Operational security



Winter 2 batch

Security/privacy nerd

What we're covering

tl;dr: security-related production environment best practices

What we're not covering

General stuff

Conservative service management

Rigorous structure (Puppet/Ansible/Chef/etc. - etckeeper is super easy)

Use automatic software upgrades (unattended-upgrades + needsrestart packages in Debian and Debian derivatives)

Encrypt data in motion

General stuff II

Use sudo, not the root account

Disallow all (direct) logins to root

Document setups

Do all of these things now

Secure software sources

Prefer software from official distribution repositories

It's more trustworthy and has stronger authentication/integrity guarantees

Don't install unpackaged software (except your application)

Too hard to manage (esp. for upgrades)

Source installation management

Minimal permissions (don't use sledgehammers like sudo chmod -R 777 .)

Don't allow the app to write to itself

Give write access to logs, temporary files, and state


Restrict logfile permissions

Don't let your app tamper with logs (use syslog, systemd-journald)

Delete your logs

Otherwise you're handing free data to attackers



Vote on whether we'll cover HTTPS or cryptography next week

Access this presentation again


Or get the source code