mirror of https://github.com/sipwise/ngcpcfg.git
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
mr13.5.1
mr14.0
mr14.0.1
mr11.5.1
mr12.5.1
mr11.5
mr12.5
mr13.5
mr13.4.1
mr13.4
mr10.5.5
mr10.5.6
mr10.5.7
mr10.5.8
mr10.5.9
mr10.5
mr13.2.1
mr13.2
mr13.3
mr13.3.1
mr12.2.1
mr12.1.1
mr12.0.1
mr12.2
mr12.1
mr12.0
mr13.1
mr13.1.1
mr13.0
mr13.0.1
mr9.5
mr9.5.9
mr12.4
mr12.4.1
mr12.3
mr12.3.1
mr8.5
mr8.5.12
mr9.5.8
mr8.5.11
mr9.5.7
mr11.4
mr11.4.1
mr10.5.1
mr10.5.2
mr10.5.3
mr10.5.4
mr11.2.1
mr11.3.1
mr11.2
mr11.3
mr11.1.1
mr11.1
mr8.5.10
mr9.5.6
mr11.0.1
mr9.5.5
mr8.5.9
mr11.0
mr7.5
mr7.5.13
mr8.5.2
mr8.5.3
mr8.5.4
mr8.5.5
mr8.5.1
mr10.4.1
mr10.4
mr9.5.1
mr7.5.12
mr8.5.8
mr9.5.4
mr10.3
mr10.3.1
mr7.5.11
mr10.1.1
mr10.2.1
mr10.1
mr10.2
mr9.5.3
mr7.5.10
mr8.5.7
mr8.5.6
mr9.5.2
mr10.0.1
mr6.5.12
mr6.5
mr6.5.13
mr10.0
mr9.4
mr9.3.1
mr9.4.1
mr9.3
mr7.5.9
mr9.0.1
mr9.1.1
mr9.2.1
mr9.0
mr9.1
mr9.2
mr7.5.8
mr6.5.11
mr7.5.7
mr5.5
mr5.5.13
mr7.5.6
mr6.5.10
mr8.4
mr8.4.2
mr7.5.5
mr5.5.12
mr8.4.1
mr6.5.9
mr7.5.4
mr8.3
mr8.3.2
mr5.5.5
mr5.5.6
mr5.5.7
mr5.5.8
mr5.5.9
mr5.5.10
mr5.5.11
mr6.5.8
mr8.2.2
mr8.3.1
mr8.2
mr8.1
mr8.0
mr8.1.2
mr7.5.2
mr7.5.3
mr8.1.1
mr8.2.1
mr8.0.2
mr6.5.7
mr7.5.1
mr8.0.1
mr4.5
mr4.5.13
mr6.5.6
mr7.4
mr7.4.2
mr6.5.1
mr6.5.2
mr6.5.3
mr6.5.4
mr6.5.5
mr7.3.2
mr7.4.1
mr7.3
mr7.2.2
mr7.3.1
mr7.2
mr7.1
mr7.1.2
mr7.2.1
mr4.5.12
mr7.0
mr7.0.2
mr7.1.1
mr7.0.1
mr4.5.11
mr6.4.1
mr6.4
mr6.4.2
mr4.5.10
mr6.3.2
mr6.3
mr3.8
mr3.8.13
mr6.2.2
mr6.2
mr4.5.9
mr6.3.1
mr6.0
mr6.1
mr6.1.2
mr6.2.1
mr5.5.4
mr4.5.8
mr6.0.2
mr5.5.2
mr5.5.3
mr6.0.1
mr6.1.1
mr4.5.7
mr3.8.12
mr5.4
mr5.4.2
mr5.5.1
mr4.5.6
mr3.8.11
mr5.3
mr5.3.2
mr5.4.1
mr4.5.5
mr5.2
mr5.2.2
mr5.3.1
mr5.1
mr5.1.2
mr3.8.10
mr5.2.1
mr5.0
mr4.5.4
mr5.0.2
mr5.1.1
mr4.5.3
mr5.0.1
mr3.8.9
mr4.5.2
mr3.8.8
mr4.4
mr4.4.2
mprokop/pytest
mr4.5.1
mr4.4.1
mr3.8.7
mr4.3
mr4.3.2
mr3.8.6
mr4.2
mr4.2.2
mprokop/testing
mr4.3.1
mprokop/tests
mr4.2.1
mr3.8.5
mr4.1
mr4.1.2
mr3.8.4
mr4.0
mr4.0.2
mr4.1.1
mr4.0.1
mr3.8.3
mprokop/autopkgtest2
mr3.8.2
mr3.8.1
mr3.7
mr3.7.2
mr3.6
mr3.7.1
mprokop/autopkgtests
mr3.5.1
mr3.5
mr3.6.2
mr3.6.1
mr3.4
mr3.4.2
vseva/db_defaults
vseva/8419
mr3.4.1
mr3.3
mr3.3.2
mprokop/7577_services
mr3.3.1
mr3.2
mr3.2.2
mr3.2.1
0.18
0.17
mprokop/autopkgtest
mika/header-note
agranig/header-note
sync-replication
0.19.0
0.18.2
0.18.1
0.18.0
0.17.1
0.17.0
0.16.0
0.17.2
0.18.3
mr10.0.1.1
mr10.0.1.2
mr10.1.1.1
mr10.1.1.2
mr10.1.1.3
mr10.2.1.1
mr10.2.1.2
mr10.3.1.1
mr10.4.1.1
mr10.4.1.2
mr10.5.1.1
mr10.5.1.2
mr10.5.1.3
mr10.5.2.1
mr10.5.2.2
mr10.5.2.3
mr10.5.3.1
mr10.5.3.2
mr10.5.4.1
mr10.5.4.2
mr10.5.5.1
mr10.5.5.2
mr10.5.5.3
mr10.5.6.1
mr10.5.6.2
mr10.5.6.3
mr10.5.7.1
mr10.5.7.2
mr10.5.7.3
mr10.5.8.1
mr10.5.8.2
mr10.5.8.3
mr10.5.8.4
mr10.5.9.1
mr10.5.9.2
mr11.0.1.1
mr11.0.1.2
mr11.1.1.1
mr11.1.1.2
mr11.1.1.3
mr11.1.1.4
mr11.1.1.5
mr11.2.1.1
