Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ropsec: a package for easing operations security for the R user

D43a2505af873d7e10a7d5477fd46586?s=47 Ildikó Czeller
July 11, 2019
Programming
2
140

ropsec: a package for easing operations security for the R user

D43a2505af873d7e10a7d5477fd46586?s=128

Ildikó Czeller

July 11, 2019
Tweet

More Decks by Ildikó Czeller

See All by Ildikó Czeller
D43a2505af873d7e10a7d5477fd46586?s=48 czeildi
0
110
D43a2505af873d7e10a7d5477fd46586?s=48 czeildi
0
13
D43a2505af873d7e10a7d5477fd46586?s=48 czeildi
0
16
D43a2505af873d7e10a7d5477fd46586?s=48 czeildi
0
110

Other Decks in Programming

See All in Programming
Ad4c3c738e57a9bbcb800871e81c232d?s=48 itosho525
0
140
E473e5af1263c050599921981db46068?s=48 akatsukinewgrad
0
160
E1db053f2c2f3d3b49a5f5b9b0c7f20f?s=48 kazaman97
0
170
6ef7914944df6af99a2ca81e98087332?s=48 taoshotaro
1
360
3a3c6a0c96f487521ce83b719bc25814?s=48 asumikan
0
280
405fe9ab689473f267e2cfbd95f78c75?s=48 kyonmm
2
2.1k
De266761b955b2636e454a1bc7a99ed4?s=48 masayaaoyama
4
530
1623dd1adf096ba35ba33727d933e14c?s=48 nbkouhou
0
810
Cfbe23392787cb3ad4689c5f72463fcc?s=48 makicamel
1
170
270b0c7883545117a9a618dc7ca7cc83?s=48 xrdnk
0
130
De4cef85165e8a063b5e40fe1f24daa4?s=48 cocoeyes02
0
220
6338c8fa4e2e6325094fe30b1e9f9443?s=48 malvinstn
1
620

Featured

See All Featured
E76911cbe088e5b850d966de3fc7435b?s=48 robhawkes
52
2.8k
C44e1f7e22c3f23cff7bc130871047ef?s=48 eileencodes
113
25k
7559f6cff1f5efc2d210965febd4d71c?s=48 bermonpainter
342
26k
Fde6c3a50ca518a909ef35c22c0ee0e4?s=48 destraynor
146
19k
170b760e0147792d0140e59ec78e9893?s=48 eitanlees
111
9.9k
1f74b13f1e5c6c69cb5d7fbaabb1e2cb?s=48 sferik
609
54k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
684
180k
4394ceb8b277f35ee3da7030384efb5d?s=48 davidbonilla
69
3.5k
433acaea1012b25d97ae66da9b998dad?s=48 malarkey
119
16k
651dcfe41723207fbb0aa044a4f7c07f?s=48 dotmariusz
94
5.1k
168ccec72eee0530b818d44f3fedaacf?s=48 shlominoach
176
7.4k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
145
19k

Transcript

  1. {ropsec}: R OPerations SECurity unconf ‘18 project on GitHub

  2. ... but unnecessarily hard @czeildi Data Scientist @Emarsys security is

    important ...

  3. Are you who you say you are? verify authenticity of

    commits @czeildi Data Scientist @Emarsys

  4. without signing @czeildi Data Scientist @Emarsys

  5. with signing @czeildi Data Scientist @Emarsys

  6. • Person 1 as person 1: good commit • Person

    2 as person 2: good commit • Person 3 as person 1: evil commit @czeildi Data Scientist @Emarsys

  7. @czeildi Data Scientist @Emarsys GitHub / web of trust sign

    with , GitHub verifies with

  8. @czeildi Data Scientist @Emarsys GitHub / web of trust sign

    with , GitHub verifies with

  9. specific technology • OpenPGP: standard • gpg : low-level •

    ropsec : end2end @czeildi Data Scientist @Emarsys

  10. ropsec::sign_commits_with_key() Do you want to sign future commits with `9958986BA31B2E1E`?

    This will set your user.email from example@gmail.com to test@test.com. 1: Yes 2: No reduce risk of mistake @czeildi Data Scientist @Emarsys

  11. ropsec::store_public_key() Public GPG key is uploaded to GitHub. Unauthorized request.

    Check your token. Uploaded key is unverified, emails do not match. Delete the key (https://github.com/settings/keys) and try again. communicate status @czeildi Data Scientist @Emarsys

  12. • askYesNo, getPass::getPass • git2r::config • gpg::gpg_keygen testing global changes

    @czeildi Data Scientist @Emarsys

  13. #throws error if password prompt cancelled: stub(generate_key, "getPass::getPass", NULL) expect_error(

    generate_key("John Doe", "jd@example.com"), "GPG key generation cancelled by user" ) testing global changes @czeildi Data Scientist @Emarsys

  14. ropsec::full_on_audit()$suggestions • Use SSH key of size at least 2048

    • Install a PAM module for password strength testing like pam_cracklib audit your computer in detail @czeildi Data Scientist @Emarsys

  15. {ropsec}: available on GitHub • sign your commits • audit

    your computer