[Systems] Sunjammer "test" user

Bernie Innocenti bernie at codewiz.org
Mon Apr 4 16:18:39 EDT 2016

Previous message: [Systems] Sunjammer "test" user
Next message: [Systems] Sunjammer "test" user
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 04/04/2016 03:24 PM, Dave Crossland wrote:
> 
> On 4 April 2016 at 15:14, Samuel Cantero <scanterog at gmail.com
> <mailto:scanterog at gmail.com>> wrote:
> 
>     I'm scared anyway cause apparently someone tampered our wtmp and btmp. 
> 
> 
> I agree - if I was a sysad on this box, I would assume it was rootkitted
> and make a plan to reinstall it. 

That would be the right thing to do, but I don't have the time to do a
full reinstall anytime soon, and I assume Samuel is similarly
time-constrained :-(

Proposal: let's keep moving services from sunjammer to smaller docker
images one at a time, and then we decommission it altogether.

By the way, from a security standpoint docker images are not much better
than a monolithic VM like sunjammer: escalating to root works the same
in both cases.

So if we want to keep hosting untrusted stuff like Wordpress, it is best
to put it in a VM, but VMs need substantially more maintenance for
updates, monitoring, etc. So my preference would be to NOT host
obviously dangerous stuff in the future.

-- 
 _ // Bernie Innocenti
 \X/  http://codewiz.org

Previous message: [Systems] Sunjammer "test" user
Next message: [Systems] Sunjammer "test" user
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Systems mailing list