Skip to content
Snippets Groups Projects

Introduce the SecurityAgent, which assesses and enforces system security

Merged Introduce the SecurityAgent, which assesses and enforces system security
system-security into development
All threads resolved!
Merged
Luc Everserequested to merge
system-security into development
All threads resolved!

Description

Adds a Security Agent to the system, which performs regular security checks:

  • The user running AuTA may not be root
  • The authentication database should not be world-accessible (any of rwx)
  • The authentication database should not be executable by anyone
  • The default privileged user's passwords should be changed

Changes

None.

Additions

  • The SecurityAgent service
  • The system now performs an initial security check before it allows workers to connect
  • Repeated checks happen every 30 minutes
  • A hasUser method for the database which is slightly faster than full user queries

Test and Review

Closes #128 (closed)

To be filled in by the reviewers

  • All of the methods are commented to expectation

  • The methods are tested to satisfaction

  • There are no unnecessary files present in the MR

  • The continuous integration has no problems with the MR

  • The MR is filled in as requested (including labels, milestones, and reviewers)

  • The documentation is up-to-date

  • All nullable parameters are marked as such

Edited by Tim van der Horst

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Tim van der Horst
  • Luc Everse added 1 commit

    added 1 commit

    • 14e55039 - Make the rootness check more explicit

    Compare with previous version

  • Luc Everse added 2 commits

    added 2 commits

    • d1ec650b - Make the security check interval configurable
    • ab44d157 - Test the security agent

    Compare with previous version

  • Luc Everse unmarked as a Work In Progress

    unmarked as a Work In Progress

  • Luc Everse changed the description

    changed the description

  • Erik Oudsen
  • Erik Oudsen marked the checklist item All of the methods are commented to expectation as completed

    marked the checklist item All of the methods are commented to expectation as completed

  • Erik Oudsen marked the checklist item The methods are tested to satisfaction as completed

    marked the checklist item The methods are tested to satisfaction as completed

  • Erik Oudsen marked the checklist item There are no unnecessary files present in the MR as completed

    marked the checklist item There are no unnecessary files present in the MR as completed

  • Erik Oudsen marked the checklist item The continuous integration has no problems with the MR as completed

    marked the checklist item The continuous integration has no problems with the MR as completed

  • Erik Oudsen marked the checklist item The MR is filled in as requested (including labels, milestones, and reviewers) as completed

    marked the checklist item The MR is filled in as requested (including labels, milestones, and reviewers) as completed

  • Erik Oudsen marked the checklist item All nullable parameters are marked as such as completed

    marked the checklist item All nullable parameters are marked as such as completed

  • Erik Oudsen approved this merge request

    approved this merge request

  • Tim van der Horst resolved all discussions

    resolved all discussions

  • Luc Everse
    Luc Everse @leverse
    Author Contributor

    Documentation here: https://gitlab.ewi.tudelft.nl/eip/code-measures/wikis/security#security-agent

  • Tim van der Horst approved this merge request

    approved this merge request

  • Tim van der Horst marked the checklist item The documentation is up-to-date as completed

    marked the checklist item The documentation is up-to-date as completed

  • Luc Everse added 9 commits

    added 9 commits

    Compare with previous version

  • Erik Oudsen approved this merge request

    approved this merge request

  • Tim van der Horst approved this merge request

    approved this merge request

  • Tim van der Horst mentioned in commit 85e03568

    mentioned in commit 85e03568

  • Tim van der Horst merged

    merged

    • Please register or sign in to reply