close Warning: Can't synchronize with repository "(default)" (/usr/svn/silverfile does not appear to be a Subversion repository.). Look in the Trac log for more information.

Changes between Initial Version and Version 1 of administration/security

Aug 17, 2009, 9:20:41 PM (13 years ago)

Create Security Document


  • administration/security

    v1 v1  
     1= !SilverFile Security Policies =
     2== Central Key Instance on Slicehost ==
     3We have created a highly secure instance on slicehost (''''''). 
     4This is where the private key files are located which allow access to the !SilverFile servers.
     6=== Central Instance Users ===
     7''' root ''' and ''' sudo actions ''': Only the master administrator (hank) has
     8root and sudo privileges. 
     10''' sfkeys ''': This user creates keys for each !SilverFile appliance.  A separate
     11key pair with passphrase is created for each !SilverFile appliance.  Access to sfkeys
     12is only via sudo.  Therefore only the master administrator has access to this account.
     13Sfkeys writes new passphrases to the
     15''' sfpass ''':  All administrators have access to this user by '''su''' with a password.
     16Sfpass keeps the passphrase file(s) from the ssh keys. 
     18''' admin users ''': Currently hank, ryan, and greg.
     20=== Central Instance Setup ===
     21The central instance ( is a virtual host on Slicehost. 
     22We are using the default configuration (as configured when creating a new slice)
     23of Ubuntu 9.04.   We have made some custom configurations to augment security:
     26'''Firewall''' - set to allow connections only on port 2222.
     28ufw allow 2222
     29ufw logging on
     30ufw enable
     31ufw status
     34'''sshd configuration''' - add the following to /etc/ssh/sshd_config.
     35This will:
     36 - Make sshd listen on port 2222
     37 - Deny ssh access to root, sfkeys, sfpass (admins must sudo or su to these users)
     38 - Limit number of tries to authenticate to 3 attempts in one ssh session, which might
     39 help with brute force attacks.
     42PermitRootLogin no
     43DenyUsers root sfkeys sfpass
     44MaxAuthTries 3
     47'''Sudo requires target password'''
     48For additional security sudo requires root password, instead of admin user.  Using
     49the '''visudo''' command edit the 'Defaults' line:
     51Defaults        env_reset,targetpw
     55=== Key Creation ===
     56sfkeys user creates a key pair for each !SilverFile appliance.  Use the following
     61Private and public keys are stored in these directories respectively: 
     68=== Passphrase Edit/Access ===
     70Master passphrase file is located in the sfpass home and called
     72This file is edited by sfkeys in encrypted form only.  See this page for info about
     73vim plugin to edit encrypted in place (decrypted file never touches disk)
     76To initially create the gpg file the command is:
     78gpg -c decryptedfile
     81Administrators will su to sfpass and access the passphrase file by standard out
     82only.  passphrase-master will require the appropriate password.
     84To render decrypted file to STDOUT (note the additional dash):
     86gpg -o - file.gpg
     89'''Never save decrypted passphrase file to disk- View standard out only, and
     90cut/paste passphrase to another terminal'''
     92== Tunneling to specific SilverFile appliance ==
     94From your local terminal, to get to sf001 for instance:
     97ssh -p 2222 -L
     98ssh -p 2230 -i sf001.key sf@localhost
     101== Passwords Kept By Administrators ==
     102'''Master Administrator''':
     103 -
     104 -
     108 -
     109 - Decryption password to passphrase-master.gpg
     112== Appliance Users and Groups ==
     113!SilverFile Devices will have the following users:
     115'''sf''': Admin user for the appliance.  Remote access via ssh is limited
     116to IP of slicehost, and access is only granted with a key located on the central
     117slicehost instance ('''''')
     118sf sudos into root - this will require a password which !SilverFile sysadmins
     119will know and protect.  Password is standardized.
     121'''fileuser''': is a system user just for samba access.  Windows usernames,
     122i.e. first name of the principal attorney, will map to fileuser in /etc/samba/smbusers
     123Fileuser will not have shell access.  They will be setup using the nologin
     124shell i.e. useradd -s /usr/sbin/nologin fileuser
     126We will setup the following group to grant access to the main FILES repository:
     128'''fileusers''': This group will consist of sf, www-data, and fileuser, and will
     129grant read/write access to /FILES directory
     131== !MySql Security ==
     133=== !MySql Users ===
     135'''root''': Required to create silverfile table.  Used for creating table. 
     136Password is standardized.
     138'''sf''': Password for sf user in mysql will be uniquely generated for each
     139sf-app instance.  Authentication credentials are in the sf-app file.