Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[WIP] security : add more tests #919

Draft
wants to merge 9 commits into
base: master
Choose a base branch
from
Draft

Conversation

shjala
Copy link
Member

@shjala shjala commented Nov 6, 2023

Add a few more security test, overall :

  • check if kernel module signing is enabled.
  • check if there are any unconfined processes running on the system.
  • check if the umask is set to 077.
  • check if there are any hidden executables on the system.
  • check if core dumps are disabled.
  • check if there are any processes running as root.
  • check if AppArmor is enabled.
  • check if the mount options for proc and tmpfs types are secure.
  • check if the tmpfs mounts are secure.

@shjala shjala requested a review from uncleDecart as a code owner November 6, 2023 15:15
@shjala shjala force-pushed the sec_proc branch 3 times, most recently from d630be0 to b42207d Compare November 6, 2023 15:44
@shjala shjala changed the title security : check /proc is mounted with secure options [WIP] security : add more tests Nov 7, 2023
@shjala shjala marked this pull request as draft November 7, 2023 07:17
Signed-off-by: Shahriyar Jalayeri <[email protected]>
Signed-off-by: Shahriyar Jalayeri <[email protected]>
Signed-off-by: Shahriyar Jalayeri <[email protected]>
Signed-off-by: Shahriyar Jalayeri <[email protected]>
Signed-off-by: Shahriyar Jalayeri <[email protected]>
Tests ssh to the device and connection is unstable, it might hang,
better not run in parallel.

Signed-off-by: Shahriyar Jalayeri <[email protected]>
@shjala shjala marked this pull request as ready for review December 20, 2023 13:06
@shjala
Copy link
Member Author

shjala commented Dec 20, 2023

@uncleDecart a bunch of these tests are going to fail until we fix eve, should we disable sec test suit or it is OK if the fail?

@uncleDecart
Copy link
Member

@uncleDecart a bunch of these tests are going to fail until we fix eve, should we disable sec test suit or it is OK if the fail?

@shjala I think it's better to fix tests on EVE. We can rebase EVE test version after that.

@shjala shjala marked this pull request as draft August 28, 2024 11:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants