Pulse

vrr/Pulse

Fork 0

mirror of https://github.com/rcourtman/Pulse.git synced 2026-05-13 06:56:06 +00:00

Commit graph

Author	SHA1	Message	Date
rcourtman	97f9de6c95	feat(security): Enhance systemd hardening directives Adds additional systemd security directives for defense in depth: - MemoryDenyWriteExecute=true (prevents RWX memory) - RestrictRealtime=true (denies realtime scheduling) - ProtectHostname=true (hostname protection) - ProtectKernelLogs=true (kernel log protection) - SystemCallArchitectures=native (native syscalls only) These directives provide additional layers to slow/prevent post-compromise exploitation of the proxy process. Related to security audit 2025-11-07.	2025-11-07 17:09:47 +00:00
rcourtman	b952444837	refactor: Rename pulse-temp-proxy to pulse-sensor-proxy The name "temp-proxy" implied a temporary or incomplete implementation. The new name better reflects its purpose as a secure sensor data bridge for containerized Pulse deployments. Changes: - Renamed cmd/pulse-temp-proxy/ to cmd/pulse-sensor-proxy/ - Updated all path constants and binary references - Renamed environment variables: PULSE_TEMP_PROXY_* to PULSE_SENSOR_PROXY_* - Updated systemd service and service account name - Updated installation, rotation, and build scripts - Renamed hardening documentation - Maintained backward compatibility for key removal during upgrades	2025-10-13 13:17:05 +00:00

Author

SHA1

Message

Date

rcourtman

97f9de6c95

feat(security): Enhance systemd hardening directives

Adds additional systemd security directives for defense in depth:
- MemoryDenyWriteExecute=true (prevents RWX memory)
- RestrictRealtime=true (denies realtime scheduling)
- ProtectHostname=true (hostname protection)
- ProtectKernelLogs=true (kernel log protection)
- SystemCallArchitectures=native (native syscalls only)

These directives provide additional layers to slow/prevent
post-compromise exploitation of the proxy process.

Related to security audit 2025-11-07.

2025-11-07 17:09:47 +00:00

rcourtman

b952444837

refactor: Rename pulse-temp-proxy to pulse-sensor-proxy

The name "temp-proxy" implied a temporary or incomplete implementation. The new name better reflects its purpose as a secure sensor data bridge for containerized Pulse deployments.

Changes:
- Renamed cmd/pulse-temp-proxy/ to cmd/pulse-sensor-proxy/
- Updated all path constants and binary references
- Renamed environment variables: PULSE_TEMP_PROXY_* to PULSE_SENSOR_PROXY_*
- Updated systemd service and service account name
- Updated installation, rotation, and build scripts
- Renamed hardening documentation
- Maintained backward compatibility for key removal during upgrades

2025-10-13 13:17:05 +00:00

2 commits