[Dev] [consensus][due: 2016-08-10] increasing security in Parabola, servers

Luke Shumaker lukeshu at sbcglobal.net
Sun Jul 31 17:59:05 GMT 2016


On Sat, 30 Jul 2016 23:24:00 -0400,
coadde wrote:
> Hi guys, i would make some changes in the new server, however i would
> propose it to be discussed under consensus first:
> 
> * Remove SSL certificates to be more KISS and adhocratic.

What?

Both servers now allow you to just drop files in
`/etc/ssl/misc/certbot-get.d/`, then run `sudo -u keys
/etc/ssl/misc/certbot-get`; as described on the wiki[0].

[0]: https://wiki.parabola.nu/Hacking:Servers/Winston#issuance.2C_renewal.2C_and_installation

> * Use a TOX server as XMPP replacement.

no comment

> * Use our own DNS server.

Been on the todo list forever; go for it.

> * Use NetworkManager (CLI) instead of Netctl.

What!? Why? KISS!

> * Improve IPv6 security against IoT and RFID (keep link-local IPv6 in
> anonymous -> "fe80::")
> * Add firewall
> * Add TOR, DNSCrypt and VPN to increase security.
> * Testing against all type of attacks to check our security settings is ok.



More information about the Dev mailing list