[Systems] Sunjammer "test" user
bernie at codewiz.org
Mon Apr 4 16:18:39 EDT 2016
On 04/04/2016 03:24 PM, Dave Crossland wrote:
> On 4 April 2016 at 15:14, Samuel Cantero <scanterog at gmail.com
> <mailto:scanterog at gmail.com>> wrote:
> I'm scared anyway cause apparently someone tampered our wtmp and btmp.
> I agree - if I was a sysad on this box, I would assume it was rootkitted
> and make a plan to reinstall it.
That would be the right thing to do, but I don't have the time to do a
full reinstall anytime soon, and I assume Samuel is similarly
Proposal: let's keep moving services from sunjammer to smaller docker
images one at a time, and then we decommission it altogether.
By the way, from a security standpoint docker images are not much better
than a monolithic VM like sunjammer: escalating to root works the same
in both cases.
So if we want to keep hosting untrusted stuff like Wordpress, it is best
to put it in a VM, but VMs need substantially more maintenance for
updates, monitoring, etc. So my preference would be to NOT host
obviously dangerous stuff in the future.
_ // Bernie Innocenti
More information about the Systems