Skip to content

Introduce the SecurityAgent, which assesses and enforces system security

Luc Everse requested to merge system-security into development

Description

Adds a Security Agent to the system, which performs regular security checks:

  • The user running AuTA may not be root
  • The authentication database should not be world-accessible (any of rwx)
  • The authentication database should not be executable by anyone
  • The default privileged user's passwords should be changed

Changes

None.

Additions

  • The SecurityAgent service
  • The system now performs an initial security check before it allows workers to connect
  • Repeated checks happen every 30 minutes
  • A hasUser method for the database which is slightly faster than full user queries

Test and Review

Closes #128 (closed)

To be filled in by the reviewers

  • All of the methods are commented to expectation

  • The methods are tested to satisfaction

  • There are no unnecessary files present in the MR

  • The continuous integration has no problems with the MR

  • The MR is filled in as requested (including labels, milestones, and reviewers)

  • The documentation is up-to-date

  • All nullable parameters are marked as such

Edited by Tim van der Horst

Merge request reports