Pulse/internal/config
rcourtman 524f42cc28 security: complete Phase 1 sensor proxy hardening
Implements comprehensive security hardening for pulse-sensor-proxy:
- Privilege drop from root to unprivileged user (UID 995)
- Hash-chained tamper-evident audit logging with remote forwarding
- Per-UID rate limiting (0.2 QPS, burst 2) with concurrency caps
- Enhanced command validation with 10+ attack pattern tests
- Fuzz testing (7M+ executions, 0 crashes)
- SSH hardening, AppArmor/seccomp profiles, operational runbooks

All 27 Phase 1 tasks complete. Ready for production deployment.
2025-10-20 15:13:37 +00:00
..
api_tokens.go feat: streamline docker agent onboarding 2025-10-14 09:45:32 +00:00
client_helpers.go Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
config.go security: complete Phase 1 sensor proxy hardening 2025-10-20 15:13:37 +00:00
credentials.go Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
export.go Add Apprise notification integration (#570) 2025-10-18 16:39:39 +00:00
guest_metadata.go Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
oidc.go Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
persistence.go Adjust backup and snapshot alert handling 2025-10-18 20:11:01 +00:00
persistence_test.go Adjust backup and snapshot alert handling 2025-10-18 20:11:01 +00:00
registration.go Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
settings.go Add configurable backup polling interval 2025-10-18 13:06:41 +00:00
watcher.go feat: streamline docker agent onboarding 2025-10-14 09:45:32 +00:00