docs/SECURITY.md

## LAYLO Code - Secure, resilient, privacy-friendly code hosting

This document gives an overview to the applied security standards that are in use on `code.laylo.cloud`.

### Goals

This Gitea instance is configured following best practices, in order to thwart low to medium level attacks. The threat model does not include protection against high-level adversaries (eg, nation states).

### Global

- The OS and software is updated every week (Thursdays, 22:00 - 23:59 CEST).
- The storage on the server is fully encrypted, both in OpenStack and the VM itself (the latter one using `AES-XTS-256`, see `misc/softraid.pdf` for the specification).
- The server _solely_ runs the Gitea stack (with Nginx and PostgreSQL), thus preventing additional attack surface.

### Web front-end

- Any plain-text (HTTP) traffic is redirected to the TLS secure counterpart (HTTPS).
- TLS (or more specifically: TLSv1.2 and TLSv1.3) is used for transit encryption - with HSTS and the following ciphers: 

	```
	ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:AES-256-GCM-SHA384:EECDH+AESGCM:EDH+AESGCM
- OCSP stapling is enabled.
- TLS session tickets are disabled (at least until Nginx fixes this properly).

### Networking

- The server itself is strictly firewalled (using `pf(8)`), both egress and ingress - on a daemon/service level.
- Internal service communication is encrypted (eg: Gitea is configured to connect to the local PostgreSQL server using TLS).

### Etc

- Official commits (eg, in the `laylo/docs` repository) are GPG signed, and MFA is enforced for accounts with write access.
- Backups are made every 24 hours, using a 'pull mechanism'. This server does **NOT** have access to the backup repository.
- SSH is hardened (PKI authentication, MFA via hardware tokens).
- SSH ciphers are hardened, these are in use:

	```
	Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr
	KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256@libssh.org,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512
	MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com
	HostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-512,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com
- The GPG public keys can be found in `signing-keys/`
Update README 2022-08-17 17:36:36 +02:00			`## LAYLO Code - Secure, resilient, privacy-friendly code hosting`

			This document gives an overview to the applied security standards that are in use on `code.laylo.cloud`.

Update README.md and SECURITY.md 2022-08-17 17:52:09 +02:00			`### Goals`

			`This Gitea instance is configured following best practices, in order to thwart low to medium level attacks. The threat model does not include protection against high-level adversaries (eg, nation states).`

Update README 2022-08-17 17:36:36 +02:00			`### Global`

			`- The OS and software is updated every week (Thursdays, 22:00 - 23:59 CEST).`
Add remark about signed commits in SECURITY.md 2022-08-17 17:39:37 +02:00			- The storage on the server is fully encrypted, both in OpenStack and the VM itself (the latter one using `AES-XTS-256`, see `misc/softraid.pdf` for the specification).
Update README 2022-08-17 17:36:36 +02:00			`- The server _solely_ runs the Gitea stack (with Nginx and PostgreSQL), thus preventing additional attack surface.`

			`### Web front-end`

			`- Any plain-text (HTTP) traffic is redirected to the TLS secure counterpart (HTTPS).`
Update SECURITY.md: add OCSP stapling and disabled TLS session tickets 2022-08-23 17:37:27 +02:00			`- TLS (or more specifically: TLSv1.2 and TLSv1.3) is used for transit encryption - with HSTS and the following ciphers:`
Update SECURITY.md: add break once more 2022-08-23 17:38:12 +02:00
Update SECURITY.md: add OCSP stapling and disabled TLS session tickets 2022-08-23 17:37:27 +02:00			```
			`ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:AES-256-GCM-SHA384:EECDH+AESGCM:EDH+AESGCM`
			`- OCSP stapling is enabled.`
			`- TLS session tickets are disabled (at least until Nginx fixes this properly).`
Update README 2022-08-17 17:36:36 +02:00
			`### Networking`

			- The server itself is strictly firewalled (using `pf(8)`), both egress and ingress - on a daemon/service level.
			`- Internal service communication is encrypted (eg: Gitea is configured to connect to the local PostgreSQL server using TLS).`

			`### Etc`

Update SECURITY.md: fix some syntax things 2022-08-23 11:41:50 +02:00			- Official commits (eg, in the `laylo/docs` repository) are GPG signed, and MFA is enforced for accounts with write access.
Update README 2022-08-17 17:36:36 +02:00			`- Backups are made every 24 hours, using a 'pull mechanism'. This server does NOT have access to the backup repository.`
Update SECURITY.md: mention the cipher config 2022-08-23 11:29:52 +02:00			`- SSH is hardened (PKI authentication, MFA via hardware tokens).`
			`- SSH ciphers are hardened, these are in use:`
Update SECURITY.md: add break 2022-08-23 11:35:48 +02:00
Update SECURITY.md: put the ciphers in a code block 2022-08-23 11:30:43 +02:00			```
Update SECURITY.md: mention the cipher config 2022-08-23 11:29:52 +02:00			`Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr`
Update SECURITY.md: mention using the sntrup761x25519-sha512 kex 2022-08-23 11:39:28 +02:00			`KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256@libssh.org,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512`
Update SECURITY.md: mention the cipher config 2022-08-23 11:29:52 +02:00			`MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com`
			`HostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-512,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com`
Update SECURITY.md: add the signing pubkeys 2022-08-23 11:34:24 +02:00			- The GPG public keys can be found in `signing-keys/`