English Español Deutsch Français Italiano

mirrors: bzznfzwjjeiwzrsy6xxlsahswldtq2jcfydq7qhopjctt327qlna.b32.i2p kaizushih5iec2mxohpvbt5uaapqdnbluaasa2cmsrrjtwrbx46cnaid.onion

Site logo image

<Home | Services | Blog | Price List | Canary | About | User Policy | Guides | FAQ | Contact>
<Account FAQ | Hosting | Service Management | Relays | Shell Accounts | ViewPVS vendor store | Virtual Private Servers>

I cook a delicious onion stew, without any chilli peppers.
Join the KLOS Community Forum to chat darkweb.

Security related downtime

For certain package updates now the server has to be taken online. Basically, even the sysadmin role in SELinux can no longer change certain things. This can't be changed and has been ordered by my soup nazi pentester. So I have to shut down access to the server now from time to time, probably every couple of weeks.

You should consider it worth it because we've lowered our attack surface in what an intruder will be able to do. However it restricts updates and my own administrative actions.

SELinux is also why we still don't have automated registration and you're stuck with me as a human control panel. However in the lab on the testing service we are getting such a facility working, and that server is experimental and our future. The production server uses SELinux in 'targeted' mode, but we hope to develop a system which is in strict mode. This is a tall order for a shared webserver, but I should be able to get it working.

2023 Kaizu Shibata, server time 10:39:51 31/01/23 UTC

Powered by Kaizu's Picosite!, and nginx running on Gentoo Hardened.

The picosite template file for this website.