Security
Understanding the FixPanic security model
Security is a foundational principle in FixPanic. Since agents execute commands on your production infrastructure, we've built multiple layers of protection to keep your systems safe.
Security Philosophy
FixPanic follows the principle of defense in depth:
Command Whitelisting
Only pre-approved commands can be executed by agents.
Safe Commands (Auto-Approved)
These commands are generally safe and allowed by default:
| Category | Examples |
|---|---|
| Process Info | ps, top, pgrep |
| System Info | uname, hostname, uptime |
| Disk Info | df, du, lsblk |
| Network Info | netstat, ss, ip |
| Log Reading | cat, head, tail, grep (on allowed paths) |
| Service Status | systemctl status |
| Container Info | docker ps, docker logs |
Restricted Commands (Require Approval)
These commands require explicit human approval:
| Category | Examples | Risk |
|---|---|---|
| Service Control | systemctl restart | Medium |
| Process Control | kill -15 | Medium |
| Container Control | docker stop | Medium |
| File Modification | touch, mkdir | Medium |
Blocked Commands (Never Allowed)
These commands are never executed, regardless of approval:
| Category | Examples | Why Blocked |
|---|---|---|
| Destructive | rm -rf, dd | Data loss |
| Privilege Escalation | sudo, su, chmod +s | Security |
| Shell Escape | bash -c, eval, `cmd` | Bypass controls |
| Network Attack | nmap, nc -l | Malicious use |
| System Modification | passwd, useradd | Unauthorized access |
Shell Operators
Shell operators are blocked to prevent command injection:
| Operator | Blocked |
|---|---|
| (pipe) | Yes |
&& (and) | Yes |
|| (or) | Yes |
; (sequence) | Yes |
>, >> (redirect) | Yes |
< (input redirect) | Yes |
` (backtick) | Yes |
$() (command sub) | Yes |
Path Restrictions
Agents are blocked from accessing sensitive paths:
Blocked Paths
| Path | Reason |
|---|---|
/etc/passwd | User information |
/etc/shadow | Password hashes |
/root | Root home directory |
/home/*/.ssh | SSH keys |
/var/lib/docker | Docker data |
~/.aws | AWS credentials |
~/.kube | Kubernetes config |
Allowed Paths
| Path | Purpose |
|---|---|
/var/log | System logs |
/tmp | Temporary files |
/proc | Process information |
/sys | System information |
| Application directories | Your applications |
Resource Limits
Commands are constrained to prevent resource abuse:
| Limit | Default | Purpose |
|---|---|---|
| Execution Timeout | 30 seconds | Prevent hanging |
| CPU Time | Limited | Prevent CPU abuse |
| Memory | Limited | Prevent memory exhaustion |
| Output Size | 1 MB | Prevent output flooding |
Note: These limits can be configured per-cluster for specific use cases. Contact support for custom limits.
Process Isolation
Commands run in isolated environments:
Sandboxing
- Commands execute in separate processes
- No shell expansion
- Clean environment variables
- Limited file descriptors
- No network access from commands
Process Tree
Audit Logging
Every action is logged:
Logged Events
| Event | Details Captured |
|---|---|
| Command Execution | Command, args, timestamp, user |
| Approval Decision | Approved/denied, who, when |
| Connection Events | Connect, disconnect, errors |
| Configuration Changes | What changed, who, when |
Audit Log Format
{
"timestamp": "2024-01-15T10:30:00Z",
"event_type": "COMMAND_EXECUTED",
"agent_id": "agent_abc123",
"cluster_id": "cluster_xyz789",
"user_id": "user_def456",
"command": "ps aux",
"result": "success",
"execution_time_ms": 150
}Log Retention
- Logs retained for 90 days (default)
- Export available for compliance
- Extended retention on enterprise plans
Authentication & Authorization
Agent Authentication
Agents authenticate using:
- Agent ID - Identifies the agent
- API Key - Secret authentication token
- Request IDs - Prevent replay attacks
- Timestamps - Prevent stale requests
User Authentication
Users authenticate via:
- Email/password
- OAuth (Google, GitHub)
- SSO (enterprise)
Authorization Model
| Role | Capabilities |
|---|---|
| Owner | Full access, billing |
| Admin | Manage clusters, agents, users |
| Member | Use chat, view dashboards |
| Viewer | Read-only access |
Network Security
Agent Connections
- Outbound TCP only (agent initiates)
- TLS encryption
- Certificate validation
- No inbound ports required
Platform Infrastructure
- DDoS protection
- WAF (Web Application Firewall)
- Rate limiting
- IP allowlisting (enterprise)
Human-in-the-Loop
The approval system ensures humans control sensitive actions:
When Approval is Required
- Commands not on the whitelist
- Commands affecting services
- Commands modifying files
- Any potentially risky operation
Approval Workflow
- Agent proposes an action
- System pauses and notifies user
- User reviews the exact command
- User approves or denies
- If approved, command executes
See Approvals & Whitelisting for details.
Compliance
FixPanic supports compliance requirements:
| Standard | Support |
|---|---|
| SOC 2 | Audit controls |
| GDPR | Data handling |
| HIPAA | Healthcare data (enterprise) |
| PCI DSS | Payment data (enterprise) |
Security Best Practices
For Users
- Use strong, unique passwords
- Enable two-factor authentication
- Review approval requests carefully
- Whitelist sparingly
- Review audit logs regularly
For Administrators
- Use least-privilege principle
- Rotate API keys periodically
- Monitor for unusual activity
- Keep agents updated
- Configure alerts for security events
For Organizations
- Implement SSO where possible
- Define clear access policies
- Regular security reviews
- Incident response planning
- Employee security training
Reporting Security Issues
If you discover a security vulnerability:
- Email: [email protected]
- Do not disclose publicly
- Provide detailed reproduction steps
- We'll respond within 24 hours
We have a responsible disclosure program and reward valid reports.
Next Steps
- Approvals - Learn about the approval workflow.
- Troubleshooting - Common security-related issues.