policy manager: underlying storage of policy details in Malcolm

[mmguero]

sub-item of this meta-issue: "policy manager" for Malcolm and Hedgehog Linux (idaholab/Malcolm#477)

This issue is for the design and implementation of how policy is going to be stored internally on a Malcolm instance. Currently this is what I'm thinking:

• policies would be stored as sets of files representing rules or configuration, stored inside a Git repository that is hosted on the Malcolm server itself
• different policies can be represented as separate branches in that Git repository
• there would probably be a different Git repository per "policy type"
  • e.g., one for Arkime, one for Suricata, one for Zeek, one for YARA, etc.
  • so that someone could be using Arkime policy ABC but YARA policy XYZ, etc.
• possibly also allowing the policy to contain references to an S3-compatible bucket URL (like minio) which can be enabled or disabled?
• in addition to just containing the rules themselves, some sort of configuration file (yml or something) that allows a rule to be enabled or disabled (so the rule could exist in the repo, but not necessarily be turned on)
• some Git commit hooks or another mechanism for validating contents or rules and rejecting malformed rules, so that "bad" data never gets saved to the database

[mmguero]

Kamino closed and cloned this issue to cisagov/Malcolm