Jack Singleton
Jack Singleton
According to @paulproteus we can work on a patch for Sandstorm to prevent sandstorm from leaking its IP address. we should look at that
... to make it really quick to get up and running
- what level of testing would make sense? ServerSpec seems quite low level could we do some broader acceptance testing? - can we use travis or snap-ci to test this?...
we should especially have a way to monitor ram usage over time even better would be to also monitor response time nagios? zabbix?
There's a neat trick people do where they embed dropbear (a small ssh server) into the ramdisk, which allows you to ssh and enter the luks password while booting the...
some tools to evaluate: - auditd - snort - chkrootkit and rkhunter (see: https://github.com/equalitie/Caislean/blob/master/doc/security.md#rootkit-and-filesystem-alteration-checking)
I think we can just block everything for now until we support ipv6
> There are some things that can be done independently of the sandstorm code. > > Since this specific information leak comes from DNS, and DNS is a common source...
backups
Some docs on backing up sandstorm right now. https://github.com/sandstorm-io/sandstorm/blob/1726902d01a280ae040fbb77a6dd14cbfada2730/docs/administering/backups.md Can we take a live snapshot or do we really have to bring sandstorm down? Also some security minded stuff: -...