Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ropsec: a package for easing operations security for the R user

D43a2505af873d7e10a7d5477fd46586?s=47 Ildikó Czeller
July 11, 2019
Programming
2
150

ropsec: a package for easing operations security for the R user

D43a2505af873d7e10a7d5477fd46586?s=128

Ildikó Czeller

July 11, 2019
Tweet

More Decks by Ildikó Czeller

See All by Ildikó Czeller
D43a2505af873d7e10a7d5477fd46586?s=48 czeildi
0
120
D43a2505af873d7e10a7d5477fd46586?s=48 czeildi
0
13
D43a2505af873d7e10a7d5477fd46586?s=48 czeildi
0
16
D43a2505af873d7e10a7d5477fd46586?s=48 czeildi
0
110

Other Decks in Programming

See All in Programming
02ca2dc42e6d88c692a21b18200796a1?s=48 shun_oshidari
6
3k
1ac5890739d082cd2f2f91e3c1799b4d?s=48 hamakou108
4
540
80728f01bc074c5c2f0d4859258bd793?s=48 ickx
3
650
Bbb17eeeecd3d9d06f4db310ab630a12?s=48 borkdude
1
190
A7e7c34aaa3ff7eb359b6449fb8bb043?s=48 fancyweb
1
100
5155c9bc5b30d9e2a8fd677695887861?s=48 kaonash
2
1.9k
75baf8a56acce7086013da05fd125af5?s=48 dhmegane
0
270
4047c64e3a1e2f81addd4ba675ddc451?s=48 zsmb
0
110
C951afc0782b7d3d4800e25b4a4938a9?s=48 shinnoki
0
1k
Ee785a00eb472c13d572139769a917e4?s=48 ryosogawa
0
110
7f408bc67dc9ae3b288ee92d16d3c4c2?s=48 deepu105
0
240
270b0c7883545117a9a618dc7ca7cc83?s=48 xrdnk
0
160

Featured

See All Featured
5f2da528927a2ec9ba4fec2069cbc958?s=48 kneath
220
15k
Ef32e0b1ac5082450dc8c1fca3a26b5c?s=48 cherdarchuk
73
270k
Fe6b81005d1553accd6b2a28f6a2bef1?s=48 phodgson
88
4k
C7393b7ba7ec9c8890dd77d209fbb3c9?s=48 maltzj
502
36k
D47656e20ff5e42f125fc5ea0fd636c6?s=48 tmm1
61
9.9k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
146
20k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
683
180k
027d1ebf66cc039a0bd3b55eeadbe75d?s=48 sachag
446
36k
3ab1249be442027903e1180025340b3f?s=48 reverentgeek
28
2.1k
95d9f37115fbb0d13135d0f77132f856?s=48 morganepeng
95
14k
95d9f37115fbb0d13135d0f77132f856?s=48 morganepeng
21
1.3k
Bfd6b681ec6e8c9bef82ff0521c364f7?s=48 kastner
54
2k

Transcript

  1. {ropsec}: R OPerations SECurity unconf ‘18 project on GitHub

  2. ... but unnecessarily hard @czeildi Data Scientist @Emarsys security is

    important ...

  3. Are you who you say you are? verify authenticity of

    commits @czeildi Data Scientist @Emarsys

  4. without signing @czeildi Data Scientist @Emarsys

  5. with signing @czeildi Data Scientist @Emarsys

  6. • Person 1 as person 1: good commit • Person

    2 as person 2: good commit • Person 3 as person 1: evil commit @czeildi Data Scientist @Emarsys

  7. @czeildi Data Scientist @Emarsys GitHub / web of trust sign

    with , GitHub verifies with

  8. @czeildi Data Scientist @Emarsys GitHub / web of trust sign

    with , GitHub verifies with

  9. specific technology • OpenPGP: standard • gpg : low-level •

    ropsec : end2end @czeildi Data Scientist @Emarsys

  10. ropsec::sign_commits_with_key() Do you want to sign future commits with `9958986BA31B2E1E`?

    This will set your user.email from example@gmail.com to test@test.com. 1: Yes 2: No reduce risk of mistake @czeildi Data Scientist @Emarsys

  11. ropsec::store_public_key() Public GPG key is uploaded to GitHub. Unauthorized request.

    Check your token. Uploaded key is unverified, emails do not match. Delete the key (https://github.com/settings/keys) and try again. communicate status @czeildi Data Scientist @Emarsys

  12. • askYesNo, getPass::getPass • git2r::config • gpg::gpg_keygen testing global changes

    @czeildi Data Scientist @Emarsys

  13. #throws error if password prompt cancelled: stub(generate_key, "getPass::getPass", NULL) expect_error(

    generate_key("John Doe", "jd@example.com"), "GPG key generation cancelled by user" ) testing global changes @czeildi Data Scientist @Emarsys

  14. ropsec::full_on_audit()$suggestions • Use SSH key of size at least 2048

    • Install a PAM module for password strength testing like pam_cracklib audit your computer in detail @czeildi Data Scientist @Emarsys

  15. {ropsec}: available on GitHub • sign your commits • audit

    your computer