docs(security): add Kali maintenance window draft [skip ci]
This commit is contained in:
@@ -1,3 +1,45 @@
|
||||
## 2026-06-04|IwoooS P1-7 Kali 112 Maintenance Window Draft
|
||||
|
||||
**背景**:P1-5 rollback owner handoff 已推送;本段接續 P1-7,針對 Kali `192.168.0.112` 已知缺口建立維護窗口草案。既有只讀證據顯示待更新套件 `1994`、`networking.service` failed、scanner service hardening `0 / 4`、reboot required `false`。本段只整理 owner / reviewer 可審的維護 handoff,不登入主機、不更新、不重啟、不 restart、不套 hardening、不 active scan、不呼叫 `/execute`。
|
||||
|
||||
**本輪完成**:
|
||||
- 新增 `docs/security/KALI-112-MAINTENANCE-WINDOW-DRAFT.md`:整理 owner response 必填欄位、禁止輸入、四條維護 lane、維護前檢查、rollback 草案、post-check 與驗收規則。
|
||||
- 新增 `docs/security/kali-112-maintenance-window-draft.snapshot.json`:固定 `pending_update_count=1994`、`failed_systemd_unit_count=1`、`service_hardening_enabled_count=0`、`service_hardening_expected_count=4`,並維持所有 host action flag 為 `false`。
|
||||
- 新增 `docs/schemas/kali_maintenance_window_draft_v1.schema.json`:讓維護窗口草案、owner response handoff、rollback plan 與 post-check 有可驗契約。
|
||||
- 更新 `KALI-INTEGRATION-STATUS.md` 與 `kali-integration-status.snapshot.json`:連到 P1-7 維護窗口草案,並把下一個 gate 改成先收 owner response / rollback owner / validation owner。
|
||||
- 更新 `DEV-HOSTS-112-111-168-OBSERVE-ONLY-MAPPING.md`:112 維護準備欄位連到 P1-7 草案。
|
||||
- 更新 IwoooS P0/P1 主控總帳:Kali 112 維護準備標記為 P1-7 maintenance window draft `100%`;維護執行仍未開始。
|
||||
|
||||
**完成度更新**:
|
||||
- P1-7 Kali 112 maintenance window draft:`100%`。
|
||||
- Kali 112 維護執行:`0%`。
|
||||
- host update authorized:`false`。
|
||||
- service restart authorized:`false`。
|
||||
- hardening authorized:`false`。
|
||||
- reboot authorized:`false`。
|
||||
- active scan authorized:`false`。
|
||||
- `/execute` authorized:`false`。
|
||||
- active runtime gate:`0`。
|
||||
- IwoooS headline:維持 `64%`,不因文件草案假性調高。
|
||||
|
||||
**驗證**:
|
||||
- `python3 -m json.tool docs/security/kali-112-maintenance-window-draft.snapshot.json`:通過。
|
||||
- `python3 -m json.tool docs/schemas/kali_maintenance_window_draft_v1.schema.json`:通過。
|
||||
- `python3 -m json.tool docs/security/kali-integration-status.snapshot.json`:通過。
|
||||
- 本段自訂結構檢查:`KALI_MAINTENANCE_WINDOW_DRAFT_STRUCTURE_OK`。
|
||||
- `git diff --check`:通過。
|
||||
- `python3 scripts/security/source-control-owner-response-guard.py --root .`:`SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OK`。
|
||||
- `python3 scripts/security/security-mirror-progress-guard.py --root .`:`SECURITY_MIRROR_PROGRESS_GUARD_OK`。
|
||||
- 新增 diff 行 credential pattern 檢查:`NO_ADDED_URL_CREDENTIAL_PATTERNS`。
|
||||
- Schema validator 限制:本地沒有 Python `jsonschema` 與 Node AJV,未跑完整 JSON Schema validator;本段以 JSON parse、自訂結構檢查與既有 guard 補位。
|
||||
- Production 頁面檢查:本段只改 docs / snapshot / schema / LOGBOOK,未改 IwoooS 前端與 production 文案,不宣稱新的 production 狀態;沿用 P0 `/zh-TW/iwooos` desktop / mobile live sanity 基準。
|
||||
|
||||
**目前邊界**:
|
||||
- 本草案完成不代表 maintenance window 已批准。
|
||||
- owner response received / accepted 前,不得執行 `apt upgrade`、full-upgrade、autoremove、restart、hardening、reboot。
|
||||
- active scan、credentialed scan 與 `/execute` 仍需獨立 approval gate,不可包進維護窗口。
|
||||
- 未來 post-check 失敗只能建立人工 follow-up,不得自動補救。
|
||||
|
||||
## 2026-06-04|IwoooS P1-5 Primary Rollback Owner Handoff
|
||||
|
||||
**背景**:P1-4 已補 workflow / secret owner response handoff;本段接著補 P1-5 / S4.4 GitHub primary rollback ADR 的 owner handoff。目標是讓 7 個 in-scope repo 能用同一個只讀封套回覆 rollback owner、fallback role、trigger、pre-cutover / 1h / 24h validation window 與 follow-up owner;這不是 owner approval、不是 dry-run、不是 GitHub primary cutover,也不是 rollback execution。
|
||||
@@ -32,7 +74,7 @@
|
||||
- `python3 scripts/security/security-mirror-progress-guard.py --root .`:`SECURITY_MIRROR_PROGRESS_GUARD_OK`。
|
||||
- URL credential pattern 檢查:本段新增 diff 行無命中;檔案級掃描命中 LOGBOOK 歷史舊行的外洩檢查旗標,非本段新增 credential payload。
|
||||
- Schema validator 限制:本地沒有 Python `jsonschema` 與 Node AJV,未跑完整 JSON Schema validator;本段以 JSON parse、自訂結構檢查與既有 guard 補位。
|
||||
- Production 頁面檢查:本段 P1-5 主要是 docs / snapshot / schema / LOGBOOK;另含 5 個 i18n 鏡像字串修正,未改 layout 或資料鏈路。正式站頁面檢查若後續 CD 部署,需補 `/zh-TW/awooop/runs` desktop / mobile smoke;本段不宣稱新的 production 狀態,IwoooS `/zh-TW/iwooos` 沿用 P0 desktop / mobile live sanity 基準。
|
||||
