TIL jump hosts are an existing concept
I do use ClamAV. Most users just run some sort of daily scan, but this is remedial and not preventative.
In order to truly harness clamav’s potential, you need to configure clamonacc on-access scanning. It passes items off to clamd with lowered privileges and prevents file access through inotify until its realtime scan has cleared.
I wonder sometimes if the advice against pointing DNS records to your own residential IP amounts to a big scare. Like you say, if it’s just a static page served on an up to date and minimal web server, there’s less leverage for an attacker to abuse.
I’ve found that ISPs too often block port 80 and 443. Did you luck out with a decent one?
Schneider Electric APC Back-UPS 1500VA, 900W.
They power on self-test okay, but go on to just fail to switchover during outages. I’m still trying to figure out if it is a factor of cumulative time, running hours, or they’re only good for a fixed number of power failures. And whether its the battery or the UPS device itself.
It feels like crashing your car, and then the airbags go off after you’re already mangled and bleeding out.
Retail UPS batteries don’t even last a single year, in my experience. The weekly brownouts and momentary blackouts probably aren’t helping.
At this point, I’m just thinking of building my own with a charge controller, inverter and a bank of car batteries.
Consider running some kind of file integrity monitoring. samhain, tiger, tripwire, to name a few.
considering containerization, but so far, I find it not worth foregoing the benefits I get of a single package manager for the entire server
Just do MAC with either AppArmor or SELinux.
Docker
There’s your first mistake.
Oh, hi, I’m just stopping by from the ‘compile from source and create a systemd unit file’ tribe.
I2P eepsite