Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Harden featureService #21

Merged
merged 5 commits into from Dec 4, 2017

Conversation

Projects
None yet
2 participants
@c-w
Copy link
Member

commented Dec 4, 2017

See CatalystCode/project-fortis-pipeline#239:

  • Ensure packages are up to date
  • Remote outdated deploy script
  • Disable ssh password authentication
  • Enable fail2ban

@c-w c-w requested a review from anthturner Dec 4, 2017

@@ -7,6 +7,7 @@ DUMP_VERSION='v2'
# setup
build_dependencies='curl git build-essential'
sudo apt-get update > /dev/null
sudo apt-get upgrade > /dev/null

This comment has been minimized.

Copy link
@anthturner

anthturner Dec 4, 2017

Member

Add -y to this line to avoid blocking on user input.

This comment has been minimized.

Copy link
@c-w

c-w Dec 4, 2017

Author Member

Yep, got it locally, just need to push it.

This comment has been minimized.

Copy link
@c-w

c-w Dec 4, 2017

Author Member

See 26fc2f1

@anthturner
Copy link
Member

left a comment

LGTM.

One minor note is that fail2ban uses iptables by default IIRC, so we should verify that bringing up iptables via fail2ban doesn't overzealously block access to anything else on the server (like the nodejs app).

@c-w

This comment has been minimized.

Copy link
Member Author

commented Dec 4, 2017

Already tried this on a deployment and everything seems to be working fine :) http://fortis-features.eastus.cloudapp.azure.com/features/name/bogota

Thanks for the review!

@c-w c-w merged commit 17e6044 into master Dec 4, 2017

@c-w c-w deleted the harden branch Dec 4, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.