wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 2 Packages Projects Releases Wiki Activity
Files
2a2cb16c135fd7e5b159d94de9b5ff04f6cf31f5
awoooi/docs/security/KALI-112-MAINTENANCE-WINDOW-DRAFT.md

124 lines
5.5 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Kali 112 維護窗口草案
| 項目 | 內容 |
|------|------|
| 日期 | 2026-06-04 |
| 狀態 | 草案,等待 owner review |
| Host | `192.168.0.112` |
| Asset key | `host:kali-112` |
| Schema | `docs/schemas/kali_maintenance_window_draft_v1.schema.json` |
| Snapshot | `docs/security/kali-112-maintenance-window-draft.snapshot.json` |
| 上游證據 | `docs/security/KALI-INTEGRATION-STATUS.md``docs/security/kali-integration-status.snapshot.json` |
| 模式 | `maintenance_window_draft_only` |
| 執行面授權 | `false` |
## 0. 核心結論
P1-7 補的是 Kali `192.168.0.112` 的維護窗口草案,不是維護批准,也不是主機操作計畫。
目前只讀證據顯示:
| 證據 | 目前值 |
|------|--------|
| 待更新套件 | `1994` |
| failed systemd units | `1`,為 `networking.service` |
| scanner service hardening | `0 / 4` |
| reboot required | `false` |
| scanner API health | `127.0.0.1:8080/health``healthy` |
| Docker services | `node-exporter``wg-easy` 運作中 |
這些值代表「需要人工安排維護窗口與 rollback」不代表可以直接 `apt upgrade`、restart、套 hardening、reboot、active scan 或呼叫 `/execute`
## 1. 摘要
| 指標 | 值 |
|------|----|
| maintenance window package | `ready` |
| package completion | `100%` |
| maintenance window approved | `false` |
| host update authorized | `false` |
| service restart authorized | `false` |
| hardening authorized | `false` |
| reboot authorized | `false` |
| active scan authorized | `false` |
| `/execute` authorized | `false` |
| owner response received / accepted | `false / false` |
## 2. Owner Response Handoff
此 handoff 只讓 AwoooP 或 reviewer 請 owner 補維護窗口 metadata。它不是 request sent也不是 approval queue更不是可執行動作。
### 2.1 必填欄位
| 欄位 | 說明 |
|------|------|
| `owner_role_or_team` | 維護 owner 的角色或團隊 |
| `maintenance_window_start_end_taipei` | 台北時間維護窗口起訖;未填前不安排 |
| `change_scope` | 本次允許討論的範圍,例如 package planning、networking.service review、hardening dry-run design |
| `rollback_owner` | rollback / stop decision owner |
| `validation_owner` | 維護後健康檢查 owner |
| `communication_owner` | 對 AwoooP / Telegram / LOGBOOK / operator 同步的 owner |
| `reboot_decision` | 是否允許未來 reboot目前預設 `false` |
| `redacted_evidence_refs` | 只填文件、snapshot、ticket 或脫敏 metadata pointer |
| `followup_owner` | 補件、拒收或下一階段 owner |
### 2.2 禁止輸入
| 類型 | 規則 |
|------|------|
| credential | 不貼密碼、token value、API key value、private key 或 runner token |
| host command | 不貼 `apt upgrade`、restart、hardening apply、reboot 或 shell command |
| scan request | 不把 active scan、credentialed scan 或 `/execute` 包進維護窗口 |
| runtime action | 不新增 AwoooP action button不開 runtime blocking control |
## 3. 維護 Lane 草案
| Lane | 目的 | 目前授權 |
|------|------|----------|
| package update planning | 整理 full-upgrade / autoremove / reboot 前置條件 | `false` |
| networking.service review | 釐清 failed unit 是否 expected / legacy / real failure | `false` |
| scanner systemd hardening dry-run design | 設計 override 與工具相容檢查 | `false` |
| post-maintenance validation | 定義維護後 health / service / update / evidence readback | `false` |
## 4. 維護前檢查
1. owner response 已收到且 accepted。
2. package、service、hardening、reboot scope 不混在同一個未批准動作中。
3. 不保存任何 credential value。
4. rollback owner 與 validation owner 已指定。
5. out-of-band access 與停止條件已定義。
6. active scan、credentialed scan 與 `/execute` 仍未授權。
## 5. Rollback 草案
| 項目 | 需要證據 | owner 狀態 |
|------|----------|------------|
| package update rollback | pre-window package list snapshot、apt history / dpkg log redacted ref、rollback owner、reboot decision | waiting owner assignment |
| networking.service restart rollback | current network service model、out-of-band access、previous service state snapshot、rollback owner | waiting owner assignment |
| systemd hardening override rollback | override file path、scanner tool compatibility result、scanner health before / after refs、rollback owner | waiting owner assignment |
## 6. 維護後 Post-check
1. scanner API `/health` 回 healthy。
2. `kali-scanner.service` active / enabled。
3. `node-exporter` container up。
4. `wg-easy` container healthy。
5. failed systemd units 已 review。
6. pending update count 已記錄。
7. reboot required flag 已記錄。
8. service hardening state 已記錄。
9. AwoooP / IwoooS evidence refs 已更新。
10. 沒有 active scan 或 `/execute`,除非另有獨立批准。
## 7. 驗收規則
1. 本草案完成不代表 maintenance window 已批准。
2. owner response received / accepted 前,不得執行 `apt upgrade`、restart、hardening 或 reboot。
3. active scan、credentialed scan 或 `/execute` 必須走獨立 approval gate不可包進維護窗口。
4. 所有 evidence refs 必須脫敏,不保存 credential value。
5. 維護後若任何 post-check 失敗,只能建立人工 follow-up不得自動補救。
## 8. 階段定位
P1-7 只把 Kali 112 的維護準備從「缺口已知」推到「owner / reviewer 可照表審維護窗口」。它不改變主機、不開 runtime gate、不啟動掃描也不提高 IwoooS headline 64%。
Reference in New Issue View Git Blame Copy Permalink