[Dev] [consensus][due: 2016-08-10] increasing security in Parabola, servers
Ali Abdul Ghani
blade.vp2020 at gmail.com
Mon Aug 1 16:31:32 GMT 2016
> * Use NetworkManager (CLI) instead of Netctl.
the Unix system design principle is, if it ain’t broke, don’t fix it.
Netctl that comes with distribution is simple enough, well-understood
enough, and stress-tested enough that you really don’t want to mess
with it to get actual work done.
have fun and be free
ali miracle
2016-07-31 10:59 جرينتش-07:00, Luke Shumaker <lukeshu at sbcglobal.net>:
> On Sat, 30 Jul 2016 23:24:00 -0400,
> coadde wrote:
>> Hi guys, i would make some changes in the new server, however i would
>> propose it to be discussed under consensus first:
>>
>> * Remove SSL certificates to be more KISS and adhocratic.
>
> What?
>
> Both servers now allow you to just drop files in
> `/etc/ssl/misc/certbot-get.d/`, then run `sudo -u keys
> /etc/ssl/misc/certbot-get`; as described on the wiki[0].
>
> [0]:
> https://wiki.parabola.nu/Hacking:Servers/Winston#issuance.2C_renewal.2C_and_installation
>
>> * Use a TOX server as XMPP replacement.
>
> no comment
>
>> * Use our own DNS server.
>
> Been on the todo list forever; go for it.
>
>> * Use NetworkManager (CLI) instead of Netctl.
>
> What!? Why? KISS!
>
>> * Improve IPv6 security against IoT and RFID (keep link-local IPv6 in
>> anonymous -> "fe80::")
>> * Add firewall
>> * Add TOR, DNSCrypt and VPN to increase security.
>> * Testing against all type of attacks to check our security settings is
>> ok.
> _______________________________________________
> Dev mailing list
> Dev at lists.parabola.nu
> https://lists.parabola.nu/mailman/listinfo/dev
>
--
Emacs is the ground. We run around and act silly on top of it, and
when we die, may our remnants grace its ongoing incrementation.
More information about the Dev
mailing list