Return to Level1Techs.com

No root, all activity logging setup for community transparent servers

Hello,

If I were to setup a VPS to use along with some of my friends and family, they would expect some transparency and guarantees as to the privacy and security of the server. One of the ways to achieve it, in my mind, would be to disable root login and have every change made with administrative account be logged and emailed to everyone involved.

Do you think it is a reasonable setup and how would you go about setting one up? Which tools and procedures would you use.

The reason I’m asking is that if we want to be able to create decentralized ecosystems, they are no different from large centralized systems in terms of data privacy. In some ways it is worse because you are working with a much smaller scope.

We have the same ‘root policy’ where I work. We have to use sudo because it’s logged and audited.

We use Icinga but I do not know how this was established.

Also, you don’t want to send them an email Everytime you do a command because they will get a barrage or emails and you would also need to ensure sensitive data/variables were not present when you do said commands or it would compromise your systems integrity. I do not think what you want is practical.

Instead, I suggest you offer them the ability and or tools to audit you should they choose to do so. Most people won’t have any desire but it is a show of good faith to have the option. Above all though keep your system safe and secure. It doesn’t matter how honest you are if you have a owned system no one will want to use your services.

1 Like