Skip to content

DanaResearchGroup/GuardARC

Repository files navigation

GuardARC

CI Docs codecov License: MIT Python Ruff

A host-level guardrail against outgoing-SSH connection leaks.

GuardARC enforces sane limits on outgoing SSH connections from a workstation to configured remote servers, so that a runaway client — ARC, a babysitter script, an ad-hoc ssh, anything — can never again overwhelm a shared cluster's sshd.

Why this exists. On 2026-06-10 a bug in a client's SSH reconnect path leaked ~500 ESTABLISHED connections to a shared HPC cluster and overwhelmed its sshd, causing a ~9.7-hour outage. The monitoring in place at the time made it worse: its health check SSHed the very server it was watching, so when the server was overloaded the probe hung and the monitor went blind for hours. GuardARC is the host-level safety net that would have caught and contained that independently — trusting no client, and never touching the remote server.

The three controls

GuardARC is three independent layers, ordered weakest-trust → strongest-guarantee. Each works even if the others are down.

Layer Trust model What it does
Gated Broker cooperative Clients (ARC/T3, opt-in) ask permission before connecting and back off gracefully → zero lost work. Best-effort; non-cooperating clients bypass it.
Bully Guard trusts no one Polls local ss -tnp, attributes connections to PIDs. On a misbehaving PID: SIGSTOP (stop growth) → ss --kill excess sockets (relieve the server) → Slack-alert → SIGCONT after cooldown.
Standing nft Rate-Cap kernel-enforced An always-on nftables rule caps the rate of new connections to server:22. Survives the poller crashing; hard-stops a storm at the source.

Design invariants (non-negotiable)

  • Never SSH a monitored server — everything is derived from local ss. (The 9-hour blindness in the incident came from a monitor that SSHed the server.)
  • Signal strictly by PID — never pkill -f <pattern> (self-kill footgun).
  • Self-exclude — the guard never counts or acts against its own PID.
  • Lightweight — a quick ss parse on a ~15–60 s interval; never a load source.

Status

Early development. SocketInspector (the attribution foundation) is implemented and tested; enforcement thresholds and the broker protocol are being finalized. See the architecture docs for the full design.

Installation

git clone https://github.com/DanaResearchGroup/GuardARC.git
cd GuardARC
pip install -e ".[dev]"
pytest tests/ -ra -vv

Requires Python 3.10+, Linux, ss (iproute2), and nft (nftables). Enforcement needs root (sudo).

Documentation

Architecture, installation, and usage: build locally with make -C docs html (output in docs/build/html), or see the published docs.

License

MIT © Dana Research Group, Technion — Israel Institute of Technology

About

GuardARC

Resources

License

Code of conduct

Contributing

Security policy

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors