Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

policy manager: underlying storage of policy details in Malcolm #572

Closed
mmguero opened this issue Oct 1, 2024 · 1 comment
Closed

policy manager: underlying storage of policy details in Malcolm #572

mmguero opened this issue Oct 1, 2024 · 1 comment
Labels
enhancement New feature or request policy Related to issues dealing with "policy" (rules, configuration, etc.) management
Milestone
z.staging

Comments

@mmguero
Copy link
Collaborator

mmguero commented Oct 1, 2024
edited
Loading

sub-item of this meta-issue: "policy manager" for Malcolm and Hedgehog Linux (#477)

This issue is for the design and implementation of how policy is going to be stored internally on a Malcolm instance. Currently this is what I'm thinking:

  • policies would be stored as sets of files representing rules or configuration, stored inside a Git repository that is hosted on the Malcolm server itself
  • different policies can be represented as separate branches in that Git repository
  • there would probably be a different Git repository per "policy type"
    • e.g., one for Arkime, one for Suricata, one for Zeek, one for YARA, etc.
    • so that someone could be using Arkime policy ABC but YARA policy XYZ, etc.
  • possibly also allowing the policy to contain references to an S3-compatible bucket URL (like minio) which can be enabled or disabled?
  • in addition to just containing the rules themselves, some sort of configuration file (yml or something) that allows a rule to be enabled or disabled (so the rule could exist in the repo, but not necessarily be turned on)
  • some Git commit hooks or another mechanism for validating contents or rules and rejecting malformed rules, so that "bad" data never gets saved to the database
@mmguero mmguero added the enhancement New feature or request label Oct 1, 2024
@mmguero mmguero added this to the z.staging milestone Oct 1, 2024
@mmguero mmguero added this to Malcolm Oct 1, 2024
@mmguero mmguero added the policy Related to issues dealing with "policy" (rules, configuration, etc.) management label Oct 1, 2024
@mmguero mmguero moved this to Todo (design) in Malcolm Oct 1, 2024
This was referenced Oct 1, 2024
Closed
Closed
Closed
@mmguero mmguero changed the title policy manager: storage of policy details in Malcolm policy manager: underlying storage of policy details in Malcolm Oct 1, 2024
@mmguero
Copy link
Collaborator Author

mmguero commented Nov 4, 2024

Kamino closed and cloned this issue to cisagov/Malcolm

@mmguero mmguero mentioned this issue Nov 4, 2024
Open
@mmguero mmguero closed this as completed Nov 4, 2024
@github-project-automation github-project-automation bot moved this from Todo (design) to Done in Malcolm Nov 4, 2024
This was referenced Nov 4, 2024
Open
Open
Open
@mmguero mmguero moved this from Done to Migrated in Malcolm Nov 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request policy Related to issues dealing with "policy" (rules, configuration, etc.) management
Projects
Malcolm
Status: Migrated
Milestone
z.staging
Development

No branches or pull requests
1 participant
@mmguero