[Systems] Sunjammer "test" user

[Samuel Cantero]

On Mon, Apr 4, 2016 at 4:18 PM, Bernie Innocenti <bernie at codewiz.org> wrote:

> On 04/04/2016 03:24 PM, Dave Crossland wrote:
> >
> > On 4 April 2016 at 15:14, Samuel Cantero <scanterog at gmail.com
> > <mailto:scanterog at gmail.com>> wrote:
> >
> >     I'm scared anyway cause apparently someone tampered our wtmp and
> btmp.
> >
> >
> > I agree - if I was a sysad on this box, I would assume it was rootkitted
> > and make a plan to reinstall it.
>
> That would be the right thing to do, but I don't have the time to do a
> full reinstall anytime soon, and I assume Samuel is similarly
> time-constrained :-(
>

I also don't have time to make a full reinstall anytime soon.

The goods news are that I have repair our ldap database. It is working
correctly again. Let's keep sunjammer under extreme observation. We should
continue checking the mail queue and any odd activity.


> Proposal: let's keep moving services from sunjammer to smaller docker
> images one at a time, and then we decommission it altogether.
>
> By the way, from a security standpoint docker images are not much better
> than a monolithic VM like sunjammer: escalating to root works the same
> in both cases.
>
> So if we want to keep hosting untrusted stuff like Wordpress, it is best
> to put it in a VM, but VMs need substantially more maintenance for
> updates, monitoring, etc. So my preference would be to NOT host
> obviously dangerous stuff in the future.
>
> --
>  _ // Bernie Innocenti
>  \X/  http://codewiz.org
> _______________________________________________
> Systems mailing list
> Systems at lists.sugarlabs.org
> http://lists.sugarlabs.org/listinfo/systems
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sugarlabs.org/archive/systems/attachments/20160404/3768db47/attachment.html>