fix(web): show Kali maintenance runway
This commit is contained in:
@@ -2,7 +2,7 @@
|
||||
|
||||
| 項目 | 內容 |
|
||||
|------|------|
|
||||
| 日期 | 2026-05-13;最新只讀快照 2026-06-03 10:23(台北) |
|
||||
| 日期 | 2026-05-13;最新只讀快照 2026-06-04 08:55(台北) |
|
||||
| Host | `192.168.0.112` |
|
||||
| Asset key | `host:kali-112` |
|
||||
| 狀態 | `partial_runtime_health_integrated` |
|
||||
@@ -22,24 +22,24 @@ Kali 主機不是只有文件預留;`192.168.0.112` 目前已經有 live runti
|
||||
|
||||
但它還沒有完成「資安網閉環」整合:Kali scan result 尚未正式寫入 AWOOOI asset / compliance 表,也尚未 mirror 成 AwoooP Runtime State、Channel Event 或 Audit evidence。因此目前判定是「健康與基礎掃描已存在,治理閉環尚未接通」。
|
||||
|
||||
## 0.1 2026-06-03 只讀實機快照
|
||||
## 0.1 2026-06-04 只讀實機快照
|
||||
|
||||
本輪用既有 SSH key 完成 read-only 連線檢查,沒有輸入或保存密碼,沒有啟動 scan、沒有呼叫 `/execute`、沒有執行 `apt update` / package update、沒有調整設定、沒有重啟。
|
||||
|
||||
| 項目 | 結果 |
|
||||
|------|------|
|
||||
| 觀測時間 | `2026-06-03T10:23:51+08:00` |
|
||||
| 觀測時間 | `2026-06-04T08:55:43+08:00` |
|
||||
| Collection mode | `ssh_batch_read_only_existing_key` |
|
||||
| Hostname | `kali` |
|
||||
| OS | `Kali GNU/Linux Rolling` |
|
||||
| Kernel | `Linux 6.16.8+kali-amd64` |
|
||||
| Uptime | `up 3 weeks, 4 days, 8 hours, 31 minutes` |
|
||||
| Load 1/5/15 | `0.07 0.14 0.16` |
|
||||
| Memory | `922Mi/7.8Gi` |
|
||||
| Uptime | `up 3 weeks, 5 days, 4 hours, 48 minutes` |
|
||||
| Load 1/5/15 | `0.15 0.20 0.18` |
|
||||
| Memory | `921Mi/7.8Gi` |
|
||||
| Root disk | `19G/79G 26%` |
|
||||
| Scanner service | `active / enabled` |
|
||||
| Scanner API health | `healthy` |
|
||||
| Docker services | `node-exporter` up、`wg-easy` up healthy |
|
||||
| Scanner API health | `127.0.0.1:8080/health` 回 `200 healthy` |
|
||||
| Docker services | `node-exporter` up 4 weeks、`wg-easy` up 4 weeks healthy |
|
||||
| Failed systemd units | `1`(`networking.service`) |
|
||||
| Upgradable packages | `1994` |
|
||||
| Listening TCP / UDP | `7 / 2` |
|
||||
|
||||
@@ -238,22 +238,22 @@ Kali 112 掃描 / 驗證
|
||||
4. 不保存 API key、SSH 密碼或任何 secret value。
|
||||
5. 不做 full-upgrade、autoremove 或 reboot,除非先排維護窗口。
|
||||
|
||||
## 7.2 2026-06-03 只讀重驗證狀態
|
||||
## 7.2 2026-06-04 只讀重驗證狀態
|
||||
|
||||
`192.168.0.112` 已於 2026-06-03 10:23(台北)重新完成只讀 SSH 快照,沒有啟動掃描、沒有呼叫 `/execute`、沒有執行套件更新、沒有調整設定、沒有重啟。最新證據正式記錄於 `docs/security/KALI-INTEGRATION-STATUS.md` 與 `docs/security/kali-integration-status.snapshot.json`。
|
||||
`192.168.0.112` 已於 2026-06-04 08:55(台北)重新完成只讀 SSH 快照,沒有啟動掃描、沒有呼叫 `/execute`、沒有執行套件更新、沒有調整設定、沒有重啟。最新證據正式記錄於 `docs/security/KALI-INTEGRATION-STATUS.md` 與 `docs/security/kali-integration-status.snapshot.json`。
|
||||
|
||||
已確認:
|
||||
|
||||
1. 既有 SSH key 可只讀連線。
|
||||
2. `kali-scanner.service` 仍為 active / enabled。
|
||||
3. `/health` 仍回 healthy。
|
||||
3. `127.0.0.1:8080/health` 仍回 `200 healthy`。
|
||||
4. `node-exporter` 與 `wg-easy` 容器仍在運作。
|
||||
5. 主機時區維持 `Asia/Taipei`。
|
||||
6. `failed_systemd_unit_count=1`,目前為 `networking.service`。
|
||||
7. `upgradable_package_count=1994`。
|
||||
8. scanner service hardening 仍是 `0 / 4`,`NoNewPrivileges`、`PrivateTmp`、`ProtectSystem`、`ProtectHome` 尚未啟用。
|
||||
|
||||
結論:Kali 112 已經從「文件與 5/13 盤點」推進到「6/3 再驗證的 live read-only evidence」,但仍不代表 full-upgrade、autoremove、reboot、主動掃描、憑證掃描、服務 hardening override 或 AwoooP `/execute` 已被批准。
|
||||
