Skip to content

Commit ac4a2d2

Browse files
committed
bump: v1.0.0
1 parent 3637d00 commit ac4a2d2

11 files changed

Lines changed: 1117 additions & 249 deletions

File tree

Cargo.lock

Lines changed: 20 additions & 20 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

README.md

Lines changed: 20 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,4 +2,23 @@
22

33
[![Discord Server](https://img.shields.io/discord/1459399539403522074.svg?label=Discord&logo=discord&color=blue)](https://discord.gg/D5e2czMTT9)
44

5-
A arXiv daily reader writen in rust.
5+
A arXiv daily reader writen in rust with LLM capabilities.
6+
Also contains a special encryption algorithm based on rssn symbolic functionalities for surprises.
7+
We have also implemented a custom gemma3 preset based on candle-rs.
8+
9+
## Installation
10+
11+
```bash
12+
# Clone the repository
13+
git clone https://github.com/panayang/arxiv-daily.git
14+
cd arxiv-daily
15+
16+
# Install cargo-leptos
17+
cargo install cargo-leptos
18+
19+
# Run the project
20+
cargo leptos watch
21+
22+
# Or you may want to have a release (optimized) version to run LLM
23+
# python3.14 release.py
24+
```

SECURITY.md

Lines changed: 135 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,3 +9,138 @@
99
## Reporting a Vulnerability
1010

1111
Please do not report a vulnerability via Github issues. Any vulnerability shall be reported by emailing to Pana.Yang@hotmail.com or via our official website security reporting section (under construction).
12+
13+
## Developer Security Standards (Mandatory for Organization Members and Recommended for Contributors)
14+
15+
### **I. Authorized Operating Environment**
16+
17+
* **Recommended OS:** Fedora KDE Plasma Desktop
18+
* **Disk Encryption:** LUKS (Linux Unified Key Setup) **must** be enabled by default during installation.
19+
20+
### **II. Mandatory Security Suite**
21+
22+
To ensure system integrity and real-time threat detection, the following tools must be installed and configured:
23+
24+
* **Endpoint Monitoring:** Wazuh-agent
25+
* **Hardening & Auditing:** SELinux (set to `Enforcing`), firewalld, Lynis
26+
* **Threat Scanning:** ClamAV, rkhunter, chkrootkit
27+
* **System Integrity:** AIDE (Advanced Intrusion Detection Environment), unhide
28+
* **Network Scanning:** Daily Nmap scan of the local network (e.g., `192.168.1.0/24`)
29+
* **Security Server:** Wazuh-server (includes Wazuh-dashboard, Wazuh-manager and Wazuh-indexer), Greenbone Community Edition
30+
31+
### **III. Identity & Access Management**
32+
33+
* **2FA Requirement:** Hardware-based authentication via **YubiKey** is mandatory for all organizational accounts and SSH access.
34+
35+
---
36+
37+
### Appendix
38+
39+
```text
40+
# sysctl settings are defined through files in
41+
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
42+
#
43+
# Vendors settings live in /usr/lib/sysctl.d/.
44+
# To override a whole file, create a new file with the same in
45+
# /etc/sysctl.d/ and put new settings there. To override
46+
# only specific settings, add a file with a lexically later
47+
# name in /etc/sysctl.d/ and put new settings there.
48+
#
49+
# For more information, see sysctl.conf(5) and sysctl.d(5).
50+
51+
# --- A. Network Hardening ---
52+
53+
# Protect against IP spoofing (source validation)
54+
net.ipv4.conf.all.rp_filter = 1
55+
net.ipv4.conf.default.rp_filter = 1
56+
57+
# Ignore ICMP broadcast requests to avoid being part of Smurf attacks
58+
net.ipv4.icmp_echo_ignore_broadcasts = 1
59+
60+
# Ignore bad ICMP errors (prevents some types of attacks)
61+
net.ipv4.icmp_ignore_bogus_error_responses = 1
62+
63+
# Disable IP source routing (usually unnecessary and exploitable)
64+
net.ipv4.conf.all.accept_source_route = 0
65+
net.ipv4.conf.default.accept_source_route = 0
66+
67+
# Disable secure ICMP redirects
68+
net.ipv4.conf.all.secure_redirects = 0
69+
net.ipv4.conf.default.secure_redirects = 0
70+
71+
# Log spoofed packets, source routed packets, and redirects
72+
net.ipv4.conf.all.log_martians = 1
73+
74+
# Protection against SYN flood attacks (enables SYN cookies)
75+
net.ipv4.tcp_syncookies = 1
76+
77+
# Increase the maximum number of connections waiting for acceptance
78+
net.core.somaxconn = 4096
79+
net.core.netdev_max_backlog = 5000
80+
81+
# --- B. Filesystem / Permission Hardening ---
82+
83+
# Disable magic SysRq key (unless you need it for emergency debugging)
84+
kernel.sysrq = 0
85+
86+
# Enable restriction of link/symlink traversal (to prevent user links in world-writable dirs)
87+
fs.protected_hardlinks = 1
88+
fs.protected_symlinks = 1
89+
90+
# Restrict the permissions of dmesg to non-root users (hiding kernel messages from attackers)
91+
kernel.dmesg_restrict = 1
92+
93+
# Restrict unprivileged users from using the bpf() system call
94+
kernel.unprivileged_bpf_disabled = 1
95+
96+
# Randomize the virtual address space layout (ASLR) - Default is usually 2, ensure it's on
97+
kernel.randomize_va_space = 2
98+
99+
# --- C. Resource and Memory Hardening ---
100+
101+
# Prevent non-root users from writing to /proc/sys/vm/*
102+
kernel.yama.protected_sysctl = 1
103+
104+
# Restrict the dumping of memory (core dumps)
105+
fs.suid_dumpable = 0
106+
107+
# Controls memory allocation behavior - often set to 1 or 2.
108+
# A value of 2 ensures no overcommit, helping prevent stability issues when memory runs out.
109+
vm.overcommit_memory = 1
110+
vm.max_map_count=262144
111+
112+
# Restrict non-root user create too many User Namespace
113+
user.max_user_namespaces = 10000
114+
115+
# ---D. Yama Settings ---
116+
117+
# Restrict ptrace to only ancestor processes (prevents snooping)
118+
kernel.yama.ptrace_scope = 1
119+
```
120+
121+
```text
122+
0 2 * * * /usr/bin/freshclam --quiet
123+
5 2 * * * /usr/bin/flock -n /tmp/clamscan.lock /usr/bin/nice -n 19 /usr/bin/ionice -c 3 /usr/bin/clamdscan --multiscan --fdpass --quiet / >> /var/log/clamav-scan-$(date +\%Y\%m\%d).log
124+
10 2 * * * /usr/sbin/chkrootkit >> /var/log/chkrootkit-scan-$(date +\%Y\%m\%d).log
125+
15 2 * * * /usr/bin/aide --check
126+
0 3 1 * * /usr/bin/logger "REMINDER: Run 'aide --update' after a system upgrade to maintain database integrity."
127+
20 2 * * * /usr/sbin/unhide proc tcp udp sys >> /var/log/unhide-scan-$(date +\%Y\%m\%d).log 2>&1
128+
40 2 * * * /usr/bin/lynis --cronjob --quiet >> /var/log/lynis-report-$(date +\%Y\%m\%d).log
129+
50 2 * * * /usr/bin/rkhunter --cronjob --rwo >> /var/log/rkhunter-scan-$(date +\%Y\%m\%d).log
130+
0 4 * * * /usr/local/bin/daily_nmap_scan.sh >/dev/null 2>&1
131+
```
132+
133+
```shell
134+
#!/bin/bash
135+
136+
# Define variables
137+
TIMESTAMP=$(date +"%Y-%m-%d")
138+
SCAN_DIR="/var/log/nmap_scans"
139+
TARGET_SPEC="192.168.1.0/24"
140+
141+
# Create the log directory if it doesn't exist
142+
mkdir -p $SCAN_DIR
143+
144+
# Run the Nmap scan
145+
/usr/bin/nmap -A -T4 $TARGET_SPEC -oN $SCAN_DIR/nmap_scan_$TIMESTAMP.txt
146+
```

