25-03-2025

2025-03-25 15:52:48 +01:00
parent 259b9c6a24
commit 011cfcba40
64 changed files with 2993 additions and 45 deletions
--- a/docs/macos/webserver/security-txt.md
+++ b/docs/macos/webserver/security-txt.md
@@ -0,0 +1,117 @@
+# security.txt
+
+
+
+Créer le fichier security.txt sur https://securitytxt.org
+
+```bash
+Contact: mailto:bruno@clicclac.info
+Expires: 2026-09-05T18:00:00.000Z
+Encryption: openpgp4fpr:2D5E 6C77 2EC1 15C8 21BD  6D8A 4B92 F1D5 84F5 513F
+Preferred-Languages: en,fr
+Canonical: https://photos-nas.ovh/.well-known/security.txt
+```
+
+Créer une signature numérique:
+
+```bash
+gpg --output security.txt.sig --armor --detach-sig security.txt
+gpg: using "2D5E6C772EC115C821BD6D8A4B92F1D584F5513F" as default secret key for signing
+```
+
+Vérifier la signature:
+
+```bash
+gpg --verify security.txt.sig security.txt
+gpg: Signature faite le Jeu  5 sep 15:35:53 2024 CEST
+gpg:                avec la clef RSA 2D5E6C772EC115C821BD6D8A4B92F1D584F5513F
+gpg: Bonne signature de « Bruno Pesenti <bruno@clicclac.info> » [ultime]
+```
+
+Ajouter la signature au fichier security.txt
+
+```bash
+cat security.txt.sig >> security.txt
+```
+
+
+
+
+
+```bash
+gpg --clearsign -o security-signed.txt security.txt
+gpg: using "2D5E6C772EC115C821BD6D8A4B92F1D584F5513F" as default secret key for signing
+```
+
+```bash
+gpg --verify -v security-signed.txt
+gpg: enabled compatibility flags:
+gpg: en-tête d'armure : Hash: SHA256
+gpg: nom de fichier original : «  »
+gpg: Signature faite le Jeu  5 sep 16:02:58 2024 CEST
+gpg:                avec la clef RSA 2D5E6C772EC115C821BD6D8A4B92F1D584F5513F
+gpg: utilisation du modèle de confiance pgp
+gpg: Bonne signature de « Bruno Pesenti <bruno@clicclac.info> » [ultime]
+gpg: signature mode texte, algorithme de hachage SHA256, algorithme de clef rsa4096
+```
+
+```bash
+mv security-signed.txt security.txt
+```
+
+```bash
+cat security.txt
+
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+Contact: https://photos-nas.ovh/contact/
+Expires: 2026-09-05T18:00:00.000Z
+Encryption: openpgp4fpr:2D5E 6C77 2EC1 15C8 21BD  6D8A 4B92 F1D5 84F5 513F
+Preferred-Languages: en,fr
+Canonical: https://photos-nas.ovh/.well-known/security.txt
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCAAdFiEELV5sdy7BFcghvW2KS5Lx1YT1UT8FAmbZuhIACgkQS5Lx1YT1
+UT9hsg/6AjjR0ASQ1UA0rHwVeKw7WOlLJv1lkdypKi5Sou1sYZcM3sFNwq1T/KX8
+lkgy3Y0uAH2QJ/nbsyhyNi5tHI2oA1zhF7U/l9ovRD3esQGoZ0iRIFRKzoKwNsBb
+yxOzS1BJEvH3ntE2QwcTCBPx5D8RNBcIa3xK8DnrZCfkIU3tm49yRNyFo+MUWDZw
+f0ASIWFwvPrB3oKdB9orzwQHq2UtwIK8yPkeZV2Tbe3OuN0utVSaqeSXDyNewCDI
+ziorAnjl5TL41Lo3UtO69ByYB2yCHaIgGr/9EK19fZG7jx/AcD8wCQ5FKdj8woQB
+KwCEu4PqoHpi8yncHAUZPsrH9XHTm5GegeGHU6/uguzDw4jc5Nxg/ARpDvD/337m
+iWKoA7UXoffmGNizyGiP//zkzkp4wTStD9G8i9TA3BSSKIFtHQqYFqYQlJQEopRd
+ju8KIHPORXxyR1GX58V0UUJ2Gtzk4AHRS5/XqAqSHyQyI9YK0O79iufx6nGW+zkR
+c1MmVp4YkhQcHB5NbWH0XC/6lOn5jfx7hNfQDbPBemPOpBZ2n9V13ckxhgynlurh
+hBNQQT526cZmxhLTXWrSRcuFiWjtpi8CgJaWMw7ebhncLb1dHlebq8cispqJn2vK
+v6pgoN0aJvtKZC8ugHi62SniVaX22B55QQDbfhGFvlhWnzJSl4=
+=8KJk
+-----END PGP SIGNATURE-----
+```
+
+
+
+### Content Security Policy (CSP)
+
+https://content-security-policy.com/examples/
+
+https://www.magentix.fr/blog/strategie-de-securite-du-contenu-content-security-policy.html
+
+
+
+Ajouter l'entête:
+
+```html
+<meta http-equiv="Content-Security-Policy" content="default-src 'self'; img-src https://*; child-src 'none';">
+```
+
+```php
+<?php
+	header("Content-Security-Policy: default-src 'self'");
+?>
+```
+
+
+
+### HSTS
+
+https://hstspreload.org/