ladder99 icon indicating copy to clipboard operation
ladder99 copied to clipboard
verified publisher icon Ladder99

Do full security audit

Open bburns opened this issue 3 years ago • 3 comments

bburns avatar Dec 16 '22 16:12 bburns

What type of audits are required?

MRIIOT avatar Dec 17 '22 00:12 MRIIOT

i don't know too much about the topic, but some ideas -

-block unused ports -block non-localhost ip addr access? -audit our adapter, meter, relay Dockerfiles and build procedures -what kind of schedule to rebuild docker images at client installations? monthly? automate eventually -passwords - we tend to re-use pws across a client install, and for root access(?) - better way? -postgres - make a user, give permissions to access certain tables/views

eg oxbox ports -

[pi@001-oxbox ~/ladder99/ladder99-ce]
$ ./list
NAMES       STATUS                 PORTS
adapter     Up 3 hours
agent       Up 4 weeks             0.0.0.0:5000->5000/tcp, :::5000->5000/tcp
backup      Up 4 weeks
dozzle      Up 4 weeks             0.0.0.0:8080->8080/tcp, :::8080->8080/tcp
grafana     Up 4 weeks             0.0.0.0:3000->3000/tcp, :::3000->3000/tcp
meter       Up 4 weeks
mosquitto   Up 4 weeks             0.0.0.0:1883->1883/tcp, :::1883->1883/tcp
nodered     Up 4 weeks (healthy)   0.0.0.0:1880->1880/tcp, :::1880->1880/tcp
pgadmin     Up 4 weeks             0.0.0.0:5050->5050/tcp, :::5050->5050/tcp
portainer   Up 4 weeks             8000/tcp, 9443/tcp, 0.0.0.0:9000->9000/tcp, :::9000->9000/tcp
postgres    Up 4 weeks             0.0.0.0:5432->5432/tcp, :::5432->5432/tcp
relay       Up 4 weeks
traefik     Up 4 weeks             0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp

see also #183

bburns avatar Dec 17 '22 09:12 bburns

I am not quite sure if this issue should be labelled as enhancement or bug, as it is related to both.

tukusejssirs avatar Dec 22 '22 19:12 tukusejssirs