close Warning: Can't synchronize with repository "(default)" (/usr/svn/silverfile does not appear to be a Subversion repository.). Look in the Trac log for more information.

Changes between Initial Version and Version 1 of administration/security


Ignore:
Timestamp:
Aug 17, 2009, 9:20:41 PM (13 years ago)
Author:
hank
Comment:

Create Security Document

Legend:

Unmodified
Added
Removed
Modified
  • administration/security

    v1 v1  
     1= !SilverFile Security Policies =
     2== Central Key Instance on Slicehost ==
     3We have created a highly secure instance on slicehost ('''jump.silverfilecorp.com'''). 
     4This is where the private key files are located which allow access to the !SilverFile servers.
     5
     6=== Central Instance Users ===
     7''' root ''' and ''' sudo actions ''': Only the master administrator (hank) has
     8root and sudo privileges. 
     9
     10''' sfkeys ''': This user creates keys for each !SilverFile appliance.  A separate
     11key pair with passphrase is created for each !SilverFile appliance.  Access to sfkeys
     12is only via sudo.  Therefore only the master administrator has access to this account.
     13Sfkeys writes new passphrases to the
     14
     15''' sfpass ''':  All administrators have access to this user by '''su''' with a password.
     16Sfpass keeps the passphrase file(s) from the ssh keys. 
     17
     18''' admin users ''': Currently hank, ryan, and greg.
     19
     20=== Central Instance Setup ===
     21The central instance (jump.silverfilecorp.com) is a virtual host on Slicehost. 
     22We are using the default configuration (as configured when creating a new slice)
     23of Ubuntu 9.04.   We have made some custom configurations to augment security:
     24
     25
     26'''Firewall''' - set to allow connections only on port 2222.
     27{{{
     28ufw allow 2222
     29ufw logging on
     30ufw enable
     31ufw status
     32}}}
     33
     34'''sshd configuration''' - add the following to /etc/ssh/sshd_config.
     35This will:
     36 - Make sshd listen on port 2222
     37 - Deny ssh access to root, sfkeys, sfpass (admins must sudo or su to these users)
     38 - Limit number of tries to authenticate to 3 attempts in one ssh session, which might
     39 help with brute force attacks.
     40
     41{{{
     42PermitRootLogin no
     43DenyUsers root sfkeys sfpass
     44MaxAuthTries 3
     45}}}
     46
     47'''Sudo requires target password'''
     48For additional security sudo requires root password, instead of admin user.  Using
     49the '''visudo''' command edit the 'Defaults' line:
     50{{{
     51Defaults        env_reset,targetpw
     52}}}
     53
     54
     55=== Key Creation ===
     56sfkeys user creates a key pair for each !SilverFile appliance.  Use the following
     57command:
     58{{{
     59ssh-keygen
     60}}}
     61Private and public keys are stored in these directories respectively: 
     62
     63{{{
     64/home/sfkeys/private/
     65/home/sfkeys/public/
     66}}}
     67
     68=== Passphrase Edit/Access ===
     69
     70Master passphrase file is located in the sfpass home and called
     71'''passphrase-master.gpg'''
     72This file is edited by sfkeys in encrypted form only.  See this page for info about
     73vim plugin to edit encrypted in place (decrypted file never touches disk)
     74http://www.vim.org/scripts/script.php?script_id=661
     75
     76To initially create the gpg file the command is:
     77{{{
     78gpg -c decryptedfile
     79}}}
     80
     81Administrators will su to sfpass and access the passphrase file by standard out
     82only.  passphrase-master will require the appropriate password.
     83
     84To render decrypted file to STDOUT (note the additional dash):
     85{{{
     86gpg -o - file.gpg
     87}}}
     88
     89'''Never save decrypted passphrase file to disk- View standard out only, and
     90cut/paste passphrase to another terminal'''
     91
     92== Tunneling to specific SilverFile appliance ==
     93
     94From your local terminal, to get to sf001 for instance:
     95
     96{{{
     97ssh -p 2222 jump.silverfilecorp.com -L 2230:sf001.silverfilecorp.com:2222
     98ssh -p 2230 -i sf001.key sf@localhost
     99}}}
     100
     101== Passwords Kept By Administrators ==
     102'''Master Administrator''':
     103 - root@jump.silverfilecorp.com
     104 - sfkeys@jump.silverfilecorp.com
     105
     106'''Administrator'''
     107
     108 - sfkeys@jump.silverfilecorp.com
     109 - Decryption password to passphrase-master.gpg
     110
     111
     112== Appliance Users and Groups ==
     113!SilverFile Devices will have the following users:
     114
     115'''sf''': Admin user for the appliance.  Remote access via ssh is limited
     116to IP of slicehost, and access is only granted with a key located on the central
     117slicehost instance ('''jump.silverfilecorp.com''')
     118sf sudos into root - this will require a password which !SilverFile sysadmins
     119will know and protect.  Password is standardized.
     120
     121'''fileuser''': is a system user just for samba access.  Windows usernames,
     122i.e. first name of the principal attorney, will map to fileuser in /etc/samba/smbusers
     123Fileuser will not have shell access.  They will be setup using the nologin
     124shell i.e. useradd -s /usr/sbin/nologin fileuser
     125
     126We will setup the following group to grant access to the main FILES repository:
     127
     128'''fileusers''': This group will consist of sf, www-data, and fileuser, and will
     129grant read/write access to /FILES directory
     130
     131== !MySql Security ==
     132
     133=== !MySql Users ===
     134
     135'''root''': Required to create silverfile table.  Used for creating table. 
     136Password is standardized.
     137
     138'''sf''': Password for sf user in mysql will be uniquely generated for each
     139sf-app instance.  Authentication credentials are in the sf-app settings.py file.