-
Notifications
You must be signed in to change notification settings - Fork 2
Add checksum reporting to critical system files #412
Conversation
@rptrchv can we change the Issues section down to it's own section? These are important as they also will need to be converted into recommended action items. |
Also as @vpetersson told us 2 weeks ago the checksum should be a tooltip hidden behind an icon, just like those |
I don't quite understand how it should look. Can you provide more detail or maybe even some hand-drawn picture? |
This won't allow a user to copy the checksum |
@rptrchv In order to speed things up, let's keep the structure that you had and iterate later. However, let's change it to look more like this: Re-use the same warning icon as the other ones (I took a shortcut there).. |
@vpetersson ok. what about checksum? should I leave it as is? |
Yeah leave that as is for now. |
But also, please pay attention to and make sure to use Title Case in headings. |
@rptrchv Keep in mind that I put in "OpenSSH Audit" in as a placeholder for this. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@rptrchv Please state what a commit does instead of "Improvements requested in the review"
backend/device_registry/models.py
Outdated
if v == 'yes': | ||
secure_value = 'no' | ||
else: | ||
secure_value = '2' # Support only 'Protocol' now. TODO: improve this. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This needs improvement indeed. Not only the "Protocol" field should be explicitly handled, but also PermitRootLogin may have other values than "yes".
@@ -25,3 +25,5 @@ | |||
IS_DEV = True | |||
|
|||
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' | |||
|
|||
ALLOWED_HOSTS = ['*'] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should this be here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, it's needed for making it accessible from my own device (from local network) when run with docker-compose
. I hope this addition won't break anything in our prod infrastructure
- moved 'System File Audit' section to the proper place - added 'Configuration Audit' section with only OpenSSH issues for now
Closes #400
Depends on WoTTsecurity/agent#207 WoTTsecurity/agent#213