English Español Deutsch Français Italiano
Site logo image

Home Services Blog Price List Canary About User Policy Guides FAQ Contact
Account FAQ Hosting Service Management Relays Shell Accounts ViewPVS Virtual Private Servers

Security related downtime

For certain package updates now the server has to be taken online. Basically, even the sysadmin role in SELinux can no longer change certain things. This can't be changed and has been ordered by my soup nazi pentester. So I have to shut down access to the server now from time to time, probably every couple of weeks.

You should consider it worth it because we've lowered our attack surface in what an intruder will be able to do. However it restricts updates and my own administrative actions.

SELinux is also why we still don't have automated registration and you're stuck with me as a human control panel. However in the lab on the testing service we are getting such a facility working, and that server is experimental and our future. The production server uses SELinux in 'targeted' mode, but we hope to develop a system which is in strict mode. This is a tall order for a shared webserver, but I should be able to get it working.

2019 Kaizu Shibata, server time 3:28:42 16/10/19 UTC

Powered by Kaizu's picosite 0.09, nginx, PHP, and Gentoo!

Sponsor of Infantile