fix(web): show Kali maintenance runway
All checks were successful
CD Pipeline / tests (push) Successful in 2m25s
Code Review / ai-code-review (push) Successful in 15s
CD Pipeline / build-and-deploy (push) Successful in 5m3s
CD Pipeline / post-deploy-checks (push) Successful in 2m15s

This commit is contained in:
Your Name
2026-06-04 09:13:35 +08:00
parent 628a02f22c
commit e355c8eb0f
10 changed files with 164 additions and 35 deletions

View File

@@ -2,7 +2,7 @@
| 項目 | 內容 |
|------|------|
| 日期 | 2026-05-13最新只讀快照 2026-06-03 10:23(台北) |
| 日期 | 2026-05-13最新只讀快照 2026-06-04 08:55(台北) |
| Host | `192.168.0.112` |
| Asset key | `host:kali-112` |
| 狀態 | `partial_runtime_health_integrated` |
@@ -22,24 +22,24 @@ Kali 主機不是只有文件預留;`192.168.0.112` 目前已經有 live runti
但它還沒有完成「資安網閉環」整合Kali scan result 尚未正式寫入 AWOOOI asset / compliance 表,也尚未 mirror 成 AwoooP Runtime State、Channel Event 或 Audit evidence。因此目前判定是「健康與基礎掃描已存在治理閉環尚未接通」。
## 0.1 2026-06-03 只讀實機快照
## 0.1 2026-06-04 只讀實機快照
本輪用既有 SSH key 完成 read-only 連線檢查,沒有輸入或保存密碼,沒有啟動 scan、沒有呼叫 `/execute`、沒有執行 `apt update` / package update、沒有調整設定、沒有重啟。
| 項目 | 結果 |
|------|------|
| 觀測時間 | `2026-06-03T10:23:51+08:00` |
| 觀測時間 | `2026-06-04T08:55:43+08:00` |
| Collection mode | `ssh_batch_read_only_existing_key` |
| Hostname | `kali` |
| OS | `Kali GNU/Linux Rolling` |
| Kernel | `Linux 6.16.8+kali-amd64` |
| Uptime | `up 3 weeks, 4 days, 8 hours, 31 minutes` |
| Load 1/5/15 | `0.07 0.14 0.16` |
| Memory | `922Mi/7.8Gi` |
| Uptime | `up 3 weeks, 5 days, 4 hours, 48 minutes` |
| Load 1/5/15 | `0.15 0.20 0.18` |
| Memory | `921Mi/7.8Gi` |
| Root disk | `19G/79G 26%` |
| Scanner service | `active / enabled` |
| Scanner API health | `healthy` |
| Docker services | `node-exporter` up、`wg-easy` up healthy |
| Scanner API health | `127.0.0.1:8080/health``200 healthy` |
| Docker services | `node-exporter` up 4 weeks`wg-easy` up 4 weeks healthy |
| Failed systemd units | `1``networking.service` |
| Upgradable packages | `1994` |
| Listening TCP / UDP | `7 / 2` |

View File

@@ -238,22 +238,22 @@ Kali 112 掃描 / 驗證
4. 不保存 API key、SSH 密碼或任何 secret value。
5. 不做 full-upgrade、autoremove 或 reboot除非先排維護窗口。
## 7.2 2026-06-03 只讀重驗證狀態
## 7.2 2026-06-04 只讀重驗證狀態
`192.168.0.112` 已於 2026-06-03 10:23(台北)重新完成只讀 SSH 快照,沒有啟動掃描、沒有呼叫 `/execute`、沒有執行套件更新、沒有調整設定、沒有重啟。最新證據正式記錄於 `docs/security/KALI-INTEGRATION-STATUS.md``docs/security/kali-integration-status.snapshot.json`
`192.168.0.112` 已於 2026-06-04 08:55(台北)重新完成只讀 SSH 快照,沒有啟動掃描、沒有呼叫 `/execute`、沒有執行套件更新、沒有調整設定、沒有重啟。最新證據正式記錄於 `docs/security/KALI-INTEGRATION-STATUS.md``docs/security/kali-integration-status.snapshot.json`
已確認:
1. 既有 SSH key 可只讀連線。
2. `kali-scanner.service` 仍為 active / enabled。
3. `/health` 仍回 healthy。
3. `127.0.0.1:8080/health` 仍回 `200 healthy`
4. `node-exporter``wg-easy` 容器仍在運作。
5. 主機時區維持 `Asia/Taipei`
6. `failed_systemd_unit_count=1`,目前為 `networking.service`
7. `upgradable_package_count=1994`
8. scanner service hardening 仍是 `0 / 4``NoNewPrivileges``PrivateTmp``ProtectSystem``ProtectHome` 尚未啟用。
結論Kali 112 已經從「文件與 5/13 盤點」推進到「6/3 再驗證的 live read-only evidence」但仍不代表 full-upgrade、autoremove、reboot、主動掃描、憑證掃描、服務 hardening override 或 AwoooP `/execute` 已被批准。
結論Kali 112 已經從「文件與 5/13 盤點」推進到「6/4 再驗證的 live read-only evidence」但仍不代表 full-upgrade、autoremove、reboot、主動掃描、憑證掃描、服務 hardening override 或 AwoooP `/execute` 已被批准。
## 8. 第一波實作建議

