wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 3 Packages Projects Releases Wiki Activity
Files
main
awoooi/docs/security/iwooos-security-operating-system.snapshot.json
ogt a22a0f612d
Some checks failed
Code Review / ai-code-review (push) Successful in 13s
Details
CD Pipeline / tests (push) Successful in 1m41s
Details
CD Pipeline / build-and-deploy (push) Successful in 5m0s
Details
CD Pipeline / post-deploy-checks (push) Successful in 1m30s
Details
Ansible / Reboot Recovery Contract / validate (push) Has been cancelled
Details
feat(iwooos): add security operating system guard
2026-06-25 15:55:20 +08:00

697 lines
21 KiB
JSON
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
{
"alert_message_contract": [
{
"field_id": "event_title",
"raw_payload_allowed": false,
"required": true
},
{
"field_id": "severity_and_confidence",
"raw_payload_allowed": false,
"required": true
},
{
"field_id": "asset_alias_and_scope",
"raw_payload_allowed": false,
"required": true
},
{
"field_id": "what_happened_plain_language",
"raw_payload_allowed": false,
"required": true
},
{
"field_id": "why_it_matters",
"raw_payload_allowed": false,
"required": true
},
{
"field_id": "redacted_evidence_refs",
"raw_payload_allowed": false,
"required": true
},
{
"field_id": "ai_triage_lane",
"raw_payload_allowed": false,
"required": true
},
{
"field_id": "next_candidate_action",
"raw_payload_allowed": false,
"required": true
},
{
"field_id": "owner_gate_and_verification",
"raw_payload_allowed": false,
"required": true
}
],
"automation_loop_stages": [
{
"runtime_gate_open": false,
"stage_id": "sensor_evidence"
},
{
"runtime_gate_open": false,
"stage_id": "normalizer_redaction"
},
{
"runtime_gate_open": false,
"stage_id": "ai_triage_lane"
},
{
"runtime_gate_open": false,
"stage_id": "candidate_generation"
},
{
"runtime_gate_open": false,
"stage_id": "owner_gate"
},
{
"runtime_gate_open": false,
"stage_id": "execution_boundary"
},
{
"runtime_gate_open": false,
"stage_id": "verifier_readback"
},
{
"runtime_gate_open": false,
"stage_id": "learning_writeback"
}
],
"blocked_actions": [
"ssh_write",
"host_live_secret_read",
"wazuh_active_response_enable",
"kali_active_scan",
"kali_execute",
"nginx_reload",
"firewall_change",
"docker_restart",
"systemd_restart",
"argocd_sync",
"kubectl_apply",
"workflow_modification",
"secret_rotation",
"telegram_live_send",
"soar_action",
"auto_block",
"production_write",
"force_push"
],
"cross_session_sync_checkpoints": [
{
"checkpoint_id": "fetch_gitea_main_before_work",
"required": true
},
{
"checkpoint_id": "share_commit_and_run_ids",
"required": true
},
{
"checkpoint_id": "share_production_readback",
"required": true
},
{
"checkpoint_id": "declare_runtime_boundaries",
"required": true
},
{
"checkpoint_id": "freeze_same_host_or_same_gateway_edits",
"required": true
},
{
"checkpoint_id": "record_owner_gate_state",
"required": true
},
{
"checkpoint_id": "update_logbook_after_stage",
"required": true
}
],
"execution_boundaries": {
"auto_block_authorized": false,
"firewall_change_authorized": false,
"host_write_authorized": false,
"kali_active_scan_authorized": false,
"kali_execute_authorized": false,
"nginx_reload_authorized": false,
"not_authorization": true,
"production_write_authorized": false,
"runtime_execution_authorized": false,
"secret_value_collection_allowed": false,
"soar_action_authorized": false,
"telegram_live_send_authorized": false,
"wazuh_active_response_authorized": false
},
"generated_at": "2026-06-25T17:20:00+08:00",
