rcourtman
|
524f42cc28
|
security: complete Phase 1 sensor proxy hardening
Implements comprehensive security hardening for pulse-sensor-proxy:
- Privilege drop from root to unprivileged user (UID 995)
- Hash-chained tamper-evident audit logging with remote forwarding
- Per-UID rate limiting (0.2 QPS, burst 2) with concurrency caps
- Enhanced command validation with 10+ attack pattern tests
- Fuzz testing (7M+ executions, 0 crashes)
- SSH hardening, AppArmor/seccomp profiles, operational runbooks
All 27 Phase 1 tasks complete. Ready for production deployment.
|
2025-10-20 15:13:37 +00:00 |
|
rcourtman
|
6fdef61710
|
Expand monitoring and discovery test coverage
|
2025-10-16 08:17:08 +00:00 |
|
rcourtman
|
aaae27dc11
|
Log memory source transitions for diagnostics (#553)
|
2025-10-15 19:19:11 +00:00 |
|
rcourtman
|
32421b36b8
|
Refs #533: add total-minus-used memory fallback
|
2025-10-15 18:19:54 +00:00 |
|
rcourtman
|
881b7f9a54
|
Fix false ZFS log/cache warnings
|
2025-10-14 20:57:43 +00:00 |
|
rcourtman
|
7e5fa9a147
|
fix: restore cache-aware node memory on PVE 8.4
|
2025-10-14 16:40:45 +00:00 |
|
rcourtman
|
2163d6f5a8
|
Use guest meminfo available for VM memory usage
|
2025-10-12 11:03:56 +00:00 |
|
rcourtman
|
f46ff1792b
|
Fix settings security tab navigation
|
2025-10-11 23:29:47 +00:00 |
|