Monitor Offline Mode

Deploy Monitor in air-gapped environments without internet connectivity.

Overview

Monitor works completely offline with no runtime dependencies:

Build Requirements:

First build requires internet (license validation)
Subsequent builds use cached license (valid 7 days)
Air-gapped CI/CD fully supported

Runtime:

Zero internet connectivity required
All protections work offline
Local incident logging only
No external API calls

How It Works

Initial Build (Internet Required)

First build validates license and caches it:

Bash

export BYTEHIDE_TOKEN="your-token"
dotnet build

export BYTEHIDE_TOKEN="your-token"
dotnet build

Process:

Validates license with ByteHide API
Downloads Cloud configuration (optional)
Caches license in .bytehide-cache/ (7 day validity)
Embeds signature and config in assembly

Subsequent Builds (Offline)

After initial build, no internet needed:

Bash

dotnet build  # Works offline

dotnet build  # Works offline

Process:

Uses cached license from .bytehide-cache/
Uses local or cached configuration
Embeds signature in assembly

Cache expires after 7 days - rebuild with internet to refresh.

Runtime (Always Offline)

Applications run with zero connectivity:

License verified from embedded signature
Configuration loaded from embedded resources
No backend communication
All incidents logged locally
Complete RASP protection offline

Local Logging

Configure file logging in bytehide.monitor.json:

JSON

{
  "logging": {
    "level": "warning",
    "file": {
      "enabled": true,
      "path": "logs/monitor.log",
      "maxSizeMB": 50,
      "maxFiles": 10
    }
  }
}

{
  "logging": {
    "level": "warning",
    "file": {
      "enabled": true,
      "path": "logs/monitor.log",
      "maxSizeMB": 50,
      "maxFiles": 10
    }
  }
}

Default locations:

Platform	Path
Linux	`/var/log/bytehide-monitor/incidents.log`
Windows	`C:\ProgramData\ByteHide\Monitor\incidents.log`
macOS	`/var/log/bytehide-monitor/incidents.log`

Log entry format:

CODE

[2025-12-28 10:30:45] THREAT DebuggerDetection: Debugger attached
  Action: Close
  Confidence: 1.0
  Metadata: {"ProcessId":1234}

[2025-12-28 10:30:45] THREAT DebuggerDetection: Debugger attached
  Action: Close
  Confidence: 1.0
  Metadata: {"ProcessId":1234}

Air-Gapped CI/CD

Option 1: License Cache

Copy .bytehide-cache/ directory to air-gapped environment:

Bash

# Internet-connected machine
export BYTEHIDE_TOKEN="your-token"
dotnet build
# Creates .bytehide-cache/ (valid 7 days)

# Transfer to air-gapped machine
scp -r .bytehide-cache/ user@airgapped:/project/

# Internet-connected machine
export BYTEHIDE_TOKEN="your-token"
dotnet build
# Creates .bytehide-cache/ (valid 7 days)

# Transfer to air-gapped machine
scp -r .bytehide-cache/ user@airgapped:/project/

Option 2: Self-Hosted Runner

Use self-hosted GitHub Actions runner with persistent cache:

YAML

jobs:
  build:
    runs-on: self-hosted-airgapped
    steps:
      - uses: actions/checkout@v3
      - name: Build
        run: dotnet build --configuration Release

jobs:
  build:
    runs-on: self-hosted-airgapped
    steps:
      - uses: actions/checkout@v3
      - name: Build
        run: dotnet build --configuration Release

Cache persists on runner, refreshed every 7 days.

Option 3: Pre-Built Assembly

Build with internet, deploy signed assembly:

Bash

# Internet-connected build server
dotnet publish -c Release -o ./publish

# Transfer signed DLLs to air-gapped environment
scp -r ./publish/ user@airgapped:/deploy/

# Internet-connected build server
dotnet publish -c Release -o ./publish

# Transfer signed DLLs to air-gapped environment
scp -r ./publish/ user@airgapped:/deploy/

Next Steps

Installation

Install Monitor with auto-initialization

JSON Configuration

Local configuration files

Troubleshooting

Common offline issues