Docs/Fleet Management

Fleet Management

Paid Feature

Deploy multiple TarPit.pro agents across your infrastructure and manage them as a unified fleet.

What is Fleet Management?

Fleet management allows you to run TarPit.pro agents on multiple servers under a single account. Key benefits include:

Unified Dashboard

View all attacks across all servers in one place

Fleet-wide Bans

Ban an IP on one server, propagate to all others

Centralized Config

Push configuration changes to all agents

Real-time Sync

Instant updates via NATS message bus

Architecture

                              ┌─────────────────┐
                              │   Dashboard     │
                              │   (tarpit.pro)  │
                              └────────┬────────┘
                                       │
                              ┌────────┴────────┐
                              │   Central API   │
                              └────────┬────────┘
                                       │
                    ┌──────────────────┼──────────────────┐
                    │                  │                  │
           ┌────────┴────────┐ ┌───────┴───────┐ ┌────────┴────────┐
           │  Agent (US-1)   │ │  Agent (EU-1) │ │  Agent (AS-1)   │
           │  web-server-01  │ │  db-server-01 │ │  api-server-01  │
           └─────────────────┘ └───────────────┘ └─────────────────┘
                    │                  │                  │
                    └──────────────────┼──────────────────┘
                                       │
                           ┌───────────┴───────────┐
                           │   NATS Message Bus    │
                           │   (ban propagation)   │
                           └───────────────────────┘

Setting Up Your Fleet

1. Create Agent Tokens

Go to Dashboard → Settings → Agent Tokens and create a token for each server. You can also use a single token for all agents (less secure but simpler).

2. Install on Each Server

# On each server:
curl -fsSL https://get.tarpit.pro | sudo bash
tarpit-pro activate <agent-token>
sudo tarpit-pro service start

3. Verify Fleet Status

# From any agent:
tarpit-pro fleet list

# Output:
# AGENT ID          HOSTNAME         STATUS    LAST SEEN
# agent_abc123      web-server-01    online    2s ago
# agent_def456      db-server-01     online    5s ago
# agent_ghi789      api-server-01    offline   2h ago

Fleet CLI Commands

List Fleet Agents

tarpit-pro fleet list

# With details:
tarpit-pro fleet list -v

View Fleet-wide Bans

tarpit-pro fleet bans

# Output:
# IP              BANNED BY        REASON                  PROPAGATED
# 192.168.1.100   web-server-01    SSH honeypot           3/3 agents
# 10.0.0.50       db-server-01     MySQL brute force      3/3 agents

Force Sync

# Sync bans from cloud to local
tarpit-pro fleet sync

# Output:
# Syncing fleet bans...
# Downloaded 42 bans from cloud
# Applied 3 new bans locally

View Agent Details

tarpit-pro fleet info <agent-id>

# Output:
# Agent ID: agent_abc123
# Hostname: web-server-01
# IP: 203.0.113.10
# Ports: 21, 22, 23, 3306, 5432, 6379
# Attacks (24h): 847
# Status: online

Ban Propagation

When an attacker is caught by any agent, the ban can automatically propagate to all other agents in your fleet:

1. Attacker hits honeypot on web-server-01
                    │
                    ▼
2. Agent detects attack, bans locally via iptables
                    │
                    ▼
3. Agent reports ban to cloud API
                    │
                    ▼
4. Cloud broadcasts ban via NATS
                    │
          ┌─────────┼─────────┐
          ▼         ▼         ▼
5. All other agents receive and apply ban

Enable/Disable Propagation

# Enable ban propagation (default)
tarpit-pro config set fleet.propagate_bans true

# Disable (this agent won't share or receive bans)
tarpit-pro config set fleet.propagate_bans false

Propagation Settings

# In config.yaml
fleet:
  propagate_bans: true      # Share bans with fleet
  receive_bans: true        # Accept bans from fleet
  sync_interval: 60s        # How often to sync
  ban_threshold: 1          # Min agents to trigger propagation

Dashboard Features

The web dashboard provides fleet-wide visibility:

Fleet Overview: See all agents, their status, and attack counts
Attack Map: Geographic visualization of attacks across all servers
Unified Attack Feed: Real-time feed from all agents
Fleet-wide Search: Search attacks by IP, payload, or agent
Ban Management: View, add, and remove fleet-wide bans

Best Practices

Use descriptive hostnames

Set meaningful hostnames so you can identify agents in the dashboard:

sudo hostnamectl set-hostname web-server-prod-us-east-1

One token per server (recommended)

Create separate tokens for each agent. This allows you to revoke individual agents without affecting others.

Monitor agent health

Set up alerts for agents that go offline. Agents send heartbeats every 60 seconds.

Whitelist internal IPs

Add your internal network ranges to prevent accidental self-banning:

tarpit-pro whitelist add 10.0.0.0/8 --reason 'Internal network'

Fleet Pricing

Fleet management is included in all paid tiers:

Tier	Price	Agents	Ban Propagation
Free	$0	1 (standalone)	No
Starter	$11/mo	Unlimited	Yes
Pro	$25/mo	Unlimited	Yes

Attack storage limits apply per account, not per agent.

CLI Reference All Docs