From fb712c3c117ae555121aba2fe285ec2f7378a692 Mon Sep 17 00:00:00 2001 From: Anthony Nandaa Date: Mon, 14 Oct 2024 20:40:15 +0300 Subject: [PATCH] logmonitor: docs: add security advisory for config file (#196) As a recommendation from the previous security review, add an advisory for users on how to restrict write access for the confg file. This reduces the possibility of the config file being used as an attack vector, especially for a low privilege user. Signed-off-by: Anthony Nandaa --- LogMonitor/docs/README.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/LogMonitor/docs/README.md b/LogMonitor/docs/README.md index 1ddd640..d7cfccf 100644 --- a/LogMonitor/docs/README.md +++ b/LogMonitor/docs/README.md @@ -7,6 +7,7 @@ - [Log File Monitoring](#log-file-monitoring) - [Process Monitoring](#process-monitoring) - [Log Format Customization](#log-format-customization) +- [Security Advisory for Config File](#security-advisory-for-config-file) ## Sample Config File @@ -478,3 +479,18 @@ For example: } } ``` + +## Security Advisory for Config File + +For extra security for cases where you have low privilege users for your container, +you can restrict modification for the config file to only administrators. You +can do this by running this in the container or adding it in your _dockerfile_. + +```powershell +# update the path if not using default +icacls C:/LogMonitor/LogMonitorConfig.json /grant Administrators:F /deny Users:W +``` + +This grants full access (`F`) to `Administrators` group and denies Write (`W`) +permission to the `Users` group, which includes standard users (such as +`ContainerUser` in the container).