-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathexec.html
More file actions
161 lines (147 loc) · 10.4 KB
/
exec.html
File metadata and controls
161 lines (147 loc) · 10.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Poyraz-K8s Sovereign | Terminal Guard</title>
<link rel="preconnect" href="https://fonts.googleapis.com">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link href="https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700&family=Outfit:wght@400;600;700&family=Fira+Code:wght@400;500&display=swap" rel="stylesheet">
<link rel="stylesheet" href="css/style.css">
<script>
document.addEventListener("DOMContentLoaded", () => {
const savedLang = localStorage.getItem('poyraz-lang') || 'en';
setLang(savedLang);
document.getElementById("btn-en").addEventListener("click", () => setLang("en"));
document.getElementById("btn-tr").addEventListener("click", () => setLang("tr"));
});
function setLang(lang) {
document.body.setAttribute('data-lang', lang);
document.querySelectorAll('.lang-btn').forEach(b => b.classList.remove('active'));
document.getElementById('btn-' + lang).classList.add('active');
localStorage.setItem('poyraz-lang', lang);
}
</script>
</head>
<body data-lang="en">
<aside>
<a href="environments.html" class="brand">
<svg width="34" height="34" viewBox="0 0 32 32" fill="none"><rect x="4" y="4" width="24" height="24" rx="8" stroke="var(--primary)" stroke-width="2.5"/><path d="M16 10V22M10 16H22" stroke="var(--secondary)" stroke-width="2.5" stroke-linecap="round"/></svg>
<span>POYRAZ K8S</span>
</a>
<div class="nav-section">
<div class="nav-label en">Core Setup</div>
<div class="nav-label tr">Temel Kurulum</div>
<a href="environments.html" class="nav-link">
<span class="en">Environments</span><span class="tr">Ortamlar</span>
</a>
<a href="install.html" class="nav-link">
<span class="en">Installations</span><span class="tr">Kurulumlar</span>
</a>
<a href="backup.html" class="nav-link">
<span class="en">Backup</span><span class="tr">Yedekleme</span>
</a>
<a href="federation.html" class="nav-link">
<span class="en">Federation</span><span class="tr">Federasyon</span>
</a>
<a href="rbac.html" class="nav-link">
<span class="en">Casbin RBAC</span><span class="tr">Casbin Yetki</span>
</a>
</div>
<div class="nav-section">
<div class="nav-label en">Workload Delivery</div>
<div class="nav-label tr">İş Yükü Dağıtımı</div>
<a href="appcreator.html" class="nav-link">
<span class="en">App Creator</span><span class="tr">App Oluşturucu</span>
</a>
<a href="helm.html" class="nav-link">
<span class="en">Helm Ecosystem</span><span class="tr">Helm Ekosistemi</span>
</a>
<a href="config-sync.html" class="nav-link">
<span class="en">Config & Secrets</span><span class="tr">Config & Secret</span>
</a>
</div>
<div class="nav-section">
<div class="nav-label en">Security Intelligence</div>
<div class="nav-label tr">Güvenlik İstihbaratı</div>
<a href="vuln-scan.html" class="nav-link">
<span class="en">Vuln Scanner</span><span class="tr">Zafiyet Tarama</span>
</a>
<a href="cluster-eye.html" class="nav-link">
<span class="en">Cluster Eye</span><span class="tr">Cluster Eye</span>
</a>
<a href="exec.html" class="nav-link active">
<span class="en">Terminal Exec</span><span class="tr">Terminal Komut</span>
</a>
<a href="exec-recorder.html" class="nav-link">
<span class="en">Exec Recorder</span><span class="tr">Komut Kaydedici</span>
</a>
<a href="network-flow.html" class="nav-link">
<span class="en">Network Flow</span><span class="tr">Ağ Akışı</span>
</a>
</div>
<div class="nav-section">
<div class="nav-label en">Analysis</div>
<div class="nav-label tr">Analiz</div>
<a href="report.html" class="nav-link">
<span class="en">Reporting</span><span class="tr">Raporlama</span>
</a>
</div>
</aside>
<main class="content-wrapper">
<div class="sticky-header">
<div class="en" style="color: var(--text-dim); font-size: 0.9rem; font-weight: 800; letter-spacing: 0.15em;">DOCUMENTATION HUB V7.0</div>
<div class="tr" style="color: var(--text-dim); font-size: 0.9rem; font-weight: 800; letter-spacing: 0.15em;">DOKÜMANTASYON MERKEZİ V7.0</div>
<div class="lang-control">
<button id="btn-en" class="lang-btn active">EN</button>
<button id="btn-tr" class="lang-btn">TR</button>
</div>
</div>
<h1 class="en">Terminal <span>Exec Guard</span></h1>
<h1 class="tr">Terminal <span>Exec Koruması</span></h1>
<p class="en">Zero-trust execution environment. Every terminal shell requested by a user passes through the Great Firewall—a strict RegEx parser that blocks malicious injections by default.</p>
