
 
 
examples
examples
 
 
init
init
 
 
internal
internal
 
 
pkg
pkg
 
 
.gitignore
.gitignore
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

Ryujin Security
Ryujin Security

Ryujin Manager

Ryujin Manager is the control plane for the Ryujin security platform. It handles agent enrollment, certificate management, agent communication, WAF protection, security event processing, and operational APIs used by the dashboard.

What It Does

  • Enrolls agents using password-protected registration and certificate-based identity.
  • Tracks connected agents and receives agent messages.
  • Provides a Coraza-based Web Application Firewall with custom rule support.
  • Manages WAF sites, reverse proxy targets, SSL/TLS settings, compression, rate limiting, and honeypot behavior.
  • Enriches request logs with GeoIP data.
  • Ships WAF, inventory, Sigma, request, and active response events to Quickwit.
  • Provides Sigma rule processing for security alerts.
  • Sends security notifications through Telegram and Discord.
  • Exposes APIs for Ryujin Dashboard.

Project Layout

cmd/                    Application entrypoint
config/                 Runtime configuration and Coraza rules
data/honeypot/          Default honeypot credential list
data/sigma/             Example Sigma rules
docs/                   Feature documentation
examples/               Example services and integrations
init/                   systemd unit
internal/config/        Configuration loading
internal/service/       Agent enrollment and certificate service
internal/message/       Agent message handling
internal/waf/           Proxy, WAF, SSL, GeoIP, logging, rate limiting
internal/handlers/      HTTP API handlers
internal/database/      Persistence models
internal/notification/  Notification delivery
internal/sigma/         Sigma alert engine

Quick Start

go build -o ryujin-manager ./cmd
sudo mkdir -p /var/ryujin/{certs,etc,honeypot}
sudo ./ryujin-manager

For service-based deployments, review init/ryujin-manager.service and adjust paths for your environment.

Configuration

Start from config/ryujin.yml.

Important fields:

  • auth.password: agent enrollment password. Replace CHANGE_ME.
  • auth.port: enrollment and agent communication port.
  • waf.http_port and waf.https_port: WAF listener ports.
  • quickwit.url: Quickwit API endpoint.
  • request_logging.quickwit: request log shipping settings.
  • honeypot: honeypot server and credential source.
  • notifications: Telegram and Discord notification settings.

Runtime Data

Runtime databases and logs are intentionally ignored by git. Do not commit generated files from data/db/ or logs/.

Related Projects

  • ryujin-agent: endpoint telemetry, FIM, inventory, log collection, and active response.
  • ryujin-dashboard: web interface for managing Ryujin Manager and reviewing security events.

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages