Кража тонкого рубинового порта веб-сервера к миру
Вы могли также использовать Puppetmaster-меньше системы с помощью распределенного VCS, такого как Мерзавец, с помощью схемы, описанной здесь:
http://bitfieldconsulting.com/scaling-puppet-with-distributed-version-control
0
задан Juanin
8 June 2012 в 20:21
Ссылка
1 ответ
Forgetting configuration of the web services for the moment, the fact that you don't automatically block access to all ports on your server with iptables, and only allow ports you care about, is a worry.
So, lock down all external access to the server using a firewall (iptables), including rules to ensure 127.0.0.1 can always access everything. Then, you can take your time finding out how to limit your applications, but start at the network layer.
Obviously, test it completely first, because you don't want to lock yourself out.
0