diff --git a/.github/workflows/greetings.yml b/.github/workflows/greetings.yml index adb8716..75cb759 100755 --- a/.github/workflows/greetings.yml +++ b/.github/workflows/greetings.yml @@ -9,5 +9,5 @@ jobs: - uses: actions/first-interaction@v1 with: repo-token: ${{ secrets.GITHUB_TOKEN }} - issue-message: 'Thank you for createing this issue. We will check it as soon as possible.' + issue-message: 'Thank you for creating this issue. We will check it as soon as possible.' pr-message: 'Thank you for your pull request. We will check it as soon as possible.' diff --git a/security/application.md b/security/application.md index aecc0f4..6d5e327 100755 --- a/security/application.md +++ b/security/application.md @@ -48,4 +48,5 @@ Only download software components from the official website never trust any thir * File paths are guarded to be within the application path * We mostly use soft deletes making it possible to restore most of the database data unless overwritten * We provide extensive user and group permission handling -* Our default server configuration prevents the direct execution of any scripts aside from the main application \ No newline at end of file +* Our default server configuration prevents the direct execution of any scripts aside from the main application +* We perform basic checks on user uploads \ No newline at end of file diff --git a/security/server.md b/security/server.md index f1d0e3f..11bb40d 100755 --- a/security/server.md +++ b/security/server.md @@ -32,3 +32,12 @@ There are still many more uncovered topics and tools which definitely are worth * Firewall (e.g. UFW) * Intrusion detection system * SFTP vs FTP + +## Which security features do our servers implement? + +* We use fail2ban as intrusion prevention +* We use UFW as firewall +* We only allow access to the server through ssh login with keys + password and mandatory 2FA +* We create backups for reconstruction +* We use clamAV as virus scanner +* Applications are restricted to their installation directory \ No newline at end of file