- Production 頁面檢查:`8a326338` 已由 deploy marker `c046b9c8 chore(cd): deploy 8a32633 [skip ci]` 上線;Browser smoke `/zh-TW/awooop/runs?project_id=awoooi` desktop 1440x1100 與 mobile 390x844 皆載入 50 列、`horizontalOverflow=0`,繁中狀態 / fallback 文案 `需人工`、`執行失敗`、`已驗證`、`已執行`、`待判讀`、`狀態鏈批次回補中` 可見,英文殘留 `Needs human`、`Execution failed`、`Verified`、`Executed`、`Pending`、`Status chain batch is catching up`、`Wait for status-chain batch` 皆為 0。截圖:`/tmp/awoooi-runs-i18n-desktop-20260604.png`、`/tmp/awoooi-runs-i18n-mobile-20260604.png`。IwoooS `/zh-TW/iwooos` 仍沿用 P0 desktop / mobile live sanity 基準。
|
||||
|
||||
**目前邊界**:
|
||||
- P1-5 handoff 只代表 rollback owner request package 可交接,不代表 request 已送出、owner 已回覆或 owner 已批准。
|
||||
|
||||
193
docs/schemas/kali_maintenance_window_draft_v1.schema.json
Normal file
193
docs/schemas/kali_maintenance_window_draft_v1.schema.json
Normal file
@@ -0,0 +1,193 @@
|
||||
{
|
||||
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
||||
"$id": "urn:awoooi:kali-maintenance-window-draft-v1",
|
||||
"title": "Kali 112 Maintenance Window Draft v1",
|
||||
"description": "定義 Kali 192.168.0.112 維護窗口草案、owner 回覆欄位、rollback、post-check 與禁止動作。此契約不授權 apt upgrade、restart、hardening、reboot、active scan 或 /execute。",
|
||||
"type": "object",
|
||||
"required": [
|
||||
"schema_version",
|
||||
"status",
|
||||
"date",
|
||||
"mode",
|
||||
"source_evidence_refs",
|
||||
"summary",
|
||||
"observed_gaps",
|
||||
"owner_response_handoff",
|
||||
"maintenance_window_draft",
|
||||
"rollback_plan_draft",
|
||||
"post_check_plan",
|
||||
"acceptance_rules",
|
||||
"forbidden_actions"
|
||||
],
|
||||
"properties": {
|
||||
"schema_version": {
|
||||
"const": "kali_maintenance_window_draft_v1"
|
||||
},
|
||||
"status": {
|
||||
"type": "string",
|
||||
"enum": ["draft_waiting_owner_review"]
|
||||
},
|
||||
"date": {
|
||||
"type": "string"
|
||||
},
|
||||
"mode": {
|
||||
"type": "string",
|
||||
"enum": ["maintenance_window_draft_only"]
|
||||
},
|
||||
"source_evidence_refs": {
|
||||
"type": "array",
|
||||
"items": {"type": "string"},
|
||||
"minItems": 1
|
||||
},
|
||||
"summary": {
|
||||
"type": "object",
|
||||
"required": [
|
||||
"host",
|
||||
"asset_key",
|
||||
"pending_update_count",
|
||||
"failed_systemd_unit_count",
|
||||
"service_hardening_enabled_count",
|
||||
"service_hardening_expected_count",
|
||||
"reboot_required",
|
||||
"maintenance_window_package_ready",
|
||||
"maintenance_window_completion_percent",
|
||||
"maintenance_window_approved",
|
||||
"host_update_authorized",
|
||||
"service_restart_authorized",
|
||||
"hardening_authorized",
|
||||
"reboot_authorized",
|
||||
"active_scan_authorized",
|
||||
"execute_endpoint_authorized"
|
||||
],
|
||||
"properties": {
|
||||
"host": {"type": "string"},
|
||||
"asset_key": {"type": "string"},
|
||||
"pending_update_count": {"type": "integer", "minimum": 0},
|
||||
"failed_systemd_unit_count": {"type": "integer", "minimum": 0},
|
||||
"service_hardening_enabled_count": {"type": "integer", "minimum": 0},
|
||||
"service_hardening_expected_count": {"type": "integer", "minimum": 0},
|
||||
"reboot_required": {"type": "boolean"},
|
||||
"maintenance_window_package_ready": {"type": "boolean"},
|
||||
"maintenance_window_completion_percent": {"type": "integer", "minimum": 0, "maximum": 100},
|
||||
"maintenance_window_approved": {"type": "boolean", "const": false},
|
||||
"host_update_authorized": {"type": "boolean", "const": false},
|
||||
"service_restart_authorized": {"type": "boolean", "const": false},
|
||||
"hardening_authorized": {"type": "boolean", "const": false},
|
||||
"reboot_authorized": {"type": "boolean", "const": false},
|
||||
"active_scan_authorized": {"type": "boolean", "const": false},
|
||||
"execute_endpoint_authorized": {"type": "boolean", "const": false}
|
||||
},
|
||||
"additionalProperties": false
|
||||
},
|
||||
"observed_gaps": {
|
||||
"type": "array",
|
||||
"items": {
|
||||
"type": "object",
|
||||
"required": ["gap_id", "current_evidence", "risk", "required_before_action"],
|
||||
"properties": {
|
||||
"gap_id": {"type": "string"},
|
||||
"current_evidence": {"type": "string"},
|
||||
"risk": {"type": "string", "enum": ["LOW", "MEDIUM", "HIGH"]},
|
||||
"required_before_action": {
|
||||
"type": "array",
|
||||
"items": {"type": "string"},
|
||||
"minItems": 1
|
||||
}
|
||||
},
|
||||
"additionalProperties": false
|
||||
},
|
||||
"minItems": 1
|
||||
},
|
||||
"owner_response_handoff": {
|
||||
"type": "object",
|
||||
"required": [
|
||||
"status",
|
||||
