Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security vulnerability with default setup #43

Open
Deams51 opened this issue Jun 3, 2020 · 1 comment
Open

Security vulnerability with default setup #43

Deams51 opened this issue Jun 3, 2020 · 1 comment

Comments

@Deams51
Copy link

Deams51 commented Jun 3, 2020

The current setup guide for Linux (here) is unsafe.
It's not your role to take care of the server's security, but what do you think about adding a comment at the end about it?

After just a week, one of our servers got infected by the kinsing malware, a cryptocurrency miner.
The issue has been documented here

It could be avoided easily by for example setting up the firewall on the server to prevent access to the redis instance:

sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow 8080
sudo ufw allow 8081
sudo ufw allow 8008
sudo ufw enable
@bmartinn
Copy link
Member

bmartinn commented Jun 3, 2020

Thanks @Deams51 !
That is a great idea, and I think it relates to more than just the Linux install, I guess it would apply to any AMI/GCP image as well (i.e. firewall setup).

Maybe we should have a short document like "Securing your Trains-Server" with the suggested firewall configuration section, and maybe a link to the "Web login authentication" instructions etc.

What do you think?
Any chance you would start it with a quick PR?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Deams51 @bmartinn