mirror of
https://git.sr.ht/~seirdy/seirdy.one
synced 2024-11-10 00:12:09 +00:00
New note: Mullvad audit
This commit is contained in:
parent
a113963de4
commit
eb0bab76e2
1 changed files with 9 additions and 0 deletions
9
content/notes/mullvad-audit.md
Normal file
9
content/notes/mullvad-audit.md
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
---
|
||||||
|
title: "Mullvad audit"
|
||||||
|
date: 2022-06-26T22:10:33-07:00
|
||||||
|
---
|
||||||
|
[Mullvad's recent audit by Assured AB](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf) was a bit concerning to me. Fail2ban and user-writable scripts running as root is not the sort of thing I'd expect in a service whose *only job* is to provide a secure relay.
|
||||||
|
|
||||||
|
Avoiding and guarding root should be Sysadmin 101 material.
|
||||||
|
|
||||||
|
I recommend any amateur Linux admins read audit reports like this. While some low-priority recommendations are a but cargo-cultish, most advice is pretty solid. Frankly, much of this is the sort of thing a good admin should catch well *before* a proper audit.
|
Loading…
Reference in a new issue