"git_commit": "092bd376",
"mode": "repo_snapshot_guard_frontstage_only",
"no_false_green_rules": [
{
"enforced": true,
"rule_id": "route_200_is_not_security_clearance"
},
{
"enforced": true,
"rule_id": "dashboard_up_is_not_agent_registry"
},
{
"enforced": true,
"rule_id": "agent_active_is_not_intrusion_closed"
},
{
"enforced": true,
"rule_id": "alert_quiet_is_not_alert_chain_healthy"
},
{
"enforced": true,
"rule_id": "backup_fresh_is_not_restore_drill"
},
{
"enforced": true,
"rule_id": "cd_success_is_not_runtime_authorization"
},
{
"enforced": true,
"rule_id": "ui_visible_is_not_owner_acceptance"
},
{
"enforced": true,
"rule_id": "awooop_approval_is_not_security_approval"
},
{
"enforced": true,
"rule_id": "external_agent_claim_is_not_forensic_proof"
},
{
"enforced": true,
"rule_id": "transport_connection_is_not_registry_acceptance"
},
{
"enforced": true,
"rule_id": "source_snapshot_is_not_live_truth"
},
{
"enforced": true,
"rule_id": "general_continue_is_not_maintenance_window"
}
],
"operating_roles": [
{
"label": "資安作戰負責人",
"responsibility": "維護控制面、優先序、完成度與停止線。",
"role_id": "security_program_owner",
"runtime_gate_open": false
},
{
"label": "SOC 審查人",
"responsibility": "審查告警、SIEM、Wazuh、Kali 與 no-false-green evidence。",
"role_id": "soc_reviewer",
"runtime_gate_open": false
},
{
"label": "事故指揮",
"responsibility": "統一 severity、scope、containment 候選與跨專案同步。",
"role_id": "incident_commander",
"runtime_gate_open": false
},
{
"label": "平台負責人",
"responsibility": "負責 host、Docker、systemd、Nginx、K8s、ArgoCD 與 public gateway 影響判讀。",
"role_id": "platform_owner",
"runtime_gate_open": false
},
{
"label": "服務負責人",
"responsibility": "負責產品、API、網站、admin、webhook 與 AI provider route 的驗證。",
"role_id": "service_owner",
"runtime_gate_open": false
},
{
"label": "證據保管人",
"responsibility": "維護脫敏 refs、chain of custody、retention 與 raw absence attestation。",
"role_id": "evidence_custodian",
"runtime_gate_open": false
},
{
"label": "變更管理人",
"responsibility": "確認維護窗口、rollback owner、postcheck、operator notification 與 freeze。",
"role_id": "change_manager",
"runtime_gate_open": false
},
{
"label": "供應鏈負責人",
"responsibility": "負責 workflow、runner、Harbor、SBOM、SLSA、Cosign、KEV / package SLA。",
"role_id": "supply_chain_owner",
"runtime_gate_open": false
},
{
"label": "AI 安全審查人",
"responsibility": "審核 AI agent tool 權限、prompt redaction、過度代理與成本邊界。",
"role_id": "ai_security_reviewer",
"runtime_gate_open": false
},
{
"label": "風險負責人",
"responsibility": "接受風險、例外期限、資源優先序與治理報告。",
"role_id": "executive_risk_owner",
"runtime_gate_open": false
}
],
"reference_frameworks": [
{
"framework_id": "nist_csf_2_0",
"label": "NIST CSF 2.0",
"source_url": "https://www.nist.gov/cyberframework"
},
{
"framework_id": "nist_sp_800_61_r3",
"label": "NIST SP 800-61 Rev. 3",
"source_url": "https://csrc.nist.gov/pubs/sp/800/61/r3/final"
},
{
"framework_id": "cis_controls_v8_1",
"label": "CIS Controls v8.1",
"source_url": "https://www.cisecurity.org/controls/v8-1"
},
{
"framework_id": "cisa_zero_trust",
"label": "CISA Zero Trust Maturity Model",
"source_url": "https://www.cisa.gov/resources-tools/resources/zero-trust-maturity-model"
},
{
"framework_id": "cisa_kev",
"label": "CISA Known Exploited Vulnerabilities",
"source_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"framework_id": "first_epss",
"label": "FIRST EPSS",
"source_url": "https://www.first.org/epss/"
},
{
"framework_id": "mitre_attack",
"label": "MITRE ATT&CK Enterprise",
