Pulse/internal/alerts
rcourtman 524f42cc28 security: complete Phase 1 sensor proxy hardening
Implements comprehensive security hardening for pulse-sensor-proxy:
- Privilege drop from root to unprivileged user (UID 995)
- Hash-chained tamper-evident audit logging with remote forwarding
- Per-UID rate limiting (0.2 QPS, burst 2) with concurrency caps
- Enhanced command validation with 10+ attack pattern tests
- Fuzz testing (7M+ executions, 0 crashes)
- SSH hardening, AppArmor/seccomp profiles, operational runbooks

All 27 Phase 1 tasks complete. Ready for production deployment.
2025-10-20 15:13:37 +00:00
..
alerts.go security: complete Phase 1 sensor proxy hardening 2025-10-20 15:13:37 +00:00
alerts_test.go Adjust backup and snapshot alert handling 2025-10-18 20:11:01 +00:00
concurrency_test.go Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
history.go Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
history_concurrency_test.go Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
offline_toggle_test.go Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
quiet_hours_test.go Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
threshold_update_test.go Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
time_threshold_test.go Fix settings security tab navigation 2025-10-11 23:29:47 +00:00