[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Health] Securing GNU Health server
From: |
Axel Braun |
Subject: |
Re: [Health] Securing GNU Health server |
Date: |
Fri, 28 Mar 2014 19:11:13 +0100 |
User-agent: |
KMail/4.11.5 (Linux/3.11.10-7-desktop; KDE/4.11.5; x86_64; ; ) |
Hi Vincent,
Am Freitag, 28. März 2014, 15:08:27 schrieb Vincent Buijtendijk:
> Currently I have the install on Linux (Ubuntu, possibly moving to Debian).
> Reason for my security concerns is that it's running on a virtual server
> in a datacenter.
So do we....
> Another option I was thinking about was to encrypt the partition where GNU
> Health and PostgreSQL are installed with something like TrueCrypt?
First, you dont need truecrypt, Linux offers encryption of partitions out of
the box.
Second, it is not a good idea to do so, unless you are running it on a Laptop,
where data can get stolen.
During boot you have to enter the passphrase - may be difficult if you dont
have physical access to the server. Or you have to unlock and mount the
encrypted partition later on - both sounds not ideal for automatic restart of
the server.
Running the server in chroot sounds a good idea. It will protect the rest of
the system if the Tryton/GNUHealth server gets compromized.
You may as well close all ports in the Firewall that are not required, and
move the ssh port to somewhere different than 22. You may as well use a
reverse proxy, or limit the access to your system only for certain IP-
Addresses (which is difficult for clients connecting via DSL or other modes
with changing IP-Address), or you default a VPN.
In general I see the risk of attacks less than for a normal web server. You
have to harden the machine, anyway.
Cheers/Axel
signature.asc
Description: This is a digitally signed message part.