From 3262212bd03d1fd6ccc1335a73f469465335420b Mon Sep 17 00:00:00 2001 From: Minio Trusted Date: Thu, 4 Feb 2021 23:49:07 -0800 Subject: [PATCH] update README.md to link the binaries --- README.md | 51 +++++++++++++++++++++++++++++++++++------ SECURITY.md | 12 +++++----- VULNERABILITY_REPORT.md | 38 ++++++++++++++++++++++++++++++ 3 files changed, 88 insertions(+), 13 deletions(-) create mode 100644 VULNERABILITY_REPORT.md diff --git a/README.md b/README.md index a68c8e90b..3518ffa51 100644 --- a/README.md +++ b/README.md @@ -12,25 +12,61 @@ A graphical user interface for [MinIO](https://github.com/minio/minio) **Table of Contents** - [MinIO Console](#minio-console) - - [-](#-) + - [Install](#install) + - [Binary Releases](#binary-releases) + - [Docker](#docker) + - [Build from source](#build-from-source) + - [Setup](#setup) - [1. Create a user `console` using `mc`](#1-create-a-user-console-using-mc) - [2. Create a policy for `console` with admin access to all resources (for testing)](#2-create-a-policy-for-console-with-admin-access-to-all-resources-for-testing) - [3. Set the policy for the new `console` user](#3-set-the-policy-for-the-new-console-user) - [Start Console service:](#start-console-service) -- [Salt to encrypt JWT payload](#salt-to-encrypt-jwt-payload) - [Start Console service with TLS:](#start-console-service-with-tls) - [Connect Console to a Minio using TLS and a self-signed certificate](#connect-console-to-a-minio-using-tls-and-a-self-signed-certificate) - [Contribute to console Project](#contribute-to-console-project) -### Setup +## Install + +### Binary Releases + +| OS | ARCH | Binary | +|:-------:|:-------:|:----------------------------------------------------------------------------------------------------:| +| Linux | amd64 | [linux-amd64](https://github.com/minio/console/releases/latest/download/console-linux-amd64) | +| Linux | arm64 | [linux-arm64](https://github.com/minio/console/releases/latest/download/console-linux-arm64) | +| Linux | ppc64le | [linux-ppc64le](https://github.com/minio/console/releases/latest/download/console-linux-ppc64le) | +| Linux | s390x | [linux-s390x](https://github.com/minio/console/releases/latest/download/console-linux-s390x) | +| Apple | amd64 | [darwin-amd64](https://github.com/minio/console/releases/latest/download/console-darwin-amd64) | +| Windows | amd64 | [windows-amd64](https://github.com/minio/console/releases/latest/download/console-windows-amd64.exe) | + +You can also verify the binary with [minisign](https://jedisct1.github.io/minisign/) by downloading the corresponding [`.minisig`](https://github.com/minio/console/releases/latest) signature file. Then run: +``` +minisign -Vm console-- -P RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav +``` + +### Docker + +Pull the latest release via: +``` +docker pull minio/console +``` + +### Build from source + +``` +GO111MODULE=on go get github.com/minio/console/cmd/console +``` +> You will need a working Go environment. Therefore, please follow [How to install Go](https://golang.org/doc/install). +> Minimum version required is go1.14 + +## Setup All `console` needs is a MinIO user with admin privileges and URL pointing to your MinIO deployment. > Note: We don't recommend using MinIO's Operator Credentials -#### 1. Create a user `console` using `mc` +### 1. Create a user `console` using `mc` ```bash mc admin user add myminio/ @@ -38,7 +74,7 @@ Enter Access Key: console Enter Secret Key: xxxxxxxx ``` -#### 2. Create a policy for `console` with admin access to all resources (for testing) +### 2. Create a policy for `console` with admin access to all resources (for testing) ```sh cat > admin.json << EOF @@ -70,7 +106,7 @@ EOF mc admin policy add myminio/ consoleAdmin admin.json ``` -#### 3. Set the policy for the new `console` user +### 3. Set the policy for the new `console` user ```sh mc admin policy set myminio consoleAdmin user=console @@ -173,7 +209,8 @@ Following tree structure is expected for supporting multiple domains: ## Connect Console to a Minio using TLS and a self-signed certificate Copy the MinIO `ca.crt` under `~/.console/certs/CAs`, then: -``` + +```sh export CONSOLE_MINIO_SERVER=https://localhost:9000 ./console server ``` diff --git a/SECURITY.md b/SECURITY.md index 9f4fd0aff..f0780e500 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -18,13 +18,13 @@ you need access credentials for a successful exploit). If you have not received a reply to your email within 48 hours or you have not heard from the security team for the past five days please contact the security team directly: - - Primary security coordinator: lenin@min.io - - Secondary coordinator: daniel@min.io, cesar@min.io - - If you receive no response: dev@min.io + - Primary security coordinator: lenin@min.io + - Secondary coordinator: security@min.io + - If you receive no response: dev@min.io ### Disclosure Process -MinIO uses the following disclosure process: +MinIO Console uses the following disclosure process: 1. Once the security report is received one member of the security team tries to verify and reproduce the issue and determines the impact it has. @@ -33,8 +33,8 @@ MinIO uses the following disclosure process: 3. Code is audited to find any potential similar problems. 4. Fixes are prepared for the latest release. 5. On the date that the fixes are applied a security advisory will be published on https://blog.min.io. - Please inform us in your report email whether MinIO should mention your contribution w.r.t. fixing - the security issue. By default MinIO will **not** publish this information to protect your privacy. + Please inform us in your report email whether MinIO Console should mention your contribution w.r.t. fixing + the security issue. By default MinIO Console will **not** publish this information to protect your privacy. This process can take some time, especially when coordination is required with maintainers of other projects. Every effort will be made to handle the bug in as timely a manner as possible, however it's important that we diff --git a/VULNERABILITY_REPORT.md b/VULNERABILITY_REPORT.md new file mode 100644 index 000000000..9f3d04093 --- /dev/null +++ b/VULNERABILITY_REPORT.md @@ -0,0 +1,38 @@ +## Vulnerability Management Policy + +This document formally describes the process of addressing and managing a +reported vulnerability that has been found in the MinIO Console server code base, +any directly connected ecosystem component or a direct / indirect dependency +of the code base. + +### Scope + +The vulnerability management policy described in this document covers the +process of investigating, assessing and resolving a vulnerability report +opened by a MinIO Console employee or an external third party. + +Therefore, it lists pre-conditions and actions that should be performed to +resolve and fix a reported vulnerability. + +### Vulnerability Management Process + +The vulnerability management process requires that the vulnerability report +contains the following information: + + - The project / component that contains the reported vulnerability. + - A description of the vulnerability. In particular, the type of the + reported vulnerability and how it might be exploited. Alternatively, + a well-established vulnerability identifier, e.g. CVE number, can be + used instead. + +Based on the description mentioned above, a MinIO Console engineer or security team +member investigates: + + - Whether the reported vulnerability exists. + - The conditions that are required such that the vulnerability can be exploited. + - The steps required to fix the vulnerability. + +In general, if the vulnerability exists in one of the MinIO Console code bases +itself - not in a code dependency - then MinIO Console will, if possible, fix +the vulnerability or implement reasonable countermeasures such that the +vulnerability cannot be exploited anymore.