87f1dc8dbc
Some checks failed
Code Review / ai-code-review (push) Successful in 13s
CD Pipeline / tests (push) Successful in 1m36s
CD Pipeline / build-and-deploy (push) Successful in 5m9s
CD Pipeline / post-deploy-checks (push) Successful in 2m1s
Ansible / Reboot Recovery Contract / validate (push) Has been cancelled
8.4 KiB
8.4 KiB
IwoooS 資安資產控制總帳
| 項目 | 內容 |
|---|---|
| 日期 | 2026-06-18 |
| 狀態 | security_asset_control_ledger_ready_no_runtime_action |
| 工具 | scripts/security/security-asset-control-ledger.py |
| Snapshot | docs/security/security-asset-control-ledger.snapshot.json |
| 對應優先序 | P0-A 資產 / 配置總清冊 |
| runtime gate | 0 |
1. 目的
此總帳把 IwoooS 既有的資安清冊、snapshot、owner gate、事故後回讀計畫與前台防洩漏 guard,彙整成一份可重跑的「資安資產控制總帳」。它回答的是:
- 哪些主機、公開入口、版本來源、workflow、監控、Wazuh、Kali、備份、供應鏈、AI agent 與產品 runtime 已進入資安控管視野。
- 每一類資產目前缺哪一種 owner packet 與脫敏 evidence refs。
- 哪些動作仍必須維持
0 / false,不能因 UI 可見、snapshot 存在或 CD 成功而自動升級。
本文件不是 live host truth,也不是主機修復、掃描、封鎖、reload、restart、secret rotation、workflow dispatch、SOAR action 或 production write 授權。
1.1 AI 自動化產品契約
IwoooS 的資安總帳不是靜態 CMDB,也不是把主機、服務、Nginx、Wazuh、Kali、workflow 與產品頁列成表格就結束。AWOOOI 是 AI 自動化產品,所以每個資安資產群組都必須能被轉成可審核的自動化單元。
每個資安資產群組後續至少要補齊:
| 自動化欄位 | 用途 |
|---|---|
sensor_ref |
指出訊號來源,例如 Wazuh、Prometheus、SigNoz、Sentry、Gitea Actions、route smoke 或只讀 snapshot。 |
normalizer_ref |
指出 raw signal 如何轉成脫敏事件包,禁止 raw payload 直上前端或 Telegram。 |
ai_lane |
指定 AI 分流,例如入侵判讀、主機資源、Nginx drift、供應鏈、runtime gate、owner review。 |
candidate_policy |
定義 AI 可產生哪些候選:owner request、dry-run、patch / PR、maintenance window 草案或 verifier plan。 |
gate_contract |
固定 candidate_only、approval_required、runtime_write_gate=0/1 與批准來源。 |
executor_boundary |
明確列出可用 executor 與禁止動作,避免預設 kill、restart、reload、firewall change、active scan。 |
verifier_ref |
指向 post-check、route smoke、Wazuh / SIEM readback、receipt readback、production health 或 no-write 驗證。 |
learning_writeback_ref |
指向 Timeline、KM、PlayBook、trust score、報表與前台狀態回寫。 |
若資產群組沒有上述欄位,只能算「已納入只讀視野」,不得宣稱完成 AI 自動化控管。這個契約不會打開 runtime gate;它只防止後續把 raw 告警、UI 可見、owner 草稿、CD success 或只讀 snapshot 誤判成真正的 AI 自動化閉環。
2. 固定摘要
| 指標 | 值 |
|---|---|
| 資安資產群組 | 16 |
| P0 資產群組 | 14 |
| P1 資產群組 | 2 |
| C0 群組 | 14 |
| C1 群組 | 2 |
| evidence refs | 64 |
| 已存在 evidence refs | 64 |
| 缺失 evidence refs | 0 |
| owner 必填欄位 | 24 |
| reviewer checks | 24 |
| outcome lanes | 10 |
| blocked actions | 44 |
| owner packet required | 16 |
| owner response received / accepted | 0 / 0 |
| live evidence accepted | 0 |
| runtime gate / action button | 0 / 0 |
| P0-A repo 總帳完成度 | 100% |
| IwoooS headline | 仍維持 64% |
3. 資產群組與優先序
| 優先 | 群組 | 控制範圍 | 下一步 |
|---|---|---|---|
| P0 | Nginx / Public Gateway / Route | 公開入口、API、WebSocket、ACME、admin route、Ollama proxy | 補 live conf、rendered diff、nginx -t、route smoke、rollback owner |
| P0 | DNS / TLS / Certbot | domain、certificate path、ACME、renewal owner、TLS route | 補憑證覆蓋依據、到期 metadata、renewal owner、ACME route owner |
| P0 | Docker / systemd / Host Service | compose、systemd、repair-bot、port binding、process / persistence baseline | 補 live hash、incident readback、restart window、rollback owner、post-check |
| P0 | SSH / Firewall / WireGuard / NodePort | SSH、known_hosts、sudoers、firewall、WireGuard、NetworkPolicy、NodePort | 補 actor、before / after、impact、operator notification、restoration evidence |
| P0 | K8s / ArgoCD / GitOps | manifests、ArgoCD、RBAC、NetworkPolicy、CronJob、Velero | 補 ArgoCD revision、health / sync、rendered diff、rollback revision、postcheck owner |