"request_dispatch_authorized",
|
||||
"required_response_fields",
|
||||
"forbidden_inputs",
|
||||
"response_received",
|
||||
"response_accepted"
|
||||
],
|
||||
"properties": {
|
||||
"status": {"type": "string", "enum": ["ready_not_dispatched"]},
|
||||
"request_dispatch_authorized": {"type": "boolean", "const": false},
|
||||
"required_response_fields": {
|
||||
"type": "array",
|
||||
"items": {"type": "string"},
|
||||
"minItems": 1
|
||||
},
|
||||
"forbidden_inputs": {
|
||||
"type": "array",
|
||||
"items": {"type": "string"},
|
||||
"minItems": 1
|
||||
},
|
||||
"response_received": {"type": "boolean", "const": false},
|
||||
"response_accepted": {"type": "boolean", "const": false}
|
||||
},
|
||||
"additionalProperties": false
|
||||
},
|
||||
"maintenance_window_draft": {
|
||||
"type": "object",
|
||||
"required": ["window_status", "candidate_window", "change_lanes", "pre_window_checks"],
|
||||
"properties": {
|
||||
"window_status": {"type": "string", "enum": ["waiting_owner_selection"]},
|
||||
"candidate_window": {"type": "string"},
|
||||
"change_lanes": {
|
||||
"type": "array",
|
||||
"items": {
|
||||
"type": "object",
|
||||
"required": ["lane_id", "description", "authorization_required", "current_authorized"],
|
||||
"properties": {
|
||||
"lane_id": {"type": "string"},
|
||||
"description": {"type": "string"},
|
||||
"authorization_required": {"type": "string"},
|
||||
"current_authorized": {"type": "boolean", "const": false}
|
||||
},
|
||||
"additionalProperties": false
|
||||
},
|
||||
"minItems": 1
|
||||
},
|
||||
"pre_window_checks": {
|
||||
"type": "array",
|
||||
"items": {"type": "string"},
|
||||
"minItems": 1
|
||||
}
|
||||
},
|
||||
"additionalProperties": false
|
||||
},
|
||||
"rollback_plan_draft": {
|
||||
"type": "array",
|
||||
"items": {
|
||||
"type": "object",
|
||||
"required": ["rollback_item", "required_evidence", "owner_status"],
|
||||
"properties": {
|
||||
"rollback_item": {"type": "string"},
|
||||
"required_evidence": {
|
||||
"type": "array",
|
||||
"items": {"type": "string"},
|
||||
"minItems": 1
|
||||
},
|
||||
"owner_status": {"type": "string", "enum": ["waiting_owner_assignment"]}
|
||||
},
|
||||
"additionalProperties": false
|
||||
},
|
||||
"minItems": 1
|
||||
},
|
||||
"post_check_plan": {
|
||||
"type": "array",
|
||||
"items": {"type": "string"},
|
||||
"minItems": 1
|
||||
},
|
||||
"acceptance_rules": {
|
||||
"type": "array",
|
||||
"items": {"type": "string"},
|
||||
"minItems": 1
|
||||
},
|
||||
"forbidden_actions": {
|
||||
"type": "array",
|
||||
"items": {"type": "string"},
|
||||
"minItems": 1
|
||||
}
|
||||
},
|
||||
"additionalProperties": false
|
||||
}
|
||||
@@ -36,7 +36,7 @@
|
||||
|
||||
| Host | scope | maintenance window | credential handling | rollback owner | validation 指標 |
|
||||
|------|-------|--------------------|---------------------|----------------|-----------------|
|
||||
| `192.168.0.112` | Kali scanner health、tool version、package posture、`networking.service`、service hardening readiness | 待人工指定;目前不得更新、重啟、hardening 或 active scan | SSH key / token 狀態只可記錄 present / absent;不得保存密碼、token value、private key | Security Supply Chain 指派後才可動作 | scanner health、node exporter、wg-easy、pending updates、failed services、reboot required、post-check screenshot / log ref |
|
||||
| `192.168.0.112` | Kali scanner health、tool version、package posture、`networking.service`、service hardening readiness;P1-7 草案見 `KALI-112-MAINTENANCE-WINDOW-DRAFT.md` | 待人工指定;目前不得更新、重啟、hardening 或 active scan | SSH key / token 狀態只可記錄 present / absent;不得保存密碼、token value、private key | Security Supply Chain 指派後才可動作 | scanner health、node exporter、wg-easy、pending updates、failed services、reboot required、post-check screenshot / log ref |
|
||||
| `192.168.0.111` | Ollama fallback、model inventory、host reachability、SSH policy posture、fallback readiness | 待人工指定;目前不得停止模型、重啟服務或改 fallback route | 不收模型 API key、SSH 密碼或 private key;只保存脫敏 evidence ref | Dev Host Steward 指派後才可動作 | Ollama route truth、fallback availability、model list hash、service status、AI route smoke |
|
||||
| `192.168.0.168` | local development origin、repo hygiene、dev-only CORS、local service exposure | 待人工指定;目前不得 credentialed scan 或讀取未授權目錄 | 不收個人憑證、不讀私有目錄、不保存 secrets value | Dev Host Steward 指派後才可動作 | repo secret scan summary、local service list summary、CORS origin review、rollback / disable note |
