From 42998c0eb662f978c1521de5851ceecdaa513427 Mon Sep 17 00:00:00 2001
From: Jono Sosulska <42216911+jsosulska@users.noreply.github.com>
Date: Mon, 30 Mar 2020 16:43:26 -0400
Subject: [PATCH] Updated Security Model and FAQ pages (#7528)

* Updated Security Model and FAQ pages
---
 website/source/docs/faq.html.md                | 13 +++++++++++++
 website/source/docs/internals/security.html.md | 12 ++++++++++++
 2 files changed, 25 insertions(+)

diff --git a/website/source/docs/faq.html.md b/website/source/docs/faq.html.md
index 48b22476b..d5a81dd3c 100644
--- a/website/source/docs/faq.html.md
+++ b/website/source/docs/faq.html.md
@@ -105,3 +105,16 @@ available, but that won't otherwise affect the local datacenter. There are some
 situations where a limited subset of data can be replicated, such as with Consul's built-in
 [ACL replication](https://learn.hashicorp.com/consul/day-2-operations/acl-replication) capability, or
 external tools like [consul-replicate](https://github.com/hashicorp/consul-replicate).
+
+## Q: Can Consul natively handle protecting against other processes accessing Consul's memory state? 
+
+Consul does not provide built-in memory access protections, and doesn't interact with the host system to change or manipulate 
+viewing and doesn't interact with the host system to change or manipulate 
+application security.
+
+We recommend taking any precautions or 
+remediation steps that you would normally do for individual processes, based 
+on your operating system. 
+
+Please see our 
+[Security Model](https://www.consul.io/docs/internals/security.html) for more information.
diff --git a/website/source/docs/internals/security.html.md b/website/source/docs/internals/security.html.md
index 284b25fa7..f4a3b0a26 100644
--- a/website/source/docs/internals/security.html.md
+++ b/website/source/docs/internals/security.html.md
@@ -36,6 +36,18 @@ any of the settings below are not enabled, then parts of this threat model are
 going to be invalid. Additional security precautions must also be taken for
 items outside of Consul's threat model as noted in sections below.
 
+* **Consul runs just like any other binary.** Consul runs as a single process 
+  and obeys the same security requirements as any other application on 
+  your system. Consul doesn't interact with the host system to change or 
+  manipulate security values in any way. Take any precautions or remediation 
+  steps that you would normally do for individual processes, based on your 
+  operating system. 
+  Some example remediation steps you could take are outlined below.
+  - Run applications, including Consul, as non-root users with appropriate 
+  configurations
+  - Implement Mandatory Access Control using a kernel security module such as SELinux 
+  - Secure against unprivileged users becoming root
+
 * **ACLs enabled with default deny.** Consul must be configured to use ACLs with
   a whitelist (default deny) approach. This forces all requests to have explicit
   anonymous access or provide an ACL token.