6.7 KiB
6.7 KiB
IwoooS SSH / Firewall / Network Access Owner Request Draft
| 項目 | 內容 |
|---|---|
| 日期 | 2026-06-14 |
| 狀態 | owner_request_draft_ready_not_dispatched |
| 工具 | scripts/security/ssh-network-owner-request-draft.py |
| Snapshot | docs/security/ssh-network-owner-request-draft.snapshot.json |
| Source inventory | docs/security/ssh-network-access-inventory.snapshot.json |
| runtime gate | 0 |
1. 目的
本文件承接 SSH / network access repo-only 清冊,把 16 個 surface 轉成人工送件前 request draft。它讓 SSH target、known_hosts、CI deploy SSH、monitoring SSH、backup SSH、sudoers、NetworkPolicy、NodePort、WireGuard 與 alert SSH action catalog 有一致的 owner 回覆欄位。
這不是 live firewall 真相、不是端口關閉 / 開放批准、不是 known_hosts patch、不是 host keyscan、不是 NetworkPolicy apply,也不是 WireGuard cutover。
2. 摘要
| 指標 | 目前值 | 說明 |
|---|---|---|
| request draft | 16 |
每個 SSH / network access surface 一份草稿 |
| write-capable request draft | 6 |
CI deploy SSH、monitoring deploy、sudoers、alert action catalog |
| live evidence required request | 16 |
全部都需 owner 提供脫敏 live access evidence |
| request field | 23 |
草稿欄位總數 |
| required owner field | 13 |
owner 必填欄位 |
| blocked action | 16 |
SSH、keyscan、known_hosts、firewall、port、NetworkPolicy、NodePort、WireGuard、sudo、deploy SSH、active scan、runtime gate 等 |
| request sent / recipient confirmed | 0 / 0 |
尚未送件 |
| owner response received / accepted | 0 / 0 |
尚未收到或驗收 |
| live evidence received | 0 |
不 SSH、不 keyscan、不讀 live firewall |
| maintenance window / rollback owner / validation accepted | 0 / 0 / 0 |
不得改端口、套 policy 或 cutover |
| runtime gate / action button | 0 / 0 |
不提供操作入口 |
3. Request Draft 範圍
| Request | 類型 | 範圍 | 風險焦點 |
|---|---|---|---|
ssh_network_owner_request:ansible_inventory_ssh_targets |
SSH target inventory | 110_111_112_120_121_188 |
host owner、pinned known_hosts、ProxyJump、key owner |
ssh_network_owner_request:ansible_common_ssh_args |
SSH client policy | multi_host |
accept-new 是否只限 bootstrap |
ssh_network_owner_request:gitea_cd_known_hosts_secret |
known_hosts workflow | 110_120_121_188_known_hosts |
known_hosts secret metadata、缺 120 處置、key rotation owner |
ssh_network_owner_request:gitea_cd_deploy_ssh |
CI deploy SSH | k8s_ssh_host |
deploy SSH host owner、rollback、break-glass |
ssh_network_owner_request:gitea_cd_dev_ssh |
CI deploy SSH | 192.168.0.120 |
dev/prod 邊界、deploy key scope、host key policy |
ssh_network_owner_request:deploy_alerts_ssh_path |
CI deploy SSH | 192.168.0.110 |
alert deploy owner、known_hosts pinning、通知路徑 |
ssh_network_owner_request:monitoring_discover_docker_ssh |
SSH discovery script | 110_188_docker_hosts |
read-only window、輸出脫敏、失敗處置 |
ssh_network_owner_request:monitoring_exporter_deploy_ssh |
monitoring SSH deploy | 192.168.0.188 |
exporter deploy owner、maintenance window、post-check |
ssh_network_owner_request:backup_config_ssh_capture |
SSH backup capture | 110_188_120_121_cluster |
backup execution owner、secret redaction、restore validation |
ssh_network_owner_request:host_ops_sudoers_wrapper |
sudoers policy | host_ops_minimal_sudo |
live sudoers hash、visudo validation、forbidden command proof |
ssh_network_owner_request:k8s_prod_network_policy |
K8s NetworkPolicy | awoooi_prod_namespace |
ingress / egress owner、live policy diff、route smoke |
ssh_network_owner_request:argocd_metrics_network_policy |
K8s NetworkPolicy | argocd_namespace |
Prometheus scrape owner、NodePort exposure owner |
ssh_network_owner_request:argocd_metrics_nodeport |
K8s NodePort | argocd_nodeport_30882_30883 |
NodePort exposure owner、firewall owner、source whitelist |
ssh_network_owner_request:velero_metrics_nodeport |
K8s NodePort | velero_nodeport_30885 |
backup metrics exposure、firewall owner |
ssh_network_owner_request:wireguard_mesh_runbook |
WireGuard runbook | 110_111_120_121_gcp_a_gcp_b |
WireGuard owner、firewall rule owner、canary / rollback |
ssh_network_owner_request:alert_rules_ssh_actions |
alert SSH action rules | ssh_mcp_action_catalog |
action owner、read/write/admin 分級、cooldown、post-check |
4. Owner 必填欄位
owner_role_or_teamdecisiondecision_reasonaffected_scoperedacted_evidence_refslive_access_state_refallowed_source_cidrs_refmaintenance_windowrollback_ownervalidation_planbreak_glass_ownerchange_freeze_rulefollowup_owner
5. 禁止動作
ssh_readssh_writehost_keyscanknown_hosts_patchfirewall_changeport_closeport_opennetwork_policy_applynodeport_changewireguard_changesudo_actiondeploy_ssh_actionsecret_value_collectionssh_key_collectionactive_scanruntime_gate_open
6. 指令
產生 committed snapshot:
python3 scripts/security/ssh-network-owner-request-draft.py \
--root . \
--inventory-report docs/security/ssh-network-access-inventory.snapshot.json \
--output docs/security/ssh-network-owner-request-draft.snapshot.json \
--generated-at 2026-06-14T22:45:00+08:00
驗證 guard:
python3 scripts/security/security-mirror-progress-guard.py --root .
7. 完成度
| 工作 | 完成度 | 說明 |
|---|---|---|
| owner request draft artifact | 100% |
16 份 request draft、snapshot、文件與 guard 已固定 |
| request dispatch | 0% |
尚未送件 |
| owner response received / accepted | 0% |
尚未收到,尚未驗收 |
| live evidence collection | 0% |
未 SSH、未 keyscan、未讀 live firewall |
| SSH / firewall / NetworkPolicy / NodePort / WireGuard gate | 0% |
未授權且未執行 |
| runtime gate / production write | 0% |
未授權且未執行 |
8. 後續 Acceptance Ledger
2026-06-15 已新增 docs/security/SSH-NETWORK-OWNER-RESPONSE-ACCEPTANCE.md 與 docs/security/ssh-network-owner-response-acceptance.snapshot.json,把本文件的 16 份 request draft 轉成 owner response acceptance 只讀帳本。該帳本只定義收到回覆後如何收件、隔離、拒收、補件或送 network / firewall reviewer review;不代表 request sent、owner response received / accepted、SSH、keyscan、known_hosts patch、firewall / port change、NetworkPolicy apply、NodePort change、WireGuard cutover、host write、production write 或 runtime gate。