I believe in Cloudron's mission 200%. How can I help?

will

I'm not a coder, I work in cyber security. I want to help you guys with Cloudron in any way I can.
What can I contribute?

Respectfully,

Will

nebulon

Hi Will, great that you like what we've built If cyber security is your area of interest, you could investigate if a Cloudron instance has any major or obvious security shortcomings which we can fix. That always helps. Otherwise the best help for us is also if you just help make Cloudron more widely known, in forums you hang out at for example.

JOduMonT

@nebulon said in I believe in Cloudron's mission 200%. How can I help?:

If cyber security is your area of interest, you could investigate if a Cloudron instance has any major or obvious security

I'm more Security CowBoy but, @will would you like to improve the server security by implementing the recommendation of Lynis on Cloudron ?

A plain Ubuntu server score 59%
Cloudron actually score 61%

I was able to reach 94% on a server which host a docker stack

Basically we will have to review the code and applied it to Cloudron when it is possible.
With this focus, in long term Cloudron Box might be able to become PCI-DSS Compliance.

will

@JOduMonT What a great idea! I'm insanely busy this week but I'd love to get a list of recommendations together! Security cowboy is getting the job done!

JOduMonT

@will said in I believe in Cloudron's mission 200%. How can I help?:

Security cowboy is getting the job done!

Here we go:

if anyone want to join this fabulous adventure: https://git.cloudron.io/jodumont/pandora

iamthefij

@JOduMonT said in I believe in Cloudron's mission 200%. How can I help?:

I'm more Security CowBoy but, @will would you like to improve the server security by implementing the recommendation of Lynis on Cloudron ?

What a cool tool!! I haven't seen this before, but I have a feeling I'm going to love it.

I'm also happy to help out when possible. My background is mostly in software engineering and a few decades of personal Linux use. I'm far from a "proper" sys-admin, but have a decently strong background nonetheless.

will

@JOduMonT ::Tentatively clicks the link::
"What the heck is---"
::Opens box that destroys the world::

JOduMonT

@will said in I believe in Cloudron's mission 200%. How can I help?:

::Opens box that destroys the world::

I didn't see it in that way but
if you don't like the name
I'm open to any suggestion

for me it's more we close the box and it become a jewel such as pandora the music box and/or pandora the jewelry

will

@JOduMonT I'm just messing with you! Its a great name and a great idea

girish

Oh, this is a fantastic tool, never heard of it previously. I gave it a quick run and got https://paste.cloudron.io/nihezomima.coffeescript (63% as @JOduMonT already pointed out).

• Some Grub errors
• The /etc/sudoers.d/yellowtent file got a warning because root has write permissions. Not sure what the issue is here. All other sudo files have only read-only access.
• Nginx - 2 errors - Insecure protocols found and Disabled access logging. Have to dig deeper on this one.
• Lots of kernel related issues
• Permissions of home directories. It wants to chmod 750 /home/yellowtent

The grub and kernel issues (which are the bulk of it) are outside the scope of Cloudron especially on a VPS.

JOduMonT

@girish said in I believe in Cloudron's mission 200%. How can I help?:

what the issue is here

sometimes warning are only to warn you such as asking you to take a look, often if you able to explain why it's like that and it sound reasonable from a security perspective it's fine.

The grub and kernel issues (which are the bulk of it) are outside the scope of Cloudron especially on a VPS.

I also don't applied all recommendation because it restrain too much the instance such as an example it will be impossible to login as root from the console unless you reboot at the level 1