|
||||
|
||||
|
||||
123
docs/security/KALI-112-MAINTENANCE-WINDOW-DRAFT.md
Normal file
123
docs/security/KALI-112-MAINTENANCE-WINDOW-DRAFT.md
Normal file
@@ -0,0 +1,123 @@
|
||||
# Kali 112 維護窗口草案
|
||||
|
||||
| 項目 | 內容 |
|
||||
|------|------|
|
||||
| 日期 | 2026-06-04 |
|
||||
| 狀態 | 草案,等待 owner review |
|
||||
| Host | `192.168.0.112` |
|
||||
| Asset key | `host:kali-112` |
|
||||
| Schema | `docs/schemas/kali_maintenance_window_draft_v1.schema.json` |
|
||||
| Snapshot | `docs/security/kali-112-maintenance-window-draft.snapshot.json` |
|
||||
| 上游證據 | `docs/security/KALI-INTEGRATION-STATUS.md`、`docs/security/kali-integration-status.snapshot.json` |
|
||||
| 模式 | `maintenance_window_draft_only` |
|
||||
| 執行面授權 | `false` |
|
||||
|
||||
## 0. 核心結論
|
||||
|
||||
P1-7 補的是 Kali `192.168.0.112` 的維護窗口草案,不是維護批准,也不是主機操作計畫。
|
||||
|
||||
目前只讀證據顯示:
|
||||
|
||||
| 證據 | 目前值 |
|
||||
|------|--------|
|
||||
| 待更新套件 | `1994` |
|
||||
| failed systemd units | `1`,為 `networking.service` |
|
||||
| scanner service hardening | `0 / 4` |
|
||||
| reboot required | `false` |
|
||||
| scanner API health | `127.0.0.1:8080/health` 回 `healthy` |
|
||||
| Docker services | `node-exporter`、`wg-easy` 運作中 |
|
||||
|
||||
這些值代表「需要人工安排維護窗口與 rollback」,不代表可以直接 `apt upgrade`、restart、套 hardening、reboot、active scan 或呼叫 `/execute`。
|
||||
|
||||
## 1. 摘要
|
||||
|
||||
| 指標 | 值 |
|
||||
|------|----|
|
||||
| maintenance window package | `ready` |
|
||||
| package completion | `100%` |
|
||||
| maintenance window approved | `false` |
|
||||
| host update authorized | `false` |
|
||||
| service restart authorized | `false` |
|
||||
| hardening authorized | `false` |
|
||||
| reboot authorized | `false` |
|
||||
| active scan authorized | `false` |
|
||||
| `/execute` authorized | `false` |
|
||||
| owner response received / accepted | `false / false` |
|
||||
|
||||
## 2. Owner Response Handoff
|
||||
|
||||
此 handoff 只讓 AwoooP 或 reviewer 請 owner 補維護窗口 metadata。它不是 request sent,也不是 approval queue,更不是可執行動作。
|
||||
|
||||
### 2.1 必填欄位
|
||||
|
||||
| 欄位 | 說明 |
|
||||
|------|------|
|
||||
| `owner_role_or_team` | 維護 owner 的角色或團隊 |
|
||||
| `maintenance_window_start_end_taipei` | 台北時間維護窗口起訖;未填前不安排 |
|
||||
| `change_scope` | 本次允許討論的範圍,例如 package planning、networking.service review、hardening dry-run design |
|
||||
| `rollback_owner` | rollback / stop decision owner |
|
||||
| `validation_owner` | 維護後健康檢查 owner |
|
||||
| `communication_owner` | 對 AwoooP / Telegram / LOGBOOK / operator 同步的 owner |
|
||||
| `reboot_decision` | 是否允許未來 reboot;目前預設 `false` |
|
||||
| `redacted_evidence_refs` | 只填文件、snapshot、ticket 或脫敏 metadata pointer |
|
||||
| `followup_owner` | 補件、拒收或下一階段 owner |
|
||||
|
||||
### 2.2 禁止輸入
|
||||
|
||||
| 類型 | 規則 |
|
||||
|------|------|
|
||||
| credential | 不貼密碼、token value、API key value、private key 或 runner token |
|
||||
| host command | 不貼 `apt upgrade`、restart、hardening apply、reboot 或 shell command |
|
||||
| scan request | 不把 active scan、credentialed scan 或 `/execute` 包進維護窗口 |
|
||||
| runtime action | 不新增 AwoooP action button,不開 runtime blocking control |
|
||||
|
||||
## 3. 維護 Lane 草案
|
||||
|
||||
| Lane | 目的 | 目前授權 |
|
||||
|------|------|----------|
|
||||
| package update planning | 整理 full-upgrade / autoremove / reboot 前置條件 | `false` |
|
||||
| networking.service review | 釐清 failed unit 是否 expected / legacy / real failure | `false` |
|
||||
| scanner systemd hardening dry-run design | 設計 override 與工具相容檢查 | `false` |
|
||||
| post-maintenance validation | 定義維護後 health / service / update / evidence readback | `false` |
|
||||
|
||||
## 4. 維護前檢查
|
||||
|
||||
1. owner response 已收到且 accepted。
|
||||
2. package、service、hardening、reboot scope 不混在同一個未批准動作中。
|
||||
3. 不保存任何 credential value。
|
||||
4. rollback owner 與 validation owner 已指定。
|
||||
5. out-of-band access 與停止條件已定義。
|
||||
6. active scan、credentialed scan 與 `/execute` 仍未授權。
|
||||
|
||||
## 5. Rollback 草案
|
||||
|
||||
| 項目 | 需要證據 | owner 狀態 |
|
||||
|------|----------|------------|
|
||||
| package update rollback | pre-window package list snapshot、apt history / dpkg log redacted ref、rollback owner、reboot decision | waiting owner assignment |
|
||||
| networking.service restart rollback | current network service model、out-of-band access、previous service state snapshot、rollback owner | waiting owner assignment |
|
||||
