Rich Kulawiec via Nettime-tmp on Tue, 20 Jun 2023 17:13:27 +0200 (CEST)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: <nettime> Direction of Travel


On Wed, Jun 14, 2023 at 05:21:40PM +0200, Christian Swertz via Nettime-tmp wrote:
> You mean running everything in something like a docker container that can
> easily be shifted to another machine? 

No, that's not what I mean.  There's no reason at all to use any kind
of virtualization, and a number of reasons not to.  I think it would be
a big mistake to introduce docker et.al. here.

So let me explain what I do mean.

Running a quality mailing list operation means making judicious choices
from the bottom up: OS, MTA, firewall, DNS, MLM, everything.  It means
building the entire stack for this purpose (although: doing so isn't
all that much different from building a general-purpose mail server).

As an example of the sort of thing that can/should be done: admins will
need ssh access to the system.  That access should be tightly restricted
(on a default-deny basis) to only those network allocations that the
sysadmins use.  If there are no admins in Peru, Pakistan, or Portugal,
then all incoming traffic to port 22 from those countries should be
dropped.  Same for the rest of the planet.  This of course isn't a panacea
-- brute-force and other attacks against ssh can be still be launched.
But the attackers will have to figure out where to launch them *from*
and then they'll have to figure out how to acquire control of attack
resources in those chunks of network space.

There are many more such choices available, from deciding whether to
enforce FCrDNS checks in the MTA (very good idea) to determining
the filesystem backup frequency ("daily" is good) to figuring out
who should do what (and there's no "best" answer to that).

All of those choices need to be documented, and the documentation should
be checked to make sure it matches implementation.  One way to do this
(and there are others): build while making a checklist of all the steps.
Make sure everything works, make a backup, then wipe it.

Test the checklist by rebuilding the system and seeing if you get back
to where you were (i.e., compare against the backup).  If everything
works, and everything matches, then you have a written, itemized, tested
procedure for building -- and for rebuilding elsewhere, should that ever
be necessary.

If not, then fix the checklist, wipe, and rebuild again.

And then: you need to be utterly ruthless about updating the checklist
every single time a change is made to the running instance; otherwise
the checklist will become outdated.

This is a fair amount of extra work, but the payoff comes if/when you
need it.  (And I have.  I moved a couple dozen mailing lists overnight
due to an outage and nobody but the admins noticed.)

Can some of this be automated?  Yes, but given the infrequency with which
it needs to be done it's not really worth taking the time to automate it
(and to debug the automation).  And: another reason not to automate this
is to force a human being (or three) into the loop and get them to think
about what they're doing.  That will come in handy if the day comes that
this needs to rebuilt somewhere else, and the "somewhere else" is a
slightly different environment that will compel on-the-fly adjustments
in the process.

(That's a lesson I learned.  20+ years ago I had about 80% of the process
automated.  Now I have about 10% automated and that consists of simple
shell scripts that I run by hand.  It works better this way AND it's
easier to teach to others.)

-R
#  distributed via <nettime>: no commercial use without permission
#  <nettime>  is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: https://mail.ljudmila.org/cgi-bin/mailman/listinfo/nettime-tmp
#  archive: http://www.nettime.org contact: [email protected]
#  @nettime_bot tweets mail w/ sender unless #ANON is in Subject: