[tor-relays] relay on a vps not exclusively used for tor?
Petrusko
petrusko at riseup.net
Tue Aug 23 08:07:35 UTC 2016
> > Thx for sharing this kernel option, and this experience.
> Under Gentoo Linux it is very easy to have GRSecurity. I do use it
> both on my desktop and my server w/o bigger problems.
>
So I'm thinking about destroying my current vps relay, then rebuild a
new "hardened" one may be more secure (I hope) after reading some tips
about securing Debian... try to do my best, next time :p
> > But if I understand well, a user from the IP address 5.79.67.47 has
> > tried to execute system commands after beeing connected successfully to
> > your boinc instance ?
> That was my understanding - right. OTOH I'm unsure if this is the only
> explanation - maybe there's a harmless one too.
Humm, if using a firewall script (iptables may be too in Gentoo?) to
block everything /from/ the world, I think it's ok?
Activate only SSH + TOR ports open. Boinc will only need to /connect to
outside/ as a client (of course only your personal IP will be able to
connect from outside with the manager)
--
Petrusko
PubKey EBE23AE5
C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20160823/633c035f/attachment.sig>
More information about the tor-relays
mailing list