| systemd hardening override rollback | override file path、scanner tool compatibility result、scanner health before / after refs、rollback owner | waiting owner assignment |
|
||||
|
||||
## 6. 維護後 Post-check
|
||||
|
||||
1. scanner API `/health` 回 healthy。
|
||||
2. `kali-scanner.service` active / enabled。
|
||||
3. `node-exporter` container up。
|
||||
4. `wg-easy` container healthy。
|
||||
5. failed systemd units 已 review。
|
||||
6. pending update count 已記錄。
|
||||
7. reboot required flag 已記錄。
|
||||
8. service hardening state 已記錄。
|
||||
9. AwoooP / IwoooS evidence refs 已更新。
|
||||
10. 沒有 active scan 或 `/execute`,除非另有獨立批准。
|
||||
|
||||
## 7. 驗收規則
|
||||
|
||||
1. 本草案完成不代表 maintenance window 已批准。
|
||||
2. owner response received / accepted 前,不得執行 `apt upgrade`、restart、hardening 或 reboot。
|
||||
3. active scan、credentialed scan 或 `/execute` 必須走獨立 approval gate,不可包進維護窗口。
|
||||
4. 所有 evidence refs 必須脫敏,不保存 credential value。
|
||||
5. 維護後若任何 post-check 失敗,只能建立人工 follow-up,不得自動補救。
|
||||
|
||||
## 8. 階段定位
|
||||
|
||||
P1-7 只把 Kali 112 的維護準備從「缺口已知」推到「owner / reviewer 可照表審維護窗口」。它不改變主機、不開 runtime gate、不啟動掃描,也不提高 IwoooS headline 64%。
|
||||
@@ -9,6 +9,7 @@
|
||||
| 模式 | `observe_only` |
|
||||
| Snapshot | `docs/security/kali-integration-status.snapshot.json` |
|
||||
| Schema | `docs/schemas/kali_integration_status_v1.schema.json` |
|
||||
| Maintenance window draft | `docs/security/KALI-112-MAINTENANCE-WINDOW-DRAFT.md` |
|
||||
|
||||
## 0. 核心結論
|
||||
|
||||
@@ -48,6 +49,12 @@ Kali 主機不是只有文件預留;`192.168.0.112` 目前已經有 live runti
|
||||
|
||||
結論:Kali `192.168.0.112` 今天仍可被 IwoooS 以只讀方式納入證據鏈,scanner runtime 健康也有實機證據;但 `networking.service` failed、`upgradable_package_count=1994` 與服務硬化缺口代表後續仍需要維護窗口、rollback / reboot gate、hardening dry-run 與人工批准,不能直接把「可連線」解讀為主機更新、掃描或調校已完成。
|
||||
|
||||
## 0.1.1 2026-06-04 P1-7 維護窗口草案
|
||||
|
||||
已新增 `docs/security/KALI-112-MAINTENANCE-WINDOW-DRAFT.md` 與 `docs/security/kali-112-maintenance-window-draft.snapshot.json`,把 1994 個待更新套件、`networking.service` failed、scanner service hardening `0 / 4`、rollback owner、post-check owner 與維護後驗證指標整理成 owner / reviewer 可審的 handoff package。
|
||||
|
||||
這是 maintenance window readiness,不是 maintenance approval。`host_update_authorized=false`、`service_restart_authorized=false`、`hardening_authorized=false`、`reboot_authorized=false`、`active_scan_authorized=false`、`execute_endpoint_authorized=false` 全部維持不變。
|
||||
|
||||
## 0.2 2026-05-31 只讀實機快照
|
||||
|
||||
本輪用既有 SSH key 完成 read-only 連線檢查,沒有輸入或保存密碼,沒有啟動 scan、沒有呼叫 `/execute`、沒有執行 package update、沒有調整設定、沒有重啟。
|
||||
@@ -163,4 +170,4 @@ AwoooP 現階段只能 mirror `kali_integration_status_v1`:
|
||||
2. 未來批准後,再建立 `security_finding_v1` ingestion endpoint 或 adapter,先只接 redacted finding。
|
||||
3. 把 `/execute` endpoint 降級為預設停用或單獨 high-risk approval path。
|
||||
4. 修正 Harbor image scan 的 target / project / auth / certificate chain。
|
||||
5. 排 Kali rolling full-upgrade 維護窗口;先 snapshot,再 upgrade,最後 reboot 與健康複驗。
|
||||
5. 依 `KALI-112-MAINTENANCE-WINDOW-DRAFT.md` 收 owner response、rollback owner、validation owner 與維護窗口;未驗收前不做 full-upgrade、restart、hardening、autoremove、reboot 或健康複驗。
|
||||
|
||||
217
docs/security/kali-112-maintenance-window-draft.snapshot.json
Normal file
217
docs/security/kali-112-maintenance-window-draft.snapshot.json
Normal file
@@ -0,0 +1,217 @@
|
||||
{
|
||||
"schema_version": "kali_maintenance_window_draft_v1",
|
||||
"status": "draft_waiting_owner_review",
|
||||
"date": "2026-06-04",
|
||||
"mode": "maintenance_window_draft_only",
|
||||
"source_evidence_refs": [
|
||||
"docs/security/KALI-INTEGRATION-STATUS.md",
|
||||
"docs/security/kali-integration-status.snapshot.json",
|
||||
"docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md",
|
||||
"docs/security/DEV-HOSTS-112-111-168-OBSERVE-ONLY-MAPPING.md",
|
||||
"docs/workplans/2026-06-04-iwooos-security-governance-p0.md"
|
||||
],
|
||||
"summary": {
|
||||
"host": "192.168.0.112",
|
||||
"asset_key": "host:kali-112",
|
||||
"pending_update_count": 1994,
|
||||
"failed_systemd_unit_count": 1,
|
||||
"service_hardening_enabled_count": 0,
|
||||
"service_hardening_expected_count": 4,
|
||||
"reboot_required": false,
|
||||
"maintenance_window_package_ready": true,
|
||||
"maintenance_window_completion_percent": 100,
|
||||
"maintenance_window_approved": false,
|
||||
"host_update_authorized": false,
|
||||
"service_restart_authorized": false,
