Config temp files are rendered in destination folder

metal-stack / firewall-controller

A kubernetes controller running on bare-metal firewalls, creating nftables rules, configures suricata, collects network metrics

MIT License

47 stars 4 forks source link

Config temp files are rendered in destination folder #111

Closed Gerrit91 closed 3 years ago

Gerrit91 commented 3 years ago

It's extremely dangerous that temp files for configuration are rendered in the destination folders. There were already some occasions when directories like these were found, leading to very interesting rule sets:

ls /etc/nftables
...
-rw-------  1 root root 3474 Jul 29 13:08 firewall-controller.v43740410535
-rw-------  1 root root 3474 Jul 29 13:09 firewall-controller.v42263989221

The files should be rendered in a safer spot and then moved to the target directory.

mwennrich commented 3 years ago

Alternative: in /etc/nftables.conf do not import /etc/nftables/* but only the /etc/nftables/rules and /etc/nftables/firewall-controller.v4