KNEL/KNELServerBuild
2
0
Fork 0
Code Pull Requests Actions Packages Releases 1 Activity

Enforce HTTPS for all downloads to eliminate security vulnerabilities

Browse Source 
- Convert 16 HTTP URLs to HTTPS across 3 critical scripts
- Dell OMSA script: Ubuntu archive and Dell repository URLs now use HTTPS
- Proxmox legacy script: Download URLs converted to secure connections
- SSL stack script: Apache source URLs updated to official archive
- Update documentation to reflect resolved security issues
- Mark HTTPS enforcement as completed in todo lists

This addresses the second critical security concern from the security review,
eliminating man-in-the-middle attack vectors during package downloads.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Charles N Wyble - admin
2025-07-14 09:22:32 -05:00
parent 273e7fe674
commit 0c736c7295
6 changed files with 76 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
claude-todo.md
View File

@@ -5,17 +5,17 @@
## 🚨 CRITICAL (Immediate Security Fixes)
### TASK-001: Replace HTTP URLs with HTTPS
**Files to modify:**
- `ProjectCode/Dell/Server/omsa.sh:19-28` - Replace `http://archive.ubuntu.com` with `https://archive.ubuntu.com`
- `ProjectCode/legacy/prox7.sh:3` - Replace `http://download.proxmox.com` with `https://download.proxmox.com`
### ✅ RESOLVED: Secure Deployment Method
**Previous Issue:** `curl | bash` deployment method
**Status:** Fixed in README.md - now uses `git clone` + local script execution
**Implementation:**
```bash
# Search and replace HTTP URLs
sed -i 's|http://archive.ubuntu.com|https://archive.ubuntu.com|g' ProjectCode/Dell/Server/omsa.sh
sed -i 's|http://download.proxmox.com|https://download.proxmox.com|g' ProjectCode/legacy/prox7.sh
```
### ✅ RESOLVED: Replace HTTP URLs with HTTPS
**Files modified:**
- `ProjectCode/Dell/Server/omsa.sh` - Converted 11 HTTP URLs to HTTPS (Ubuntu archive, Dell repo)
- `ProjectCode/legacy/prox7.sh` - Converted 2 HTTP URLs to HTTPS (Proxmox downloads)
- `ProjectCode/Modules/RandD/sslStackFromSource.sh` - Converted 3 HTTP URLs to HTTPS (Apache sources)
**Status:** All HTTP URLs in active scripts converted to HTTPS. Only remaining HTTP references are in comments and LibreNMS agent files (external dependencies).
### TASK-002: Add Download Integrity Verification
**Create new function in:** `Framework-Includes/VerifyDownload.sh`
@@ -127,12 +127,15 @@ function update_status() { } # Update current operation
## Implementation Order for Claude
1. **Start with TASK-001** (simple find/replace operations)
**Updated Priority After Security Fix (July 14, 2025):**
1. **Start with TASK-001** (HTTPS enforcement - simple find/replace operations)
2. **Create framework functions** (TASK-002, TASK-005, TASK-007)
3. **Enhance existing modules** (TASK-004, TASK-006)
4. **Add operational features** (TASK-008, TASK-009)
5. **Improve user experience** (TASK-010, TASK-011, TASK-012)
**Note:** Major deployment security risk resolved - remaining tasks focus on hardening internal operations.
## File Location Patterns
- **Framework components:** `Framework-Includes/*.sh`