jpetree331
f97d4845af
Complete RedFlag codebase with two major security audit implementations.
== A-1: Ed25519 Key Rotation Support ==
Server:
- SignCommand sets SignedAt timestamp and KeyID on every signature
- signing_keys database table (migration 020) for multi-key rotation
- InitializePrimaryKey registers active key at startup
- /api/v1/public-keys endpoint for rotation-aware agents
- SigningKeyQueries for key lifecycle management
Agent:
- Key-ID-aware verification via CheckKeyRotation
- FetchAndCacheAllActiveKeys for rotation pre-caching
- Cache metadata with TTL and staleness fallback
- SecurityLogger events for key rotation and command signing
== A-2: Replay Attack Fixes (F-1 through F-7) ==
F-5 CRITICAL - RetryCommand now signs via signAndCreateCommand
F-1 HIGH - v3 format: "{agent_id}:{cmd_id}:{type}:{hash}:{ts}"
F-7 HIGH - Migration 026: expires_at column with partial index
F-6 HIGH - GetPendingCommands/GetStuckCommands filter by expires_at
F-2 HIGH - Agent-side executedIDs dedup map with cleanup
F-4 HIGH - commandMaxAge reduced from 24h to 4h
F-3 CRITICAL - Old-format commands rejected after 48h via CreatedAt
Verification fixes: migration idempotency (ETHOS #4), log format
compliance (ETHOS #1), stale comments updated.
All 24 tests passing. Docker --no-cache build verified.
See docs/ for full audit reports and deviation log (DEV-001 to DEV-019).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
62 lines
1.8 KiB
Go
62 lines
1.8 KiB
Go
package main
|
|
|
|
import (
|
|
"encoding/json"
|
|
"fmt"
|
|
"log"
|
|
"path/filepath"
|
|
"runtime"
|
|
|
|
"github.com/redflag-aggregator/aggregator-agent/internal/system"
|
|
)
|
|
|
|
func main() {
|
|
// Get the absolute path to this file's directory
|
|
_, filename, _, _ := runtime.Caller(0)
|
|
dir := filepath.Dir(filename)
|
|
|
|
// Change to the project root to find the go.mod file
|
|
projectRoot := filepath.Dir(dir)
|
|
|
|
// Test lightweight metrics (most common use case)
|
|
fmt.Println("=== Enhanced Lightweight Metrics Test ===")
|
|
metrics, err := system.GetLightweightMetrics()
|
|
if err != nil {
|
|
log.Printf("Error getting lightweight metrics: %v", err)
|
|
} else {
|
|
// Pretty print the JSON
|
|
jsonData, _ := json.MarshalIndent(metrics, "", " ")
|
|
fmt.Printf("LightweightMetrics:\n%s\n\n", jsonData)
|
|
|
|
// Show key findings
|
|
fmt.Printf("Root Disk: %.1fGB used / %.1fGB total (%.1f%%)\n",
|
|
metrics.DiskUsedGB, metrics.DiskTotalGB, metrics.DiskPercent)
|
|
|
|
if metrics.LargestDiskTotalGB > 0 {
|
|
fmt.Printf("Largest Disk (%s): %.1fGB used / %.1fGB total (%.1f%%)\n",
|
|
metrics.LargestDiskMount, metrics.LargestDiskUsedGB, metrics.LargestDiskTotalGB, metrics.LargestDiskPercent)
|
|
}
|
|
}
|
|
|
|
// Test full system info (detailed disk inventory)
|
|
fmt.Println("\n=== Enhanced System Info Test ===")
|
|
sysInfo, err := system.GetSystemInfo("test-v0.1.5")
|
|
if err != nil {
|
|
log.Printf("Error getting system info: %v", err)
|
|
} else {
|
|
fmt.Printf("Found %d disks:\n", len(sysInfo.DiskInfo))
|
|
for i, disk := range sysInfo.DiskInfo {
|
|
fmt.Printf(" Disk %d: %s (%s) - %s, %.1fGB used / %.1fGB total (%.1f%%)",
|
|
i+1, disk.Mountpoint, disk.Filesystem, disk.DiskType,
|
|
float64(disk.Used)/(1024*1024*1024), float64(disk.Total)/(1024*1024*1024), disk.UsedPercent)
|
|
|
|
if disk.IsRoot {
|
|
fmt.Printf(" [ROOT]")
|
|
}
|
|
if disk.IsLargest {
|
|
fmt.Printf(" [LARGEST]")
|
|
}
|
|
fmt.Printf("\n")
|
|
}
|
|
}
|
|
} |