LinuxCommandLibrary

hardhat

Develop, test, and deploy smart contracts

TLDR

List available subcommands (or create a new project if no configuration exists)

$ hardhat
copy

Compile the current project and build all artifacts
$ hardhat compile
copy

Run a user-defined script after compiling the project
$ hardhat run [path/to/script.js]
copy

Run Mocha tests
$ hardhat test
copy

Run all given test files
$ hardhat test [path/to/file1.js] [path/to/file2.js]
copy

Start a local Ethereum JSON-RPC node for development
$ hardhat node
copy

Start a local Ethereum JSON-RPC node with a specific hostname and port
$ hardhat node --hostname [hostname] --port [port]
copy

Clean the cache and all artifacts
$ hardhat clean
copy

SYNOPSIS

hardhat [options] -- command [arguments]

PARAMETERS

--command command
    The command to execute within the sandboxed environment.

--config file
    Path to the configuration file specifying sandbox settings.

--root directory
    The root directory for the namespace. Effectively chroots the process.

--user username
    The user to run the command as.

--group groupname
    The group to run the command as.

--net
    Enable networking in the namespace.

--no-new-privs
    Set the no_new_privs bit on the process.

--seccomp-profile profile
    Path to the seccomp profile to use.

DESCRIPTION

Hardlink Attacker Detection Handler (hardhat) is a security tool designed to execute commands within a restricted environment. It leverages Linux namespaces, seccomp, and cgroups to isolate processes, limit system call access, and control resource usage. This helps prevent attackers from exploiting vulnerabilities in executed commands to gain unauthorized access to the system or cause damage.

Hardhat is particularly useful for sandboxing untrusted code, isolating build processes, or running potentially malicious scripts in a safe and controlled manner. By restricting the capabilities of the executed command, hardhat mitigates the risk of privilege escalation, data breaches, and other security threats.

CAVEATS

Hardhat's effectiveness depends on the completeness and correctness of its configuration. Insufficiently restrictive configurations may still allow attackers to bypass the sandbox. Networking restrictions may impact intended functionality.

CONFIGURATION FILES

Hardhat's behavior is heavily influenced by configuration files. These files specify the resource limits, system call filters, and other restrictions applied to the sandboxed environment. Properly crafted configuration files are crucial for effective sandboxing.

SECURITY CONSIDERATIONS

While hardhat significantly enhances security, it is not a silver bullet. It's essential to regularly audit and update the hardhat configuration and the underlying system to address potential vulnerabilities. Attackers may attempt to exploit weaknesses in the hardhat implementation or the configured restrictions.

HISTORY

Hardhat development is driven by the need for robust sandboxing solutions in environments where untrusted code must be executed. It evolved from earlier sandboxing techniques and incorporates modern Linux kernel features like namespaces, seccomp, and cgroups for enhanced security. Its usage is increasing as security awareness and the complexity of potential attacks grows.

SEE ALSO

chroot(8), unshare(1), seccomp(2)

Copied to clipboard