mr11.2.1.2
mr11.2.1.3
mr11.2.1.4
mr11.3.1.1
mr11.3.1.2
mr11.3.1.3
mr11.4.1.1
mr11.5.1.1
mr11.5.1.10
mr11.5.1.2
mr11.5.1.3
mr11.5.1.4
mr11.5.1.5
mr11.5.1.6
mr11.5.1.7
mr11.5.1.8
mr11.5.1.9
mr12.0.1.1
mr12.0.1.2
mr12.0.1.3
mr12.1.1.1
mr12.1.1.2
mr12.2.1.1
mr12.2.1.2
mr12.3.1.1
mr12.4.1.1
mr12.5.1.1
mr12.5.1.2
mr12.5.1.3
mr12.5.1.4
mr12.5.1.5
mr12.5.1.6
mr12.5.1.7
mr12.5.1.8
mr13.0.1.1
mr13.1.1.1
mr13.2.1.1
mr13.2.1.2
mr13.3.1.1
mr13.4.1.1
mr13.4.1.2
mr13.4.1.3
mr13.4.1.4
mr13.5.1.1
mr13.5.1.2
mr13.5.1.3
mr14.0.1.1
mr3.2.1.1
mr3.2.1.2
mr3.2.2.1
mr3.3.1.1
mr3.3.1.2
mr3.3.2.1
mr3.4.1.1
mr3.4.1.2
mr3.4.2.1
mr3.5.1.1
mr3.5.1.2
mr3.5.1.3
mr3.5.1.4
mr3.6.1.1
mr3.6.1.2
mr3.6.2.1
mr3.6.2.2
mr3.7.1.1
mr3.7.2.1
mr3.8.1.1
mr3.8.1.2
mr3.8.10.1
mr3.8.11.1
mr3.8.12.1
mr3.8.13.1
mr3.8.2.1
mr3.8.3.1
mr3.8.3.2
mr3.8.3.3
mr3.8.3.4
mr3.8.4.1
mr3.8.5.1
mr3.8.6.1
mr3.8.7.1
mr3.8.8.1
mr3.8.9.1
mr4.0.1.1
mr4.0.1.2
mr4.0.1.3
mr4.0.1.4
mr4.0.2.1
mr4.1.1.1
mr4.1.1.2
mr4.1.2.1
mr4.2.1.1
mr4.2.1.2
mr4.2.2.1
mr4.3.1.1
mr4.3.2.1
mr4.4.1.1
mr4.4.1.2
mr4.4.1.3
mr4.4.2.1
mr4.5.1.1
mr4.5.1.2
mr4.5.1.3
mr4.5.1.4
mr4.5.1.5
mr4.5.10.1
mr4.5.11.1
mr4.5.12.1
mr4.5.13.1
mr4.5.2.1
mr4.5.3.1
mr4.5.3.2
mr4.5.3.3
mr4.5.3.4
mr4.5.4.1
mr4.5.5.1
mr4.5.6.1
mr4.5.7.1
mr4.5.8.1
mr4.5.9.1
mr5.0.1.1
mr5.0.1.2
mr5.0.1.3
mr5.0.2.1
mr5.1.1.1
mr5.1.2.1
mr5.2.1.1
mr5.2.2.1
mr5.3.1.1
mr5.3.2.1
mr5.4.1.1
mr5.4.2.1
mr5.5.1.1
mr5.5.10.1
mr5.5.10.2
mr5.5.11.1
mr5.5.11.2
mr5.5.12.1
mr5.5.12.2
mr5.5.12.3
mr5.5.13.1
mr5.5.2.1
mr5.5.2.2
mr5.5.3.1
mr5.5.3.2
mr5.5.4.1
mr5.5.5.1
mr5.5.5.2
mr5.5.5.3
mr5.5.6.1
mr5.5.6.2
mr5.5.7.1
mr5.5.7.2
mr5.5.8.1
mr5.5.8.2
mr5.5.9.1
mr5.5.9.2
mr5.5.9.3
mr6.0.1.1
mr6.0.1.2
mr6.0.2.1
mr6.1.1.1
mr6.1.1.2
mr6.1.2.1
mr6.2.1.1
mr6.2.1.2
mr6.2.2.1
mr6.2.2.2
mr6.2.2.3
mr6.3.1.1
mr6.3.2.1
mr6.3.2.2
mr6.4.1.1
mr6.4.1.2
mr6.4.1.3
mr6.4.1.4
mr6.4.2.1
mr6.5.1.1
mr6.5.1.2
mr6.5.1.3
mr6.5.1.4
mr6.5.1.5
mr6.5.1.6
mr6.5.10.1
mr6.5.11.1
mr6.5.11.2
mr6.5.12.1
mr6.5.13.1
mr6.5.2.1
mr6.5.2.2
mr6.5.2.3
mr6.5.2.4
mr6.5.3.1
mr6.5.3.2
mr6.5.4.1
mr6.5.4.2
mr6.5.4.3
mr6.5.4.4
mr6.5.5.1
mr6.5.5.2
mr6.5.5.3
mr6.5.6.1
mr6.5.6.2
mr6.5.7.1
mr6.5.8.1
mr6.5.8.2
mr6.5.9.1
mr6.5.9.2
mr6.5.9.3
mr7.0.1.1
mr7.0.1.2
mr7.0.1.3
mr7.0.2.1
mr7.1.1.1
mr7.1.2.1
mr7.2.1.1
mr7.2.2.1
mr7.2.2.2
mr7.3.1.1
mr7.3.1.2
mr7.3.2.1
mr7.3.2.2
mr7.4.1.1
mr7.4.1.2
mr7.4.2.1
mr7.5.1.1
mr7.5.1.2
mr7.5.1.3
mr7.5.10.1
mr7.5.10.2
mr7.5.10.3
mr7.5.11.1
mr7.5.12.1
mr7.5.13.1
mr7.5.2.1
mr7.5.2.2
mr7.5.2.3
mr7.5.3.1
mr7.5.3.2
mr7.5.4.1
mr7.5.4.2
mr7.5.4.3
mr7.5.4.4
mr7.5.5.1
mr7.5.5.2
mr7.5.6.1
mr7.5.7.1
mr7.5.7.2
mr7.5.8.1
mr7.5.9.1
mr8.0.1.1
mr8.0.1.2
mr8.0.2.1
mr8.1.1.1
mr8.1.1.2
mr8.1.1.3
mr8.1.1.4
mr8.1.2.1
mr8.2.1.1
mr8.2.1.2
mr8.2.1.3
mr8.2.2.1
mr8.2.2.2
mr8.3.1.1
mr8.3.1.2
mr8.3.2.1
mr8.4.1.1
mr8.4.1.2
mr8.4.1.3
mr8.4.1.4
mr8.4.1.5
mr8.4.2.1
mr8.5.1.1
mr8.5.1.2
mr8.5.1.3
