A full-stack application for visualizing MongoDB data with an interactive dashboard featuring a file navigator, terminal interface, and data visualization.
filesnitch.com, showing the most accessed files for different users.
/backend/server.py is ran passively in the background on a desired device or network. This data can be accessed from the website.
We all conduct research in various fields, including abstract algebra, parallel algorithms, and accessible programming, and to accomplish our study, we need access to safe, reliable, high-performance computing clusters. However, outside of what a system administrator can reasonably achieve on such systems, HPC clusters can be dangerous and lawless lands, full of unwarranted attempts to access root, underutilized GPU jobs, and even cryptocurrency mining. Furthermore, computers installed by companies and government agencies may also contain records of unwanted activity by their users. As such, we propose FileSnitch, a dashboard and tool that monitors file usage among HPC clusters and other computer users to aid digital forensics in identifying nefarious activity.
FileSnitch records user file access and usage on different computers and reports this information to a dashboard. System administrators can use this dashboard to investigate foul behavior on the cluster, and digital forensic investigators can use the records to identify files of interest when criminal activity reaches the cluster. For example, file usage statistics can be powerful heuristics for quickly navigating and identifying points of interest for criminal activity. Identifying behavior like this has become increasingly essential as the use of HPC clusters for AI/ML workloads and scientific simulations has risen drastically. Additionally, this software helps companies identify criminal activity when their computers are used as evidence.
We initiate lightweight processes across systems in Python to monitor for system calls for opening and accessing files using the 'lsof' command and create a record of such file accesses. We then post such records to two collections in a MongoDB database, enabling the storage of large volumes of data pulled from a vast number of distinct computers or nodes. One collection stores the total number of accesses for a specific file by user, and the other stores more information about the file, including the process ID, time of access, and command used to access it. Our frontend is a Vue.js dashboard with a mini terminal, providing a seamless way to search for file statistics quickly. We also support a file distribution visualization inspired by WinDirStat and a user-organized file explorer. We deploy our tool using Vercel.
We're really proud of the visualizations that we have integrated into the website. They look very pretty and colorful. We also got to learn new technologies, such as MongoDB and Vue. Going forward, we want to test deployment on more HPC clusters and other devices. Additionally, we want to add more visualizations.