feat(security): 新增主機服務配置只讀清冊
This commit is contained in:
@@ -119,14 +119,16 @@ CONTROL_STATUS_BY_CATEGORY = {
|
||||
"next_owner_action": "補 rule diff、receiver diff、reload owner、failure-only notification policy 與 route smoke。",
|
||||
},
|
||||
"docker_compose_systemd_host_config": {
|
||||
"coverage_status": "inventory_needed",
|
||||
"coverage_percent": 42,
|
||||
"coverage_status": "repo_only_inventory_ready_needs_live_owner_evidence",
|
||||
"coverage_percent": 50,
|
||||
"evidence_refs": [
|
||||
"docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md",
|
||||
"docs/security/HOST-SERVICE-CONFIG-INVENTORY.md",
|
||||
"docs/security/host-service-config-inventory.snapshot.json",
|
||||
"docs/security/DEV-HOSTS-112-111-168-OBSERVE-ONLY-MAPPING.md",
|
||||
],
|
||||
"current_gap": "110 / 188 Docker Compose、systemd、port / volume / env 差異仍需只讀 inventory。",
|
||||
"next_owner_action": "補 compose / systemd owner、restart window、rollback owner 與 post-check 指標。",
|
||||
"current_gap": "repo-only 清冊已納入 9 個 surface;仍缺 110 / 188 live hash、restart window、rollback owner 與 post-check 指標。",
|
||||
"next_owner_action": "補 owner-provided live hash / disposition、compose / systemd owner、restart window、rollback owner 與 post-check 指標。",
|
||||
},
|
||||
"ssh_firewall_network_access": {
|
||||
"coverage_status": "policy_ready_needs_network_matrix",
|
||||
@@ -254,6 +256,7 @@ def build_report(root: Path, generated_at: str | None) -> dict[str, Any]:
|
||||
"policy_defined_needs_restore_drill_owner",
|
||||
"policy_ready_needs_drift_evidence",
|
||||
"inventory_needed",
|
||||
"repo_only_inventory_ready_needs_live_owner_evidence",
|
||||
"policy_ready_needs_network_matrix",
|
||||
"policy_ready_needs_dry_run_pack",
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user