Generate list of all possible "recommended actions"

[vpetersson]

As discussed in #532, we need a dedicated knowledge base item for every possible recommended action. To do that, we need to generate a list of all of them.

[a-martynovich]

@vpetersson Where should we put the list? How should it look? Should it be a placeholder for a technical writer to fill or will you provide us with the text?

[vpetersson]

Where should we put the list?

Put it in here.

How should it look?

Bullet points or a table in Markdown.

Should it be a placeholder for a technical writer to fill or will you provide us with the text?

Yes, this will be a task for a content writer plus myself to write out.

[a-martynovich]

1. Default credentials detected. We found default credentials present on {devices}. Please consider changing them as soon as possible.
2. Permissive firewall policy detected. We found permissive firewall policy present on {devices}. Please consider change it to more restrictive one.
3. Vulnerable packages found. We found vulnerable packages on {devices}. These packages could be used by an attacker to either gain access to your node, or escalate permission. It is recommended that you address this at your earliest convenience. Run sudo apt-get update && sudo apt-get upgrade to bring your system up to date. Please note that there might be vulnerabilities detected that are yet to be fixed by the operating system vendor.
4. Insecure services found. We found insecure services installed on {devices}. Because these services are considered insecure, it is recommended that you uninstall them. Run sudo apt-get purge {services}to disable all insecure services.
5. Insecure configuration for OpenSSH found. We found insecure configuration issues with OpenSSH on {devices}. To improve the security posture of your node, please consider making the following changes: {changes}
6. Consider enable automatic security updates. We found that {devices} are not configured to automatically install security updates. Consider enabling this feature. Details for how to do this can be found here: {doc_url}.
7. Consider moving to SFTP. There appears to be an FTP server running on {devices}. FTP is generally considered insecure as the credentials are sent unencrypted over the internet. Consider switching to an encrypted service, such as SFTP.
8. Your MongoDB instance may be publicly accessible. We detected that a MongoDB instance on {devices} may be accessible remotely. Consider either blocking port 27017 through the WoTT firewall management tool, or re-configure MongoDB to only listen on localhost.
9. Your MySQL instance may be publicly accessible. We detected that a MySQL instance on {devices} may be accessible remotely. Consider either blocking port 3306 through the WoTT firewall management tool, or re-configure MySQL to only listen on localhost.
10. No root password set for the MySQL/MariaDB server. We detected that there is no root password set for MySQL/MariaDB on {devices}. Not having a root password set makes it easy for anyone with access to the service to copy all information from the database. It is recommended that you change the password as soon as possible. There are multiple ways to do this, including using mysqladmin as follows: mysqladmin -u root password NEWPASSWORD. Tip: If you are using mysqladmin as per above, make sure to add a space before the command to avoid it being stored in your shell's history.
11. Your Memcached instance may be publicly accessible. We detected that a Memcached instance on {devices} may be accessible remotely. Consider either blocking port 11211 through the WoTT firewall management tool, or re-configure Memcached to only listen on localhost.
12. Your system is vulnerable to Meltdown and/or Spectre attacks. We detected that {devices} is vulnerable to Meltdown/Spectre. You can learn more about these issues here. To fix the issue, please run apt-get update && apt-get upgrade.

[vpetersson]

@fshmcallister This is the list that I was talking about. We need to write out in more details what each of these means as an FAQ entry. Should probably be 3-5 paragraphs or so.

Later on, the idea is to integrate the FAQ entry into a popover from within the dashboard.

[vpetersson]

Thanks @a-martynovich. Closing this out as we now have a list.

[vpetersson]

Follow up ticket is WoTTsecurity/wott-io#198 for auditing/rewriting.