| Version | Supported |
|---|---|
| 0.1.x | ✅ |
| < 0.1 | ❌ |
Please report security vulnerabilities via GitHub Security Advisories at:
https://github.com/natuleadan/sdk-ops/security/advisories
Do not open public issues for security vulnerabilities.
- SSH key-only authentication (password auth disabled)
- SSH port stays on 22 by default (optional
--ssh-port Nmigration) - Root login restricted to key-based auth
- Root password NOT locked by default (optional
--lock-rootflag) - nftables firewall (default deny policy)
- fail2ban with 1-hour bans
- Automatic security updates via unattended-upgrades
- Kernel hardening (sysctl: syncookies, rp_filter, ptrace_scope)
- Known-host verification with
~/.ssh/known_hosts(env varSDK_OPS_SSH_STRICT_HOST_KEY=true) or--insecureto skip
| Feature | Description | Files |
|---|---|---|
| Path traversal prevention | filepath.Clean on all file read/write operations (37+ locations) |
agent/, cmd/, deploy/ |
| Secure file permissions | Files written with 0600, directories with 0750 |
deploy/, templates/, hardening/ |
| Root-scoped writes | writeFileSafe() uses os.OpenRoot("/") for chroot-style safety |
cmd/sdk-ops/deploy.go, k3s/install.go |
| Container name validation | validContainerName() prevents injection in docker exec |
agent/health.go, agent/events.go |
| Registry config validation | RegistryConfig.Valid() validates credentials before deploy |
deploy/upload.go, deploy/builder_dockerfile.go |
| Context propagation | All HTTP/DB/exec calls use context.Context for cancellation |
agent/, notify/, providers/ |
| Command injection prevention | validateCmd() rejects shell metacharacters (;, `, $, etc.) |
agent/api.go (POST /exec endpoint) |
| SSH host key configurable | knownhosts.New() by default; env var SDK_OPS_SSH_STRICT_HOST_KEY=false for insecure |
ssh/client.go |
| Static security scanning | golangci-lint with gosec (severity: medium, confidence: high) in CI |
.golangci.yml, .github/workflows/ci.yml |