No.	Project Name	PTL
1	Radio Edge Cloud (REC)	Paul Carver
2	Connected Vehicle Blueprint	Tao Wang
3	IEC Type 4: AR/VR oriented Edge Stack for Integrated Edge Cloud (IEC) Blueprint Family	Bart Dong
4	The AI Edge: Federated ML application at edge	Enzo Zhang
5	IEC Type 3: Android cloud native applications on Arm servers in edge for Integrated Edge Cloud (IEC) Blueprint Family	Davy Zhang
6	Smart Cities	Olivier Bernard
7	IEC Type 5: SmartNIC for Integrated Edge Cloud (IEC) Blueprint Family	jin peng

Blueprints Participating Maturity Review

No.	Project Name	PTL	Main Committer	Self-Certification Page	Documentation Sub-Committee Ike Alisson	Security Logs (Vuls, Lynis, KubeHunter, no need CD log)
1	The AI Edge: School/Education Video Security Monitoring	Yu, Liya		Maturity Review Certification of Video Security Monitoring Blueprint	Maturity Review performed over e-mail on May 5th, 2021. Link to the overview: 2021 year	https://nexus.akraino.org/content/sites/logs/baidu/job/security_scan/aiedge/4/result/
2	IEC Type 2 for Integrated Edge Cloud (IEC) Blueprint Family	Trevor Tao	ashvin kumar Vinothini Raju Muhammad Hamza	Integration Edge Cloud Type 1 and Type 2 Release 2 Maturity Review Certification		https://nexus.akraino.org/content/sites/logs/production/vex-yul-akraino-jenkins-prod-1/ https://nexus.akraino.org/content/sites/logs/arm-china/jenkins092/
3	The AI Edge: Intelligent Vehicle-Infrastructure Cooperation System(I-VICS)	Yu, Liya	Hao Zhongwang	Maturity Review Certification of I-VICS
4

IEC Type 5: SmartNIC for Integrated Edge Cloud (IEC) Blueprint Family jin peng

Leo Li

Maturity Review Certification of SmartNIC

Documentation Review Meeting notes

socnoc - Akraino - Akraino Confluence5IEC Type 3: Android cloud native applications on Arm servers in edge for Integrated Edge Cloud (IEC) Blueprint Family

EALT-EDGE

huiling liu

Boren Zhang

Davy Zhang

Maturity Review Certification of

Android Cloud

EALTEdge

Documentation

Review Meeting notes

https://nexus.akraino.org/content/sites/logs/

ysemi

huawei/job/

v1/validation_results_v4/

12 May 2022

https://nexus.akraino.org/content/sites/logs/ysemi/job/v1/validation_results_v5/

13 May 2022

https://nexus.akraino.org/content/sites/logs/ysemi/job/v1/validation_results_v6/

17 May 2022

Lynis:

Performing test ID BOOT-5122 (Check for GRUB boot password): FAILED
2022-04-17 23:44:05 Result: file is owned by our current user ID (0), checking if it is readable
2022-04-17 23:44:05 Result: file /etc/grub.d/05_debian_theme is readable (or directory accessible).
2022-04-17 23:44:05 Result: did not find hashed password line in this file
2022-04-17 23:44:05 Result: Didn't find hashed password line in GRUB configuration
2022-04-17 23:44:05 Suggestion: Set a password on GRUB boot loader to prevent altering boot configuration (e.g. boot in single user mode without password) [test:BOOT-5122] [details:-] [solution:-]

Test: Checking presence /var/run/reboot-required.pkgs: FAILED
2022-04-17 23:44:09 Result: file /var/run/reboot-required.pkgs not found
2022-04-17 23:44:09 Result: /boot exists, performing more tests from here
2022-04-17 23:44:09 Result: found /boot/vmlinuz
2022-04-17 23:44:09 Result: found a symlink, retrieving destination
2022-04-17 23:44:09 Result: destination file is vmlinuz-4.15.0-173-generic
2022-04-17 23:44:09 Result: version derived from file name is '4.15.0-173-generic'
2022-04-17 23:44:09 Result: found version 4.15.0-173-generic
2022-04-17 23:44:09 Result: active kernel version 4.15.18
2022-04-17 23:44:09 Result: reboot needed, as there is a difference between active kernel and the one on disk
2022-04-17 23:44:09 Result: /var/cache/apt/archives/ does not exist
2022-04-17 23:44:09 Warning: Reboot of system is most likely needed [test:KRNL-5830] [details:] [solution:text:reboot]

