-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathsecurity.conf
More file actions
55 lines (46 loc) · 2.03 KB
/
security.conf
File metadata and controls
55 lines (46 loc) · 2.03 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
# Security Configuration for Universal Linux Installer
# This file defines security-related settings and constraints
# Download Security
MAX_DOWNLOAD_SIZE=104857600 # 100MB maximum download size
DOWNLOAD_TIMEOUT=60 # 60 seconds timeout
MAX_RETRIES=3 # Maximum retry attempts
ALLOWED_PROTOCOLS=("https") # Only allow HTTPS downloads
# URL Whitelist for trusted sources
TRUSTED_DOMAINS=(
"raw.githubusercontent.com"
"github.com"
"cli.github.com"
"packages.microsoft.com"
"download.spotify.com"
"dl.google.com"
"raw.github.com"
"nvm.sh"
"deb.nodesource.com"
)
# File Security
MAX_LOG_SIZE=10485760 # 10MB log rotation
MAX_LOG_FILES=5 # Keep 5 log files
SECURE_PERMISSIONS=true # Enforce secure file permissions
# User Input Security
INPUT_TIMEOUT=30 # 30 seconds timeout for user input
VALIDATE_EMAIL=true # Validate email format
VALIDATE_USERNAME=true # Validate username format
# System Security
REQUIRE_SUDO_PASSWORD=true # Require sudo password
CHECK_CONTAINER=true # Warn if running in container
MIN_DISK_SPACE=2097152 # Minimum 2GB free space (in KB)
REQUIRE_INTERNET=true # Require internet connectivity
# Package Security
VERIFY_SIGNATURES=true # Verify package signatures when possible
USE_HTTPS_REPOS=true # Prefer HTTPS repositories
AUTO_UPDATE_DISABLED=false # Allow automatic updates
# Backup Security
BACKUP_ENABLED=true # Enable automatic backups
BACKUP_RETENTION_DAYS=30 # Keep backups for 30 days
SECURE_BACKUP_PERMS=true # Use secure permissions for backups
# Logging Security
LOG_SENSITIVE_INFO=false # Don't log sensitive information
SANITIZE_LOGS=true # Sanitize log entries
# Development Security
ALLOW_DEV_MODE=false # Disable development mode by default
STRICT_MODE=true # Enable strict error checking