<p class="tr">Sıfır-güven (Zero-trust) çalıştırma ortamı. Bir kullanıcı tarafından istenen her terminal kabuğu (shell), kötü niyetli enjeksiyonları varsayılan olarak engelleyen katı bir RegEx ayrıştırıcısı olan Büyük Güvenlik Duvarı'ndan (Great Firewall) geçer.</p>
<div class="media-container" style="border-color: var(--danger);">
<img src="image/exec.png" alt="Terminal Exec Error Blocked">
</div>
<h3 class="en">Role-Based Command Authorization</h3>
<h3 class="tr">Rol Tabanlı Komut Yetkilendirme</h3>
<p class="en">Configure precise command execution policies using RegEx patterns. Each role can be assigned specific command whitelists, ensuring users can only execute authorized commands within their permission scope.</p>
<p class="tr">RegEx desenleri kullanarak hassas komut yürütme politikalarını yapılandırın. Her role belirli komut beyaz listeleri atanabilir, böylece kullanıcıların yalnızca yetki kapsamları dahilindeki yetkili komutları çalıştırmalarını sağlar.</p>
<div class="media-container" style="border-color: var(--primary);">
<img src="image/exec-allow.png" alt="Exec Allow Configuration Interface">
</div>
<div class="media-container" style="border-color: var(--secondary);">
<img src="image/exec-allow-2.png" alt="Exec Allow Rules Management">
</div>
<h4 class="en" style="color: var(--warning); margin: 2rem 0 1rem;">Advanced Security Features</h4>
<h4 class="tr" style="color: var(--warning); margin: 2rem 0 1rem;">Gelişmiş Güvenlik Özellikleri</h4>
<div class="grid-2">
<div class="info-card" style="border-top: 4px solid var(--danger);">
<h4 class="en">The Great Firewall</h4>
<h4 class="tr">Büyük Güvenlik Duvarı</h4>
<p class="en" style="font-size:1rem; margin:0;">Uses defensive normalization to split pipes (<code>|</code>) and explicitly blocks shell operators like <code>; & > < ` $ ||</code> before execution ever reaches the Kubernetes API. All commands are sanitized and validated against security patterns.</p>
<p class="tr" style="font-size:1rem; margin:0;">Boru (pipe <code>|</code>) karakterlerini ayırmak için savunmacı bir normalizasyon kullanır ve K8s API'ye ulaşmadan önce <code>; & > < ` $ ||</code> gibi kabuk operatörlerini açıkça engeller. Tüm komutlar güvenlik desenlerine karşı temizlenir ve doğrulanır.</p>
</div>
<div class="info-card" style="border-top: 4px solid var(--primary);">
<h4 class="en">Casbin Policy Engine</h4>
<h4 class="tr">Casbin Politika Motoru</h4>
<p class="en" style="font-size:1rem; margin:0;">Integrates with Casbin RBAC system for fine-grained permission control. Roles define strictly which regex patterns are allowed. If the parsed base command does not match an allowed pattern, it rejects immediately with detailed audit logging.</p>
<p class="tr" style="font-size:1rem; margin:0;">İnce ayrıntılı izin kontrolü için Casbin RBAC sistemi ile entegre olur. Roller, hangi regex pattern'lerinin izin verildiğini kesin olarak tanımlar. Ayrıştırılan temel komut izin verilen pattern ile eşleşmezse, detaylı denetim kaydı ile hemen reddeder.</p>
</div>
<div class="info-card" style="border-top: 4px solid var(--secondary);">
<h4 class="en">Real-time Monitoring</h4>
<h4 class="tr">Gerçek Zamanlı İzleme</h4>
<p class="en" style="font-size:1rem; margin:0;">Every exec session is monitored and logged in real-time. Failed authorization attempts trigger immediate alerts, and all successful commands are recorded with full context including user, role, timestamp, and command parameters.</p>
<p class="tr" style="font-size:1rem; margin:0;">Her exec oturumu gerçek zamanlı olarak izlenir ve kaydedilir. Başarısız yetkilendirme girişimleri anında uyarı tetikler ve tüm başarılı komutlar kullanıcı, rol, zaman damgası ve komut parametreleri dahil tam bağlamla kaydedilir.</p>
</div>
<div class="info-card" style="border-top: 4px solid var(--accent);">
<h4 class="en">Zero-Trust Architecture</h4>
<h4 class="tr">Sıfır Güven Mimarisi</h4>
<p class="en" style="font-size:1rem; margin:0;">Assumes no implicit trust. Every command request goes through multiple validation layers: syntax analysis, pattern matching, role verification, and runtime security checks before being permitted to execute.</p>
<p class="tr" style="font-size:1rem; margin:0;">Örtük güven varsaymaz. Her komut isteği yürütülmeye izin verilmeden önce birden çok doğrulama katmanından geçer: söz dizimi analizi, desen eşleştirme, rol doğrulama ve çalışma zamanı güvenlik kontrolleri.</p>
</div>
</div>
</main>
</body>
</html>