Anonymous ID: c5ce23 April 29, 2020, 2:35 a.m. No.8959652   🗄️.is 🔗kun

>>8959439

Is this the one that uses mercury in it. i hope its sealed well - When these things come public, i dont want to crash my hoverboard and then need to be carried away by a person in a moon suit

Anonymous ID: c5ce23 April 29, 2020, 2:50 a.m. No.8959712   🗄️.is 🔗kun   >>9714 >>9727

>>8959706

i think you get "full" control over your droplets. its gonna be up to you to secure it. Close all ports you dont need open, only run the bare necessity services. Run them on uncommon ports. Use highest encryption levels you can. Use keys and certs not passwords.

 

but like i said, you cant trust any company nowadays.

Anonymous ID: c5ce23 April 29, 2020, 3:03 a.m. No.8959745   🗄️.is 🔗kun   >>9758 >>9783

>>8959727

Dont run services as root if you can help it.

Make specific service accounts that only have access to the service they are used for. if you have a vpn service running, make an account that has permission to run the vpn daemon, access its files and thats it.

 

setup quotas for disk, proc number, openfile, and bandwitch usages. its not just acces you want to protect against but ddos and other resource based attacks.

 

If you have to get root, setup sudo instead and only allow the account that sudo's to only run certain commands (via sudoers file)

 

i could go all day.

 

its all about reducing the attack surface wherever you can and limiting what access a hacker can get if they do get in. its a big topic.

 

lookup hardening linux.

Anonymous ID: c5ce23 April 29, 2020, 3:08 a.m. No.8959764   🗄️.is 🔗kun   >>9783

>>8959727

Dont think that Docker isolates you from the host system. I used to specifically use Docker as a root exploit at my work so that i could get my work done since i didnt have root privillidges. DAMN YOU LINUX TEAM!