• 131 Posts
  • 3.49K Comments
Joined 1 year ago
cake
Cake day: July 7th, 2023

help-circle



  • You cant. You can only do your best to make it as secure as possible, but given enough time, someone can break it.

    Basic tips:

    • don’t run any services on their defaults ports
    • don’t allow password auth for any exposed service. Ever.
    • run intrusion detection (fail2ban for simple ssh / Crowdsec for something a little beefier)

    For ssh specifically, lock down your sshd config, make sure only key-based auth is enabled, and maybe as an extra step, create a dedicated user, and jail it by only allowing it access for the commands you need to interact with.





  • If it helps with your outlook at all, fascist elements in our government (right-wing, naturally) have been trying and failing to do this shit since the end of WWII. It’s very cyclical, and this is the first real chance they’ve gotten a second try and whatever the flavor of the decade platform is. Red Scare parts I & II, Vietnam, Oil Crisis of the 70’s, and the Cold War of the 80’s, Satanic Panic, and skipping some all the way to the Tea Party bullshit.

    Their entire mindset is just finding something that scares enough people to get elected, then shovel their attempt at moral superiority down everyone’s throats. That’s the platform. It takes hold for a few years then it fails, and the left side of things enjoys a few terms of progress. Trump floundering is a good thing. Trump failing again will push these assholes back into their caves for another decade.













  • I think you’re missing the point of LDAP then. It’s a centralized directory used for querying information. It’s not necessarily about user information, but can be anything.

    What you’re asking for is akin to locally hosting a SQL server that other machines can talk to? Then it’s just a server. Start an LDAP server somewhere, then talk to it. That’s how it works.

    If you don’t want a network service for this purpose, then don’t use LDAP. If you want a bunch of users to exist on many machines without having to manually create them, then use LDAP, or a system configuration tool that creates and keeps them all eventually consistent.