TODOS

☒ Multi Level Security
☒ Ram Security - Protect against memory dumps
☒ Test catalog / test execution: Understand if it is possible to parallelize the work in two context
☒ Analyze which language can run with docker / ECR / registry

☒ Download box configurations directly from Box instead of having local files
☒ Download the output automatically and open on default editor. Download it with format scriptname_datetime
☒ Graphically handle description field if it is very long

Topics

#SELinux, MLS, RAM Security

SELinux

Done some test on weseth test and read some documentation

MLS Security

After an analysis, it emerged that MLS is mainly used in highly structured organization like governative and militar (DOD, FBI, CIA, …) and require a steep curve of setup and many effort to maintain it. For this, it will not further analyzed.

Anyway it emerged that MCS (Multi Category Security) could be a good candidate for protecting some of ours use cases (e.g. docker containers against each other). MCS is a subset of MLS

RAM Security

Analyzed procfs file system and tried to dump memory from a Linux process using root and a github tool.

Talked with @Schiff and it seems that a confined user in user_t with default debian policies, even when escalated to root, it cannot read data under /proc/{PID}/ different than its processes. Further test will be done.

☒ Specifiche SELinux (come proteggere roba)
- ☐ Verify list of services on Box Os to check if necessary new policies (other than teleport) → 24/10/2023 (https://bitbucket.org/drivesec00/box-os/src/develop/config/package-lists/
☐ Check on Box os deb package → 24/10/2023
☒ Specifiche Monitoring, Notification ed Execution (servizio)
☒ Specifiche test image manager (servizio)
- ☒ Specifiche base image docker
  - ☒ Caching docker mechanism

ISSUES FOUND FOR DEMO

Image manager

User framework has no access to docker daemon → usermod -aG docker framework
Wrong ServiceName (CatalogManager instead of ImageManager)

Execution manager

Should get /input.json instead of input.json
Wrong monitor.log file

Server

Missing cors from requirements
Missing host from cors
Missing handling of multiple tests
Missing credentials in docker

TODO NOW:

☒ Get up BoxClient on testing box
☒ Get up Server and do a request on this
☒ Get up frontend and test using this

Problems found:

☐ If some error occur, Executor is already running error is thrown. Reset is not done correctly; [AV]
☒ Server does not pubblish correctly updates if stays too much time up (or receive more than 1 request) [AV] (Probably just –noreload)
☒ Box client does not receive correctly updates if stays too much time up (or receive more than 1 request) [MDF] (Actually almost always working, only be careful to shadow size)
☒ Frontend has no output page implemented [RDR]
☒ Frontend does not handle correctly nested tests [RDR]
☒ Server must handle more than one script with a queue; [AV]
☒ Server get is too slow. Implement a faster function [AV]

TODO For demo:

☐ Test all test images on a real bench [UF, AV]
☐ Install all from scratch on a clean box [AV]
☐ Deploy frontend somewhere [AV]
☒ Deploy server somewhere [AV]
☒ Create all mappings for tests [UF]
☐ Set more understandable notification messages [AV, MDF, UF]
☐ TEST, TEST, TEST!!!