|
||||
"hardening_authorized": false,
|
||||
"reboot_authorized": false,
|
||||
"active_scan_authorized": false,
|
||||
"execute_endpoint_authorized": false
|
||||
},
|
||||
"observed_gaps": [
|
||||
{
|
||||
"gap_id": "pending-updates-1994",
|
||||
"current_evidence": "2026-06-04 只讀快照顯示 upgradable_package_count=1994。",
|
||||
"risk": "MEDIUM",
|
||||
"required_before_action": [
|
||||
"maintenance window owner response",
|
||||
"package change scope",
|
||||
"rollback owner",
|
||||
"post-check owner",
|
||||
"reboot decision"
|
||||
]
|
||||
},
|
||||
{
|
||||
"gap_id": "networking-service-failed",
|
||||
"current_evidence": "2026-06-04 只讀快照顯示 failed_systemd_unit_names=[networking.service]。",
|
||||
"risk": "MEDIUM",
|
||||
"required_before_action": [
|
||||
"service owner confirmation",
|
||||
"expected network manager / interface model",
|
||||
"restart impact review",
|
||||
"rollback path",
|
||||
"out-of-band access confirmation"
|
||||
]
|
||||
},
|
||||
{
|
||||
"gap_id": "scanner-service-hardening-0-of-4",
|
||||
"current_evidence": "2026-06-04 只讀快照顯示 NoNewPrivileges、PrivateTmp、ProtectSystem、ProtectHome 尚未啟用。",
|
||||
"risk": "MEDIUM",
|
||||
"required_before_action": [
|
||||
"dry-run hardening design",
|
||||
"scanner tool compatibility review",
|
||||
"override rollback file plan",
|
||||
"health check plan",
|
||||
"manual approval"
|
||||
]
|
||||
},
|
||||
{
|
||||
"gap_id": "execute-endpoint-present",
|
||||
"current_evidence": "Kali Scanner API 文件化存在 /execute path,仍是 block candidate。",
|
||||
"risk": "HIGH",
|
||||
"required_before_action": [
|
||||
"separate high-risk approval",
|
||||
"allowlist / disable gate design",
|
||||
"audit event design",
|
||||
"runtime gate",
|
||||
"manual exception record"
|
||||
]
|
||||
}
|
||||
],
|
||||
"owner_response_handoff": {
|
||||
"status": "ready_not_dispatched",
|
||||
"request_dispatch_authorized": false,
|
||||
"required_response_fields": [
|
||||
"owner_role_or_team",
|
||||
"maintenance_window_start_end_taipei",
|
||||
"change_scope",
|
||||
"rollback_owner",
|
||||
"validation_owner",
|
||||
"communication_owner",
|
||||
"reboot_decision",
|
||||
"redacted_evidence_refs",
|
||||
"followup_owner"
|
||||
],
|
||||
"forbidden_inputs": [
|
||||
"password value",
|
||||
"token value",
|
||||
"private key",
|
||||
"API key value",
|
||||
"runner token",
|
||||
"raw secret",
|
||||
"command to execute",
|
||||
"apt upgrade request",
|
||||
"service restart request",
|
||||
"hardening apply request",
|
||||
"active scan request",
|
||||
"execute endpoint request"
|
||||
],
|
||||
"response_received": false,
|
||||
"response_accepted": false
|
||||
},
|
||||
"maintenance_window_draft": {
|
||||
"window_status": "waiting_owner_selection",
|
||||
"candidate_window": "建議由 owner 指定台北時間低流量 2 小時窗口;本草案不自動指定日期或開始維護。",
|
||||
"change_lanes": [
|
||||
{
|
||||
"lane_id": "package-update-planning",
|
||||
"description": "整理 full-upgrade / autoremove / reboot 的人工批准前檢查,不執行 apt upgrade。",
|
||||
"authorization_required": "kali-full-upgrade-reboot approval + rollback owner + post-check owner",
|
||||
"current_authorized": false
|
||||
},
|
||||
{
|
||||
"lane_id": "networking-service-review",
|
||||
"description": "釐清 networking.service failed 是否為 expected / legacy / real failure,不直接 restart。",
|
||||
"authorization_required": "service owner decision + out-of-band access + rollback path",
|
||||
"current_authorized": false
|
||||
},
|
||||
{
|
||||
"lane_id": "scanner-systemd-hardening-dry-run-design",
|
||||
"description": "設計 kali-scanner.service hardening override 的 dry-run / compatibility review,不套用 hardening。",
|
||||
"authorization_required": "scanner owner decision + health compatibility review + rollback file plan",
|
||||
"current_authorized": false
|
||||
},
|
||||
{
|
||||
"lane_id": "post-maintenance-validation",
|
||||
"description": "定義維護後 scanner health、Docker service、failed units、pending updates、reboot required 與 AwoooP / IwoooS evidence readback。",
|
||||
"authorization_required": "validation owner + evidence refs + reviewer acceptance",
|
||||
"current_authorized": false
|
||||
}
|
||||
],
|
||||
"pre_window_checks": [
|
||||
"確認 maintenance window owner response 已收到且 accepted。",
|
||||
"確認 package / service / hardening / reboot scope 沒有混在同一個未批准動作中。",
|
||||
"確認不保存任何 credential value。",
|
||||
"確認 rollback owner 與 validation owner 已指定。",
