-
Notifications
You must be signed in to change notification settings - Fork 58
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add IDS-VM as a defensive networking mechanism #422
Conversation
11e4111
to
a85b68f
Compare
a85b68f
to
7f9f777
Compare
7f9f777
to
f9fafb1
Compare
f9fafb1
to
dca4b2f
Compare
|
dca4b2f
to
40b6688
Compare
8a49f8c
to
b500944
Compare
Both ids-vm and mitmproxy made now optional and disabled by default. The mitmproxy is now introduced as a module for ids-vm. |
b500944
to
abc8955
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Design could be moved to GA-space according to the new process but it's there in the PR so I'll leave it to the integration
- Please check and cherry-pick/include the two commits I commented related to VMM and timeZone.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested on Lenovo-X1
- mitmweb-ui works
- Apps launch
- ci-test-automation run ok
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good! Just an FYI - the certificate warning goes away when using the flag --test-type
.
abc8955
to
6fd3643
Compare
Rebased with 6fd3643 |
- Adds new virtual machine called ids-vm to Lenovo X1 target. - If enabled, sets it as a default gateway for other VMs except for net-vm. - Adds mitmproxy as a module to ids-vm to monitor http and https traffic. - Creates a web interface to the mitmproxy. - Sets Chromium to ignore self-signed CA certificate generated by mitmproxy. - Adds mitmproxy CA certificate to gala-vm to enable login. - Both ids-vm and mitmproxy module are disabled by default. Signed-off-by: Risto Kuusela <risto.kuusela@unikie.com>
6fd3643
to
7af8203
Compare
ci-test-automation passed; |
Description of changes
This PR adds a new VM that enables defensive mechanisms to internal network as well as to outgoing network. This is going to replace the earlier draft pull request PR #146.
Checklist for things done
x86_64
aarch64
riscv64
nix flake check --accept-flake-config
and it passesTesting
and ignoring certificate warnings entirely.