Skip to content

Commit

Permalink
Updated security check list.
Browse files Browse the repository at this point in the history
  • Loading branch information
@mbushkov
mbushkov committed Nov 27, 2017
1 parent aa21503 commit e49d2d9
Showing 1 changed file with 17 additions and 6 deletions.
23 changes: 17 additions & 6 deletions docs/installing-grr-server/securing-access.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,15 +8,26 @@ If you're running GRR for anything besides simple demo purposes, it's extremely

1. Anybody who has direct write access to GRR datastore (no matter if it's SQLite or MySQL) effectively becomes root on all systems running GRR client talking to your GRR server.

Consequently, it's important to secure your GRR infrastructure:
Consequently, it's important to secure your GRR infrastructure. Please follow a security checklist below.

1. Maximally restrict SSH access (or any other kind of direct access) to machines that run GRR server infrastructure.
## GRR Security Checklist

1. Make sure GRR web UI is not accessible from the Internet.
1. Generate new CA/server keys on initial install. Back up these keys somewhere securely (see [Key Management](../maintaining-and-tuning/key-management/which-keys-and-how.md)).

1. Maximally restrict SSH access (or any other kind of direct access) to GRR server machines.

1. Make sure GRR web UI is not exposed to the Internet and is protected.

For a high security environment:

1. Make sure GRR's web UI is served through an Apache or Nginx proxy via HTTPS. If you're using any kind of internal authentication/authorization system, limit access to GRR web UI when configuring Apache or Nginx. See [user authentication](../maintaining-and-tuning/user-management/authentication.md) documentation.

1. If there're more than just a few people working with GRR, turn on [GRR approval-based auditing](../maintaining-and-tuning/approval-based-auditing.md)
1. If there're more than just a few people working with GRR, turn on [GRR approval-based access control](../maintaining-and-tuning/approval-based-workflow.md)

1. Regenerate code signing key with passphrases for additional security.

1. Run the http server serving clients on a separate machine to the workers.

1. Ensure the database server is using strong passwords and is well protected.

1. GRR keys are well-protected and backed up in a secure fashion (see [Key Management](../maintaining-and-tuning/key-management/which-keys-and-how.md)). You may also
regenerate code signing keys with passphrases for additional security.
1. Produce obfuscated clients (repack the clients with a different *Client.name* setting)

0 comments on commit e49d2d9

Please sign in to comment.