Skip to content

Security guidelines #174

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
asfgit merged 1 commit into from
Apr 27, 2017
Merged

Security guidelines #174

asfgit merged 1 commit into from
Apr 27, 2017

Conversation

@bostko
Copy link
Contributor

@bostko bostko commented Apr 26, 2017

Ssh access should be strongly limited.

@bostko bostko changed the title gDefault config key Security guidelines Apr 26, 2017
drigodwin
drigodwin suggested changes Apr 26, 2017
View reviewed changes
guide/ops/security-guidelines.md Outdated
### VM Users

It is strongly discouraged to use the root user on VMs being created or managed by Brooklyn.
SSH access should be delegated on rare cases such as initial Apache Brooklyn setup and other maintenance occasions.
Copy link
Member

@drigodwin drigodwin Apr 26, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure what you mean by delegated here?

guide/ops/security-guidelines.md Outdated
SSH access should be delegated on rare cases such as initial Apache Brooklyn setup and other maintenance occasions.

Avoid putting config a lot of options in `etc/brooklyn.cfg` which one would later need to ssh and change.
Keep location configuration it is preferable to use [Locations in the Catalog](./catalog/#locations-in-the-catalog).
Copy link
Member

@drigodwin drigodwin Apr 26, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think these two lines need rewording but I'm not sure what they're adding. etc/brooklyn.cfg is a config file in the Karaf Brooklyn distro which is not currently the default. I'm not sure we're advising people put locations in there anywhere.

@bostko
Security guidelines
63e3296 
 Ssh access should be strongly limited.
drigodwin
drigodwin approved these changes Apr 27, 2017
View reviewed changes
Copy link
Member

@drigodwin drigodwin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks fine, thanks @bostko

@asfgit asfgit merged commit 63e3296 into apache:master Apr 27, 2017
asfgit pushed a commit that referenced this pull request Apr 27, 2017
@drigodwin
This closes #174
a86e6b9
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@drigodwin drigodwin drigodwin approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bostko @drigodwin @asfgit