"source_url": "https://attack.mitre.org/matrices/enterprise/"
},
{
"framework_id": "mitre_d3fend",
"label": "MITRE D3FEND",
"source_url": "https://d3fend.mitre.org/"
},
{
"framework_id": "owasp_asvs",
"label": "OWASP ASVS",
"source_url": "https://owasp.org/www-project-application-security-verification-standard/"
},
{
"framework_id": "owasp_samm",
"label": "OWASP SAMM",
"source_url": "https://owaspsamm.org/"
},
{
"framework_id": "wazuh_xdr_siem",
"label": "Wazuh XDR / SIEM",
"source_url": "https://documentation.wazuh.com/current/index.html"
},
{
"framework_id": "wazuh_active_response",
"label": "Wazuh Active Response",
"source_url": "https://documentation.wazuh.com/current/user-manual/capabilities/active-response/index.html"
},
{
"framework_id": "prometheus_alertmanager",
"label": "Prometheus Alertmanager",
"source_url": "https://prometheus.io/docs/alerting/latest/alertmanager/"
},
{
"framework_id": "opentelemetry",
"label": "OpenTelemetry",
"source_url": "https://opentelemetry.io/docs/what-is-opentelemetry/"
},
{
"framework_id": "ocsf",
"label": "Open Cybersecurity Schema Framework",
"source_url": "https://ocsf.io/"
},
{
"framework_id": "sigma",
"label": "Sigma detection rules",
"source_url": "https://sigmahq.io/sigma/"
},
{
"framework_id": "slsa",
"label": "SLSA",
"source_url": "https://slsa.dev/"
},
{
"framework_id": "spdx_cyclonedx",
"label": "SPDX / CycloneDX",
"source_url": "https://spdx.dev/"
},
{
"framework_id": "sigstore_cosign",
"label": "Sigstore / Cosign",
"source_url": "https://docs.sigstore.dev/cosign/signing/signing_with_containers/"
},
{
"framework_id": "nist_ai_rmf",
"label": "NIST AI RMF",
"source_url": "https://www.nist.gov/itl/ai-risk-management-framework"
}
],
"schema_version": "iwooos_security_operating_system_v1",
"severity_lanes": [
{
"label": "已確認入侵或 active exploitation",
"runtime_gate_open": false,
"severity": "SEV0",
"triage_target": "15 分鐘內形成 case / freeze / containment 候選;不得無 owner 直接執行。"
},
{
"label": "公開入口高風險、KEV、credential exposure、Wazuh agent 消失",
"runtime_gate_open": false,
"severity": "SEV1",
"triage_target": "30 分鐘內形成 owner packet、證據缺口與維護窗口草案。"
},
{
"label": "Nginx / firewall / runner / workflow / runtime drift",
"runtime_gate_open": false,
"severity": "SEV2",
"triage_target": "4 小時內完成 diff、owner、rollback 與 postcheck 計畫。"
},
{
"label": "告警噪音、coverage gap、dashboard degradation",
"runtime_gate_open": false,
"severity": "SEV3",
"triage_target": "1 個工作日內進入 backlog 與 no-false-green 修正。"
},
{
"label": "治理、文件、成熟度與低風險 hardening",
"runtime_gate_open": false,
"severity": "SEV4",
"triage_target": "納入週期報告與例外期限,不得混成緊急事件。"
}
],
"status": "iwooos_security_operating_system_ready_no_runtime_action",
"summary": {
"action_button_count": 0,
"alert_contract_field_count": 9,
"alert_receipt_accepted_count": 0,
"automation_loop_stage_count": 8,
"blocked_action_count": 18,
"cross_session_sync_checkpoint_count": 7,
"evidence_weighted_security_operating_system_percent": 56,
"host_forensics_accepted_count": 0,
"incident_case_accepted_count": 0,
"kali_scope_accepted_count": 0,
"no_false_green_rule_count": 12,
"operating_role_count": 10,
"owner_response_accepted_count": 0,
"owner_response_received_count": 0,
"p0_workstream_count": 12,
"p1_workstream_count": 8,
"p2_workstream_count": 4,
"reference_framework_count": 20,
"runtime_gate_count": 0,
"runtime_response_percent": 0,
"severity_lane_count": 5,
"soc_siem_framework_percent": 92,
"source_control_artifact_percent": 100,
"verification_stage_count": 12,
"wazuh_manager_registry_acceptance_percent": 0,
