====== TODOS ====== * ☒ [[bookstack:work:drivesec:selinux|SELinux]] * ☒ Multi Level Security * ☒ Ram Security - Protect against memory dumps * ☒ [[bookstack:work:drivesec:framework_architecture|Test catalog / test execution: Understand if it is possible to parallelize the work in two context]] * ☒ Analyze which language can run with docker / ECR / registry * ☒ Download box configurations directly from Box instead of having local files * ☒ Download the output automatically and open on default editor. Download it with format ''%%scriptname_datetime%%'' * ☒ Graphically handle description field if it is very long === Topics === #SELinux, MLS, RAM Security == SELinux == Done some test on weseth test and read some documentation == MLS Security == After an analysis, it emerged that MLS is mainly used in highly structured organization like governative and militar (DOD, FBI, CIA, ...) and require a steep curve of setup and many effort to maintain it. For this, it will not further analyzed. Anyway it emerged that **MCS (Multi Category Security)** could be a good candidate for protecting some of ours use cases (e.g. docker containers against each other). MCS is a subset of MLS == RAM Security == Analyzed procfs file system and tried to dump memory from a Linux process using root and [[https://github.com/hajzer/bash-memory-dump|a github tool.]] Talked with @Schiff and it seems that a confined user in user_t with default debian policies, even when escalated to root, it cannot read data under /proc/{PID}/ different than its processes. Further test will be done. * ☒ Specifiche SELinux (come proteggere roba) * ☐ Verify list of services on Box Os to check if necessary new policies (other than teleport) -> 24/10/2023 (https://bitbucket.org/drivesec00/box-os/src/develop/config/package-lists/ * ☐ Check on Box os deb package -> 24/10/2023 * ☒ Specifiche Monitoring, Notification ed Execution (servizio) * ☒ Specifiche test image manager (servizio) * ☒ Specifiche base image docker * ☒ Caching docker mechanism === ISSUES FOUND FOR DEMO === == Image manager == * User framework has no access to docker daemon -> usermod -aG docker framework * Wrong ServiceName (CatalogManager instead of ImageManager) == Execution manager == * Should get /input.json instead of input.json * Wrong monitor.log file == Server == * Missing cors from requirements * Missing host from cors * Missing handling of multiple tests * Missing credentials in docker == TODO NOW: == * ☒ Get up BoxClient on testing box * ☒ Get up Server and do a request on this * ☒ Get up frontend and test using this == Problems found: == * ☐ If some error occur, Executor is already running error is thrown. Reset is not done correctly; [AV] * ☒ Server does not pubblish correctly updates if stays too much time up (or receive more than 1 request) [AV] (Probably just --noreload) * ☒ Box client does not receive correctly updates if stays too much time up (or receive more than 1 request) [MDF] (Actually almost always working, only be careful to shadow size) * ☒ Frontend has no output page implemented [RDR] * ☒ Frontend does not handle correctly nested tests [RDR] * ☒ Server must handle more than one script with a queue; [AV] * ☒ Server get is too slow. Implement a faster function [AV] == TODO For demo: == * ☐ Test all test images on a real bench [UF, AV] * ☐ Install all from scratch on a clean box [AV] * ☐ Deploy frontend somewhere [AV] * ☒ Deploy server somewhere [AV] * ☒ Create all mappings for tests [UF] * ☐ Set more understandable notification messages [AV, MDF, UF] * ☐ TEST, TEST, TEST!!!