Tags:
create new tag
view all tags
The current client component has an experimental "secure mode" which intended for sensitive systems where manual vetting of profile changes is desirable. It works like this:

  1. Set the resource client.secure=true.

  1. When a profile is received which contains resource value changes, then the profile is held for approval. A "hand" icon shows in the status page, and the file /var/lcfg/log/client.hold shows the proposed changes (this should be visible via the web interface to the logserver).

  1. The file /var/lcfg/log/client.hold also contains an MD5 signature for the new profile.

  1. To accept the profile, do context secure= sig where sig is the signature from the file.

Issues


  • Changes to the RPM list are not currently held. This needs implementing.

  • Ditto changes to any username/password for profile access.

  • Would it be useful to have some support scripts to make the approval process easier? If so, what would they do?

  • Would it be useful to have some extra kind of notification when a profile is held? Mail? Arbitrary script execution?

  • The difference check is made on the final profile, so changes due to context will be held for approval in the same was as changes in the source profile. This might not always be what is wanted? Should we store approved MD5s and allow any that have been approved previously? Or should we allow a context to contain a list of MD5s?

  • Perhaps individual resources should be allow to specify (via a variant on the type?) whether they are part fo the secure checksum or not?

-- PaulAnderson - 28 Sep 2006

Topic revision: r1 - 2008-02-07 - squinney
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback