Adding rss validation

Validator fixes
Power outage follow-up
2024-06-27 12:55:32 -05:00 · 2024-06-27 12:42:06 -05:00 · 2024-06-27 12:39:07 -05:00 · 2024-06-27 12:38:23 -05:00 · 2024-04-25 13:49:11 -05:00 · 2024-04-25 12:22:48 -05:00
5 changed files with 56 additions and 139 deletions
--- a/Operation/Incident_Reports.md
+++ b/Operation/Incident_Reports.md
@@ -1,3 +1,23 @@
 These are cybersecurity and availability incidents that the AniNIX has had to remedy due to some failure in our detection and prevention systems within the last two years.
 **Note**: We explicitly exclude routine incidents, such as IP's banned for SSH brute-force, files quarantined after virus scanning, and other routine housekeeping. We are also not including maintenance outages or short-term (<8 hours) ISP events.
 # 2024MAY21 Major Local Power/Internet Outage
 ## Timeline
 * 2024MAY21 20:29:47 -- Initial outage notification by FreshPing
 * 2024MAY21 21:10:00 -- Outage notification by CloudNS
 * 2024MAY22 06:55:00 -- Outage notification by Alliant Energy
 * 2024MAY22 06:57:00 -- Outage notification by Spectrum ISP
 * 2024MAY22 20:15:00 -- Power restoration notification from Alliant.
 * 2024MAY22 22:11:00 -- Services restored.
 ## RCA
 [Major storm](https://www.wisn.com/article/wisconsin-storm-aftermath-power-outages-damage/60865608) took out power and network across the region. Response teams from  power & ISP were overwhelmed providing the response.
 ## Improvements
 * Further business continuity design
 * Generator installation at MSN0
--- a/Policies/Design_Principles.md
+++ b/Policies/Design_Principles.md
@@ -61,15 +61,19 @@ GUI elements will generally be deployed by a Web page, as this is a cross-platfo
 ##  Mobile Access Design
 With the rise of the smartphone, remotely accessible services should offer a simple means via some app to reduce network traffic. The app interface should be intuitive and quick to use.
 ## Accessibility
 AniNIX will, within reason, attempt to make its pages as accessible as possible to those with disabilities. To this end, internally-written UI elements should attempt to [maintain ADA / WCAG compliance](https://www.ada.gov/resources/web-guidance/) -- audit tools [such as this one](https://www.accessibilitychecker.org/) can assist.
 Additionally, our protocols-over-apps implementation preference with RSS, IRC, and Git should hopefully make the majority of our content accessible for anyone. This preference should allow designers to create tools to consume content irrespective of the method of perception or interaction for the user.
 ##  Etymology
-The AniNIX attaches a unique name, such as Sora for OpenLDAP or Yggdrasil for Emby, to packages and services it instantiates. The reason for this is that the name defines a scope of functionality the AniNIX expects to rely on -- should the underlying package change, such as replacing Plex Media Server with Emby, documentation and AniNIX packages will use the same name.
+The AniNIX attaches a unique name, such as Sora for OpenLDAP or Yggdrasil for Emby, to packages and services it instantiates. The reason for this is that the name defines a scope of functionality the AniNIX expects to rely on -- should the underlying package change, such as replacing Plex Media Server with Emby, documentation and AniNIX packages will use the same name. We also need a naming convention for unique code we are writing, like Uniglot & TheRaven
-Names given should be chosen for relevance to the function being provided (Singularity being a pull service, Foundation being the basis on which we're built, etc.) and for ease of memory. Only the most basic services, such as IRC, WebServer, and SSH, will be left unnamed.
+These names are not intended to supersede the licensing or attribution of other packages -- applications, once installed, should only update the minimal allowable elements to be usable under AniNIX principles. Wherever possible, this should be done via the application's provided interface, such as enabling dark modes. We also should not remove any links that the application provides to its own documentation, licensing, or websites. This means that AniNIX etymology only applies to administrators and is otherwise invisible to end users. Where the AniNIX is deploying services created by others, we should only use the names in two places: DNS and Kapisi roles. This makes it possible for others to look up the service as we swap out tools without overriding the attribution once the service is accessed.
-These names are not intended to supersede the licensing or attribution of other packages -- applications, once installed, should only update the minimal allowable elements to be usable under AniNIX principles. Wherever possible, this should be done via the application's provided interface, such as enabling dark modes. We also should not remove any links that the application provides to its own documentation, licensing, or websites. This means that AniNIX etymology only applies to administrators and is otherwise invisible to end users.
+Names given should be chosen for relevance to the function being provided (Singularity being a pull service, Foundation being the basis on which we're built, etc.) and for ease of memory. Only the most basic services, such as IRC, WebServer, and SSH, will be left unnamed. Additionally, these names should be selected from one of the following categories:
 Additionally, these names should be selected from one of the following categories:
 1. A natural phenomenon that describes the function, such as Singularity or Aether
 1. Mythological figures that provide wisdom (such as Odin for Yggdrasil, Raven, and Wolfpack), truth (like Wiccan Grimoire), and morality (such as Maat)
--- a/precommit-hooks/rss
+++ b/precommit-hooks/rss
@@ -0,0 +1,3 @@
 #!/bin/bash
 # Implement https://cweiske.de/tagebuch/atom-validation.htm
--- a/rss/aninix.xml
+++ b/rss/aninix.xml
@@ -12,32 +12,22 @@
    <id>https://aninix.net/</id>
    <entry>
-        <title>Lunch-And-Learns Paused Until 2024FEB29</title>
+        <title>Lunch-and-Learns Paused 20240502 through 20240627</title>
-        <link href="https://aninix.net/AniNIX/Wiki/commit/48e6e1b31adaf649d9f375570bd85109fa694d9b"></link>
+        <link href="https://aninix.net/aninix.xml#lnl-pause-20240502"></link>
-        <updated>2023-10-23T04:09:00Z</updated>
+        <updated>2024-04-25T17:21:00Z</updated>
-        <id>https://aninix.net/AniNIX/Wiki/commit/48e6e1b31adaf649d9f375570bd85109fa694d9b</id>
+        <id>https://aninix.net/aninix.xml#lnl-pause-20240502</id>
        <summary>
-            Lunch-and-learns are paused until February 29th -- I have real-life obligations that won't allow me to keep the streaming window. We will instead hold conversations in our Discord #tech channel. I'll post something there when I can and mention the Lunch&amp;Learn role with a commit of interest off the AniNIX projects. If you have questions you want to talk about, ask away!
+            AniNIX will be pausing Lunch-and-Learns effective 20240502 through 20240627 for real-life training. We will merge AniNIX/Wiki#24 on our return.
        </summary>
    </entry>
     <entry>
-        <title>Expanded Lunch-And-Learns</title>
+        <title>CVE-2024-3094 Follow-up</title>
-        <link href="https://www.youtube.com/channel/UCe-WNM2mbI51xoVZp3K_wFQ#20231023"></link>
+        <link href="https://aninix.net/aninix.xml#CVE-2024-3094"></link>
-        <updated>2023-10-23T04:09:00Z</updated>
+        <updated>2024-04-17T20:15:00Z</updated>
-        <id>https://www.youtube.com/channel/UCe-WNM2mbI51xoVZp3K_wFQ#20231023</id>
+        <id>https://aninix.net/aninix.xml#CVE-2024-3094</id>
        <summary>
-            We are expanding our Lunch-and-Learns to both YouTube and Twitch in an attempt to reach more people. Lunch-and-learns will also move to Thursdays to try to better reach our existing contributors.
+            AniNIX was informed of CVE-2024-3094 via our OSINT community on 2024-03-28 -- patching was completed in AniNIX/Maat on 2024-03-29 and in all systems the day after. Security review of our access logs in AniNIX/Sharingan do not indicate a compromise, using dork `"accepted" AND application_name:"sshd" AND NOT "Accepted publickey"` and others. We apologize for the delay in follow-up and transparency, but other considerations have required attention prior to this post.
        </summary>
    </entry>
    <entry>
        <title>Outage 2023-10-23</title>
        <link href="https://aninix.net/AniNIX/Wiki/src/branch/main/Operation/Continuity.md#business-continuity"></link>
        <updated>2023-10-23T04:09:00Z</updated>
        <id>https://aninix.net/aninix.xml#20231024</id>
        <summary>
                We will have an extended outage 2023-10-24 0700 US Central until late in the evening, as our primary site is undergoing construction. Please watch #tech on Discord fo r tracking service recovery. During this time, please fall back on business continuity procedures to keep access to services provided by the AniNIX.
        </summary>
    </entry>
@@ -51,36 +41,6 @@
        </summary>
    </entry>
    <entry>
        <title>How to Grow Your HomeLab</title>
        <link href="https://foundation.aninix.net/AniNIX/Wiki/src/branch/main/Articles/Grow_Your_Homelab.md"></link>
        <updated>2022-04-22T20:30:20Z</updated>
        <id>https://foundation.aninix.net/AniNIX/Wiki/src/branch/main/Articles/Grow_Your_Homelab.md</id>
        <summary>
            For some folks who are just starting out, the initial cost of a complete HomeLab stack and the administration required is a bit much. This article is a growth plan for how to get started, what technologies and tools to buy/deploy first, etc.
        </summary>
    </entry>
    <entry>
        <title>Lunch And Learns</title>
        <link href="https://foundation.aninix.net/AniNIX/Wiki/src/branch/main/Articles/Lunch-And-Learns.md"></link>
        <updated>2022-04-14T20:30:20Z</updated>
        <id>https://foundation.aninix.net/AniNIX/Wiki/src/branch/main/Articles/Lunch-And-Learns.md</id>
        <summary>
            I've had a request to do some lunch-and-learns about the AniNIX, how we self-host, and how we manage some of our tools. We'll burn roughly the first 30-45 minutes talking through some concepts of how the AniNIX does what it does -- the rest of the time will be an open floor to ask anything you'd like. If you're interested, swing by! Google Calendar link is on the article page.
        </summary>
    </entry>
    <entry>
        <title>The Complicated Cloud</title>
        <link href="https://foundation.aninix.net/AniNIX/Wiki/src/branch/main/Articles/The_Complicated_Cloud.md"></link>
        <updated>2022-02-17T16:30:20Z</updated>
        <id>https://foundation.aninix.net/AniNIX/Wiki/src/branch/cloud/Articles/The_Complicated_Cloud.md</id>
        <summary>
            The AniNIX is a self-hosted system, as much as we can make it. However, because we don't operate in isolation, it's worth documenting how we use the cloud for what declassified information we replicate onto cloud stores and why we need some cloud services.
        </summary>
    </entry>
    <entry>
        <title>GPG Key Distribution</title>
        <link href="https://foundation.aninix.net/AniNIX/ShadowArch/src/branch/main/EtcFiles/aninix.gpg"></link>
--- a/rss/osint.xml
+++ b/rss/osint.xml
@@ -11,12 +11,23 @@
    <id>https://aninix.net/</id>
    <entry>
        <title>84.239.54.49</title>
        <link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#84.239.54.49"></link>
        <updated>2024-06-27T17:25:00Z</updated>
        <id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#84.239.54.49</id>
        <author><name>DarkFeather</name></author>
        <summary>
            A Romanian IP, 84.239.54.49, was detected pushing a variety of web application attacks and network trojan attempts against our web front. These were primarily Suricata/Snort signature 1:2016982:5 auto_prepend_file PHP config option in uri. We have no evidence that these attacks were successful. Total malicious attempts captured was 54.
        </summary>
    </entry>
    <entry>
        <title>2024MAR11 ACEVILLE PTELTD, Singapore</title>
        <link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#ACEVILLEPTELTD"></link>
        <updated>2024-03-11T07:52:00Z</updated>
        <id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#ACEVILLEPTELTD</id>
-        <author>DarkFeather</author>
+        <author><name>DarkFeather</name></author>
        <summary>
            Provider "ACEVILLE PTELTD" from blocks 43.156.0.0/16, 43.134.0.0/15, 43.134.0.0/17 was detected trying to bruteforce our network with a distributed attack network. We are blocking these networks for malicious attempts in the hundreds.
        </summary>
@@ -27,7 +38,7 @@
        <link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#24.144.93.118"></link>
        <updated>2023-11-17T03:30:00Z</updated>
        <id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#24.144.93.118</id>
-        <author>DarkFeather</author>
+        <author><name>DarkFeather</name></author>
        <summary>
            24.144.93.118/32 was detected using a network scanner against our external address. Total volume was 55 -- this action repeated on 2023-11-18 at 08:40Z.
        </summary>
@@ -36,7 +47,7 @@
    <entry>
        <title>46.101.38.229/32</title>
        <link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#46.101.38.229"></link>
-        <updated>2023-01-16T21:44:07Z</updated>
+        <updated>2023-01-16T21:44:08Z</updated>
        <id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#46.101.38.229</id>
        <summary>
            46.101.38.229/32 was detected using a variety of attacks against our 80/tcp/http listener for AniNIX/WebServer. Suricata detection rules classified the incoming threats as a variety of SSH attacks -- total volume was 48.
@@ -53,85 +64,4 @@
        </summary>
    </entry>
    <entry>
        <title>Attack Flood from CN, BR, KZ, and DigitalOcean</title>
        <link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#attack-flood-2022-12-23"></link>
        <updated>2022-12-23T18:19:59Z</updated>
        <id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#attack-flood-2022-12-23</id>
        <summary>
            <p>Starting 2022/12/18, the AniNIX saw a rapid increase of threat traffic from subnets attributed to CN, BR, and KZ country codes -- this coincided with a concerted campaign being run from hosting provider DigitalOcean. While APT-style campaigns from CN are more or less expected, the large amount of traffic from DigitalOcean suggests the advent of a new campaign from that vendor. Other AniNIX users have reported similar attacks originating from DigitalOcean, but blocking the entire provider cuts off access to some local resources.</p>
            <p>We are blocking the following subnets in response to this threat data: 8.213.129.0/24, 36.92.107.0/24, 43.157.15.0/24, 45.162.216.0/22, 46.101.128.0/17, 46.101.80.0/20, 61.177.0.0/16, 62.87.132.0/22, 64.227.0.0/17, 82.180.132.0/23, 85.152.0.0/17, 92.46.64.0/18, 159.223.0.0/16, and 218.92.0.0/16. If you have legitimate resources living in these spaces, we recommend hardening those resources and contacting us via Discord or IRC to receive an exception.</p>
        </summary>
    </entry>
    <entry>
        <title>78.128.113.166/32</title>
        <link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#78.128.113.166"></link>
        <updated>2022-12-15T01:59:59Z</updated>
        <id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#78.128.113.166</id>
        <summary>
            78.128.113.166/32 was detected using a variety of attacks against our 80/tcp/http listener for AniNIX/WebServer. Suricata detection rules classified the incoming threats as a variety of SQL injection methods and cross-site scripting. Total attack volume was 363.
        </summary>
    </entry>
    <entry>
        <title>141.98.9.24/32</title>
        <link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#141.98.9.24"></link>
        <updated>2022-09-30T21:59:59Z</updated>
        <id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#141.98.9.24</id>
        <summary>
            141.98.9.24/32 was detected using a variety of attacks against our 80/tcp/http listener for AniNIX/WebServer. Suricata detection rules classified the incoming threats as a variety of SQL queries by URI, including "Attempt To Access MSSQL xp_cmdshell Stored Procedure Via URI". Total attack volume was 184.
        </summary>
    </entry>
    <entry>
        <title>31.184.195.114/32</title>
        <link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#31.184.195.114"></link>
        <updated>2022-09-30T21:59:59Z</updated>
        <id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#31.184.195.114</id>
        <summary>
            31.184.195.114/32 was detected using a variety of attacks against our 80/tcp/http listener for AniNIX/WebServer. Suricata detection rules classified the incoming threats as attempted administrator gain, lwp-download, and CVE-2014-6271 exploits. Total attack volume was 254.
        </summary>
    </entry>
    <entry>
        <title>81.19.136.5/32</title>
        <link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#81.19.136.5"></link>
        <updated>2022-09-30T21:59:59Z</updated>
        <id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#81.19.136.5</id>
        <summary>
            81.19.136.5/32 was detected using web application attacks against our 80/tcp/http listener for AniNIX/WebServer. Suricata detection rules classified the incoming threats as a variety of SQL injection attacks. Total attack volume was 1079.
        </summary>
    </entry>
    <entry>
        <title>194.165.16.68/32</title>
        <link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#194.165.16.68"></link>
        <updated>2022-09-30T21:59:59Z</updated>
        <id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#194.165.16.68</id>
        <summary>
            194.165.16.68/32 was detected using web application attacks against our 80/tcp/http listener for AniNIX/WebServer. Suricata detection rules classified the incoming threats as a variety of SQL injection attacks. Total attack volume was 184.
        </summary>
    </entry>
    <entry>
        <title>91.191.209.54/32</title>
        <link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#91.191.209.54"></link>
        <updated>2022-09-26T02:16:20Z</updated>
        <id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#91.191.209.54</id>
        <summary>
            91.191.209.54/32 was detected using web application attacks against our 80/tcp/http listener for AniNIX/WebServer. Suricata detection rules classified the incoming threats as a variety of SQL injection attacks. Total attack volume was 1080.
        </summary>
    </entry>
    <entry>
        <title>194.165.17.9/32</title>
        <link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#194.165.17.9"></link>
        <updated>2022-09-26T02:16:20Z</updated>
        <id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#194.165.17.9</id>
        <summary>
            194.165.17.9/32 was detected using web application attacks against our 80/tcp/http listener for AniNIX/WebServer. Suricata detection rules classified the incoming threats as a variety of SQL injection attacks. Total attack volume was 184.
        </summary>
    </entry>
 </feed>
Author	SHA1	Message	Date
DarkFeather	50b6e49897	Adding rss validation	2024-06-27 12:55:32 -05:00
DarkFeather	05364cdc3f	Validator fixes	2024-06-27 12:42:06 -05:00
DarkFeather	e7dd4fcedb	Power outage follow-up	2024-06-27 12:39:07 -05:00
DarkFeather	e3fe99556a	84.239.54.49 detection	2024-06-27 12:38:23 -05:00
DarkFeather	0863e35549	ADA compliance clarification	2024-04-25 13:49:11 -05:00
DarkFeather	49c9de4370	Announcing pause	2024-04-25 12:22:48 -05:00
DarkFeather	1a4a2a098e	CVE-2024-3094 post	2024-04-17 15:27:01 -05:00
DarkFeather	f67cbe3b8f	Further rewrite on etymology	2024-03-30 15:14:19 -05:00
		`@@ -0,0 +1,3 @@`
							`#!/bin/bash`

							`# Implement https://cweiske.de/tagebuch/atom-validation.htm`