Performing test ID AUTH-9229 (Check password hashing methods): FAILED
2022-04-17 23:44:09 Result: poor password hashing methods found: sha256crypt/sha512crypt(default<=5000rounds)
2022-04-17 23:44:09 Suggestion: Check PAM configuration, add rounds if applicable and expire passwords to encrypt with new values [test:AUTH-9229] [details:-] [solution:-]

Test: Checking SHA_CRYPT_MIN_ROUNDS option in /etc/login.defs: FAILED
2022-04-17 23:44:09 Result: number of minimum rounds used by the encryption algorithm is not configured
2022-04-17 23:44:09 Suggestion: Configure minimum encryption algorithm rounds in /etc/login.defs [test:AUTH-9230] [details:-] [solution:-]
2022-04-17 23:44:09 Result: number of maximum rounds used by the encryption algorithm is not configured
2022-04-17 23:44:09 Suggestion: Configure maximum encryption algorithm rounds in /etc/login.defs [test:AUTH-9230] [details:-] [solution:-]Test: Checking PASS_MAX_DAYS option in /etc/login.defs: FAILED
2022-04-17 23:44:10 Result: password aging limits are not configured
2022-04-17 23:44:10 Suggestion: Configure maximum password age in /etc/login.defs [test:AUTH-9286] [details:-] [solution:-]

Performing test ID AUTH-9328 (Default umask values): FAILED
2022-04-17 23:44:10 Result: found umask 022, which could be improved
2022-04-17 23:44:10 Suggestion: Default umask in /etc/login.defs could be more strict like 027 [test:AUTH-9328] [details:-] [solution:-]

Performing test ID USB-2000 (Check USB authorizations): FAILED
2022-04-17 23:44:11 Result: Some USB devices are authorized by default (or temporary) to connect to the system

Performing test ID USB-3000 (Check for presence of USBGuard): FAILED
2022-04-17 23:44:11 Result: USBGuard not found

Performing test ID PKGS-7370 (Checking for debsums utility): FAILED
2022-04-17 23:44:23 Result: debsums utility is not installed.

Performing test ID SSH-7408 (Check SSH specific defined options): FAILED
2022-04-17 23:44:50 Result: Option AllowTcpForwarding found
2022-04-17 23:44:50 Result: Option AllowTcpForwarding value is YES
2022-04-17 23:44:50 Result: OpenSSH option AllowTcpForwarding is in a weak configuration state and should be fixed
2022-04-17 23:44:50 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:AllowTcpForwarding (set YES to NO)] [solution:-]
2022-04-17 23:44:50 Result: Option ClientAliveCountMax found
2022-04-17 23:44:50 Result: Option ClientAliveCountMax value is 3
2022-04-17 23:44:50 Result: OpenSSH option ClientAliveCountMax is configured reasonably
2022-04-17 23:44:50 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:ClientAliveCountMax (set 3 to 2)] [solution:-]
2022-04-17 23:44:50 Result: Option Compression found
2022-04-17 23:44:50 Result: Option Compression value is YES
2022-04-17 23:44:50 Result: OpenSSH option Compression is in a weak configuration state and should be fixed
2022-04-17 23:44:50 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:Compression (set YES to NO)] [solution:-]
2022-04-17 23:44:50 Result: Option LogLevel found
2022-04-17 23:44:50 Result: Option LogLevel value is INFO
2022-04-17 23:44:50 Result: OpenSSH option LogLevel is configured reasonably
2022-04-17 23:44:50 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:LogLevel (set INFO to VERBOSE)] [solution:-]
2022-04-17 23:44:50 Result: Option MaxAuthTries found
2022-04-17 23:44:50 Result: Option MaxAuthTries value is 6
2022-04-17 23:44:50 Result: OpenSSH option MaxAuthTries is configured reasonably
2022-04-17 23:44:50 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:MaxAuthTries (set 6 to 3)] [solution:-]
2022-04-17 23:44:50 Result: Option MaxSessions found
2022-04-17 23:44:50 Result: Option MaxSessions value is 10
2022-04-17 23:44:50 Result: OpenSSH option MaxSessions is in a weak configuration state and should be fixed
2022-04-17 23:44:50 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:MaxSessions (set 10 to 2)] [solution:-]
2022-04-17 23:44:50 Result: Option PermitRootLogin found
2022-04-17 23:44:50 Result: Option PermitRootLogin value is YES
2022-04-17 23:44:50 Result: OpenSSH option PermitRootLogin is in a weak configuration state and should be fixed
2022-04-17 23:44:50 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:PermitRootLogin (set YES to (FORCED-COMMANDS-ONLY|NO|PROHIBIT-PASSWORD|WITHOUT-PASSWORD))] [solution:-]
2022-04-17 23:44:50 Result: Option Port found
2022-04-17 23:44:50 Result: Option Port value is 22
2022-04-17 23:44:50 Result: OpenSSH option Port is in a weak configuration state and should be fixed
2022-04-17 23:44:50 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:Port (set 22 to )] [solution:-]
2022-04-17 23:44:50 Result: Option TCPKeepAlive found
2022-04-17 23:44:50 Result: Option TCPKeepAlive value is YES
2022-04-17 23:44:50 Result: OpenSSH option TCPKeepAlive is in a weak configuration state and should be fixed
2022-04-17 23:44:50 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:TCPKeepAlive (set YES to NO)] [solution:-]
2022-04-17 23:44:50 Result: Option X11Forwarding found
2022-04-17 23:44:50 Result: Option X11Forwarding value is YES
2022-04-17 23:44:50 Result: OpenSSH option X11Forwarding is in a weak configuration state and should be fixed
2022-04-17 23:44:50 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:X11Forwarding (set YES to NO)] [solution:-]
2022-04-17 23:44:50 Result: Option AllowAgentForwarding found
2022-04-17 23:44:50 Result: Option AllowAgentForwarding value is YES
2022-04-17 23:44:50 Result: OpenSSH option AllowAgentForwarding is in a weak configuration state and should be fixed
2022-04-17 23:44:50 Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:AllowAgentForwarding (set YES to NO)] [solution:-]

