Do full security audit

[bburns]

No description provided.

[MRIIOT]

What type of audits are required?

[bburns]

i don't know too much about the topic, but some ideas -

-block unused ports
-block non-localhost ip addr access?
-audit our adapter, meter, relay Dockerfiles and build procedures
-what kind of schedule to rebuild docker images at client installations? monthly? automate eventually
-passwords - we tend to re-use pws across a client install, and for root access(?) - better way?
-postgres - make a user, give permissions to access certain tables/views

eg oxbox ports -

[pi@001-oxbox ~/ladder99/ladder99-ce]
$ ./list
NAMES       STATUS                 PORTS
adapter     Up 3 hours
agent       Up 4 weeks             0.0.0.0:5000->5000/tcp, :::5000->5000/tcp
backup      Up 4 weeks
dozzle      Up 4 weeks             0.0.0.0:8080->8080/tcp, :::8080->8080/tcp
grafana     Up 4 weeks             0.0.0.0:3000->3000/tcp, :::3000->3000/tcp
meter       Up 4 weeks
mosquitto   Up 4 weeks             0.0.0.0:1883->1883/tcp, :::1883->1883/tcp
nodered     Up 4 weeks (healthy)   0.0.0.0:1880->1880/tcp, :::1880->1880/tcp
pgadmin     Up 4 weeks             0.0.0.0:5050->5050/tcp, :::5050->5050/tcp
portainer   Up 4 weeks             8000/tcp, 9443/tcp, 0.0.0.0:9000->9000/tcp, :::9000->9000/tcp
postgres    Up 4 weeks             0.0.0.0:5432->5432/tcp, :::5432->5432/tcp
relay       Up 4 weeks
traefik     Up 4 weeks             0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp

see also #183

[tukusejssirs]

I am not quite sure if this issue should be labelled as enhancement or bug, as it is related to both.