From f50222fc531eb700b9f4afa92d55ac424f2a499f Mon Sep 17 00:00:00 2001 From: Erg Date: Wed, 27 Nov 2024 17:03:03 +0100 Subject: Add settings.cfg.example and certificate validity check --- README.md | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) (limited to 'README.md') diff --git a/README.md b/README.md index 11997c4..28ea69b 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,8 @@ -Contains two scripts: +Contains: - Bash script generating rrd database and generating graphs from it - Python script readding from MQTT and updating rrd database - Settings for the Python script + - Python script regenerating certificates within grace period of their expiry. DEPENDENCIES: - configparser @@ -18,6 +19,7 @@ Steps to get going: - Set up certificates (Check out Pico project for Bash script generating them) - Run Python script. - Set up cron job regenerating graphs with frequency to your liking. + - Set up SSL/TLS certificates with scripts provided. Certificate directory structure shall adhere to the schema below. (So that I don't forget:) What is still missing: @@ -25,3 +27,24 @@ What is still missing: - Python script could generate more graphs based on averages from rrd database showing long term trends. - Graph generation could be done with rrdcgi (not sure it is needed though) - Documentation is lacking detailed step by step setup guide. + - In order to prevent a rougue client from publishing to a certificate renewal channel, Access Controll List needs to be implemented. + - There should be a script generating ACL file. + - Before adding a certificate for a user ACL file shall be updated. + +Certificate directory structure: + +$ tree -d /etc/mosquitto/certs +├── CA +├── DH +├── clients +│   ├── onge +│   └── pico +├── csr_files +└── server + +The acl file shall be located at: +$ /etc/mosquitto/mosquitto.acl + +An entry shall be present in the acl file: + +$ pattern readwrite cert_reneval/%c/# -- cgit v1.2.3-65-gdbad