Documentation for Iroha installation security tips #2129
Conversation
|
@baydarich I recently created a pull request regarding deploying ansible in kubernetes clusters. I have no experience in security of any sort; could you make some suggestions as to how i could improve security handling? |
docs/source/guides/sec-install.rst
Outdated
| ^^^^^^^^^^^^^^^^^^^^^^ | ||
| - Collect and ship logs to a dedicated machine using an agent (e.g., Filebeat). | ||
| - Collect logs from all Iroha peers in a central point (e.g., Logstash). | ||
| - Enable docker healthcheck. |
There was a problem hiding this comment.
Right now we do not have a mechanism to identify the health of a running container. There are custom implementations that use gRPC to test if Iroha is ready to accept connections (e.g., https://github.com/d3ledger/notary/blob/7b1796472538c33817ebfea67f436221285ebc7d/docker/grpc-healthcheck.dockerfile) but this is not very reliable indicator.
There was a problem hiding this comment.
Done - healthcheck mentioning is deleted.
Co-Authored-By: Baydarich <[email protected]>
|
@sudomann I left a comment in your pull request |
docs/source/guides/sec-install.rst
Outdated
|
|
||
| Updates | ||
| ^^^^^^^ | ||
| Install latest operating system security patches and update it regularly. |
Description of the Change
Added tips to Read the Docs for securing Iroha installation ranging from physical security to logging. The guide itself is more general and aimed at meeting obvious yet necessary requirements.
Benefits
The guide helps administrators to avoid possible security problems that are not directly related to Iroha.
Possible Drawbacks
None