[Dev] [consensus][due: 2016-08-10] increasing security in Parabola, servers
Luke Shumaker
lukeshu at sbcglobal.net
Sun Jul 31 17:59:05 GMT 2016
On Sat, 30 Jul 2016 23:24:00 -0400,
coadde wrote:
> Hi guys, i would make some changes in the new server, however i would
> propose it to be discussed under consensus first:
>
> * Remove SSL certificates to be more KISS and adhocratic.
What?
Both servers now allow you to just drop files in
`/etc/ssl/misc/certbot-get.d/`, then run `sudo -u keys
/etc/ssl/misc/certbot-get`; as described on the wiki[0].
[0]: https://wiki.parabola.nu/Hacking:Servers/Winston#issuance.2C_renewal.2C_and_installation
> * Use a TOX server as XMPP replacement.
no comment
> * Use our own DNS server.
Been on the todo list forever; go for it.
> * Use NetworkManager (CLI) instead of Netctl.
What!? Why? KISS!
> * Improve IPv6 security against IoT and RFID (keep link-local IPv6 in
> anonymous -> "fe80::")
> * Add firewall
> * Add TOR, DNSCrypt and VPN to increase security.
> * Testing against all type of attacks to check our security settings is ok.
More information about the Dev
mailing list