wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 6 Packages Projects Releases Wiki Activity
Files
2a2cb16c135fd7e5b159d94de9b5ff04f6cf31f5
awoooi/docs/security/kali-integration-status.snapshot.json

165 lines
6.8 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
{
"schema_version": "kali_integration_status_v1",
"status": "partial_runtime_health_integrated",
"date": "2026-05-13",
"host": {
"ip": "192.168.0.112",
"asset_key": "host:kali-112",
"hostname": "kali",
"role": "Kali 資安感測與掃描 API 主機",
"timezone": "Asia/Taipei",
"observe_only": true
},
"mode": "observe_only",
"live_checks": {
"ssh_access": "ok_authorized_read_and_low_risk_update",
"scanner_api_health": "ok_http_200_health_status_healthy",
"scanner_service": "active_enabled_kali_scanner_service",
"node_exporter": "docker_container_up_on_9100",
"scheduled_jobs": [
"hourly_port_monitor",
"daily_code_security_scan",
"weekly_harbor_image_scan"
],
"docker_services": [
"node-exporter_up",
"wg-easy_up_healthy"
],
"post_update_health": "ok_ssh_cron_docker_kali_scanner_active_no_reboot_required"
},
"updates_applied": {
"apt_update": "completed",
"targeted_packages_upgraded": [
"ca-certificates",
"ca-certificates-java",
"curl",
"openssl",
"nmap",
"nmap-common",
"nikto",
"nuclei",
"libssl3t64",
"libcurl4t64",
"libc6",
"perl"
],
"new_packages_installed": [
"jq",
"nikto_perl_xml_dependencies"
],
"timezone_changed_to": "Asia/Taipei",
"reboot_required": false,
"remaining_upgradable_count": 1994,
"full_upgrade_status": "not_run_requires_maintenance_window"
},
"latest_read_only_observation": {
"observed_at_utc": "2026-06-04T00:55:43Z",
"observed_at_taipei": "2026-06-04T08:55:43+08:00",
"collection_mode": "ssh_batch_read_only_existing_key",
"runtime_actions_executed": false,
"active_scan_executed": false,
"package_update_executed": false,
"host_reboot_executed": false,
"hostname": "kali",
"os": "Kali GNU/Linux Rolling",
"kernel": "Linux 6.16.8+kali-amd64",
"uptime": "up 3 weeks, 5 days, 4 hours, 48 minutes",
"load_1_5_15": "0.15 0.20 0.18",
"memory_used_total": "921Mi/7.8Gi",
"disk_root_used_total_percent": "19G/79G 26%",
"scanner_service_state": "active",
"scanner_service_enabled": "enabled",
"scanner_api_health_status": "healthy",
"scanner_api_health_endpoint": "127.0.0.1:8080/health",
"docker_services": [
"node-exporter=Up 4 weeks",
"wg-easy=Up 4 weeks (healthy)"
],
"failed_systemd_unit_count": 1,
"failed_systemd_unit_names": [
"networking.service"
],
"upgradable_package_count": 1994,
"listening_tcp_socket_count": 7,
"listening_udp_socket_count": 2,
"reboot_required": false,
"scanner_systemd_hardening_enabled_count": 0,
"scanner_systemd_hardening_expected_count": 4,
"scanner_systemd_hardening_missing": [
"NoNewPrivileges",
"PrivateTmp",
"ProtectSystem",
"ProtectHome"
],
"evidence_boundary": "只讀連線與主機狀態快照;未執行掃描、更新、調校、重啟或 /execute。"
},
"integration_state": {
"already_integrated": [
"Kali Scanner API 在 192.168.0.112:8080 運作且 /health healthy",
"kali-scanner.service active 且 enabled",
"Prometheus / blackbox 類 health probe 正在從 192.168.0.120 / 192.168.0.121 命中 /health",
"node-exporter container 運作中",
"crontab 已有 port monitor、code security scan、Harbor image scan",
"docs 與 security_finding_v1 已把 Kali 納入資安網契約",
"Kali scan scope approval package 已建立草案,包含 111/168 observe-only 與 high-risk gate"
],
"not_yet_integrated": [
"尚未確認 AWOOOI API 有正式 Kali scan result ingestion endpoint",
"Kali scan result 仍停留在 API in-memory results 或本機 log尚未正規化寫入 asset_inventory / asset_compliance_snapshot",
"尚未把 Kali finding mirror 成 AwoooP Runtime State / Channel Event / Audit evidence",
"scan scope approval package 與 credentialed scan gate 已建立草案,但尚未人工批准或執行",
"尚未移除 scanner API 原始碼中的 API key fallback",
"尚未套用 kali-scanner.service systemd hardening override"
],
"awooop_consumption": "mirror_only_status_and_gap_evidence_plus_security_approval_queue"
},
"risk_register": [
{
"risk": "scanner_execute_endpoint_can_run_shell_commands",
"severity": "HIGH",
"status": "confirmed_endpoint_exists_api_key_protected",
"next_action": "AwoooP 不得直接接 execution action需另建 approval_required_event_v1 與 allowlist / disable gate"
},
{
"risk": "default_api_key_fallback_present_in_source",
"severity": "HIGH",
"status": "confirmed_source_pattern_present_value_not_recorded",
"next_action": "移除 fallback、確認 .env secret 來源、輪替 API key不得把 secret value 寫入文件"
},
{
"risk": "kali_scanner_service_lacks_systemd_hardening",
"severity": "MEDIUM",
"status": "NoNewPrivileges/PrivateTmp/ProtectSystem/ProtectHome 目前未啟用",
"next_action": "先設計 dry-run hardening override驗證 scan tools 不被破壞後再套用"
},
{
"risk": "harbor_image_scan_currently_failing",
"severity": "MEDIUM",
"status": "recent logs show image/project/auth/certificate mismatch",
"next_action": "修正 Harbor target、project/credential 或憑證鏈;先納入 evidence不阻擋其他資安框架"
},
{
"risk": "kali_rolling_full_upgrade_pending",
"severity": "MEDIUM",
"status": "1994 packages remain upgradable after targeted update",
"next_action": "安排維護窗口,先 snapshot / rollback / service verification再做 full-upgrade 與 reboot"
}
],
"next_gates": [
"取得 Kali scan scope approval package 的逐 gate 人工批准",
"未來批准後建立 Kali scan result ingestion adapter先只接收 redacted findings",
"把 /execute endpoint 改成預設停用或單獨 high-risk approval path",
"把 Harbor scan failure 轉成 security finding / ops finding不直接自動修復",
"依 docs/security/KALI-112-MAINTENANCE-WINDOW-DRAFT.md 收 owner response、rollback owner、validation owner 與維護窗口;未驗收前不做 full-upgrade、restart、hardening、autoremove、reboot 或健康複驗"
],
"still_forbidden": [
"run_active_scan_without_scope_approval",
"run_credentialed_scan_without_approval",
"call_execute_endpoint_from_awooop_runtime",
"store_api_key_or_password_value",
"change_firewall_or_networkpolicy",
"autoremove_packages_without_maintenance_window",
"full_upgrade_or_reboot_without_maintenance_window"
]
}
Reference in New Issue View Git Blame Copy Permalink