fix(installer): Improve Node.js binary detection, dependency management, and SNMPv3 fallback logic
This commit is contained in:
22
readme.md
22
readme.md
@@ -236,10 +236,10 @@ NUPST was designed with security in mind:
|
||||
|
||||
### Minimal Dependencies
|
||||
|
||||
- **Zero Runtime NPM Dependencies**: NUPST is built without any external NPM packages to minimize the attack surface and avoid supply chain risks.
|
||||
- **Minimal Runtime Dependencies**: NUPST uses only one carefully selected NPM package (net-snmp) to minimize the attack surface and avoid supply chain risks while providing robust SNMP functionality.
|
||||
- **Self-contained Node.js**: NUPST ships with its own Node.js binary, isolated from the system's Node.js installation. This ensures:
|
||||
- No dependency on system Node.js versions
|
||||
- Zero external libraries that could become compromised
|
||||
- Minimal external libraries that could become compromised
|
||||
- Consistent, tested environment for execution
|
||||
- Reduced risk of dependency-based attacks
|
||||
|
||||
@@ -247,14 +247,30 @@ NUPST was designed with security in mind:
|
||||
|
||||
- **Privilege Separation**: Only specific commands that require elevated permissions (`enable`, `disable`, `update`) check for root access; all other functionality runs with minimal privileges.
|
||||
- **Limited Network Access**: NUPST only communicates with the UPS device over SNMP and contacts npmjs.org only to check for updates.
|
||||
- **Secure SNMPv3 Support**: Supports encrypted authentication and privacy for secure communication with the UPS device.
|
||||
- **Isolated Execution**: The application runs in its working directory (`/opt/nupst`) or specified installation location, minimizing the impact on the rest of the system.
|
||||
|
||||
### SNMP Security Features
|
||||
|
||||
- **SNMPv3 Support with Secure Authentication and Privacy**:
|
||||
- Three security levels available:
|
||||
- `noAuthNoPriv`: No authentication or encryption (basic access)
|
||||
- `authNoPriv`: Authentication without encryption (verifies identity)
|
||||
- `authPriv`: Full authentication and encryption (most secure)
|
||||
- Authentication protocols: MD5 or SHA
|
||||
- Privacy/encryption protocols: DES or AES
|
||||
- Automatic fallback mechanisms for compatibility
|
||||
- Context support for segmented SNMP deployments
|
||||
- Configurable timeouts based on security level
|
||||
- **Graceful degradation**: If authentication or privacy details are missing or invalid, NUPST will automatically fall back to a lower security level while logging appropriate warnings.
|
||||
- **Interactive setup**: Guided setup process to properly configure SNMPv3 security settings with clear explanations of each security option.
|
||||
|
||||
### Installation Security
|
||||
|
||||
- The installation script can be reviewed before execution (`curl -sSL [url] | less`)
|
||||
- All setup scripts download only verified versions and check integrity
|
||||
- Installation is transparent and places files in standard locations (`/opt/nupst`, `/usr/local/bin`, `/etc/systemd/system`)
|
||||
- Automatically detects platform architecture and OS for proper binary selection
|
||||
- Installs production dependencies locally without requiring global npm packages
|
||||
|
||||
### Audit and Review
|
||||
|
||||
|
Reference in New Issue
Block a user