fabriziosalmi · September 23, 2024 19:40
diff --git a/config.yaml b/config.yaml
 # RAM Disk SSH Access Configuration

 ram_disk:
  enabled: true
  mount_point: "/mnt/ramdisk"
  size: "100M"  # Adjust as necessary
  permissions: 
    - "noexec"    # Prevent execution of binaries
    - "nosuid"     # Disallow setting user IDs on files
    - "nodev"      # Disallow device files
  cleanup_on_logout: true

 user:
  username: "limiteduser"
  home_directory: "/mnt/ramdisk"
  shell: "/bin/rbash"
  allowed_commands:
    - "ls"
    - "cat"
    - "grep"
  environment_setup:
    script: "/path/to/create_ramdisk.sh"
  logout_cleanup_script: "/path/to/cleanup_ramdisk.sh"

 ssh:
  configuration_file: "/etc/ssh/sshd_config"
  chroot_directory: "/mnt/ramdisk"
  force_command: "internal-sftp"  # Remove if command-line access is needed
  allow_tcp_forwarding: false
  x11_forwarding: false

 security_measures:
  audit_and_monitor:
    description: "Regularly check the RAM disk for unauthorized changes and log user activities."
    tool: "auditd"
  firewall_rules:
    description: "Implement firewall rules to restrict access based on user needs."
    recommended_tool: "iptables"  # or "ufw" for simpler management
  limit_ram_disk_size:
    description: "Adjust the RAM disk size to meet only essential needs."
    note: "Monitor usage to avoid excessive allocation."
  setup_alerts:
    description: "Use monitoring tools to alert on suspicious activity or excessive resource usage."
    recommended_tools:
      - "Nagios"
      - "Prometheus"
      - "Zabbix"

 logging:
  enabled: true
  log_directory: "/var/log/user_activity"
  retention_policy: "30 days"

 backup:
  enabled: false  # No backup as RAM disk is ephemeral
	# RAM Disk SSH Access Configuration

	ram_disk:
	enabled: true
	mount_point: "/mnt/ramdisk"
	size: "100M" # Adjust as necessary
	permissions:
	- "noexec" # Prevent execution of binaries
	- "nosuid" # Disallow setting user IDs on files
	- "nodev" # Disallow device files
	cleanup_on_logout: true

	user:
	username: "limiteduser"
	home_directory: "/mnt/ramdisk"
	shell: "/bin/rbash"
	allowed_commands:
	- "ls"
	- "cat"
	- "grep"
	environment_setup:
	script: "/path/to/create_ramdisk.sh"
	logout_cleanup_script: "/path/to/cleanup_ramdisk.sh"

	ssh:
	configuration_file: "/etc/ssh/sshd_config"
	chroot_directory: "/mnt/ramdisk"
	force_command: "internal-sftp" # Remove if command-line access is needed
	allow_tcp_forwarding: false
	x11_forwarding: false

	security_measures:
	audit_and_monitor:
	description: "Regularly check the RAM disk for unauthorized changes and log user activities."
	tool: "auditd"
	firewall_rules:
	description: "Implement firewall rules to restrict access based on user needs."
	recommended_tool: "iptables" # or "ufw" for simpler management
	limit_ram_disk_size:
	description: "Adjust the RAM disk size to meet only essential needs."
	note: "Monitor usage to avoid excessive allocation."
	setup_alerts:
	description: "Use monitoring tools to alert on suspicious activity or excessive resource usage."
	recommended_tools:
	- "Nagios"
	- "Prometheus"
	- "Zabbix"

	logging:
	enabled: true
	log_directory: "/var/log/user_activity"
	retention_policy: "30 days"

	backup:
	enabled: false # No backup as RAM disk is ephemeral