Session Recording

CyberPAM

Zero Trust Privileged Access Management

🔐 Zero Trust | 🎥 Session Recording | 🌐 Multi-Protocol | 🔒 ABAC Security | 🎨 Beautiful UI

CyberPAM is a comprehensive Zero Trust Privileged Access Management solution designed for secure access to Windows, UNIX systems, and web applications. With its beautiful dark-themed interface and robust security features, it provides enterprise-grade access control and session monitoring capabilities.

I made CyberPAM for my own use, but I'm happy to share it with the community. I've been working with PAM products for years and CyberPAM is the culmination of my experience. Session recording is a must have for any PAM product, and CyberPAM is the best I've seen from an Admin perspective, and user experience. Often implementations of PAM products take a long time to get to production, but not CyberPAM.

⚡️ v0.3.0c Setup Zero Trust Network Access for CyberPAM Targets/Hosts ⚡️

What is PAM? PAM is the process of managing access to resources. It is a critical component of any security architecture.

⚡️ This is a SINGLE CONTAINER (Docker or Kubernetes) and can go from pull to production in 5 minutes and is PERFECT for a SaaS Product 🚀

🚀 Quick Start

CyberPAM is distributed as a Docker container for easy deployment and a 5 minute setup:

Docker

You can just copy paste this into your terminal 🖥️ to deploy or upgrade

# Pull the latest image
docker pull mattrogers/cyberpam:latest

docker stop cyberpam
docker rm cyberpam

# Run with basic configuration
docker run -d \
  --name cyberpam \
  -v cyberpamdb:/data \
  -v cyberpamrecordings:/recordings \
  -p 8080:8080 \
  mattrogers/cyberpam:latest

docker logs cyberpam

Kubernetes

kubectl apply -f kubernetes/deployment-cyberpam.yaml

⚡️NOTICE - GET YOUR ADMIN PASSWORD👋

Access the web interface at http://localhost:8080 after starting the container. The initial admin credentials will be displayed in the container logs:

# View initial admin credentials
docker logs cyberpam

🌟 Features

Security & Access Control 🔒 Zero Trust Architecture with ABAC 🔑 Multi-factor authentication with mandatory TOTP 🔍 Granular access control with 4 security levels 📝 Comprehensive audit logging for compliance 🎥 Session recording with video playback 🔐 Password complexity enforcement	Protocol Support with Session Recording 🖥️ RDP (Remote Desktop Protocol) 🔗 SSH (Secure Shell) 🌐 HTTP/HTTPS (planned)
Session Recording 📹 Full video recording of all sessions 🔄 Automatic video conversion 🔒 Secure storage management ⏱️ Playback controls with timeline ⬇️ Download capabilities 🔐 Access control based on ABAC levels	User Management 👤 Local user authentication 🔑 Role-based access control 🔒 TOTP (2FA) requirement 🔐 Password complexity rules 🕒 Session management 🚫 Failed attempt tracking
Beautiful Interface 🌑 Dark-themed modern UI 🖥️ Matrix-style animations 📱 Responsive design 🔗 Protocol-based grouping 🔑 Role-based navigation 🖼️ Enhanced modals	Cloudflare Zero Trust Support Built in 🔒 Enhanced security with identity-based access 🌐 Secure access to internal applications without VPN 🛡️ Protection against data breaches and cyber threats 🔍 Continuous monitoring and logging of user activity 🔑 Multi-factor authentication (MFA) enforcement 📊 Detailed access control policies and reporting 🚀 Simplified user experience with seamless access

🔧️ Security Notice

CyberPAM is designed to be deployed behind a reverse proxy that handles SSL/TLS termination and additional security controls. We recommend:

SSL/TLS Termination

Use a reverse proxy like Caddy (recommended), Nginx, or Traefik to handle HTTPS:

# Example Caddyfile configuration
cyberpam.yourdomain.com {
    reverse_proxy localhost:8080
}

Zero Trust Network Access INTO CyberPAM

It's easy to setup a tunnel with Cloudflare Zero Trust into CyberPAM.

1. Navigate to Tunnels	2. Add a New Tunnel
3. Create Your Tunnel	4. Copy Your Token
5. Save Token Details	6. Configure Tunnel
7. Verify Tunnel Status	8. Set Access Policies

We strongly recommend placing CyberPAM behind a Zero Trust solution such as:

• Cloudflare Zero Trust
• Zscaler Private Access
• Palo Alto Prisma Access

This ensures:

• Identity-based access control
• DDoS protection
• WAF capabilities
• Additional authentication layer
• Network isolation

Example Architecture

Internet -> Cloudflare Zero Trust -> Reverse Proxy (TLS/Cloudflared) -> CyberPAM Container

🔒 First Time Setup

1. Start CyberPAM
2. Note the initial admin credentials displayed
3. Log in as admin
4. Change password and set up TOTP
5. Begin adding systems and users

🎯 Use Cases

• Privileged Access Management: Secure access to critical systems
• Session Monitoring: Record and audit all user sessions
• Compliance: Meet regulatory requirements with comprehensive logging
• Zero Trust Implementation: Enforce least-privilege access
• Remote Access: Secure remote system management

Screenshots

Version CyberPam 0.3.0c

• Added Zero Trust Network Access from Cloudflare Support
• Added ZTNA Agent https://github.com/RamboRogers/cyberpamagent
• GUI Refactoring and improvements

Version CyberPam 0.2.0c

• Added Zero Trust Network Access from Cloudflare Support
• Added many missing features, like user reset
• Reworkeded more GUI styling inconsistencies
• Enhanced audit log interface with improved readability and filtering
• Added CSV export functionality for audit logs
• Improved system management interface with expanded/compact views
• Added cyberpunk-themed confirmation dialogs and modals
• Enhanced system deletion process with animated feedback
• Added system name display in recordings view
• Improved date/time formatting in recordings view
• Added version display in settings page
• Enhanced navbar consistency across all pages
• Improved admin status handling and security checks
• Added Cloudflare IP support for better security logging
• Enhanced error handling and user feedback
• Improved mobile responsiveness across all views
• Removed sensitive data from the audit log

Version CyberPam 0.1.1c

Please keep the issues and enhancement requests coming!

• New Recording UI (with status and storage)
  • Fixes issues with transcoding (was scripted)
  • Event driven transcoding with nice UI
• Added SSH Key Authentication
• Added more fonts (bugfix)
• Reworked container storage (db persistence)
  • Allows for easier upgrades and backups
• GUI Improvements and Refactoring

⚖️ License

CyberPAM is licensed under a restricted license.

(c)Matthew Rogers 2024. All rights reserved. No Warranty. No Support. No Liability. No Refunds.

Free Demo Software

Connect With Me 🤝