lfg2025/archy
1
0
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects Releases 44 Wiki Activity
archy/loop/pentest/report.md
Dorian 870ff095d8 feat: rootless podman, session hardening, boot stability, sidebar fix 
Rootless podman migration (TASK-11):
- Remove sudo from all podman calls in PodmanClient + 8 backend files
- Remove sudo from all podman/docker calls in deploy script
- Restore full systemd security hardening: NoNewPrivileges,
  RestrictAddressFamilies, MemoryDenyWriteExecute, RestrictRealtime,
  RestrictNamespaces, RestrictSUIDSGID, SystemCallFilter, ProtectSystem=strict
- Enable loginctl linger for rootless container persistence
- Remove Ollama from auto-deploy (marketplace-only)

Session & auth hardening:
- Increase MAX_CONCURRENT_SESSIONS 20→50 (prevents eviction storms)
- Debounced 401 redirect in rpc-client.ts (prevents redirect storms)

Boot stability:
- optimize-debian.sh: adds chrony, swap, removes policy-rc.d
- deploy script: pre-restart chrony + swap setup
- ISO build: chrony package, swap file creation
- BootScreen: no longer clears localStorage (prevents splash replay)
- RootRedirect: sole owner of localStorage clearing on server ready

UI fixes:
- Sidebar opacity default changed from 0→visible (fixes missing sidebar
  after page-persistence login without entrance animation)
- Console.log/error wrapped in import.meta.env.DEV guards
- Remove unused route import from RootRedirect

Beta tracking:
- CLAUDE.md: beta freeze protocol added
- MASTER_PLAN.md: TASK-11, TASK-17, phase structure
- BETA-PROGRESS.md: initial tracking doc
- Tagged v1.2.0-alpha.1 as pre-rootless baseline

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 13:53:27 +00:00

16 lines
1020 B
Markdown
Raw Blame History

Report written to `loop/pentest/security-assessment-report.md`.
**Summary: 27 findings** (8 Critical, 10 High, 6 Medium, 3 Low)
The report includes:
- **Executive summary** with overall CRITICAL rating and top 3 recommendations
- **Scope and methodology** covering nmap, source review, and live exploitation
- **Full findings table** — 21 exploitation-confirmed + 6 recon-confirmed
- **Detailed findings** — each with evidence (curl commands + responses), impact, and OWASP mapping
- **Critical attack chain** — 7-step full compromise from any LAN device, zero auth
- **Prioritized recommendations** — 20 remediation items across P0/P1/P2
- **Positive security controls** — bcrypt, TOTP, session tokens, container security noted
- **Appendices** — port inventory, container list, root cause tree, OWASP mapping, non-exploitable exclusions
The root cause is AUTH-001 (no session management). Fixing it addresses 15 of 27 findings. Combined with credential lockdown and port binding, 23 of 27 are resolved.
Reference in New Issue View Git Blame Copy Permalink