結論:Kali 112 已經從「文件與 5/13 盤點」推進到「6/4 再驗證的 live read-only evidence」,但仍不代表 full-upgrade、autoremove、reboot、主動掃描、憑證掃描、服務 hardening override 或 AwoooP `/execute` 已被批准。
|
||||
|
||||
## 8. 第一波實作建議
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
# Kali 資訊安全網開工準備
|
||||
|
||||
> 日期:2026-05-06(台北時間)
|
||||
> 狀態:原始規劃;2026-05-13 已完成 Kali 112 live 盤點、低風險主機更新、`security_finding_v1` sample 與 scan scope approval package;2026-06-03 已完成 Kali 112 只讀重驗證,尚未開始 AWOOOI runtime ingestion 實作
|
||||
> 狀態:原始規劃;2026-05-13 已完成 Kali 112 live 盤點、低風險主機更新、`security_finding_v1` sample 與 scan scope approval package;2026-06-04 已完成 Kali 112 只讀重驗證,尚未開始 AWOOOI runtime ingestion 實作
|
||||
> 上游藍圖:`docs/security/KALI-SECURITY-MESH-BLUEPRINT.md`
|
||||
> AwoooP 同步:`docs/security/AWOOOP-SECURITY-SUPPLYCHAIN-INTEGRATION-HANDOFF.md`
|
||||
|
||||
@@ -19,7 +19,7 @@
|
||||
|
||||
2026-05-13 追加契約狀態:已建立 `docs/security/SECURITY-FINDING-CONTRACT.md`、`docs/security/security-finding-kali-sample.snapshot.json`、`docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md` 與 `docs/security/kali-scan-scope-approval.snapshot.json`。這代表 scope 與 finding envelope 可被 review / mirror,不代表已批准或執行任何 scan。
|
||||
|
||||
2026-06-03 追加只讀重驗證:已用既有 SSH key 讀取 `192.168.0.112` 狀態,確認 scanner health healthy、`kali-scanner.service` active / enabled、node-exporter 與 wg-easy 運作中、失敗服務單元為 `networking.service`、待更新套件仍為 1994、服務 hardening 仍為 `0 / 4`。本追加不代表已批准 active scan、credentialed scan、AWOOOI runtime ingestion、`/execute` 接入、full-upgrade、autoremove、reboot 或服務 hardening 套用。
|
||||
2026-06-04 追加只讀重驗證:已用既有 SSH key 讀取 `192.168.0.112` 狀態,確認 scanner `127.0.0.1:8080/health` 回 `200 healthy`、`kali-scanner.service` active / enabled、node-exporter 與 wg-easy 運作中、失敗服務單元為 `networking.service`、待更新套件仍為 1994、服務 hardening 仍為 `0 / 4`。本追加不代表已批准 active scan、credentialed scan、AWOOOI runtime ingestion、`/execute` 接入、full-upgrade、autoremove、reboot 或服務 hardening 套用。
|
||||
|
||||
## 1. 非實作邊界
|
||||
|
||||
|
||||
@@ -2353,7 +2353,7 @@
|
||||
"item_id": "kali_112_read_only_snapshot",
|
||||
"display_order": 1,
|
||||
"source_contract": "kali_integration_status_v1",
|
||||
"source_observed_at_taipei": "2026-06-03T10:23:51+08:00",
|
||||
"source_observed_at_taipei": "2026-06-04T08:55:43+08:00",
|
||||
"readiness_state": "snapshot_collected_read_only",
|
||||
"display_mode": "maintenance_readiness_only",
|
||||
"runtime_execution_authorized": false,
|
||||
@@ -2367,6 +2367,7 @@
|
||||
"display_order": 2,
|
||||
"source_contract": "kali_integration_status_v1",
|
||||
"metric_value": "healthy",
|
||||
"scanner_api_health_endpoint": "127.0.0.1:8080/health",
|
||||
"scanner_service_state": "active",
|
||||
"scanner_service_enabled": "enabled",
|
||||
"readiness_state": "scanner_runtime_healthy_read_only",
|
||||
|
||||
@@ -53,8 +53,8 @@
|
||||
"full_upgrade_status": "not_run_requires_maintenance_window"
|
||||
},
|
||||
"latest_read_only_observation": {
|
||||
"observed_at_utc": "2026-06-03T02:23:51Z",
|
||||
"observed_at_taipei": "2026-06-03T10:23:51+08:00",
|
||||
"observed_at_utc": "2026-06-04T00:55:43Z",
|
||||
"observed_at_taipei": "2026-06-04T08:55:43+08:00",
|
||||
"collection_mode": "ssh_batch_read_only_existing_key",
|
||||
"runtime_actions_executed": false,
|
||||
"active_scan_executed": false,
|
