Echo
b615a5639e
Phase 2: Core API Development - 15 REST API endpoints (packages, patches, system, jobs, websocket) - mTLS authentication layer (src/auth/mtls.rs) - IP whitelist enforcement (src/auth/whitelist.rs) - Job manager with async operation support - WebSocket streaming for job status Phase 3: Security Hardening - Security testing: 16/16 tests passing - Fuzz testing: 21 tests, all findings resolved - Threat model validation (STRIDE matrix) - TLS binding fix (critical vulnerability resolved) - Security documentation complete Phase 4: Production Readiness - Performance benchmarking (all targets met) - Package creation (.deb/.rpm structures) - Documentation (README, API docs, deployment guide) - Security hardening (6 vulnerabilities fixed) Deliverables: - API_DOCUMENTATION.md (889 lines) - DEPLOYMENT_GUIDE.md (733 lines) - SECURITY.md (346 lines) - README.md (525 lines) - debian/ package structure - linux-patch-api.spec (RPM) - install.sh installer script - benches/api_benchmarks.rs - Multiple security/performance reports Security Status: 0 vulnerabilities remaining Test Coverage: 31 unit tests, 21 integration tests Build Status: Release optimized
47 lines
1.2 KiB
Bash
Executable File
47 lines
1.2 KiB
Bash
Executable File
#!/bin/bash
|
|
# preinst script for linux-patch-api
|
|
# Created by package build system
|
|
|
|
set -e
|
|
|
|
# Check if this is an upgrade
|
|
if [ -d "/etc/linux_patch_api" ]; then
|
|
echo "Detected existing installation - performing upgrade"
|
|
fi
|
|
|
|
# Create system user if it doesn't exist
|
|
if ! getent group linux-patch-api > /dev/null 2>&1; then
|
|
echo "Creating group linux-patch-api..."
|
|
groupadd --system linux-patch-api
|
|
fi
|
|
|
|
if ! getent passwd linux-patch-api > /dev/null 2>&1; then
|
|
echo "Creating user linux-patch-api..."
|
|
useradd --system \
|
|
--gid linux-patch-api \
|
|
--home-dir /var/lib/linux_patch_api \
|
|
--no-create-home \
|
|
--shell /usr/sbin/nologin \
|
|
--comment "Linux Patch API Service" \
|
|
linux-patch-api
|
|
fi
|
|
|
|
# Create required directories
|
|
mkdir -p /etc/linux_patch_api/certs
|
|
mkdir -p /var/lib/linux_patch_api
|
|
mkdir -p /var/log/linux_patch_api
|
|
|
|
# Set proper ownership
|
|
chown -R linux-patch-api:linux-patch-api /var/lib/linux_patch_api
|
|
chown -R linux-patch-api:linux-patch-api /var/log/linux_patch_api
|
|
|
|
# Set secure permissions
|
|
chmod 750 /etc/linux_patch_api
|
|
chmod 750 /etc/linux_patch_api/certs
|
|
chmod 755 /var/lib/linux_patch_api
|
|
chmod 755 /var/log/linux_patch_api
|
|
|
|
echo "Pre-installation checks completed successfully"
|
|
|
|
exit 0
|