|
||||
"確認 out-of-band access 與停止條件已定義。",
|
||||
"確認 active scan、credentialed scan 與 /execute 仍未授權。"
|
||||
]
|
||||
},
|
||||
"rollback_plan_draft": [
|
||||
{
|
||||
"rollback_item": "package update rollback",
|
||||
"required_evidence": [
|
||||
"pre-window package list snapshot ref",
|
||||
"apt history / dpkg log redacted ref",
|
||||
"rollback owner",
|
||||
"reboot decision"
|
||||
],
|
||||
"owner_status": "waiting_owner_assignment"
|
||||
},
|
||||
{
|
||||
"rollback_item": "networking.service restart rollback",
|
||||
"required_evidence": [
|
||||
"current network service model",
|
||||
"out-of-band access confirmation",
|
||||
"previous service state snapshot ref",
|
||||
"rollback owner"
|
||||
],
|
||||
"owner_status": "waiting_owner_assignment"
|
||||
},
|
||||
{
|
||||
"rollback_item": "systemd hardening override rollback",
|
||||
"required_evidence": [
|
||||
"override file path",
|
||||
"scanner tool compatibility result",
|
||||
"scanner health before / after refs",
|
||||
"rollback owner"
|
||||
],
|
||||
"owner_status": "waiting_owner_assignment"
|
||||
}
|
||||
],
|
||||
"post_check_plan": [
|
||||
"scanner API /health returns healthy",
|
||||
"kali-scanner.service active / enabled",
|
||||
"node-exporter container up",
|
||||
"wg-easy container healthy",
|
||||
"failed systemd units reviewed",
|
||||
"pending update count recorded",
|
||||
"reboot required flag recorded",
|
||||
"service hardening state recorded",
|
||||
"AwoooP / IwoooS evidence refs updated",
|
||||
"no active scan or /execute call occurred during maintenance unless separately approved"
|
||||
],
|
||||
"acceptance_rules": [
|
||||
"本草案完成不代表 maintenance window 已批准。",
|
||||
"maintenance owner response received / accepted 前,不得執行 apt upgrade、restart、hardening 或 reboot。",
|
||||
"任何 active scan、credentialed scan 或 /execute 都必須走獨立 approval gate,不可包進維護窗口。",
|
||||
"所有 evidence refs 必須脫敏,不保存 credential value。",
|
||||
"維護後若任何 post-check 失敗,只能建立人工 follow-up,不得自動補救。"
|
||||
],
|
||||
"forbidden_actions": [
|
||||
"apt_upgrade",
|
||||
"apt_full_upgrade",
|
||||
"apt_autoremove",
|
||||
"restart_networking_service",
|
||||
"apply_systemd_hardening",
|
||||
"reboot_host",
|
||||
"active_scan",
|
||||
"credentialed_scan",
|
||||
"call_execute_endpoint",
|
||||
"store_credential_value",
|
||||
"change_firewall",
|
||||
"change_networkpolicy",
|
||||
"change_rbac",
|
||||
"enable_runtime_blocking_control"
|
||||
]
|
||||
}
|
||||
@@ -150,7 +150,7 @@
|
||||
"未來批准後建立 Kali scan result ingestion adapter,先只接收 redacted findings",
|
||||
"把 /execute endpoint 改成預設停用或單獨 high-risk approval path",
|
||||
"把 Harbor scan failure 轉成 security finding / ops finding,不直接自動修復",
|
||||
"安排 Kali rolling full-upgrade 維護窗口與 reboot gate"
|
||||
"依 docs/security/KALI-112-MAINTENANCE-WINDOW-DRAFT.md 收 owner response、rollback owner、validation owner 與維護窗口;未驗收前不做 full-upgrade、restart、hardening、autoremove、reboot 或健康複驗"
|
||||
],
|
||||
"still_forbidden": [
|
||||
"run_active_scan_without_scope_approval",
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
| 工作視窗 | IwoooS / AWOOOI 資安治理 P0 |
|
||||
| 本次乾淨 worktree | `/private/tmp/awoooi-iwooos-governance-p0-20260604` |
|
||||
| 本次分支 | `codex/iwooos-governance-p0-20260604` |
|
||||
| 最新觀察到的 `gitea/main` | `8ad8bf48 fix(web): keep run status readable without chain batch` |
|
||||
| 最新觀察到的 `gitea/main` | `c046b9c8 chore(cd): deploy 8a32633 [skip ci]` |
|
||||
| 前一個正式 IwoooS 候選基準 | code `7b8fc093`、deploy marker `45c63488`、LOGBOOK `02cadee6` |
|
||||
| 最新導航 IA 基準 | code `973fc7a4`、LOGBOOK `2555c811`、deploy marker `0260ec89` |
|
||||
| 禁止事項 | 不 force push、不 destructive git、不 SSH 修改主機、不 active scan、不收 secrets 明文、不把 AwoooP approval 當資安批准、不把 UI 可見當 runtime 授權 |
|
||||
@@ -24,7 +24,7 @@
|
||||
| active runtime gate | 0 | 否 | 必須維持 0,直到獨立人工批准、rollback、post-check 與 guard 成立 |
|
||||
| S4.9 owner response gate | 0% | 可在收到合格回覆後調整 | 目前只定義欄位、預檢、收件與驗收,不標記 received / accepted |
|
||||
| GitHub primary readiness | 0 | 否 | primary gate 仍為 0;P1 只讀重盤工作本身目前約 70%,不代表可切 primary |
|
||||
| Kali 112 維護準備 | 只讀證據已納管,維護尚未開始 | 否 | 不更新套件、不重啟、不 hardening、不 active scan |
|
||||
| Kali 112 維護準備 | P1-7 maintenance window draft `100%`;維護尚未開始 | 否 | 不更新套件、不重啟、不 hardening、不 active scan |
|
||||
| 111 / 168 開發主機納管 | observe-only mapping 已有,維護包需補強 | 可補文件,不調 runtime | 仍不 credentialed scan、不讀未授權資料、不自動修復 |
|
||||
