The SecureDrop architecture contains multiple machines and hardened servers. While many of the installation and maintenance tasks have been automated, a skilled Linux admin is required to responsibly run the system.
Responsibilities of SecureDrop administrators
As a SecureDrop administrator, it is your responsibility to:
apply available firmware updates to all SecureDrop hardware
ensure that the SecureDrop environment is physically secure and monitored
investigate and respond to security incidents
schedule and perform required maintenance tasks, such as operating system upgrades
ensure that SecureDrop users adhere to the documented processes for checking SecureDrop, communicating with sources, and reviewing documents
verify the integrity of SecureDrop code
avoid the installation of unsupported code or patches
Responsibilities of the SecureDrop team
The SecureDrop team employed by Freedom of the Press Foundation (FPF) and the SecureDrop community maintain and develop the SecureDrop software, which is offered as open source software, free of charge, and at your own risk.
FPF offers paid priority support services. We are happy to provide assistance with installing the system, with training of administrators and journalists, and with investigation of technical issues and incidents.
Each SecureDrop instance is hosted and operated independently. Freedom of the Press Foundation does not offer systems administration, hosting or “remote hands” services.
When the SecureDrop team becomes aware of a security vulnerability in SecureDrop or its software dependencies, we assess the impact of the vulnerability in the context of existing security mitigations and our threat model. Based on this assessment, we prioritize technical work and external communications.
For high severity issues that require technical changes to SecureDrop, we will issue a point release as soon as possible. As part of issuing a release or advisory, we will post further details on the SecureDrop website and to the support portal.
In rare circumstances when a technical fix is extremely time sensitive, we may provide signed patches to impacted SecureDrop instances. Even in these cases, we ask that you never install code provided to you that is not signed using the current SecureDrop release key.
When in doubt how to resolve an issue, please avoid following technical instructions that have not been vetted by the SecureDrop team. If you encounter bugs, please report them. For sensitive matters, you can contact us via the SecureDrop Support Portal or via our contact form.
Admins are responsible for managing user credentials and encouraging best practices. (See Passphrases and Passphrase Best Practices.) The admin will also have access to the Journalist Interface, via her own username, passphrase, and two-factor authentication method (using a smartphone application or YubiKey).
See User Management for more information on adding and managing users.
Managing the System Configuration
Admins are responsible for configuring and maintaining the system. Several tools are available to support this:
The Admin Interface allows the admin to manage users and configure web interface features such as organizations logos and submission preferences
Server SSH access is also available, to allow administrators to troubleshoot server issues and perform manual updates.
The securedrop-admin utility is used via the Admin Workstation to configure and install SecureDrop, to perform operations including server backups and restores, and to update the server configuration after installation.
Keeping the System Updated
The admin is responsible for ensuring that updates are applied to SecureDrop. Where possible, updates are applied automatically, but some update operations require manual intervention.
The admin should be aware of all SecureDrop updates and take any required manual action if requested in the SecureDrop Release Blog (RSS feed). We also recommend registering with the SecureDrop Support Portal to stay apprised of upcoming releases.
Most often, the SecureDrop servers will automatically update via
occasionally you will need to run
securedrop-admin install or take other manual steps.
If you are onboarded to the support portal, we will let you know in advance of major
releases if manual intervention will be required.
Updates: Network Firewall
Given all traffic first hits the network firewall as it faces the non-Tor public network, the admin should ensure that critical security patches are applied to the firewall.
Because of recent changes to the frequency and scope of security updates, we do not recommend the use of pfSense Community Edition (CE). pfSense Plus continues to receive necessary security updates on a regular basis, and is provided with the purchase of most Netgate firewalls. If you wish to use a custom firewall or alternate option, we recommend using an OPNSense-based solution.
If you’re using one of the network firewalls recommended by FPF, you can subscribe to email updates from the Netgate homepage or follow the Netgate blog to be alerted when releases occur. If critical security updates need to be applied, you can do so through the firewall’s pfSense WebGUI.
No matter which vendor you go with, you should make it a priority to stay informed of potential updates to your network firewall.
The admin should keep all SecureDrop workstations updated with:
Tails updates for each Admin Workstation, Journalist Workstation, and Secure Viewing Station; and
SecureDrop workstation updates for each Admin Workstation and Journalist Workstation.
You should apply Tails updates to your Tails drives as they are released, as they often contain critical security fixes. Subscribe to the Tails RSS Feed to be alerted of new releases. The online Tails drives, once booted and connected to Tor, will alert you if upgrades are available. Follow the Tails Upgrade Documentation on how to upgrade the drives.
Admin and Journalist Workstations automatically check for updates on boot. An update window will pop up when updates are needed, and you should simply follow the prompts in the updater to perform the update.
Note that you will need to have a Tails Administrator password configured to complete the update. If you forget to do so, you will need to reboot to enable it.
Monitoring OSSEC Alerts
SecureDrop uses OSSEC to monitor the servers for unusual activity caused by system configuration issues or security breaches. The admin should decrypt and read all OSSEC alerts. Report any suspicious events to FPF through the SecureDrop Support Portal. See the OSSEC Guide for more information on common OSSEC alerts.
Do not post logs or alerts to public forums without first carefully examining and redacting any sensitive information.