Errar es humano. Propagar errores automáticamente es #devops

https://vsis.online/

  • 2 Posts
  • 38 Comments
Joined 1 year ago
cake
Cake day: June 18th, 2023

help-circle

  • vsis@feddit.cltolinuxmemes@lemmy.worldIT Department's Plan
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    1
    ·
    4 months ago

    target the largest market segment to gain the most conversions.

    Windows market share is bigger in desktop only. In fact, is kinda sad that still there are serious institutions using Windows for non-desktop stuff. I hope this incident changes it.

    the real difference is you need a few decades of linux experience to fix anything in a timely manner.

    [ citation needed ] Probably you are meaning desktop again. Although troubleshooting Windows is not easy task neither, there are way more desktop users familiar with it.

    The real thing is

      1. There is no single “linux” OS. There are lots of different OSes based on Linux kernel. And they are for servers, desktop, embedded systems, smartphones, etc.
      1. More important. Security is a process, not a product from a vendor. The root cause of this incident is that some institutions are seeing that you just buy “security”, install it, and call it a day. No important stuff should auto-update. And no institution should auto-update lots of important stuff at the same time.

    So, Linux is not really more secure. But is built in a culture where security is taken more seriously.











  • Some security tips:

    Firewall should block everything by default, and you start allowing incoming and outgoing connections when you need them or if something fails.

    Disable passwords and root access in ssh daemon.

    Use fail2ban or something similar to block bots failing to log-in.

    Use random long passwords for everything (eg: like databases). And put then in a password manager. If you can remember the database password, it’s not strong enough. If you can remember the admin password for a public web service, it’s weak.

    Don’t repeat the passwords. Everything should have its own random long password.

    .env files and files with secrets should be readable only by its service user. Chmod them to 400.

    Monitor logs from time to time to see if something funny is happening.