Skip to content

[WIP] security : add more tests #919

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 9 commits into
base: master
Choose a base branch
from
Draft

[WIP] security : add more tests #919

wants to merge 9 commits into from

Conversation

@shjala
Copy link
Member

@shjala shjala commented Nov 6, 2023
edited
Loading

Add a few more security test, overall :

  • check if kernel module signing is enabled.
  • check if there are any unconfined processes running on the system.
  • check if the umask is set to 077.
  • check if there are any hidden executables on the system.
  • check if core dumps are disabled.
  • check if there are any processes running as root.
  • check if AppArmor is enabled.
  • check if the mount options for proc and tmpfs types are secure.
  • check if the tmpfs mounts are secure.

@shjala shjala requested a review from uncleDecart as a code owner November 6, 2023 15:15
@shjala shjala force-pushed the sec_proc branch 3 times, most recently from d630be0 to b42207d Compare November 6, 2023 15:44
@shjala shjala changed the title security : check /proc is mounted with secure options [WIP] security : add more tests Nov 7, 2023
@shjala shjala marked this pull request as draft November 7, 2023 07:17
@shjala
security : check secure mount options
9d38d88 
Signed-off-by: Shahriyar Jalayeri <[email protected]>
@shjala
security : check tmpfs is secure
f9f043a 
Signed-off-by: Shahriyar Jalayeri <[email protected]>
shjala added 7 commits November 9, 2023 11:36
@shjala
security: check for root processes
de4b8ac 
Signed-off-by: Shahriyar Jalayeri <[email protected]>
@shjala
security : check if coredump is disabled
b458050 
Signed-off-by: Shahriyar Jalayeri <[email protected]>
@shjala
security: check for hidden executables
bd19ba3 
Signed-off-by: Shahriyar Jalayeri <[email protected]>
@shjala
security : check umask
8ef9d2d 
Signed-off-by: Shahriyar Jalayeri <[email protected]>
@shjala
security : check for unconfined processes
0f7de85 
Signed-off-by: Shahriyar Jalayeri <[email protected]>
@shjala
security : check kernel module signing is enabled
987aa27 
Signed-off-by: Shahriyar Jalayeri <[email protected]>
@shjala
silence yetus on paralleltest
ef19727 
Tests ssh to the device and connection is unstable, it might hang,
better not run in parallel.

Signed-off-by: Shahriyar Jalayeri <[email protected]>
@shjala shjala marked this pull request as ready for review December 20, 2023 13:06
@shjala
Copy link
Member Author

shjala commented Dec 20, 2023

@uncleDecart a bunch of these tests are going to fail until we fix eve, should we disable sec test suit or it is OK if the fail?

@uncleDecart
Copy link
Member

uncleDecart commented Dec 21, 2023

@uncleDecart a bunch of these tests are going to fail until we fix eve, should we disable sec test suit or it is OK if the fail?

@shjala I think it's better to fix tests on EVE. We can rebase EVE test version after that.

@shjala shjala marked this pull request as draft August 28, 2024 11:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@uncleDecart uncleDecart Awaiting requested review from uncleDecart uncleDecart is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@shjala @uncleDecart