Performing test ID KRNL-6000 (Check sysctl key pairs in scan profile): FAILED
2022-04-17 23:45:41 Result: sysctl key fs.suid_dumpable has a different value than expected in scan profile. Expected=0, Real=2
2022-04-17 23:45:41 Result: key hw.kbd.keymap_restrict_change does not exist on this machine
2022-04-17 23:45:41 Result: key kern.sugid_coredump does not exist on this machine
2022-04-17 23:45:41 Result: key kernel.core_setuid_ok does not exist on this machine
2022-04-17 23:45:41 Result: sysctl key kernel.core_uses_pid has a different value than expected in scan profile. Expected=1, Real=0
2022-04-17 23:45:41 Result: sysctl key kernel.dmesg_restrict has a different value than expected in scan profile. Expected=1, Real=0
2022-04-17 23:45:42 Result: sysctl key net.ipv4.conf.all.forwarding has a different value than expected in scan profile. Expected=0, Real=1
2022-04-17 23:45:42 Result: sysctl key net.ipv4.conf.all.log_martians has a different value than expected in scan profile. Expected=1, Real=0
2022-04-17 23:45:42 Result: sysctl key net.ipv4.conf.all.send_redirects has a different value than expected in scan profile. Expected=0, Real=1
2022-04-17 23:45:42 Result: sysctl key net.ipv4.conf.default.accept_redirects has a different value than expected in scan profile. Expected=0, Real=1
2022-04-17 23:45:42 Result: sysctl key net.ipv4.conf.default.accept_source_route has a different value than expected in scan profile. Expected=0, Real=1
2022-04-17 23:45:42 Result: sysctl key net.ipv4.conf.default.log_martians has a different value than expected in scan profile. Expected=1, Real=0
2022-04-17 23:45:42 Result: sysctl key net.ipv6.conf.all.accept_redirects has a different value than expected in scan profile. Expected=0, Real=1
2022-04-17 23:45:42 Result: key net.ipv6.conf.all.send_redirects does not exist on this machine
2022-04-17 23:45:42 Result: sysctl key net.ipv6.conf.default.accept_redirects has a different value than expected in scan profile. Expected=0, Real=1

Test: Check if one or more compilers can be found on the system: FAILED
2022-04-17 23:45:42 Result: found installed compiler. See top of logfile which compilers have been found or use /bin/grep to filter on 'compiler'
2022-04-17 23:37:28 Found known binary: as (compiler) - /usr/bin/as
2022-04-17 23:37:28 Found known binary: cc (compiler) - /usr/bin/cc
2022-04-17 23:37:28 Found known binary: g++ (compiler) - /usr/bin/g++
2022-04-17 23:37:28 Found known binary: gcc (compiler) - /usr/bin/gcc
2022-04-17 23:44:13 Found package: device-tree-compiler (version: 1.4.5-3)
2022-04-17 23:44:21 Found package: protobuf-compiler (version: 3.0.0-9.1ubuntu1)

16 Jun 2022

Approved by Process Sub-Commitee.