mr8.5.10.1
mr8.5.11.1
mr8.5.11.2
mr8.5.12.1
mr8.5.2.1
mr8.5.2.2
mr8.5.2.3
mr8.5.2.4
mr8.5.3.1
mr8.5.3.2
mr8.5.3.3
mr8.5.3.4
mr8.5.3.5
mr8.5.4.1
mr8.5.4.2
mr8.5.4.3
mr8.5.5.1
mr8.5.5.2
mr8.5.6.1
mr8.5.6.2
mr8.5.6.3
mr8.5.7.1
mr8.5.8.1
mr8.5.9.1
mr8.5.9.2
mr9.0.1.1
mr9.0.1.2
mr9.0.1.3
mr9.1.1.1
mr9.1.1.2
mr9.1.1.3
mr9.1.1.4
mr9.2.1.1
mr9.2.1.2
mr9.2.1.3
mr9.3.1.1
mr9.3.1.2
mr9.3.1.3
mr9.4.1.1
mr9.4.1.2
mr9.4.1.3
mr9.5.1.1
mr9.5.1.2
mr9.5.1.3
mr9.5.1.4
mr9.5.1.5
mr9.5.2.1
mr9.5.2.2
mr9.5.2.3
mr9.5.3.1
mr9.5.4.1
mr9.5.5.1
mr9.5.5.2
mr9.5.6.1
mr9.5.6.2
mr9.5.7.1
mr9.5.7.2
mr9.5.8.1
mr9.5.9.1
${ noResults }
Richard Fuchs
92dccb4b10
according to security framework spec 5.5.4 Allow r/w access /etc/ngcp-config/config.yml for users in security domain ngcp-admin This file contains operational configuration data of the NGCP system. Reading and editing it is part of day-to-day operations. As such it has to be read- and writable by users in security domain ngcp-admin. It is also readable by users of any other security domain. This file is also read by many NGCP processes. The current default setup of the NGCP does not implement permissions as required by tightened user security. Required permission settings have to be applied manually issuing command: chgrp ngcp-admin /etc/ngcp-config/config.yml Security domain: ngcp-admin User ownership: root Group ownership: ngcp-admin File permissions: 664 IMPACT: Configuration data can be edited by all users in group ngcp-admin, the sipwise user, and user root. If for some reason (e.g. after upgrade) the proposed settings are reverted to default settings, this does not pose a security risk. However, write access to configuration data in this file will be denied to named users. 5.5.5 Allow r/w access to /etc/ngcp-config/network.yml for users in security domain ngcp-admin This file contains information about the network configuration of the NGCP cluster. This information should not frequently change. Nevertheless, this file and its content is meant for the operator and as such is read- and writable by users in security domain ngcp-admin. It is also readable by users of any other security domain. This file is also read by many NGCP processes. The current default setup of the NGCP does not implement permissions as required by tightened user security. Required permission settings have to be applied manually issuing command: chgrp ngcp-admin /etc/ngcp-config/network.yml Security domain: ngcp-admin User ownership: root Group ownership: ngcp-admin File permissions: 664 IMPACT: Configuration data can be edited by all users in group ngcp-admin, the sipwise user, and user root. If for some reason (e.g. after upgrade) the proposed settings are reverted to default settings, this does not pose a security risk. However, write access to configuration data in this file will be denied to named users. 