25 Mar
2014
25 Mar
'14
2:29 a.m.
On 24 Mar 2014, at 20:21, tor-admin tor-admin@torland.me wrote:
There a couple of sysctrl parameters that Moritz described here: https://www.torservers.net/wiki/setup/server#sysctlconf
That website has at least one glaringly dangerous suggestion, namely
apt-key adv --recv-keys --keyserver keys.gnupg.net 886DDD89
The issue is that he key which is to be fetched from a public, untrusted keyserver using an unauthenticated protocol is not being verified at all. This immediately compromises the entire box in case someone is messing with your upstream traffic.
It would seem advisable to review the remainder of the advice there, and also fix the above problem.
Cheers Sebastian