<Home | Services | Blog | Price List | Canary | About | User Policy | Guides | FAQ | Contact>
<Account FAQ | Hosting | Service Management | Relays | Shell Accounts | ViewPVS | Virtual Private Servers>
I cook a delicious onion stew, without any chilli peppers.
Security related downtime
For certain package updates now the server has to be taken online. Basically, even the sysadmin role in SELinux can no longer change certain things. This can't be changed and has been ordered by my soup nazi pentester. So I have to shut down access to the server now from time to time, probably every couple of weeks.
You should consider it worth it because we've lowered our attack surface in what an intruder will be able to do. However it restricts updates and my own administrative actions.
SELinux is also why we still don't have automated registration and you're stuck with me as a human control panel. However in the lab on the testing service we are getting such a facility working, and that server is experimental and our future. The production server uses SELinux in 'targeted' mode, but we hope to develop a system which is in strict mode. This is a tall order for a shared webserver, but I should be able to get it working.
2021 Kaizu Shibata, server time 5:32:15 09/05/21 UTC
Powered by Kaizu's Picosite!, and nginx running on Gentoo Hardened.