eReuse / workbench

The eReuse.org Workbench is a toolset to assist with the diagnostic, benchmarking, inventory and installation of computers.
https://www.ereuse.org
GNU Affero General Public License v3.0
13 stars 7 forks source link

Least privilege principle + New work flow proposal #78

Open Garito opened 7 years ago

Garito commented 7 years ago

https://en.wikipedia.org/wiki/Principle_of_least_privilege

In our case, this principle could be used to make the workbench process more quick and useful for the person using it

Right now (I almost have finished the process in my machine, so sorry if I'm not precise enought) the flow goes like: 1.- Prepare and launch the server 2.- Plug the machine into the network and start with lan booting 3.- The machine detects the server and installs our software 4.- Our software asks several questions and starts the process

This flow makes mandatory to plug a screen and a keyboard to the tested machine (not useful if you need to test 1000 machines)

This is my proposal with its caveats: 1.- Prepare and launch the server 2.- The server must have a mini webapp (to be accessible for the network) 3.- The webapp must have the code needed to register several USB keys. In this process we are identifying the USB key's vendor and identification code (needed to setup the client image to make those keys auto mounted and launch a code) This process must be discussed in our next videochat to see what is our best strategy but we have all the code to identify the USB 4.- We will setup the workbench here (if we want erase the disc and so on) 5.- Modify the original client image to allow those particular keys and configuration 6.- Connect the client machine 7.- Boot on land 8.- The workbench will start with the configuration in the client (the one we put in the client images after we register the keys and make the configuration (step 4) 9.- The process ends. We could upload the results or not

Now the new iteration: In any moment that the client is booted, the person uses the registered USB key (step 3) and plugs it into the machine This will launch a process in the server that will identify the machine (the one with the particular key plugged in) Now we can identify with a phone by connecting to the webapp: basa identifications, model, type and so on

This is a WIP