Skip to content

Harden featureService #21

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
c-w merged 5 commits into from
Dec 4, 2017
Merged

Harden featureService #21

c-w merged 5 commits into from
Dec 4, 2017

Conversation

@c-w
Copy link
Contributor

@c-w c-w commented Dec 4, 2017
edited
Loading

See CatalystCode/project-fortis-pipeline#239:

  • Ensure packages are up to date
  • Remote outdated deploy script
  • Disable ssh password authentication
  • Enable fail2ban

@c-w c-w requested a review from anthturner December 4, 2017 19:38
anthturner
anthturner reviewed Dec 4, 2017
View reviewed changes
scripts/install.sh Outdated
# setup
build_dependencies='curl git build-essential'
sudo apt-get update > /dev/null
sudo apt-get upgrade > /dev/null
Copy link
Member

@anthturner anthturner Dec 4, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add -y to this line to avoid blocking on user input.

Copy link
Contributor Author

@c-w c-w Dec 4, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, got it locally, just need to push it.

Copy link
Contributor Author

@c-w c-w Dec 4, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See 26fc2f1

anthturner
anthturner approved these changes Dec 4, 2017
View reviewed changes
Copy link
Member

@anthturner anthturner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

One minor note is that fail2ban uses iptables by default IIRC, so we should verify that bringing up iptables via fail2ban doesn't overzealously block access to anything else on the server (like the nodejs app).

@c-w
Copy link
Contributor Author

c-w commented Dec 4, 2017

Already tried this on a deployment and everything seems to be working fine :) http://fortis-features.eastus.cloudapp.azure.com/features/name/bogota

Thanks for the review!

@c-w c-w merged commit 17e6044 into master Dec 4, 2017
@c-w c-w deleted the harden branch December 4, 2017 19:56
@c-w c-w mentioned this pull request Dec 4, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@anthturner anthturner anthturner approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@c-w @anthturner