d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
5aca5e2eebde665b3e8dddd139ef804ab7e71413
proxmox/scripts/access-control-audit.sh
defiQUG cb47cce074 Complete markdown files cleanup and organization 
- Organized 252 files across project
- Root directory: 187 → 2 files (98.9% reduction)
- Moved configuration guides to docs/04-configuration/
- Moved troubleshooting guides to docs/09-troubleshooting/
- Moved quick start guides to docs/01-getting-started/
- Moved reports to reports/ directory
- Archived temporary files
- Generated comprehensive reports and documentation
- Created maintenance scripts and guides

All files organized according to established standards.
2026-01-06 01:46:25 -08:00

83 lines
2.8 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# Access control audit and improvements
# Usage: ./access-control-audit.sh
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
SOURCE_PROJECT="/home/intlc/projects/smom-dbis-138"
source "$SOURCE_PROJECT/.env" 2>/dev/null || true
RPC_URL="${RPC_URL_138:-http://192.168.11.250:8545}"
WETH9_BRIDGE="${CCIPWETH9_BRIDGE_CHAIN138:-0x89dd12025bfCD38A168455A44B400e913ED33BE2}"
WETH10_BRIDGE="${CCIPWETH10_BRIDGE_CHAIN138:-0xe0E93247376aa097dB308B92e6Ba36bA015535D0}"
echo "=== Access Control Audit ==="
echo ""
# Check admin roles
check_admin_roles() {
echo "## Admin Roles"
echo ""
# Get admin addresses (if contract has owner() function)
WETH9_ADMIN=$(cast call "$WETH9_BRIDGE" "owner()" --rpc-url "$RPC_URL" 2>/dev/null || echo "N/A")
WETH10_ADMIN=$(cast call "$WETH10_BRIDGE" "owner()" --rpc-url "$RPC_URL" 2>/dev/null || echo "N/A")
echo "WETH9 Bridge Admin: $WETH9_ADMIN"
echo "WETH10 Bridge Admin: $WETH10_ADMIN"
echo ""
# Recommendations
echo "## Recommendations"
echo ""
echo "1. ✅ Use multi-sig wallet for admin operations"
echo "2. ✅ Implement role-based access control"
echo "3. ✅ Regular review of admin addresses"
echo "4. ✅ Use hardware wallets for key management"
echo "5. ✅ Implement rate limiting on bridge operations"
echo ""
}
# Check pause functionality
check_pause_functionality() {
echo "## Pause Functionality"
echo ""
WETH9_PAUSED=$(cast call "$WETH9_BRIDGE" "paused()" --rpc-url "$RPC_URL" 2>/dev/null || echo "N/A")
WETH10_PAUSED=$(cast call "$WETH10_BRIDGE" "paused()" --rpc-url "$RPC_URL" 2>/dev/null || echo "N/A")
echo "WETH9 Bridge Paused: $WETH9_PAUSED"
echo "WETH10 Bridge Paused: $WETH10_PAUSED"
echo ""
echo "## Emergency Procedures"
echo ""
echo "To pause bridge:"
echo " cast send $WETH9_BRIDGE 'pause()' --rpc-url $RPC_URL --private-key \$PRIVATE_KEY"
echo ""
echo "To unpause bridge:"
echo " cast send $WETH9_BRIDGE 'unpause()' --rpc-url $RPC_URL --private-key \$PRIVATE_KEY"
echo ""
}
# Security recommendations
security_recommendations() {
echo "## Security Recommendations"
echo ""
echo "1. **Multi-Signature Wallet**: Upgrade admin to multi-sig for critical operations"
echo "2. **Role-Based Access**: Implement granular role-based access control"
echo "3. **Key Management**: Use hardware wallets or secure key management systems"
echo "4. **Rate Limiting**: Implement rate limiting on bridge operations"
echo "5. **Monitoring**: Set up alerts for admin operations"
echo "6. **Audit Trail**: Maintain comprehensive audit logs"
echo "7. **Regular Reviews**: Conduct regular access control reviews"
echo ""
}
check_admin_roles
check_pause_functionality
security_recommendations
Reference in New Issue View Git Blame Copy Permalink