"wazuh_registry_accepted_count": 0,
"workstream_count": 24
},
"verification_stages": [
{
"accepted": false,
"stage_id": "source_guard"
},
{
"accepted": false,
"stage_id": "snapshot_schema"
},
{
"accepted": false,
"stage_id": "redaction_guard"
},
{
"accepted": false,
"stage_id": "owner_packet_preflight"
},
{
"accepted": false,
"stage_id": "wazuh_registry_readback"
},
{
"accepted": false,
"stage_id": "kali_scope_readback"
},
{
"accepted": false,
"stage_id": "alert_receipt_readback"
},
{
"accepted": false,
"stage_id": "route_desktop_mobile_smoke"
},
{
"accepted": false,
"stage_id": "postcheck_metrics"
},
{
"accepted": false,
"stage_id": "cross_session_sync"
},
{
"accepted": false,
"stage_id": "logbook_update"
},
{
"accepted": false,
"stage_id": "no_false_green_review"
}
],
"workstreams": [
{
"lane_id": "asset_exposure_graph",
"owner_packet_required": true,
"priority": "P0",
"runtime_gate_open": false,
"scope": "host、domain、route、service、port、package、repo、runner、secret metadata、backup、AI agent",
"title": "資產 / 暴露面總圖",
"workstream_id": "P0-01"
},
{
"lane_id": "wazuh_registry_truth",
"owner_packet_required": true,
"priority": "P0",
"runtime_gate_open": false,
"scope": "agent total、active、disconnected、last seen、expected minimum、dashboard / API mismatch",
"title": "Wazuh manager registry truth",
"workstream_id": "P0-02"
},
{
"lane_id": "host_intrusion_forensics",
"owner_packet_required": true,
"priority": "P0",
"runtime_gate_open": false,
"scope": "auth、sudo、process、network、FIM、persistence、package、service、Docker event",
"title": "主機入侵與鑑識",
"workstream_id": "P0-03"
},
{
"lane_id": "gateway_config_control",
"owner_packet_required": true,
"priority": "P0",
"runtime_gate_open": false,
"scope": "source-to-live diff、rendered diff、nginx test ref、route smoke、rollback",
"title": "Nginx / Gateway config-control",
"workstream_id": "P0-04"
},
{
"lane_id": "network_access_baseline",
"owner_packet_required": true,
"priority": "P0",
"runtime_gate_open": false,
"scope": "before / after、actor、impact、operator notification、restoration evidence",
"title": "SSH / firewall / WireGuard / NodePort baseline",
"workstream_id": "P0-05"
},
{
"lane_id": "secret_identity_hygiene",
"owner_packet_required": true,
"priority": "P0",
"runtime_gate_open": false,
"scope": "SSH、sudo、deploy key、runner token name、webhook secret name、OIDC、break-glass",
"title": "身分與 secret metadata",
"workstream_id": "P0-06"
},
{
"lane_id": "alert_readability_receipt",
"owner_packet_required": true,
"priority": "P0",
"runtime_gate_open": false,
"scope": "Telegram / Alertmanager / Wazuh alert card、dedupe、noise budget、receipt",
"title": "告警可讀性與 receipt",
"workstream_id": "P0-07"
},
{
"lane_id": "incident_case_gate",
"owner_packet_required": true,
"priority": "P0",
"runtime_gate_open": false,
"scope": "case id、timeline、owner、decision、containment、recovery、postcheck、lesson learned",
"title": "Incident case gate",
"workstream_id": "P0-08"
},
{
"lane_id": "kev_exposure_patch_priority",
"owner_packet_required": true,
"priority": "P0",
"runtime_gate_open": false,
"scope": "CISA KEV、EPSS、public exposure、asset criticality、maintenance window",
"title": "KEV / exposure / package SLA",
"workstream_id": "P0-09"
},
{
"lane_id": "backup_restore_forensic_retention",
"owner_packet_required": true,
"priority": "P0",
"runtime_gate_open": false,
"scope": "restore drill、offsite、escrow、chain of custody、retention、rollback proof",
"title": "備份 / 還原 / 鑑識保存",
"workstream_id": "P0-10"
},
{
