Ideas for improving exozyme security #175
Labels
No labels
bug
duplicate
enhancement
help wanted
invalid
question
security
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Depends on
Reference: exozyme/exozyme#175
Loading…
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This is a huge list of ideas that @ersei and I came up with in #general:exozy.me for improving the server's security.
AppArmor
Give services CAP_NET_ADMIN and have them listen below port 1024 to prevent port hijacking like in #172
Uninstall cronie so boot-time cron jobs can't hijack ports
Isolate services using systemd sandboxing
Chroot/container isolation?
Per-user limits on number of processes, CPU, memory usage, similar to #38
Configure systemd-oomd to not kill important processes
Getting rid of the passwords still hashed with salted SHA1
#181
If you have any other ideas feel free to reply!