assets/surprise.bin

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,3 @@
11
version https://git-lfs.github.com/spec/v1
2-
oid sha256:d7783e2b901075fda76316d9bb1008f7bfd7e4257727c18872bf77e3cfa1b62a
3-
size 280
2+
oid sha256:f21fe6fc5dcad4833baf8e6674ff070c0e86ff42000daed899b95d12bda870bc
3+
size 528

scraper/Cargo.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
[package]
22
name = "scraper"
3-
version = "0.9.0"
3+
version = "1.0.0"
44
edition = "2024"
55
rust-version = "1.90.0"
66
authors = ["Xinyu Yang <Pana.Yang@hotmail.com>"]

shared/Cargo.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
[package]
22
name = "shared"
3-
version = "0.9.0"
3+
version = "1.0.0"
44
edition = "2024"
55
rust-version = "1.90.0"
66
authors = ["Xinyu Yang <Pana.Yang@hotmail.com>"]

surprise.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,2 @@
1-
key = "x^8 +x^7 + x^6 + x^5"
1+
key = "x^8 + sin(x)"
22
payload = "A very secret surprise message!"

web_app/Cargo.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
[package]
22
name = "web_app"
3-
version = "0.9.0"
3+
version = "1.0.0"
44
edition = "2024"
55
rust-version = "1.90.0"
66
authors = ["Xinyu Yang <Pana.Yang@hotmail.com>"]

0 commit comments

Comments
 (0)