Implements comprehensive security hardening for pulse-sensor-proxy: - Privilege drop from root to unprivileged user (UID 995) - Hash-chained tamper-evident audit logging with remote forwarding - Per-UID rate limiting (0.2 QPS, burst 2) with concurrency caps - Enhanced command validation with 10+ attack pattern tests - Fuzz testing (7M+ executions, 0 crashes) - SSH hardening, AppArmor/seccomp profiles, operational runbooks All 27 Phase 1 tasks complete. Ready for production deployment. |
||
|---|---|---|
| .. | ||
| alerts.go | ||
| alerts_test.go | ||
| concurrency_test.go | ||
| history.go | ||
| history_concurrency_test.go | ||
| offline_toggle_test.go | ||
| quiet_hours_test.go | ||
| threshold_update_test.go | ||
| time_threshold_test.go | ||