Skip to content

[NOMERGE] Add buendia-security-monitor package.#252

Open
schuyler wants to merge 18 commits intodevfrom
schuyler/security-monitor
Open

[NOMERGE] Add buendia-security-monitor package.#252
schuyler wants to merge 18 commits intodevfrom
schuyler/security-monitor

Conversation

@schuyler
Copy link
Copy Markdown
Member

@schuyler schuyler commented Mar 20, 2020

This PR implements buendia-security-monitor, which primarily serves the function of removing the local database encryption keys if the server has not connected to the configured wifi network in a preset span of time since boot.

This PR is dependent on #251 and is not ready for merge.

schuyler added 18 commits February 6, 2020 14:45
@schuyler
Generate system key if not present when buendia-utils is installed.
91c2378
@schuyler
Add encrypt/decrypt_file functions to utils.sh.
e2b89bd 
Intended for use with the Buendia system key.
@schuyler
Integration test to ensure OpenMRS tables are encrypted.
32632c7
@schuyler
Change buendia-mysql dependency to mariadb-server-10.1.
021d974 
Specifically for encryption support.
@schuyler
Rename /etc/mysql/conf.d/buendia-mysql to .cnf just to confirm to Mar…
98dc9ef 
…iaDB convention.
@schuyler
Create MariaDB encryption keys in buendia-mysql postinst.
81d4197
@schuyler
Add MariaDB configuration to enable InnoDB table encryption.
9efc87f
@schuyler
Basic approach to encrypting backups.
d8d43df 
Essentially, ensure that openmrs.zip and buendia.tar.gz are encrypted
using the Buendia system key.

The patient chart ZIP is already encrypted with the OpenMRS server
password, so we're leaving that untouched for now.
@schuyler
Don't fail simultaneous backup test if database is empty.
d7bcffb
@schuyler
Add a note about the MariaDB table encryption test.
ad48920
@schuyler
buendia-backup copies system.key to external backup
60664e3
@schuyler
buendia-restore restores a system key from external storage
39cd7ca
@schuyler
buendia-restore should copy encrypted files to temporary local storage
850a9db 
before decrypting.

This will hopefully minimize the risk of running out of space on the
backup storage device, since the decryption process has to make a copy
of the output on disk.
@schuyler
Add buendia-security-monitor package.
2545c9e
@schuyler
buendia-wifi-watchdog should record wifi state in /run/buendia-networ…
e4c6a08 
…king.state so that buendia-security-monitor can tell when we were last confirmed connected to a WiFi network.
@schuyler
Move buendia-db-is-empty to buendia-db package.
38f1dff
@schuyler
Add buendia-security-monitor script.
4083050 
buendia-security-monitor is designed to remove the Buendia system keys
in the event that a Buendia system with user records is configured to
talk to a particular wifi network but cannot connect to that network
within $SECURITY_MONITOR_TIMEOUT_MINS minutes of booting.
@schuyler
Add systemd simple service to start buendia-security-monitor in
946c991 
background.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@schuyler @zestyping