10 Mar
2023
10 Mar
'23
4:53 a.m.
I’m new here, but I build this kind of tech infrastructure in my job. I agree with Yardena
that it makes sense not to put a web server function directly on an internet front line of
defense; if possible you want it somewhere else to avoid opening holes for attackers. You
can simply forward (proxy) the needed ports as suggested. If you’re wanting to retire the
older server or just avoid complexity of maintaining them both that’s also reasonable, but
it isn’t as safe in case Omni or Sudo Room become targets.
As an alternative related to the earlier discussion about logging changes, it might make
sense to use some infrastructure tools like cfengine to track changes as code and
simultaneously make it possible to trivially rebuild a system if it fails, but maybe not
yet as it isn’t familiar to everybody who might be helping.
Sven
6 Apr
6 Apr
7:43 p.m.
New subject: help setup apache2 on new sudogateway
Hi Sven,
I think this situation is pretty unconventional because our entire network is
wide-open with the intent of granting access to literal hackers (albeit
ethical ones who promise to meet our community standards).
The most important thing for this network is uptime, especially when it comes
to access to the building using this infrastructure, so dividing the essential
infrastructure into multiple separate computers multiplies the chances of
downtime.
Also I'm an amateur when it comes to sysadmin stuff, which is why i reached
out for help, but i'm also maybe the only person who is very motivated to move
this infrastructure forward and maintain the door access systems. Other
people don't seem to have time, so I end up having to do things the way I know
how.
I don't know anything about cfengine but I know how to use git, and minimal
wiki editing (which also has the advantage of being more inclusive, which is
our goal). If you are interested in working with me on it that would be great
though!
-jake
On Fri, 10 Mar 2023, Sven Pedersen via sudo-sys wrote:
I’m new here, but I build this kind of tech
infrastructure in my job. I agree with Yardena that it makes sense not to put a web server
function directly on an internet front line of defense; if possible you want it somewhere
else to avoid opening holes for attackers. You can simply forward (proxy) the needed ports
as suggested. If you’re wanting to retire the older server or just avoid complexity of
maintaining them both that’s also reasonable, but it isn’t as safe in case Omni or Sudo
Room become targets.
As an alternative related to the earlier discussion about logging changes, it might make
sense to use some infrastructure tools like cfengine to track changes as code and
simultaneously make it possible to trivially rebuild a system if it fails, but maybe not
yet as it isn’t familiar to everybody who might be helping.
Sven
_______________________________________________
sudo-sys mailing list -- sudo-sys(a)sudoroom.org
To unsubscribe send an email to sudo-sys-leave(a)sudoroom.org
More options at https://sudoroom.org/lists/postorius/lists/sudo-sys.sudoroom.org/
624
days inactive
652
days old
1 comments
2 participants
participants (2)
-
Jake -
Sven Pedersen