Tina Tsou6

Smart Cities

Jack Liu

Jason Wen

https://nexus.akraino.org/content/sites/logs/myais/bluval/3/

Lynis:

Performing test ID AUTH-9228 (Check password file consistency with pwck): FAILED
2022-05-20 01:19:27 Result: pwck found one or more errors/warnings in the password file.
2022-05-20 01:19:27 Suggestion: Run pwck manually and correct any errors in the password file [test:AUTH-9228] [details:-] [solution:-]

Performing test ID AUTH-9229 (Check password hashing methods): NOT PRESENT IN THIS LOGTest: Checking SHA_CRYPT_MIN_ROUNDS option in /etc/login.defs: NOT PRESENT IN THIS LOGTest: collecting accounts which have an expired password (last day changed + maximum change time): NOT PRESENT IN THIS LOGPerforming test ID FILE-6368 (Checking ACL support on root file system): NOT PRESENT IN THIS LOGPerforming test ID USB-3000 (Check for presence of USBGuard): FAILED
2022-05-20 01:19:28 Result: USBGuard not foundPerforming test ID KRNL-6000 (Check sysctl key pairs in scan profile): FAILED
2022-05-20 01:19:43 Result: sysctl key dev.tty.ldisc_autoload has a different value than expected in scan profile. Expected=0, Real=1
2022-05-20 01:19:43 Result: key fs.protected_fifos does not exist on this machine
2022-05-20 01:19:43 Result: key fs.protected_hardlinks does not exist on this machine
2022-05-20 01:19:43 Result: key fs.protected_regular does not exist on this machine
2022-05-20 01:19:43 Result: key fs.protected_symlinks does not exist on this machine
2022-05-20 01:19:43 Result: sysctl key fs.suid_dumpable has a different value than expected in scan profile. Expected=0, Real=2
2022-05-20 01:19:43 Result: key hw.kbd.keymap_restrict_change does not exist on this machine
2022-05-20 01:19:43 Result: key kernel.core_setuid_ok does not exist on this machine
2022-05-20 01:19:43 Result: sysctl key kernel.core_uses_pid has a different value than expected in scan profile. Expected=1, Real=0
2022-05-20 01:19:43 Result: key kernel.exec-shield does not exist on this machine
2022-05-20 01:19:43 Result: key kernel.exec-shield-randomize does not exist on this machine
2022-05-20 01:19:43 Result: sysctl key kernel.kptr_restrict has a different value than expected in scan profile. Expected=2, Real=1
2022-05-20 01:19:43 Result: key kernel.maps_protect does not exist on this machine
2022-05-20 01:19:43 Result: sysctl key kernel.modules_disabled has a different value than expected in scan profile. Expected=1, Real=0
2022-05-20 01:19:43 Result: key kernel.suid_dumpable does not exist on this machine
2022-05-20 01:19:43 Result: sysctl key kernel.sysrq has a different value than expected in scan profile. Expected=0, Real=176
2022-05-20 01:19:43 Result: sysctl key kernel.unprivileged_bpf_disabled has a different value than expected in scan profile. Expected=1, Real=2
2022-05-20 01:19:43 Result: sysctl key net.ipv4.conf.all.forwarding has a different value than expected in scan profile. Expected=0, Real=1
2022-05-20 01:19:43 Result: sysctl key net.ipv4.conf.all.log_martians has a different value than expected in scan profile. Expected=1, Real=0
2022-05-20 01:19:43 Result: sysctl key net.ipv4.conf.all.send_redirects has a different value than expected in scan profile. Expected=0, Real=1
2022-05-20 01:19:43 Result: sysctl key net.ipv4.conf.default.accept_redirects has a different value than expected in scan profile. Expected=0, Real=1
2022-05-20 01:19:43 Result: sysctl key net.ipv4.conf.default.log_martians has a different value than expected in scan profile. Expected=1, Real=0
2022-05-20 01:19:43 Result: sysctl key net.ipv6.conf.all.accept_redirects has a different value than expected in scan profile. Expected=0, Real=1
2022-05-20 01:19:43 Result: key net.ipv6.conf.all.send_redirects does not exist on this machine
2022-05-20 01:19:44 Result: sysctl key net.ipv6.conf.default.accept_redirects has a different value than expected in scan profile. Expected=0, Real=1

