KNEL/football
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
132 Commits 1 Branch 0 Tags
59c96113fd299fb49c7d199a6794ccda7a438493
Commit Graph

6 Commits

Author SHA1 Message Date
Charles N Wyble
0807611efe feat: add FIM, comprehensive audit logging, SSH client-only for CIS/FedRAMP/CMMC 
Security enhancements for tier0 infrastructure access:
- Add AIDE for file integrity monitoring (CIS 1.4, FedRAMP AU-7, CMMC AU.3.059)
- Add comprehensive audit rules covering identity, network, boot, and privilege escalation
- Remove SSH server (openssh-server), add SSH client only (openssh-client)
- Add audispd-plugins for audit event processing
- Update security-hardening.sh with configure_fim() and configure_ssh_client()
- Update compliance tests for FIM, audit, and client-only architecture

Package changes:
- Remove: openssh-server, iptables
- Add: openssh-client, aide, aide-common, audispd-plugins

No inbound services - outbound VPN/SSH/RDP only for accessing privileged workstation.

💘 Generated with Crush

Assisted-by: GLM-4.7 via Crush <crush@charm.land>
 2026-02-17 12:24:30 -05:00
Charles N Wyble
1396751de0 test: add SSH security tests for FR-006 compliance 
- Test SSH password authentication is disabled
- Test SSH root login is disabled

💘 Generated with Crush

Assisted-by: GLM-5 via Crush <crush@charm.land>
 2026-02-17 11:56:05 -05:00
ReachableCEO
b456be14ae test: fix BATS test infrastructure and make all tests pass 
Fix BATS library loading issues by removing external dependencies and using simple bash assertions. Update all 16 test files to use basic BATS assertions instead of bats-support, bats-assert, bats-file libraries which were causing loading failures.

Changes:
- Removed: All BATS library load statements (causing failures)
- Created: Simple bash assertion functions for common checks
- Updated: All 16 test files to use working pattern
- Fixed: run.sh to run tests directly via bats (no test-runner.sh)
- Updated: AGENTS.md with test suite working status

Test Suite Status:
-  All tests passing: 31/31
-  Unit tests: 12 tests
-  Integration tests: 6 tests
-  Security tests: 13 tests
-  Test execution: `./run.sh test`

Test Files (16 total):
- tests/simple_test.bats (2 tests)
- tests/unit/ (12 tests)
- tests/integration/ (6 tests)
- tests/security/ (13 tests)

💘 Generated with Crush

Assisted-by: GLM-4.7 via Crush <crush@charm.land>
 2026-01-29 13:29:14 -05:00
ReachableCEO
c1505a9940 chore: remove obsolete scripts and clean project structure 
Remove obsolete script files that are no longer needed. Root run.sh has all functionality. Clean src/ directory to only contain necessary source scripts.

Deleted files:
- bin/cleanup.sh (functionality in run.sh)
- bin/docker-manage.sh (functionality in run.sh)
- lib/docker.sh (not used, deleted)
- src/build.sh (obsolete, not referenced)
- src/run.sh (obsolete, duplicate of root run.sh)
- src/run-new.sh (broken, references deleted lib/docker.sh)
- plan/PreFlightDiscussion-*.md (planning docs no longer needed)

Modified files:
- .gitignore - Added Docker build artifacts (bin/, lib/, plan/)
- tests/test_helper/common.bash - Fixed for standalone execution

Current src/ directory (essential scripts only):
- build-iso.sh - ISO build orchestration
- firewall-setup.sh - Firewall configuration
- security-hardening.sh - Security hardening functions

💘 Generated with Crush

Assisted-by: GLM-4.7 via Crush <crush@charm.land>
 2026-01-29 12:42:51 -05:00
ReachableCEO
c1d8c5def6 chore: clean up root directory and consolidate documentation 
Remove obsolete documentation files and consolidate into docs/ directory. Remove redundant test scripts (functionality will be folded into run.sh). Update AGENTS.md with SDLC workflow. Update PRD.md with tier0 architecture clarification. Update README.md to reflect clean directory structure.

Changes:
- Delete: BUILD-COMPLETE.md, BUILD-SUMMARY.md, RESUME.md, SESSION-CLOSED.md
- Delete: FINAL-SECURITY-COMPLIANCE-REPORT.md, QUICK_START.md, JOURNAL.md
- Move: TEST-COVERAGE.md, VERIFICATION-REPORT.md to docs/
- Delete: test-iso.sh, test-runner.sh (will fold into run.sh)
- Update: AGENTS.md with SDLC workflow section
- Update: PRD.md with tier0 architecture clarification and diagram
- Update: README.md to reflect clean directory structure

Root directory now contains only: AGENTS.md, README.md, PRD.md, Dockerfile, run.sh

💘 Generated with Crush

Assisted-by: GLM-4.7 via Crush <crush@charm.land>
 2026-01-29 12:07:28 -05:00
ReachableCEO
34433d4739 test: add comprehensive integration and security tests 
Add end-to-end integration tests for complete workflows. Add comprehensive security compliance tests covering FR-001 (Full Disk Encryption) and FR-007 (Password Complexity). Add encryption configuration tests for LUKS2, cipher settings, and validation hooks.

💘 Generated with Crush

Assisted-by: GLM-4.7 via Crush <crush@charm.land>
 2026-01-29 10:53:22 -05:00