||||
@@ -63,16 +63,17 @@
|
||||
"hostname": "kali",
|
||||
"os": "Kali GNU/Linux Rolling",
|
||||
"kernel": "Linux 6.16.8+kali-amd64",
|
||||
"uptime": "up 3 weeks, 4 days, 8 hours, 31 minutes",
|
||||
"load_1_5_15": "0.07 0.14 0.16",
|
||||
"memory_used_total": "922Mi/7.8Gi",
|
||||
"uptime": "up 3 weeks, 5 days, 4 hours, 48 minutes",
|
||||
"load_1_5_15": "0.15 0.20 0.18",
|
||||
"memory_used_total": "921Mi/7.8Gi",
|
||||
"disk_root_used_total_percent": "19G/79G 26%",
|
||||
"scanner_service_state": "active",
|
||||
"scanner_service_enabled": "enabled",
|
||||
"scanner_api_health_status": "healthy",
|
||||
"scanner_api_health_endpoint": "127.0.0.1:8080/health",
|
||||
"docker_services": [
|
||||
"node-exporter=Up 3 weeks",
|
||||
"wg-easy=Up 3 weeks (healthy)"
|
||||
"node-exporter=Up 4 weeks",
|
||||
"wg-easy=Up 4 weeks (healthy)"
|
||||
],
|
||||
"failed_systemd_unit_count": 1,
|
||||
"failed_systemd_unit_names": [
|
||||
|
||||
@@ -2477,11 +2477,23 @@
|
||||
{
|
||||
"delta_id": "s2_167_iwooos_kali_112_live_read_only_recheck",
|
||||
"display_order": 196,
|
||||
"completed_stage": "S2.167 IwoooS Kali 112 今日只讀重驗證",
|
||||
"completed_stage": "S2.167 IwoooS Kali 112 今日只讀重驗證與維護闖關路徑",
|
||||
"progress_axis": "framework_detail",
|
||||
"headline_percent_delta": 0,
|
||||
"framework_delta_visible": true,
|
||||
"why_headline_unchanged": "IwoooS 只把 2026-06-03T10:23:51+08:00 的 Kali 112 只讀 SSH 快照、scanner health=healthy、scanner service active/enabled、failed_systemd_unit=networking.service、upgradable_package_count=1994 與 systemd hardening 0/4 投影到維護就緒度;runtime_actions_executed=false、active_scan_executed=false、package_update_executed=false、host_reboot_executed=false、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false,不把只讀重驗證當掃描、更新、主機調校、修復、部署、Kali /execute、GitHub 主要來源切換或 Gitea 停用。",
|
||||
"why_headline_unchanged": "IwoooS 只把 2026-06-04T08:55:43+08:00 的 Kali 112 只讀 SSH 快照、scanner health=healthy、scanner endpoint=127.0.0.1:8080/health、scanner service active/enabled、failed_systemd_unit=networking.service、upgradable_package_count=1994 與 systemd hardening 0/4 投影到維護就緒度,並新增維護闖關路徑;runtime_actions_executed=false、active_scan_executed=false、package_update_executed=false、host_reboot_executed=false、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false,不把只讀重驗證當掃描、更新、主機調校、修復、部署、Kali /execute、GitHub 主要來源切換或 Gitea 停用。",
|
||||
"runtime_delta": false,
|
||||
"execution_authorized": false,
|
||||
"not_authorization": true
|
||||
},
|
||||
{
|
||||
"delta_id": "s2_168_iwooos_kali_112_maintenance_runway",
|
||||
"display_order": 197,
|
||||
"completed_stage": "S2.168 IwoooS Kali 112 維護闖關路徑",
|
||||
"progress_axis": "framework_detail",
|
||||
"headline_percent_delta": 0,
|
||||
"framework_delta_visible": true,
|
||||
"why_headline_unchanged": "IwoooS 將 Kali 112 下一階段拆成今日只讀快照、維護窗口、回復方案、事後健康檢查與人工批准五個可視化闖關節點;runway_action_buttons_allowed=false、runtime_actions_executed=false、active_scan_executed=false、package_update_executed=false、host_reboot_executed=false、runtime_execution_authorized=false、active_runtime_gate_count=0,不把闖關路徑當成維護窗口已排定、主機更新、重啟、掃描、服務硬化套用或 /execute 授權。",
|
||||
"runtime_delta": false,
|
||||
"execution_authorized": false,
|
||||
"not_authorization": true
|
||||
|
||||
Reference in New Issue
Block a user