| P0 | Gitea Workflow / Runner / Secret Metadata | workflow、runner、deploy key、webhook、secret name parity、redaction guard | 補 runner attestation、secret injection route、log redaction、Gitea run readback |
| P0 | Gitea / GitHub / Source Control | repo visibility、canonical refs、GitHub primary readiness、branch / tag / workflow boundary | 補 owner response;不得自動建 repo、改 visibility、sync refs 或切 primary |
| P0 | Wazuh / Endpoint / SIEM | Wazuh manager、agent、FIM、rule / decoder、event ref、active response dry-run 邊界 | 補 Wazuh health refs、agent refs、event refs 與 no-raw-payload attestation |
| P0 | Kali 112 / Assessment Tooling | Kali health、tool version、scope、finding envelope、maintenance window | 補 scope ref、health ref、normalized finding envelope;active scan 與 /execute 另批 |
| P0 | Monitoring / Alerting / Observability | Prometheus、Alertmanager、Telegram route、SigNoz、Sentry、Langfuse、no-false-green | 補 route owner、receiver diff、receipt evidence、noise budget、reload owner |
| P0 | Backup / Restore / DR / Escrow | backup、restic、offsite、escrow、Velero、restore drill、retention | 補 restore drill、offsite ref、escrow non-secret proof、retention runway、DR scorecard |
| P0 | Harbor / Registry / SBOM / Supply Chain | Harbor、registry、image tag、SBOM、Cosign、SLSA、dependency drift、CVE / KEV | 補 SBOM / VEX / provenance intake、image signing、KEV / EPSS / exposure SLA |
| P0 | Public / Admin / API / Frontend Runtime | public URL、CORS、auth boundary、middleware、webhook、frontend env、i18n redaction | 補 route owner、API readback、CORS diff、desktop / mobile smoke、bundle scan |
| P0 | AI Provider / Model Router / Agent Runtime | OpenClaw、Ollama、NemoTron、Hermes、Gemini、MCP / A2A、tool allowlist、cost / privacy | 補 dry-run、benchmark、cost review、privacy review、fallback order、rollback owner |
| P1 | Product Surface / Runtime Route | AWOOOI、AwoooP、IwoooS、VibeWork、agent-bounty-protocol、StockPlatform、Tsenyang、Bitan | 補逐產品 owner、route、admin、API、backup、webhook、rollback 與 validation 指標 |
| P1 | KM / PlayBook / Script / Schedule / Verifier | incident、approval、repair candidate、manual handoff 的自動化資產沉澱 | 補 incident / approval / manual handoff writeback contract |
4. Owner Packet 必填欄位
每個資產群組要從候選進到 reviewer review,至少必須具備:
asset_group_id、asset_alias、owner_role、owner_team、business_impact、technical_scope、affected_routes_or_services、data_classification、redacted_evidence_refs、source_of_truth_ref、live_state_ref、config_diff_ref、monitoring_signal_ref、wazuh_or_siem_ref、kali_scope_ref、backup_restore_ref、supply_chain_ref、secret_absence_attestation、raw_payload_absence_attestation、maintenance_window、rollback_owner、postcheck_owner、followup_owner、decision_reason。
5. 固定停止線
以下項目仍維持 0 / false:
- owner response received / accepted。
- live evidence accepted。
- runtime gate / action button。
- host write、SSH read、Nginx reload、firewall change、ArgoCD sync、workflow modification。
- secret value collection。
- Wazuh active response。
- Kali active scan / Kali
/execute。 - Telegram send、SOAR action、auto block、production write。
6. 驗證指令
python3 scripts/security/security-asset-control-ledger.py \
--root . \
--generated-at 2026-06-18T13:44:00+08:00 \
--output docs/security/security-asset-control-ledger.snapshot.json
7. 完成度
| 工作 | 完成度 | 說明 |
|---|---|---|
| P0-A repo-side 資安資產控制總帳 | 100% |
16 個群組、64 個 evidence refs 全部對上 |
| owner packet 收件 | 0% |
尚未收到或接受 owner response |
| live evidence 驗收 | 0% |
未 SSH、未讀 live host、未呼叫 Wazuh / Kali |
| runtime / response / containment | 0% |
未開掃描、封鎖、reload、restart、SOAR、auto block |