Securing log integrity with blockchain certainty
The easiest way to deploy Keralis is using our official Docker images.
- Server:
clemarz/keralis-server - Client:
clemarz/keralis-sender
Create a docker-compose.yml file and start the stack:
# Download docker-compose.yml
curl -O https://raw.githubusercontent.com/clab60917/keralis/feature/docker-migration/docker-compose.yml
# Configure your Hedera keys
echo "HEDERA_ACCOUNT_ID=0.0.xxxx" >> .env
echo "HEDERA_PRIVATE_KEY=302e..." >> .env
# Start
docker compose up -dOn the machine where you want to monitor logs:
docker run -d \
--name keralis-sender \
--restart always \
-v /var/log/nginx:/app/logs_mount \
-e SFTP_HOST=server_ip \
-e SFTP_PORT=2222 \
-e SFTP_USERNAME=keralis \
-e SFTP_PASSWORD=keralissecurepass \
clemarz/keralis-sender:latestKeralis is a distributed security system that ensures log file integrity using Hedera blockchain technology. It detects unauthorized modifications to system logs in real-time, providing tamper-evident monitoring for critical infrastructure.
Why it matters: When attackers compromise systems, log tampering is often their first action to hide their tracks. Keralis ensures any log manipulation is immediately detected and reported, preserving the evidence needed for security investigations and compliance requirements.
In today's cybersecurity landscape, log files represent critical elements for incident detection and forensic analysis. However, these files are primary targets during cyber attacks:
- External attackers modify logs to conceal intrusions and malicious activities
- Insider threats alter audit trails to hide unauthorized actions
- Advanced attacks frequently include log tampering to extend detection time
- Traditional protection methods often have exploitable weaknesses
Most security frameworks and compliance regulations (NIST, ISO27001, PCI-DSS) mandate log integrity protection, but implementing effective solutions remains challenging for many organizations.
| Feature | Description |
|---|---|
| π Blockchain Verification | All log hashes are permanently recorded on Hedera's immutable ledger, creating a tamper-evident chain of evidence |
| β‘ Real-time Detection | Instant identification of log file modifications or deletions through continuous integrity checking |
| π Automated Alerts | Detailed email notifications when integrity violations are detected, including original and modified hash information |
| π Monitoring Dashboard | Comprehensive web interface for system status, historical alerts, and forensic analysis |
| π‘οΈ Distributed Architecture | Strategic separation of components for enhanced security against sophisticated attacks |
| π Public Verification | Independent validation via Hashscan.io blockchain explorer using the TopicID |
| πΈ Cost-Effective | Under $40/month for a typical 5-server deployment including all blockchain transaction fees |
| π Continuous Verification | Periodic integrity checks comparing current file hashes with blockchain records |
| π Encrypted Storage | Secure transmission and storage of log files with strong encryption |
| π Scalable Design | Proven architecture for handling from small deployments to enterprise-scale environments |
Keralis operates using two main components working together in a distributed architecture designed to maximize security:
The client-side component monitors your system's logs and prepares them for secure verification:
- Automatic Detection: Continuously monitors log directories for new files
- Hash Generation: Calculates cryptographic SHA-256 hashes for each log file
- Encryption: Creates encrypted copies of logs (.log.enc) for secure storage
- Secure Transfer: Transmits files to the blockchain server via SFTP
- Verification API: Exposes REST endpoints for integrity checking
- Resource Efficient: Minimal impact on host system performance
The security-focused component that handles verification and alerting:
- Secure Reception: Receives and validates files transmitted from client servers
- Blockchain Anchoring: Publishes log hashes to the Hedera Consensus Service (HCS)
- MongoDB Storage: Maintains databases of hashes, encrypted logs, and system events
- Integrity Verification: Periodically compares current log hashes with blockchain records
- Alert Generation: Creates and sends notifications when discrepancies are detected
- Dashboard Interface: Provides visual monitoring and analysis tools
- Historical Records: Maintains comprehensive audit trail of all system activity
Secure data flow between system components
Keralis has been thoroughly tested in production environments to ensure reliability and efficiency:
