gyptazy (@gyptazy@gyptazy.ch)

gyptazy

@gyptazy@gyptazy.ch

Believer in the power of open-source & community-driven innovation.

Former AS20621 NetOp that loves FreeBSD & illumos. Currently mostly in DevOps & developing (Python, Rust). Contributes to #Ansible & #GradenLinux. Evaluating and production usage of #RISCV hardware/software.

Projects:
* BoxyBSD.com - A free VM hosting service to provide some value back to the community.
* manpageblog.org - A static blog generator in manpage design.
* QualvoSec - A security patch management tool.

Blog: ✔ https://gyptazy.ch
GitHub: ✔ https://github.com/gyptazy
X: https://twitter.com/gyptazy

0 ★ 0 ↺

in reply to »

gyptazy » 2024-03-07
@gyptazy@gyptazy.ch

#QualvoSec Features:

* Not running as root
* Only specific commands allowed by sudo
* Clients pulling information from server
* Server provides only a static manifest
* Holding the patch windows
* No remote code executions
* A potential compromised server could not be able to execute code on clients
* Health monitoring endpoint on clients
* Minimalistic design
* Admin tool for creating, deleting and looking up of client patch windows
* Fully written in Python3
* Integrated packaging support by CMake
* CMake/CPack created .deb and .rpm files
* Support for Linux, BSD
* Support for AMD64, ARM64 and RISC-V hardware architecture