Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement "Use Correct Filesystem Permissions." hardening advice #265

Open
akerouanton opened this issue Nov 29, 2021 · 2 comments
Open

Implement "Use Correct Filesystem Permissions." hardening advice #265

akerouanton opened this issue Nov 29, 2021 · 2 comments

Comments

@akerouanton
Copy link
Contributor

The Production Hardening guide have the following bullet:

Use Correct Filesystem Permissions. Always ensure appropriate permissions are applied to files prior to starting Vault, especially those containing sensitive information.

This would be implemented through a shell script declared in a ExecStartPre directive of the systemd service (and before starting the daemon in init scripts). It'd have to check for the file perms and owner/group of all the paths declared in this role.

Would such change be accepted by maintainers (if so, I can work on it)?
@bbaassssiiee
Copy link
Member

Rather audit the file permissions in this role and create a pull-request for improvements.

@bbaassssiiee
Copy link
Member

You could also add Goss or TestInfra tests that users can run.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@akerouanton @bbaassssiiee