- Fast Processing: Calculates SHA-256 hashes in milliseconds even for large log files
- High Throughput: Handles hundreds of log files per day with minimal latency
- Low Resource Usage: Operates efficiently on servers with just 1GB RAM
- Predictable Costs: Blockchain transaction fees remain consistent and affordable
- Proven Reliability: Maintains continuous monitoring with automatic recovery
| Benchmark | Result |
|---|---|
| Hash calculation time (100K line file) | 0.006 seconds |
| Average processing time per file | 6 seconds (detection to blockchain) |
| Daily processing capacity | 500+ files (5-server infrastructure) |
| System resource utilization | 70% capacity on 1GB RAM server |
| Blockchain transaction cost | $0.0001 per hash/message |
- Security Operations Centers (SOCs) requiring tamper-evident log monitoring
- Regulated industries with compliance requirements (NIST, ISO27001, PCI-DSS, HIPAA)
- Financial institutions concerned about fraud and insider threats
- Government agencies needing verifiable security monitoring
- Healthcare organizations protecting sensitive patient data
- IT departments requiring forensic evidence for incident response
- Managed Security Service Providers (MSSPs) offering log integrity as a service
- Node.js v18 or higher
- PM2 (global):
npm install -g pm2 - MongoDB v5 or higher
- Hedera Testnet Account
- Two Linux servers (Ubuntu 20.04+ recommended)
# Clone the repository
git clone https://github.com/clab60917/keralis.git
# Install dependencies
cd keralis
npm install
# Configure environment
cp .env.example .env
nano .env
# Start services
pm2 start ecosystem.config.jsFor detailed setup instructions including server preparation, configuration options, and testing procedures, please refer to our comprehensive documentation.
- Full Documentation - Complete setup and configuration guide
- Live Dashboard Demo - See Keralis in action (username: demo, password: demo123)
- GitHub Repository - Latest code and updates
- Blockchain Platform: Hedera Consensus Service (HCS)
- Backend Technologies: Node.js v18+, Python
- Database: MongoDB v5+
- Process Management: PM2
- Encryption: AES-256 for file encryption
- Hash Algorithm: SHA-256
- API Security: API key authentication
- Dashboard Security: Username/password authentication
- System Requirements: Minimal (runs on 1GB RAM)
- Scalability: Tested with 100,000+ log lines and 500+ daily files
- Monitoring: Real-time dashboard with email alerting
The Keralis monitoring dashboard provides comprehensive visibility into your log integrity status:
- System Overview: At-a-glance status of all monitored components
- Alert Management: List of all integrity violations with detailed information
- Forensic Analysis: Comparison tools for examining modified files
- Blockchain Verification: Direct links to Hashscan.io for independent validation
- Performance Metrics: System statistics and operational data
- User Management: Secure access control for administrative users
Keralis monitoring dashboard interface
We recommend following these security practices when deploying Keralis:
- Regularly rotate API keys (every 90 days)
- Use strong passwords for dashboard access (12+ characters)
- Keep all system components updated
- Configure proper firewall rules for both servers
- Enable HTTPS for all web interfaces
- Perform regular security audits
- Monitor access logs for suspicious activity
Future development plans for Keralis include:
- Multi-client administration interface for managed service providers
- Enhanced hash calculation optimization for extremely high-volume environments
- CLI tool for automated deployment on various Linux distributions
- Advanced analytics for threat intelligence
- Integration with SIEM systems for unified security monitoring
We welcome contributions to the Keralis project! Here's how you can help:
- Report issues: Open detailed bug reports on GitHub
- Suggest features: Share your ideas for improvements
- Submit code: Contribute pull requests to enhance functionality
- Improve documentation: Help us make our guides more comprehensive
- Share experiences: Let us know how you're using Keralis
Please refer to our contributing guidelines for more details.
For questions, issues, or assistance:
- Open an issue on GitHub
- Check the documentation for guides and troubleshooting
- Contact the development team through the repository
This project is licensed under the MIT License - see the LICENSE file for details.
β If you find Keralis useful for your organization's security needs, please consider giving it a star! β
Keralis: When log integrity is non-negotiable.