"lane_id": "runner_workflow_supply_chain",
"owner_packet_required": true,
"priority": "P0",
"runtime_gate_open": false,
"scope": "Gitea、workflow、runner、deploy key、Harbor、SBOM、Cosign、SLSA",
"title": "Runner / workflow / supply-chain",
"workstream_id": "P0-11"
},
{
"lane_id": "ai_agent_permission_gate",
"owner_packet_required": true,
"priority": "P0",
"runtime_gate_open": false,
"scope": "tool allowlist、redaction、cost、privacy、approval、excessive agency",
"title": "AI Agent 權限閘",
"workstream_id": "P0-12"
},
{
"lane_id": "kali_evidence_envelope",
"owner_packet_required": true,
"priority": "P1",
"runtime_gate_open": false,
"scope": "health、tool version、scope、normalized finding、active scan approval packet",
"title": "Kali 112 evidence envelope",
"workstream_id": "P1-01"
},
{
"lane_id": "detection_as_code",
"owner_packet_required": true,
"priority": "P1",
"runtime_gate_open": false,
"scope": "ATT&CK、D3FEND、Sigma、測試資料、false-positive budget、rule owner",
"title": "Detection-as-code",
"workstream_id": "P1-02"
},
{
"lane_id": "ndr_passive_sensor",
"owner_packet_required": true,
"priority": "P1",
"runtime_gate_open": false,
"scope": "Suricata、Zeek、DNS / TLS / HTTP / flow logs不開 IPS",
"title": "NDR passive sensor",
"workstream_id": "P1-03"
},
{
"lane_id": "k8s_docker_hardening",
"owner_packet_required": true,
"priority": "P1",
"runtime_gate_open": false,
"scope": "CIS / NSA-CISA 對照、Pod Security、RBAC、NetworkPolicy、audit log",
"title": "K8s / Docker hardening",
"workstream_id": "P1-04"
},
{
"lane_id": "appsec_api_asvs",
"owner_packet_required": true,
"priority": "P1",
"runtime_gate_open": false,
"scope": "auth、authorization、session、rate limit、CORS、security headers、webhook abuse case",
"title": "AppSec / API ASVS",
"workstream_id": "P1-05"
},
{
"lane_id": "sbom_slsa_cosign",
"owner_packet_required": true,
"priority": "P1",
"runtime_gate_open": false,
"scope": "SPDX、CycloneDX、VEX、provenance、artifact signing、verify",
"title": "SBOM / SLSA / Cosign",
"workstream_id": "P1-06"
},
{
"lane_id": "soar_dry_run_case_enrichment",
"owner_packet_required": true,
"priority": "P1",
"runtime_gate_open": false,
"scope": "TheHive / Cortex 類 case draft、enrichment、blast radius、rollback",
"title": "SOAR dry-run / case enrichment",
"workstream_id": "P1-07"
},
{
"lane_id": "grc_exception_register",
"owner_packet_required": true,
"priority": "P1",
"runtime_gate_open": false,
"scope": "risk register、accepted risk、expiry、audit evidence、control owner",
"title": "GRC / exception register",
"workstream_id": "P1-08"
},
{
"lane_id": "ueba_behavior_baseline",
"owner_packet_required": true,
"priority": "P2",
"runtime_gate_open": false,
"scope": "使用者、service account、runner、AI agent、host process、egress baseline",
"title": "UEBA / 行為基線",
"workstream_id": "P2-01"
},
{
"lane_id": "purple_team_validation",
"owner_packet_required": true,
"priority": "P2",
"runtime_gate_open": false,
"scope": "ATT&CK emulation、BAS / canary、偵測回歸需授權 scope",
"title": "Purple-team / tabletop",
"workstream_id": "P2-02"
},
{
"lane_id": "mdr_247_process",
"owner_packet_required": true,
"priority": "P2",
"runtime_gate_open": false,
"scope": "on-call、升級、SLA、交接、值班報表、演練",
"title": "MDR / 24x7 流程",
"workstream_id": "P2-03"
},
{
"lane_id": "exposure_management_graph",
"owner_packet_required": true,
"priority": "P2",
"runtime_gate_open": false,
"scope": "外部攻擊面、弱點、身份、雲端、repo、AI agent、資料流",
"title": "Exposure management graph",
"workstream_id": "P2-04"
}
]
}
Reference in New Issue View Git Blame Copy Permalink