Security-logs/

6/8/2023

06/26/2023

07/20/2023

Records of Details

No.	Project Name	PTL	Main Committer	Self-Certification Page	Documentation Sub-Committee Ike Alisson	Logs (Vuls, Lynis, KubeHunter)	Security Sub-Committee Randy Stricklin Daniil Egranov Wenhui Zhang	Process Sub-Committee Biswajit De	TSC Tina Tsou Oleg Berzin
41	The AI Edge: Federated ML application at edge	Enzo Zhang	haihui wang	Maturity Review Certification of Federated ML Application At Edge Blueprint	Maturity Review Certification of Federated ML Application At Edge Blueprint performed over mail on 01/04 & stored at Documentation Sub-committee reviews for 2022. It is recommended to Akraino TSC to deem the maturity requirements for Documentation to "mature" level as fulfilled and accept the BP graduation request to "Mature" level.	2/28/2022 Update https://nexus.akraino.org/content/sites/logs/fate/fml/mat4/	1/3/2022 Emailed Haihui Wang: AI Edge- Federated ML blueprint has passed the Incubation phase in Release 5 it also meets the Maturity requirements for Vuls. However, The Lynis test requirements are more stringent for Maturity than Incubation. The additional Lynis Maturity criteria can be found at https://wiki.akraino.org/pages/viewpage.action?pageId=11996301#StepsToImplementSecurityScanRequirements-VulsIncubationandMaturityPASSFAIL in the ‘Lynis Maturity: PASS/FAIL Criteria, v1.0’ section. Please run the Lynis tests against the AI Edge – Federated ML blueprint and correct issues so that all Maturity tests pass. Once all Maturity tests pass please send the lynis.log output file to the Akraino security team for review. 1/14/2022 Emailed Haihui Wang: Below is the analysis that our maturity check script returned for the lynis log for the AI Edge – Federate ML blueprint. All tests that ‘FAILED’ need to be corrected to be approved for maturity, there are more tests that failed than the one that you listed. For the test ID AUTH-9229 that you described, would you be able to increase the ‘rounds’ to a value greater than 5000 and expire passwords so that they encrypt with new values?	Approved by Process Sub-Commitee.
2	IEC Type 3: Android cloud native applications on Arm servers in edge for Integrated Edge Cloud (IEC) Blueprint Family	Davy Zhang		Maturity Review Certification of Android Cloud	Documentation Review Meeting notes	~~https://nexus.akraino.org/content/sites/logs/ysemi/job/v2/lynis_v2/lynis/~~ 28 Jun 2022 https://nexus.akraino.org/content/sites/logs/ysemi/job/v2/lynis_v3/lynis/ 30 Jun 2022	05 Jul 2022 Approved by Security Sub-Committee.	16 Jun 2022 Approved by Process Sub-Commitee.	Approved by TSC
3	Smart Cities	Olivier Bernard	Jack Liu Jason Wen	Maturity Review Certification of Smart Cities	Documentation Review Meeting notes	07 Jul 2022 https://nexus.akraino.org/content/sites/logs/myais/bluval/6/	07 Jul 2022 Approved by Security Sub-Committee.	09 Jul 2022 Approved by Process Sub-Commitee.
4	IEC Type 5: SmartNIC for Integrated Edge Cloud (IEC) Blueprint Family	jin peng	Leo Li	Maturity Review Certification of SmartNIC	Documentation Review Meeting notes	https://nexus.akraino.org/content/sites/logs/socnoc/job/security_scan/	07 Dec 2022 Approved by Security Sub-Committee.
5	EALT-EDGE	huiling liu	Boren Zhang	Maturity Review Certification of EALTEdge		https://nexus.akraino.org/content/sites/logs/huawei/job/Security-logs/	2023/6/8 Approved by Security Sub-Committee. 22 Feb 2023 Lynus: Performing test ID BOOT-5184 (Check permissions for boot files/scripts): FAILED Performing test ID AUTH-9229 (Check password hashing methods): FAILED Test: Checking SHA_CRYPT_{MIN,MAX}_ROUNDS option in /etc/login.defs: FAILED Performing test ID USB-2000 (Check USB authorizations): FAILED Performing test ID USB-3000 (Check for presence of USBGuard): FAILED Test: Check if one or more compilers can be found on the system: FAILED Note: Please add links to the Vuls and Kube-hunter logs.	06/26/2023	07/20/2023

Space shortcuts

Page tree

Versions Compared

Old Version 42

New Version Current

Key

Blueprints Participating Maturity Review

Records of Details

Space shortcuts

Page tree

Page History

Versions Compared

Old Version 42

New Version Current

Key

Blueprints Participating Maturity Review

Documentation Review Meeting notes

Smart Cities

Records of Details

Documentation Review Meeting notes

Documentation Review Meeting notes