View File

@@ -1,7 +1,7 @@
# Kali 資訊安全網開工準備
> 日期2026-05-06台北時間
> 狀態原始規劃2026-05-13 已完成 Kali 112 live 盤點、低風險主機更新、`security_finding_v1` sample 與 scan scope approval package2026-06-03 已完成 Kali 112 只讀重驗證,尚未開始 AWOOOI runtime ingestion 實作
> 狀態原始規劃2026-05-13 已完成 Kali 112 live 盤點、低風險主機更新、`security_finding_v1` sample 與 scan scope approval package2026-06-04 已完成 Kali 112 只讀重驗證,尚未開始 AWOOOI runtime ingestion 實作
> 上游藍圖:`docs/security/KALI-SECURITY-MESH-BLUEPRINT.md`
> AwoooP 同步:`docs/security/AWOOOP-SECURITY-SUPPLYCHAIN-INTEGRATION-HANDOFF.md`
@@ -19,7 +19,7 @@
2026-05-13 追加契約狀態:已建立 `docs/security/SECURITY-FINDING-CONTRACT.md``docs/security/security-finding-kali-sample.snapshot.json``docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md``docs/security/kali-scan-scope-approval.snapshot.json`。這代表 scope 與 finding envelope 可被 review / mirror不代表已批准或執行任何 scan。
2026-06-03 追加只讀重驗證:已用既有 SSH key 讀取 `192.168.0.112` 狀態,確認 scanner health healthy、`kali-scanner.service` active / enabled、node-exporter 與 wg-easy 運作中、失敗服務單元為 `networking.service`、待更新套件仍為 1994、服務 hardening 仍為 `0 / 4`。本追加不代表已批准 active scan、credentialed scan、AWOOOI runtime ingestion、`/execute` 接入、full-upgrade、autoremove、reboot 或服務 hardening 套用。
2026-06-04 追加只讀重驗證:已用既有 SSH key 讀取 `192.168.0.112` 狀態,確認 scanner `127.0.0.1:8080/health``200 healthy``kali-scanner.service` active / enabled、node-exporter 與 wg-easy 運作中、失敗服務單元為 `networking.service`、待更新套件仍為 1994、服務 hardening 仍為 `0 / 4`。本追加不代表已批准 active scan、credentialed scan、AWOOOI runtime ingestion、`/execute` 接入、full-upgrade、autoremove、reboot 或服務 hardening 套用。
## 1. 非實作邊界

View File

@@ -2353,7 +2353,7 @@
"item_id": "kali_112_read_only_snapshot",
"display_order": 1,
"source_contract": "kali_integration_status_v1",
"source_observed_at_taipei": "2026-06-03T10:23:51+08:00",
"source_observed_at_taipei": "2026-06-04T08:55:43+08:00",
"readiness_state": "snapshot_collected_read_only",
"display_mode": "maintenance_readiness_only",
"runtime_execution_authorized": false,
@@ -2367,6 +2367,7 @@
"display_order": 2,
"source_contract": "kali_integration_status_v1",
"metric_value": "healthy",
"scanner_api_health_endpoint": "127.0.0.1:8080/health",
"scanner_service_state": "active",
"scanner_service_enabled": "enabled",
"readiness_state": "scanner_runtime_healthy_read_only",