| VibeWork 納入 IwoooS | 前端態勢已有 onboarding 欄位,產品邊界需補規範 | 可補文件 | 保留 VibeWork 獨立產品邊界 |
|
||||
|
||||
@@ -129,7 +129,7 @@ S4.9 是目前 IwoooS 64% 能往前的第一優先 gate。驗收前所有 count
|
||||
| 優先 | 工作 | 細項 | 驗證 |
|
||||
|------|------|------|------|
|
||||
| P1 | GitHub primary readiness 只讀重盤 | repo visibility、refs、tags、workflow、secret name、runner、rollback ADR | 只讀 inventory;不建立 repo、不同步 refs |
|
||||
| P1 | Kali 112 維護窗口草案 | 1994 pending updates、`networking.service` failed、服務硬化 0/4、rollback、post-check | 文件與人工批准;不 `apt upgrade`、不 restart |
|
||||
| P1 | Kali 112 維護窗口草案 | 1994 pending updates、`networking.service` failed、服務硬化 0/4、rollback、post-check | P1-7 草案已完成;不 `apt upgrade`、不 restart |
|
||||
| P1 | 111 / 168 主機 scope 補強 | scope、maintenance window、credential handling、rollback owner、validation 指標 | observe-only;不 credentialed scan |
|
||||
| P1 | VibeWork 納入 IwoooS | repo、product、surface、owner、evidence refs、獨立產品邊界 | 繁中 docs/specs;不合併產品責任 |
|
||||
| P1 | Code Review 候選分類 | 前端體驗、測試補洞、文件同步、低風險重構;人工批准後才 Codex | 候選不自動改 code、不自動 deploy |
|
||||
@@ -186,7 +186,7 @@ P1 只讀重盤階段整體完成度:`70%`。它代表 freshness / inventory /
|
||||
| P1-4 | Workflow / runner / secret parity evidence | 已補 2026-06-04 owner response handoff package;webhook、runner owner、deploy key、branch protection、CODEOWNERS、secret name parity 只收 redacted metadata | secret value、hash、masked token、partial token 仍拒收;received / accepted 前全部 0 |
|
||||
| P1-5 | Primary rollback ADR 補強 | 已補 2026-06-04 rollback owner handoff package;逐 repo rollback owner、trigger、validation window、fallback role 進入可交接模板 | ADR approved 前不切 primary;received / accepted / approved 仍 0 |
|
||||
| P1-6 | AwoooP Session 同步 | 同步 commits、runs、production sanity、P1 refresh counts、gate 0 / false | 另一 Session 不再使用舊 refs count |
|
||||
| P1-7 | Kali 112 maintenance window 草案 | packages、`networking.service` failed、hardening 0/4、rollback、post-check | 文件草案,不執行 `apt upgrade` / restart / scan |
|
||||
| P1-7 | Kali 112 maintenance window 草案 | 已補 `KALI-112-MAINTENANCE-WINDOW-DRAFT.md`、snapshot 與 schema;packages、`networking.service` failed、hardening 0/4、rollback、post-check 已進 owner handoff | 文件草案,不執行 `apt upgrade` / restart / hardening / scan |
|
||||
| P1-8 | 111 / 168 開發主機 scope | scope、credential handling、rollback owner、validation 指標 | observe-only,不做 credentialed scan |
|
||||
| P1-9 | VibeWork 納入 IwoooS | repo / product / surface / owner / evidence refs / 獨立產品邊界 | docs/specs 繁中,產品責任不合併 |
|
||||
|
||||
@@ -216,6 +216,8 @@ P1 只讀重盤階段整體完成度:`70%`。它代表 freshness / inventory /
|
||||
| P1-4 JSON parse / structure check | `source-control-workflow-secret-name-owner-response.snapshot.json` 與 schema JSON parse 通過;本段自訂結構檢查 `WORKFLOW_SECRET_OWNER_HANDOFF_STRUCTURE_OK`;本地無 `jsonschema` / AJV,未跑完整 schema validator |
|
||||
| P1-5 Primary rollback owner handoff | S4.4 日期更新為 2026-06-04;補 6 項 rollback owner handoff preflight、11 欄 handoff packet、7 個 repo owner response templates 與送後不變條件;received / accepted / rejected、owner approved、dry-run、active cutover 仍 0 |
|
||||
| P1-5 JSON parse / structure check | `source-control-primary-rollback-adr.snapshot.json` 與 schema JSON parse 通過;本段自訂結構檢查 `PRIMARY_ROLLBACK_OWNER_HANDOFF_STRUCTURE_OK`;本地無 `jsonschema` / AJV 時以 JSON parse、自訂結構檢查與既有 guard 補位 |
|
||||
| AwoooP Runs i18n production smoke | deploy marker `c046b9c8` 已上線 `8a326338`;desktop 1440x1100 / mobile 390x844 皆載入 50 列、`horizontalOverflow=0`;繁中狀態與 fallback 文案可見,英文殘留 0 | 截圖 `/tmp/awoooi-runs-i18n-desktop-20260604.png`、`/tmp/awoooi-runs-i18n-mobile-20260604.png` |
|
||||
| P1-7 Kali 112 maintenance window draft | 新增 `KALI-112-MAINTENANCE-WINDOW-DRAFT.md`、`kali-112-maintenance-window-draft.snapshot.json`、`kali_maintenance_window_draft_v1.schema.json`;1994 pending updates、`networking.service` failed、hardening `0 / 4`、rollback owner、post-check owner 已整理成 handoff | `host_update_authorized=false`、`service_restart_authorized=false`、`hardening_authorized=false`、`reboot_authorized=false`、`active_scan_authorized=false`、`execute_endpoint_authorized=false` |
|
||||
| P1 JSON parse | `gitea-github-awoooi-inventory`、`github-target-probe`、`source-control-primary-readiness-gate`、`source-control-workflow-secret-name-local-evidence`、Gitea repo / search / org blocked snapshots 皆通過 |
|
||||
| P1 production 頁面檢查 | 本輪未改前端、未改 production 文案、未新增 deploy;不宣稱新的 production 狀態,沿用 P0 live sanity 作為基準 |
|
||||
|
||||
|
||||
Reference in New Issue
Block a user