More security docs and other minor improvements

This commit is contained in:
Sivert V. Sæther 2022-06-20 14:21:19 +00:00
parent c66a1cbf9a
commit 10dca2972d
7 changed files with 39 additions and 4 deletions

View File

@ -12,6 +12,9 @@ footer {
} }
figure { figure {
width: 42%;
float: right;
margin: 0 16px;
figcaption { figcaption {
font-style: italic; font-style: italic;
} }
@ -83,3 +86,7 @@ figure {
#lang-menu:hover ul { #lang-menu:hover ul {
display: block; display: block;
} }
.block p {
margin: 0;
}

View File

@ -12,7 +12,7 @@ description: This part of my blog is a collection of things I've learned as an a
This section of my blog serves as an index of technologies I've learned or became better at as an apprentice working in IT. :grinning: This section of my blog serves as an index of technologies I've learned or became better at as an apprentice working in IT. :grinning:
It also serves the purpose of the required documentation Apprentices in Norway are supposed to do. :flushed: It also serves the purpose of the required documentation apprentices in Norway are supposed to do. :flushed:
Here are lists of stuff I'll be writing about here; Here are lists of stuff I'll be writing about here;
@ -26,6 +26,7 @@ Here are lists of stuff I'll be writing about here;
- Handlebars.js :wavy_dash: - Handlebars.js :wavy_dash:
## Programs / Tools ## Programs / Tools
- Docker :smiling_face_with_hearts:
- FreeRADIUS :crystal_ball: - FreeRADIUS :crystal_ball:
- Postgres :floppy_disk: - Postgres :floppy_disk:
- Ansible :gun: - Ansible :gun:

View File

@ -67,7 +67,29 @@ class AccessControl:
To fix this issue. To fix this issue.
If you wonder why we "raise Forbidden".
It has to do with the endpoint decorator which will catch all errors.
And will report them to us by e-mail and a slack bot.
The HTTP response will be error 500 if it's a Python error.
But if it's one of our own error classes that's been raised.
Then an error code, description and status code will be taken from that exception class and sent as the response.
#### Funny
Something I find kinda funny is the fact that those exception descriptions are in English, but the admin frontend is entirely in Norwegian only.
It's even got a big ass JavaScript file that maps all the error codes to messages.
And the best part about that whole situation is the fact that my boss/the sales guy at the company wants to sell our services outside Norway...
The only part that supports multiple languages is the actual captive portal, but even that has a bug which makes it so that only two languages can be active at one time.
#### Minor
One minor issue I found in our production system is the password for the "system" account.
The password for that account is a real shitty one that I've seen used several palaces at the company.
It's even been used as a Wi-Fi password.
To fix this one very easily I just enabled 2FA on the account.
But the whole account should probably just be deleted as nobody ever uses it.
### Servers ### Servers
{{< img src="apprentice/skyid/old-intrauser-key.png" caption="The old intrauser ssh key" >}}
On the other side, the cloud servers had some bigger problems. On the other side, the cloud servers had some bigger problems.
Here I did find a *BIG* security issue. Ancient ssh keys. Here I did find a *BIG* security issue. Ancient ssh keys.
We use Ansible to manage the servers and deploy code updates. We use Ansible to manage the servers and deploy code updates.
@ -80,7 +102,6 @@ The reason this is such a big threat is the fact that intrauser, ansible and all
So check it; these screenshots are from SkyLabs' Ansible git log!~ So check it; these screenshots are from SkyLabs' Ansible git log!~
{{< img src="apprentice/skyid/old-intrauser-key.png" caption="The old intrauser ssh key" >}}
{{< img src="apprentice/skyid/intrauser-key.png" caption="Me finally updating the key" >}} {{< img src="apprentice/skyid/intrauser-key.png" caption="Me finally updating the key" >}}
## Sircon ## Sircon

View File

@ -14,6 +14,7 @@
<meta property='og:url' content='{{ site.BaseURL }}' /> <meta property='og:url' content='{{ site.BaseURL }}' />
<meta property='og:site_name' content='{{ site.Title }}' /> <meta property='og:site_name' content='{{ site.Title }}' />
<!-- <meta property='og:image' content=''> --> <!-- <meta property='og:image' content=''> -->
{{ hugo.Generator }}
{{ range .AlternativeOutputFormats -}} {{ range .AlternativeOutputFormats -}}
{{ printf `<link rel='%s' type='%s' href='%s' title='%s' />` .Rel .MediaType.Type .Permalink $.Site.Title | safeHTML }} {{ printf `<link rel='%s' type='%s' href='%s' title='%s' />` .Rel .MediaType.Type .Permalink $.Site.Title | safeHTML }}
{{ end -}} {{ end -}}

View File

@ -1,6 +1,6 @@
{{ if .IsTranslated }}<h6>{{ T "translations" }}:</h6> {{ if .IsTranslated }}<h6>{{ T "translations" }}:</h6>
<ul>{{ range .Translations }} <ul>{{ range .Translations }}
<li> <li>
<a href='{{ .RelPermalink }}'>{{ .Language.LanguageName }}: {{ .Title }}{{ if .IsPage }} ({{ i18n "wordCount" . }}){{ end }}</a> <a href='{{ .RelPermalink }}'>{{ .Language.LanguageName }}: {{ .Title }}</a>
</li>{{ end }} </li>{{ end }}
</ul>{{ end }} </ul>{{ end }}

View File

@ -0,0 +1,5 @@
<div class='block'>
{{ range (after 1 (split .Inner "\n")) }}
<p>{{ markdownify . }}</p>
{{ end }}
</div>

View File

@ -5,6 +5,6 @@
{{ $content := .Inner }} {{ $content := .Inner }}
{{ $in := split .Inner "\n" }} {{ $in := split .Inner "\n" }}
{{ if gt (len $in) 1 }} {{ if gt (len $in) 1 }}
{{ $content = (delimit (after 1 $in) "\n") }} {{ $content = (delimit (after 2 $in) "\n") }}
{{ end }} {{ end }}
{{ transform.Highlight (htmlUnescape $content) (.Get 0) (delimit $opts ",") }} {{ transform.Highlight (htmlUnescape $content) (.Get 0) (delimit $opts ",") }}