mirror of
https://github.com/Ed1s0nZ/CyberStrikeAI.git
synced 2026-07-14 07:57:26 +02:00
Add files via upload
This commit is contained in:
@@ -21,7 +21,7 @@ server:
|
||||
tls_enabled: true
|
||||
tls_auto_self_sign: true
|
||||
auth:
|
||||
password: "dev-only-change-me"
|
||||
session_duration_hours: 12
|
||||
audit:
|
||||
enabled: true
|
||||
retention_days: 7
|
||||
@@ -45,7 +45,7 @@ server:
|
||||
port: 8080
|
||||
tls_enabled: false
|
||||
auth:
|
||||
password: "<long-random-password>"
|
||||
session_duration_hours: 12
|
||||
audit:
|
||||
enabled: true
|
||||
retention_days: 30
|
||||
@@ -90,7 +90,6 @@ Goal: long-running production red-team or security platform.
|
||||
|
||||
```yaml
|
||||
auth:
|
||||
password: "<managed-secret>"
|
||||
session_duration_hours: 8
|
||||
audit:
|
||||
enabled: true
|
||||
|
||||
@@ -12,7 +12,6 @@ server:
|
||||
port: 8080
|
||||
tls_enabled: true
|
||||
auth:
|
||||
password: "change-me"
|
||||
session_duration_hours: 12
|
||||
openai:
|
||||
provider: openai
|
||||
@@ -24,7 +23,7 @@ agent:
|
||||
tool_timeout_minutes: 60
|
||||
```
|
||||
|
||||
Change the default password immediately. Use HTTPS or a trusted reverse proxy in any shared environment.
|
||||
Change the initial `admin` password from the Web UI after first login. Use HTTPS or a trusted reverse proxy in any shared environment.
|
||||
|
||||
## Hot-Apply Boundaries
|
||||
|
||||
|
||||
@@ -48,7 +48,7 @@ config.yaml
|
||||
|
||||
```yaml
|
||||
auth:
|
||||
password: "<long-random-password>"
|
||||
session_duration_hours: 12
|
||||
server:
|
||||
host: 127.0.0.1
|
||||
port: 8080
|
||||
|
||||
@@ -6,7 +6,7 @@ This checklist covers pre-production and continuous hardening for CyberStrikeAI.
|
||||
|
||||
## Before Going Live
|
||||
|
||||
- Change `auth.password` to a long random secret.
|
||||
- Change the initial `admin` password from the Web UI after first login.
|
||||
- Use HTTPS or a trusted reverse proxy.
|
||||
- Restrict access by IP, VPN, or bastion.
|
||||
- Enable `audit.enabled`.
|
||||
|
||||
@@ -37,7 +37,7 @@ Page inaccessible:
|
||||
|
||||
Login fails:
|
||||
|
||||
- wrong `auth.password`;
|
||||
- wrong RBAC user password;
|
||||
- config not applied/restarted;
|
||||
- stale cookie;
|
||||
- audit throttling repeated failures.
|
||||
|
||||
@@ -21,7 +21,7 @@ server:
|
||||
tls_enabled: true
|
||||
tls_auto_self_sign: true
|
||||
auth:
|
||||
password: "dev-only-change-me"
|
||||
session_duration_hours: 12
|
||||
audit:
|
||||
enabled: true
|
||||
retention_days: 7
|
||||
@@ -54,7 +54,7 @@ server:
|
||||
port: 8080
|
||||
tls_enabled: false
|
||||
auth:
|
||||
password: "<long-random-password>"
|
||||
session_duration_hours: 12
|
||||
audit:
|
||||
enabled: true
|
||||
retention_days: 30
|
||||
@@ -107,7 +107,6 @@ multi_agent:
|
||||
|
||||
```yaml
|
||||
auth:
|
||||
password: "<managed-secret>"
|
||||
session_duration_hours: 8
|
||||
audit:
|
||||
enabled: true
|
||||
|
||||
@@ -12,7 +12,6 @@ server:
|
||||
tls_enabled: true
|
||||
tls_auto_self_sign: true
|
||||
auth:
|
||||
password: "change-me"
|
||||
session_duration_hours: 12
|
||||
log:
|
||||
level: info
|
||||
@@ -22,7 +21,7 @@ log:
|
||||
- `version`:前端展示版本。
|
||||
- `server.host/port`:Web 服务监听地址和端口。
|
||||
- `server.tls_*`:HTTPS 配置。生产环境建议使用 `tls_cert_path` 和 `tls_key_path`。
|
||||
- `auth.password`:Web 登录密码,必须改为强密码。
|
||||
- `auth.session_duration_hours`:登录会话有效期(小时)。登录密码由 RBAC 用户管理,首次启动时在控制台输出 `admin` 初始密码。
|
||||
- `auth.session_duration_hours`:登录会话有效期。
|
||||
- `log.output`:可以是 `stdout`、`stderr` 或文件路径。
|
||||
|
||||
|
||||
@@ -48,7 +48,7 @@ config.yaml
|
||||
|
||||
```yaml
|
||||
auth:
|
||||
password: "<long-random-password>"
|
||||
session_duration_hours: 12
|
||||
server:
|
||||
host: 127.0.0.1
|
||||
port: 8080
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
|
||||
## 上线前必做
|
||||
|
||||
- 修改 `auth.password` 为长随机密码。
|
||||
- 首次部署后立即修改 `admin` 初始密码(Web 界面或平台权限 → 用户管理)。
|
||||
- 使用 HTTPS,或放在可信反向代理之后。
|
||||
- 限制来源 IP、VPN 或堡垒机访问。
|
||||
- 开启 `audit.enabled`。
|
||||
|
||||
@@ -16,9 +16,9 @@ CyberStrikeAI 面向授权安全测试场景,内置命令执行、MCP 工具
|
||||
|
||||
## 认证与会话
|
||||
|
||||
`auth.password` 是 Web 登录密码。建议:
|
||||
Web 登录凭据由 RBAC 用户管理(默认内置 `admin` 账号)。建议:
|
||||
|
||||
- 首次部署立即修改默认密码。
|
||||
- 首次部署后立即修改 `admin` 初始密码(控制台首次启动会输出)。
|
||||
- 使用长随机密码,并限制分享范围。
|
||||
- 将服务放在内网、VPN、堡垒机或反向代理认证后面。
|
||||
- 生产环境开启 HTTPS,避免明文传输 Cookie。
|
||||
|
||||
@@ -23,12 +23,12 @@ https://127.0.0.1:8080/
|
||||
|
||||
检查:
|
||||
|
||||
- `config.yaml` 中的 `auth.password`。
|
||||
- 是否修改后未重启或未应用配置。
|
||||
- RBAC 用户密码是否正确(默认 `admin`;首次启动密码见控制台输出)。
|
||||
- 是否修改密码后旧会话已失效,需重新登录。
|
||||
- 浏览器 Cookie 是否异常,可尝试无痕窗口。
|
||||
- 审计日志中是否有登录失败节流。
|
||||
|
||||
生产环境忘记密码时,需要在服务器上修改 `config.yaml` 并重启服务。
|
||||
生产环境忘记密码时,需在服务器上通过 RBAC 用户管理重置,或直接更新数据库中的用户密码哈希。
|
||||
|
||||
## 模型无响应
|
||||
|
||||
|
||||
Reference in New Issue
Block a user