[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Health] Securing GNU Health server

From: Axel Braun
Subject: Re: [Health] Securing GNU Health server
Date: Fri, 28 Mar 2014 19:11:13 +0100
User-agent: KMail/4.11.5 (Linux/3.11.10-7-desktop; KDE/4.11.5; x86_64; ; )

Hi Vincent,

Am Freitag, 28. März 2014, 15:08:27 schrieb Vincent Buijtendijk:

> Currently I have the install on Linux (Ubuntu, possibly moving to Debian).
> Reason for my security concerns is that  it's running on a virtual server
> in a datacenter.

So do we....
> Another option I was thinking about was to encrypt the partition where GNU
> Health and PostgreSQL are installed with something like TrueCrypt?

First, you dont need truecrypt, Linux offers encryption of partitions out of 
the box.
Second, it is not a good idea to do so, unless you are running it on a Laptop, 
where data can get stolen.

During boot you have to enter the passphrase - may be difficult if you dont 
have physical access to the server. Or you have to unlock and mount the 
encrypted partition later on - both sounds not ideal for automatic restart of 
the server.

Running the server in chroot sounds a good idea. It will protect the rest of 
the system if the Tryton/GNUHealth server gets compromized.

You may as well close all ports in the Firewall that are not required, and 
move the ssh port to somewhere different than 22. You may as well use a 
reverse proxy, or limit the access to your system only for certain IP-
Addresses (which is difficult for clients connecting via DSL or other modes 
with changing IP-Address), or you default a VPN.

In general I see the risk of attacks less than for a normal web server. You 
have to harden the machine, anyway.


Attachment: signature.asc
Description: This is a digitally signed message part.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]