From ef0bf584558cfd2b824a1fbd590fc77ea6ed4e8a Mon Sep 17 00:00:00 2001 From: dtrai2 Date: Mon, 8 Apr 2024 13:52:10 +0200 Subject: [PATCH] add best practices for envs --- .../custom_extensions/security_best_practices.py | 9 ++++----- doc/source/user_manual/configuration/input.rst | 2 +- logprep/util/configuration.py | 10 ++++++++++ 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/doc/source/custom_extensions/security_best_practices.py b/doc/source/custom_extensions/security_best_practices.py index a6a7983f0..a422117b6 100644 --- a/doc/source/custom_extensions/security_best_practices.py +++ b/doc/source/custom_extensions/security_best_practices.py @@ -31,7 +31,7 @@ def visit_best_practice_node(self, node): self.visit_admonition(node) -def depart_best_practice_node_node(self, node): +def depart_best_practice_node(self, node): self.depart_admonition(node) @@ -125,12 +125,11 @@ def create_back_reference(app, fromdocname, node_info): def setup(app: Sphinx): """Initializer for the Security Best Practices Extension""" - app.add_node(SecurityBestPracticesLists) app.add_node( SecurityBestPractice, - html=(visit_best_practice_node, depart_best_practice_node_node), - latex=(visit_best_practice_node, depart_best_practice_node_node), - text=(visit_best_practice_node, depart_best_practice_node_node), + html=(visit_best_practice_node, depart_best_practice_node), + latex=(visit_best_practice_node, depart_best_practice_node), + text=(visit_best_practice_node, depart_best_practice_node), ) app.add_directive("security-best-practice", BestPracticeDirective) app.add_directive("security-best-practices-list", BestPracticeListDirective) diff --git a/doc/source/user_manual/configuration/input.rst b/doc/source/user_manual/configuration/input.rst index 438cf79c2..703e878f7 100644 --- a/doc/source/user_manual/configuration/input.rst +++ b/doc/source/user_manual/configuration/input.rst @@ -12,7 +12,7 @@ Input The connectors :code:`DummyInput`, :code:`JsonInput` and :code:`JsonlInput` are mainly designed for debugging purposes. - Furthermore, it is suggested to enable the :code:`HMAC` preprocessor to ensure no temparing of + Furthermore, it is suggested to enable the :code:`HMAC` preprocessor to ensure no tempering of processed events. .. code:: yaml diff --git a/logprep/util/configuration.py b/logprep/util/configuration.py index de6957599..0c96dba4e 100644 --- a/logprep/util/configuration.py +++ b/logprep/util/configuration.py @@ -129,6 +129,16 @@ :code:`CI_`. Lowercase variables are ignored. Forbidden variable names are: :code:`["LOGPREP_LIST"]`, as it is already used internally. +.. security-best-practice:: + :title: Configuration Environment Variables + + As it is possible to replace all configuration options with environment variables it is + recommended to use these especially for sensitive information like usernames, password, secrets + or hash salts. + Examples where this could be useful would be the :code:`key` for the hmac calculation (see + `input` > `preprocessing`) or the :code:`user`/:code:`secret` for the elastic-/opensearch + connectors. + The following config file will be valid by setting the given environment variables: .. code-block:: yaml