Botman
Botman is a project that aims to ease management of multiple servers.Focus is put around a few concepts :
- Modularity : Everything is a module. This force clean isolation of functions, making the addition of functionnalities a lot easier.
- Spam : We focus on making it easy to send commands to servers using patterns, allowing to query every server at once or only a subset of them.
How it works
This project create 2 apps :- Botman : Simple bot installed on servers to manage.
- Alfred : Bot assistant installed on an external machine.
We chose XMPP over other networks because its open, standardized, extendable, and have multiple servers and clients available (as well as libraries).
The way Botman & Alfred talk depends heavily on how modules are written (as each of them is somewhat independant), but everything tends to work around commands.
The best practice seems to only talk to Alfred, and have it dispatch your commands to botmans.
Talking with Alfred can be done through the XMPP network, or through the HTTPd module.
Security
XMPP Server
You should limit access to your XMPP server :- Turn off account registration : Only admins can create new accounts.
- Restrict IP access to your XMPP server if your servers and users only connects from known locations.
Alfred/Botman friendlist
You can setJID patterns in both alfred.conf and botman.conf, to filter
contacts allowed to add them as friends and talk to them.
Access module
It is possible to give access levels to both commands and users, to restrict certains user to only a subset of available ones.HTTPd module
This module does not support any kind of authentification mechanism, and offer a direct gateway to Alfred's internals.So you might either filter access to port 5128 or completely deny it, and proxify it through nginx/apache, adding http auth in the middle.