Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

policy manager: underlying storage of policy details in Malcolm #360

Open
mmguero opened this issue Nov 4, 2024 · 0 comments
Open

policy manager: underlying storage of policy details in Malcolm #360

mmguero opened this issue Nov 4, 2024 · 0 comments
Labels
enhancement New feature or request policy Related to issues dealing with "policy" (rules, configuration, etc.) management
Milestone

Comments

@mmguero
Copy link
Collaborator

mmguero commented Nov 4, 2024

@mmguero cloned issue idaholab/Malcolm#572 on 2024-10-01:

sub-item of this meta-issue: "policy manager" for Malcolm and Hedgehog Linux (idaholab#477)

This issue is for the design and implementation of how policy is going to be stored internally on a Malcolm instance. Currently this is what I'm thinking:

  • policies would be stored as sets of files representing rules or configuration, stored inside a Git repository that is hosted on the Malcolm server itself

  • different policies can be represented as separate branches in that Git repository

  • there would probably be a different Git repository per "policy type"

    • e.g., one for Arkime, one for Suricata, one for Zeek, one for YARA, etc.

    • so that someone could be using Arkime policy ABC but YARA policy XYZ, etc.

  • possibly also allowing the policy to contain references to an S3-compatible bucket URL (like minio) which can be enabled or disabled?

  • in addition to just containing the rules themselves, some sort of configuration file (yml or something) that allows a rule to be enabled or disabled (so the rule could exist in the repo, but not necessarily be turned on)

  • some Git commit hooks or another mechanism for validating contents or rules and rejecting malformed rules, so that "bad" data never gets saved to the database

@mmguero mmguero added enhancement New feature or request policy Related to issues dealing with "policy" (rules, configuration, etc.) management labels Nov 4, 2024
@mmguero mmguero added this to Malcolm Nov 5, 2024
@mmguero mmguero added this to the z.staging milestone Nov 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request policy Related to issues dealing with "policy" (rules, configuration, etc.) management
Projects
Status: No status
Development

No branches or pull requests

1 participant