Security Hardening — Fix Critical Audit Findings (Issues #1-#21)#22
Open
AnilChinchawale wants to merge 8 commits intomasterfrom
Open
Security Hardening — Fix Critical Audit Findings (Issues #1-#21)#22AnilChinchawale wants to merge 8 commits intomasterfrom
AnilChinchawale wants to merge 8 commits intomasterfrom
Conversation
Fixes #13 #14 #15 #16 #17 #18 #20 #21 (partially #1 #2 #3 #4 #5 #6 #8 #9 #10) Critical changes: - RPC binds to 127.0.0.1 by default (was 0.0.0.0) - RPC_API defaults to net,web3,XDPoS (removed eth, debug, db) - CORS defaults to localhost (was *) - start-node.sh BLOCKS debug/admin/personal namespaces with clear error - start-node.sh WARNS if RPC binds to 0.0.0.0 or CORS is * - Docker compose binds RPC ports to 127.0.0.1 only - Docker healthcheck + log rotation added - Dockerfile only EXPOSEs port 30303 (removed 8545/8555) - Removed .pwd, nodekey, PRIVATE_KEY from git tracking - .gitignore blocks .env, .pwd, nodekey, keys.json - upgrade.sh fixed (no double git pull, no hardcoded image version) - SECURITY.md with full hardening guide + checklist - testnet/env.example created with NODE_NAME documented - Logs sent to stdout via exec (Docker handles rotation)
…auto-setup
- upgrade.sh auto-applies security fixes to existing .env:
* RPC_ADDR 0.0.0.0 → 127.0.0.1
* Removes debug/admin/personal from RPC_API
* Fixes wildcard CORS
* Adds missing RPC_ADDR/WS_ADDR/RPC_VHOSTS
- Backs up and restores .env, .pwd, nodekey during upgrade
- Docker image uses ${DOCKER_IMAGE:-xinfinorg/xdposchain:v2.6.8} variable
- bootstrap.sh: auto firewall setup, strong password generation, modern GPG
- install_docker.sh: modern GPG key management (fixes #12)
- setup/upgrade.sh deprecated → points to network-specific scripts
Upgrade path for existing nodes:
cd mainnet && bash upgrade.sh
# That's it. All security fixes applied automatically.
…ks in testnet start script - ENABLE_RPC=false is the default in all .env files (mainnet + testnet) - When disabled: no --rpc or --ws flags passed to XDC binary at all - Testnet start-apothem.sh now has same security validation as mainnet - Helpful message shown when RPC is disabled explaining how to enable safely - Testnet .env updated with secure defaults + NODE_NAME (fixes #11)
…NODE_TYPE=masternode - NODE_TYPE=fullnode is the default (was implicitly masternode with --mine always on) - --mine flag only added when NODE_TYPE=masternode or NODE_TYPE=validator - Applies to both mainnet start-node.sh and testnet start-apothem.sh - env.example documents NODE_TYPE options Existing masternode operators: add NODE_TYPE=masternode to your .env New nodes default to fullnode (safer — no accidental block production)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Comprehensive security hardening based on the XDC Network security audit findings. Closes 14 of 21 open issues.
Critical Fixes
127.0.0.1127.0.0.1in compose*http://localhostWhat Changed
mainnet/start-node.sh— The most critical change:127.0.0.1execto replace shell process (proper Docker signal handling)mainnet/env.example— Safe defaults:ENABLE_RPC=false(unchanged — already existed)RPC_ADDR=127.0.0.1(was0.0.0.0)RPC_API=net,web3,XDPoS(removeddb,eth— no signing methods)RPC_CORS_DOMAIN=http://localhost(was*)mainnet/docker-compose.yml:127.0.0.1SECURITY.md— Full hardening guide:Removed from git:
.pwdfiles (wallet passwords)nodekeyfiles (P2P private keys)PRIVATE_KEYfrom .env files.gitignoreTesting
After merging, every existing node operator should:
git pullto get new configs.envhasRPC_ADDR=127.0.0.1(not0.0.0.0)RPC_APIdoesn't contain debug/admin/personaldocker compose down && docker compose up -dcurl http://NODE_IP:8545should timeout