botserver

GeneralBots/botserver

Fork 0

Commit graph

Author	SHA1	Message	Date
Rodrigo Rodriguez (Pragmatismo)	7906a9bf32	security: add CoreDNS ACL hardening and fail2ban proxy jail Some checks failed BotServer CI / build (push) Failing after 4m55s Details - dns_hardener.rs: apply ACL (anti-amplification) + errors plugin to Corefile via lxc - fail2ban.rs: add apply_proxy() for caddy-http-flood jail in pragmatismo-proxy container - security_fix.rs: integrate dns and fail2ban_proxy steps into run_security_fix/status - mod.rs: export dns_hardener module	2026-03-17 11:18:19 -03:00
Rodrigo Rodriguez (Pragmatismo)	9fc38b80d3	Fix clippy type complexity warnings	2026-03-17 01:12:05 -03:00
Rodrigo Rodriguez (Pragmatismo)	faeae250bc	Add security protection module with sudo-based privilege escalation - Create installer.rs for 'botserver install protection' command - Requires root to install packages and create sudoers config - Sudoers uses exact commands (no wildcards) for security - Update all tool files (lynis, rkhunter, chkrootkit, suricata, lmd) to use sudo - Update manager.rs service management to use sudo - Add 'sudo' and 'visudo' to command_guard.rs whitelist - Update CLI with install/remove/status protection commands Security model: - Installation requires root (sudo botserver install protection) - Runtime uses sudoers NOPASSWD for specific commands only - No wildcards in sudoers - exact command specifications - Tools run on host system, not in containers	2026-01-10 09:41:12 -03:00

Author

SHA1

Message

Date

Rodrigo Rodriguez (Pragmatismo)

7906a9bf32

security: add CoreDNS ACL hardening and fail2ban proxy jail

BotServer CI / build (push) Failing after 4m55s

Details

- dns_hardener.rs: apply ACL (anti-amplification) + errors plugin to Corefile via lxc
- fail2ban.rs: add apply_proxy() for caddy-http-flood jail in pragmatismo-proxy container
- security_fix.rs: integrate dns and fail2ban_proxy steps into run_security_fix/status
- mod.rs: export dns_hardener module

2026-03-17 11:18:19 -03:00

Rodrigo Rodriguez (Pragmatismo)

9fc38b80d3

Fix clippy type complexity warnings

2026-03-17 01:12:05 -03:00

Rodrigo Rodriguez (Pragmatismo)

faeae250bc

Add security protection module with sudo-based privilege escalation

- Create installer.rs for 'botserver install protection' command
- Requires root to install packages and create sudoers config
- Sudoers uses exact commands (no wildcards) for security
- Update all tool files (lynis, rkhunter, chkrootkit, suricata, lmd) to use sudo
- Update manager.rs service management to use sudo
- Add 'sudo' and 'visudo' to command_guard.rs whitelist
- Update CLI with install/remove/status protection commands

Security model:
- Installation requires root (sudo botserver install protection)
- Runtime uses sudoers NOPASSWD for specific commands only
- No wildcards in sudoers - exact command specifications
- Tools run on host system, not in containers

2026-01-10 09:41:12 -03:00

3 commits