73 lines
3.0 KiB
Markdown
73 lines
3.0 KiB
Markdown
# Quick TODOs - One-Liners
|
|
|
|
## 🎨 Dashboard & Visuals
|
|
- Add security status indicators to dashboard (machine binding, Ed25519, nonce protection)
|
|
- Create security metrics visualization panels
|
|
- Add live operations count badges
|
|
- Visual agent health status with color coding
|
|
|
|
## 🔬 Research & Analysis
|
|
|
|
### ✅ COMPLETED: Duplicate Command Queue Logic Research
|
|
**Analysis Date:** 2025-11-03
|
|
|
|
**Current Command Structure:**
|
|
- Commands have `AgentID` + `CommandType` + `Status`
|
|
- Scheduler creates commands like `scan_apt`, `scan_dnf`, `scan_updates`
|
|
- Backpressure threshold: 5 pending commands per agent
|
|
- No duplicate detection currently implemented
|
|
|
|
**Duplicate Detection Strategy:**
|
|
1. **Check existing pending/sent commands** before creating new ones
|
|
2. **Use `AgentID` + `CommandType` + `Status IN ('pending', 'sent')`** as duplicate criteria
|
|
3. **Consider timing**: Skip duplicates only if recent (< 5 minutes old)
|
|
4. **Preserve legitimate scheduling**: Allow duplicates after reasonable intervals
|
|
|
|
**Implementation Considerations:**
|
|
- ✅ **Safe**: Won't disrupt legitimate retry/interval logic
|
|
- ✅ **Efficient**: Simple database query before command creation
|
|
- ⚠️ **Edge Cases**: Manual commands vs auto-generated commands need different handling
|
|
- ⚠️ **User Control**: Future dashboard controls for "force rescan" vs normal scheduling
|
|
|
|
**Recommended Approach:**
|
|
```go
|
|
// Check for recent duplicate before creating command
|
|
recentDuplicate, err := q.CheckRecentDuplicate(agentID, commandType, 5*time.Minute)
|
|
if err != nil { return err }
|
|
if recentDuplicate {
|
|
log.Printf("Skipping duplicate %s command for %s", commandType, hostname)
|
|
return nil
|
|
}
|
|
```
|
|
|
|
- Analyze scheduler behavior with user-controlled scheduling functions
|
|
- Investigate agent command acknowledgment flow edge cases
|
|
- Study security validation failure patterns and root causes
|
|
|
|
## 🔧 Technical Improvements
|
|
- Add Cache-Control: no-store headers to security endpoints
|
|
- Standardize directory paths (/var/lib/aggregator → /var/lib/redflag, /etc/aggregator → /etc/redflag)
|
|
- Implement proper upgrade path from 0.1.17 to 0.1.22 with key signing changes
|
|
- Add database migration cleanup for old agent IDs and stale data
|
|
|
|
## 📊 Monitoring & Metrics
|
|
- Add actual counters for security validation failures/successes
|
|
- Implement historical data tracking for security events
|
|
- Create alert integration for security monitoring systems
|
|
- Track rate limit usage and backpressure events
|
|
|
|
## 🚀 Future Features
|
|
- User-controlled scheduler functions and agenda planning
|
|
- HSM integration for private key storage
|
|
- Mutual TLS for additional transport security
|
|
- Role-based filtering for sensitive security metrics
|
|
|
|
## 🧪 Testing & Validation
|
|
- Load testing for security endpoints under high traffic
|
|
- Integration testing with real dashboard authentication
|
|
- Test agent behavior with network interruptions
|
|
- Validate command deduplication logic impact
|
|
|
|
---
|
|
Last Updated: 2025-11-03
|
|
Priority: Focus on dashboard visuals and duplicate command research |