5.5.6 Restrict access to /etc/ngcp-config/constants.yml to users in security domain root This file contains values set during the initialization of the NGCP system. It contains passwords used by different NGCP functions to connect to other secured subsystems (e.g. DB or lawful intercept). As such the file has a high security impact and is read- and writeable to users of security domain root only. The current default setup of the NGCP does not implement permissions as required by tightened user security. Required permission settings have to be applied manually issuing command: chmod 600 /etc/ngcp-config/constants.yml Security domain: root User ownership: root Group ownership: root File permissions: 600 IMPACT: Data in this configuration file are usually entered once during commissioning of the platform. Only users root or sipwise can edit or read this file. The customer’s named users have no access to this data. If for some reason (e.g. after upgrade) the proposed settings are reverted to default settings, this poses a security risk as credentials used internally may be leaked to unprivileged users. Change-Id: I49a2994a227b9c296966c805c9370ae3b067de12 |
7 years ago | |
|---|---|---|
| .. | ||
| apply | TT#44969 Extract git status check to common function (for further refactoring) | 7 years ago |
| build | TT#55162 add ngcp-admin group | 7 years ago |
| check | TT#58205 Fix misc typos | 7 years ago |
| clean | TT#44969 Extract git status check to common function (for further refactoring) | 7 years ago |
| commit | TT#47373 Remove path hardcoding for hooks handling | 7 years ago |
| decrypt | TT#22411 Fix spelling mistakes/typos | 8 years ago |
| del | TT#17650 Switch to use YAML::XS instead of YAML::Tiny | 9 years ago |
| diff | TT#15824 Update code based on comments from previous code review | 9 years ago |
| encrypt | TT#37257 encrypt: clean glusterfs data in new data storage '/ngcp-data/glusterfs/' | 7 years ago |
| etckeeper | TT#44969 Extract git status check to common function (for further refactoring) | 7 years ago |
| initialise | TT#47956 Subtract HA repo setup from 'initialise' into 'init-shared' | 7 years ago |
| log | MT#17219 Use $@ instead of $* when we need to preserve argument grouping | 10 years ago |
| patch | TT#50100 scripts/patch: preserve file permissions when creating customtt | 7 years ago |
| services | TT#58703 services: Start sysctl services before monit and ha.d | 7 years ago |
| set | TT#44516 Fix quoting logic for script 'set' for values like '10G' | 7 years ago |
| show | TT#15824 Fix shellcheck warnings | 9 years ago |
| status | TT#44969 Extract git status check to common function (for further refactoring) | 7 years ago |
| values | TT#37401 Use Unix sockets to avoid relying on hostnames for localhost/loopback | 8 years ago |