More security docs and other minor improvements
This commit is contained in:
parent
c66a1cbf9a
commit
10dca2972d
@ -12,6 +12,9 @@ footer {
|
|||||||
}
|
}
|
||||||
|
|
||||||
figure {
|
figure {
|
||||||
|
width: 42%;
|
||||||
|
float: right;
|
||||||
|
margin: 0 16px;
|
||||||
figcaption {
|
figcaption {
|
||||||
font-style: italic;
|
font-style: italic;
|
||||||
}
|
}
|
||||||
@ -83,3 +86,7 @@ figure {
|
|||||||
#lang-menu:hover ul {
|
#lang-menu:hover ul {
|
||||||
display: block;
|
display: block;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
.block p {
|
||||||
|
margin: 0;
|
||||||
|
}
|
||||||
|
@ -12,7 +12,7 @@ description: This part of my blog is a collection of things I've learned as an a
|
|||||||
|
|
||||||
This section of my blog serves as an index of technologies I've learned or became better at as an apprentice working in IT. :grinning:
|
This section of my blog serves as an index of technologies I've learned or became better at as an apprentice working in IT. :grinning:
|
||||||
|
|
||||||
It also serves the purpose of the required documentation Apprentices in Norway are supposed to do. :flushed:
|
It also serves the purpose of the required documentation apprentices in Norway are supposed to do. :flushed:
|
||||||
|
|
||||||
Here are lists of stuff I'll be writing about here;
|
Here are lists of stuff I'll be writing about here;
|
||||||
|
|
||||||
@ -26,6 +26,7 @@ Here are lists of stuff I'll be writing about here;
|
|||||||
- Handlebars.js :wavy_dash:
|
- Handlebars.js :wavy_dash:
|
||||||
|
|
||||||
## Programs / Tools
|
## Programs / Tools
|
||||||
|
- Docker :smiling_face_with_hearts:
|
||||||
- FreeRADIUS :crystal_ball:
|
- FreeRADIUS :crystal_ball:
|
||||||
- Postgres :floppy_disk:
|
- Postgres :floppy_disk:
|
||||||
- Ansible :gun:
|
- Ansible :gun:
|
||||||
|
@ -67,7 +67,29 @@ class AccessControl:
|
|||||||
|
|
||||||
To fix this issue.
|
To fix this issue.
|
||||||
|
|
||||||
|
If you wonder why we "raise Forbidden".
|
||||||
|
It has to do with the endpoint decorator which will catch all errors.
|
||||||
|
And will report them to us by e-mail and a slack bot.
|
||||||
|
The HTTP response will be error 500 if it's a Python error.
|
||||||
|
But if it's one of our own error classes that's been raised.
|
||||||
|
Then an error code, description and status code will be taken from that exception class and sent as the response.
|
||||||
|
|
||||||
|
#### Funny
|
||||||
|
Something I find kinda funny is the fact that those exception descriptions are in English, but the admin frontend is entirely in Norwegian only.
|
||||||
|
It's even got a big ass JavaScript file that maps all the error codes to messages.
|
||||||
|
And the best part about that whole situation is the fact that my boss/the sales guy at the company wants to sell our services outside Norway...
|
||||||
|
The only part that supports multiple languages is the actual captive portal, but even that has a bug which makes it so that only two languages can be active at one time.
|
||||||
|
|
||||||
|
#### Minor
|
||||||
|
One minor issue I found in our production system is the password for the "system" account.
|
||||||
|
The password for that account is a real shitty one that I've seen used several palaces at the company.
|
||||||
|
It's even been used as a Wi-Fi password.
|
||||||
|
To fix this one very easily I just enabled 2FA on the account.
|
||||||
|
But the whole account should probably just be deleted as nobody ever uses it.
|
||||||
|
|
||||||
### Servers
|
### Servers
|
||||||
|
{{< img src="apprentice/skyid/old-intrauser-key.png" caption="The old intrauser ssh key" >}}
|
||||||
|
|
||||||
On the other side, the cloud servers had some bigger problems.
|
On the other side, the cloud servers had some bigger problems.
|
||||||
Here I did find a *BIG* security issue. Ancient ssh keys.
|
Here I did find a *BIG* security issue. Ancient ssh keys.
|
||||||
We use Ansible to manage the servers and deploy code updates.
|
We use Ansible to manage the servers and deploy code updates.
|
||||||
@ -80,7 +102,6 @@ The reason this is such a big threat is the fact that intrauser, ansible and all
|
|||||||
|
|
||||||
So check it; these screenshots are from SkyLabs' Ansible git log!~
|
So check it; these screenshots are from SkyLabs' Ansible git log!~
|
||||||
|
|
||||||
{{< img src="apprentice/skyid/old-intrauser-key.png" caption="The old intrauser ssh key" >}}
|
|
||||||
{{< img src="apprentice/skyid/intrauser-key.png" caption="Me finally updating the key" >}}
|
{{< img src="apprentice/skyid/intrauser-key.png" caption="Me finally updating the key" >}}
|
||||||
|
|
||||||
## Sircon
|
## Sircon
|
||||||
|
@ -14,6 +14,7 @@
|
|||||||
<meta property='og:url' content='{{ site.BaseURL }}' />
|
<meta property='og:url' content='{{ site.BaseURL }}' />
|
||||||
<meta property='og:site_name' content='{{ site.Title }}' />
|
<meta property='og:site_name' content='{{ site.Title }}' />
|
||||||
<!-- <meta property='og:image' content=''> -->
|
<!-- <meta property='og:image' content=''> -->
|
||||||
|
{{ hugo.Generator }}
|
||||||
{{ range .AlternativeOutputFormats -}}
|
{{ range .AlternativeOutputFormats -}}
|
||||||
{{ printf `<link rel='%s' type='%s' href='%s' title='%s' />` .Rel .MediaType.Type .Permalink $.Site.Title | safeHTML }}
|
{{ printf `<link rel='%s' type='%s' href='%s' title='%s' />` .Rel .MediaType.Type .Permalink $.Site.Title | safeHTML }}
|
||||||
{{ end -}}
|
{{ end -}}
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
{{ if .IsTranslated }}<h6>{{ T "translations" }}:</h6>
|
{{ if .IsTranslated }}<h6>{{ T "translations" }}:</h6>
|
||||||
<ul>{{ range .Translations }}
|
<ul>{{ range .Translations }}
|
||||||
<li>
|
<li>
|
||||||
<a href='{{ .RelPermalink }}'>{{ .Language.LanguageName }}: {{ .Title }}{{ if .IsPage }} ({{ i18n "wordCount" . }}){{ end }}</a>
|
<a href='{{ .RelPermalink }}'>{{ .Language.LanguageName }}: {{ .Title }}</a>
|
||||||
</li>{{ end }}
|
</li>{{ end }}
|
||||||
</ul>{{ end }}
|
</ul>{{ end }}
|
5
layouts/shortcodes/block.html
Normal file
5
layouts/shortcodes/block.html
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
<div class='block'>
|
||||||
|
{{ range (after 1 (split .Inner "\n")) }}
|
||||||
|
<p>{{ markdownify . }}</p>
|
||||||
|
{{ end }}
|
||||||
|
</div>
|
@ -5,6 +5,6 @@
|
|||||||
{{ $content := .Inner }}
|
{{ $content := .Inner }}
|
||||||
{{ $in := split .Inner "\n" }}
|
{{ $in := split .Inner "\n" }}
|
||||||
{{ if gt (len $in) 1 }}
|
{{ if gt (len $in) 1 }}
|
||||||
{{ $content = (delimit (after 1 $in) "\n") }}
|
{{ $content = (delimit (after 2 $in) "\n") }}
|
||||||
{{ end }}
|
{{ end }}
|
||||||
{{ transform.Highlight (htmlUnescape $content) (.Get 0) (delimit $opts ",") }}
|
{{ transform.Highlight (htmlUnescape $content) (.Get 0) (delimit $opts ",") }}
|
Loading…
Reference in New Issue
Block a user