Comments (4)
bifurcation
commented on May 26, 2024
Notes from conversation with jcjones:
- Software Error Conditions: Probably just have log.Error() marked as audit, and make sure we log something
- Software Integrity: Probably part of the deployment system, vs. boulder
- Improper messages: Log in RPC code
- Certificate requests, etc: Log when any of the *Authorities handles such an object, not just in CA
from boulder.
bifurcation
commented on May 26, 2024
This issue should be mostly addressed in PR #136. That PR needs review, and it omits the following:
- Any audit logging of revocation (since we don't support revocation yet)
- The various deployment-related audit events noted above
from boulder.
jcjones
commented on May 26, 2024
These two have been moved to Project Management for OS / Deployment level audit logging:
Software check integrity failures – Date and time of event, and description of event are automatically logged by the application reporting the event or by the operating system.
Any security-relevant changes to the configuration of a component – Date and time of modification, name of modifier, description of modification, build information (i.e. size, version number) of any modified files and the reason for modification are manually logged during change management processes.
Everything else is getting implemented in #175 and #204.
from boulder.
jcjones
commented on May 26, 2024
Sub-issues #204 and #175 are closed. The remaining issues are outside of Boulder, so I'm closing this issue too.
from boulder.
Related Issues (20)
- Include sha256sums of the release artifacts
- ARI stats for draft-03 replacements
- Design and implement a system for automatically rejecting requests from doomed clients
- Design Document
- Remove orderModelv1 from the SA package
- CA: Remove deprecated Issuance.Profiles field
- Add test for CRLs with no entries
- Add CI action to prompt CP/CPS review upon feature flag introduction
- Track chosen certificate profile in RA audit log and metric HOT 1
- PSL update
- Run pkilint in integration tests
- sa: investigate removing requestedNames table HOT 1
- Consider removing Subject Key Identifier from end-entity certificates
- Azure Rate Limit Exclusion question HOT 2
- go1.22: Remove loop variable lexical rebindings after a future gopls update
- ratelimits: Old to new conversion tool for overrides formats HOT 1
- admin block-key failed
- Remove resolverAddrs from WFE validation record responses
- Add ari-03 to eggsampler/acme to we can use it in integration tests HOT 1
- Name ID tool HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from boulder.