View File

@@ -53,8 +53,8 @@
"full_upgrade_status": "not_run_requires_maintenance_window"
},
"latest_read_only_observation": {
"observed_at_utc": "2026-06-03T02:23:51Z",
"observed_at_taipei": "2026-06-03T10:23:51+08:00",
"observed_at_utc": "2026-06-04T00:55:43Z",
"observed_at_taipei": "2026-06-04T08:55:43+08:00",
"collection_mode": "ssh_batch_read_only_existing_key",
"runtime_actions_executed": false,
"active_scan_executed": false,
@@ -63,16 +63,17 @@
"hostname": "kali",
"os": "Kali GNU/Linux Rolling",
"kernel": "Linux 6.16.8+kali-amd64",
"uptime": "up 3 weeks, 4 days, 8 hours, 31 minutes",
"load_1_5_15": "0.07 0.14 0.16",
"memory_used_total": "922Mi/7.8Gi",
"uptime": "up 3 weeks, 5 days, 4 hours, 48 minutes",
"load_1_5_15": "0.15 0.20 0.18",
"memory_used_total": "921Mi/7.8Gi",
"disk_root_used_total_percent": "19G/79G 26%",
"scanner_service_state": "active",
"scanner_service_enabled": "enabled",
"scanner_api_health_status": "healthy",
"scanner_api_health_endpoint": "127.0.0.1:8080/health",
"docker_services": [
"node-exporter=Up 3 weeks",
"wg-easy=Up 3 weeks (healthy)"
"node-exporter=Up 4 weeks",
"wg-easy=Up 4 weeks (healthy)"
],
"failed_systemd_unit_count": 1,
"failed_systemd_unit_names": [

View File

@@ -2477,11 +2477,23 @@
{
"delta_id": "s2_167_iwooos_kali_112_live_read_only_recheck",
"display_order": 196,
"completed_stage": "S2.167 IwoooS Kali 112 今日只讀重驗證",
"completed_stage": "S2.167 IwoooS Kali 112 今日只讀重驗證與維護闖關路徑",
"progress_axis": "framework_detail",
"headline_percent_delta": 0,
"framework_delta_visible": true,
"why_headline_unchanged": "IwoooS 只把 2026-06-03T10:23:51+08:00 的 Kali 112 只讀 SSH 快照、scanner health=healthy、scanner service active/enabled、failed_systemd_unit=networking.service、upgradable_package_count=1994 與 systemd hardening 0/4 投影到維護就緒度runtime_actions_executed=false、active_scan_executed=false、package_update_executed=false、host_reboot_executed=false、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false不把只讀重驗證當掃描、更新、主機調校、修復、部署、Kali /execute、GitHub 主要來源切換或 Gitea 停用。",
"why_headline_unchanged": "IwoooS 只把 2026-06-04T08:55:43+08:00 的 Kali 112 只讀 SSH 快照、scanner health=healthy、scanner endpoint=127.0.0.1:8080/health、scanner service active/enabled、failed_systemd_unit=networking.service、upgradable_package_count=1994 與 systemd hardening 0/4 投影到維護就緒度,並新增維護闖關路徑runtime_actions_executed=false、active_scan_executed=false、package_update_executed=false、host_reboot_executed=false、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false不把只讀重驗證當掃描、更新、主機調校、修復、部署、Kali /execute、GitHub 主要來源切換或 Gitea 停用。",
"runtime_delta": false,
"execution_authorized": false,
"not_authorization": true
},
{
"delta_id": "s2_168_iwooos_kali_112_maintenance_runway",
"display_order": 197,
"completed_stage": "S2.168 IwoooS Kali 112 維護闖關路徑",
"progress_axis": "framework_detail",
"headline_percent_delta": 0,
"framework_delta_visible": true,
"why_headline_unchanged": "IwoooS 將 Kali 112 下一階段拆成今日只讀快照、維護窗口、回復方案、事後健康檢查與人工批准五個可視化闖關節點runway_action_buttons_allowed=false、runtime_actions_executed=false、active_scan_executed=false、package_update_executed=false、host_reboot_executed=false、runtime_execution_authorized=false、active_runtime_gate_count=0不把闖關路徑當成維護窗口已排定、主機更新、重啟、掃描、服務硬化套用或 /execute 授權。",
"runtime_delta": false,
"execution_authorized": false,
"not_authorization": true