Allow terminal commands to be executed by remote compliance "agents" and stored as evidence. Agents will cryptographically sign any evidence they fetch. Signed evidence can be used in checks. It should be automatically verified when loaded from the locker.
Requirements
A new "agent" mode for running fetchers; evidence is stored under a corresponding agents/<name> directory.
All agent evidence is cryptographically signed.
A new fetch helper for storing terminal commands/output as evidence.
Automatically verify signed evidence when used in any checks.
Approach
Add new ComplianceAgent class for managing agents, signing and verification.
Update _BaseEvidence class to utilise above agent class for signing/verifying evidence.
Add new fetchCommand helper to ComplianceFetcher class for executing commands locally.
Security and Privacy
Command execution will require os.system (or similar).
Test Plan
Local testing.
Testing with our current production configuration.
Overview
Allow terminal commands to be executed by remote compliance "agents" and stored as evidence. Agents will cryptographically sign any evidence they fetch. Signed evidence can be used in checks. It should be automatically verified when loaded from the locker.
Requirements
agents/<name>
directory.Approach
ComplianceAgent
class for managing agents, signing and verification._BaseEvidence
class to utilise above agent class for signing/verifying evidence.fetchCommand
helper toComplianceFetcher
class for executing commands locally.Security and Privacy
os.system
(or similar).Test Plan