Files

Apple cba2ff47f3 📚 docs(security): Add comprehensive Security chapter

## New Security Documentation Structure

/security/
├── README.md                    # Security overview & contacts
├── forensics-checklist.md       # Incident investigation guide
├── persistence-scan.sh          # Quick persistence detector
├── runtime-detector.sh          # Mining/suspicious process detector
└── hardening/
    ├── docker.md                # Docker security baseline
    ├── kubernetes.md            # K8s policies (future reference)
    └── cloud.md                 # Hetzner-specific hardening

## Key Components

### Forensics Checklist
- Process analysis commands
- Persistence mechanism detection
- Network connection analysis
- File system inspection
- Authentication audit
- Decision matrix for threat response

### Scripts
- persistence-scan.sh: Cron, systemd, executables, SSH keys
- runtime-detector.sh: Mining process detection with --kill option

### Hardening Guides
- Docker: Secure compose template, Dockerfile best practices
- Kubernetes: NetworkPolicy, PodSecurityStandard, Falco rules
- Cloud: Egress firewall, SSH hardening, fail2ban, monitoring

## Post-Incident Documentation
Based on lessons learned from Incidents #1 and #2 (Jan 2026)

Co-authored-by: Cursor Agent <agent@cursor.sh>

2026-01-09 02:08:13 -08:00

2.7 KiB

Raw Permalink Blame History

🔐 Security — DAARION Infrastructure

Версія: 1.0.0
Останнє оновлення: 2026-01-09
Статус: Production Active

📋 Зміст

Документ	Призначення
forensics-checklist.md	Чекліст розслідування інцидентів
persistence-scan.sh	Скрипт виявлення persistence
runtime-detector.sh	Детектор підозрілих процесів
hardening/docker.md	Docker security baseline
hardening/kubernetes.md	Kubernetes security policies
hardening/cloud.md	Cloud security (Hetzner)

🎯 Принципи безпеки DAARION

1. Defense in Depth

[Network] → [Container] → [Process] → [Data]
    ↓           ↓            ↓          ↓
 Firewall   read-only    runtime     encrypt
  egress    cap_drop    detection   at rest

2. Zero Trust

Кожен сервіс має мінімальні привілеї
Мережевий доступ deny-by-default
Аутентифікація для всіх internal API

3. Detect → Respond → Prevent

[Incident] → [Forensics] → [Root Cause] → [Hardening] → [Monitoring]

🚨 Incident Response Flow

При виявленні підозрілої активності:

# 1. Detect
./security/persistence-scan.sh
./security/runtime-detector.sh

# 2. Contain
docker stop <container>
iptables -I OUTPUT -d 0.0.0.0/0 -j DROP  # emergency

# 3. Investigate
./security/forensics-checklist.md  # follow checklist

# 4. Remediate
# Based on findings

# 5. Document
# Update INFRASTRUCTURE.md with incident details

📊 Security Metrics

Metric	Target	Current
Containers with `read_only`	100%	🔄 In progress
Services with `cap_drop: ALL`	100%	🔄 In progress
Egress firewall rules	Active	✅ Active
Runtime detection	Active	🔄 Planned
Vulnerability scan frequency	Weekly	🔄 Planned

📞 Security Contacts

Security Lead: admin@daarion.city
Hetzner Abuse: abuse@hetzner.com
Emergency: Submit statement via Hetzner Robot

INFRASTRUCTURE.md — Infrastructure overview + Incident history
SECURITY-REBUILD-REPORT.md — daarion-web incident analysis
TASK_REBUILD_DAARION_WEB.md — Rebuild task details

2.7 KiB Raw Permalink Blame History

🔐 Security — DAARION Infrastructure

📋 Зміст

🎯 Принципи безпеки DAARION

1. Defense in Depth

2. Zero Trust

3. Detect → Respond → Prevent

🚨 Incident Response Flow

При виявленні підозрілої активності:

📊 Security Metrics

📞 Security Contacts

📚 Related Documents

2.7 KiB

Raw Permalink Blame History