HEADLINE: Secure, immediate isolation or power down
DESCRIPTION: When a zero day like heartbleed comes out I want the operating system to give me the option to immediately disconnect from the internet, or even power down the OS. I also want the ability to call these commands myself so that if I have a wider scanner, like Appcanary, I can trigger the shutdown command myself.
I want this command to get called anytime there is a reasonable (>10% chance) that the server could give out shell level access through nothing more than normal internet traffic, and I want the OS to take care of it.
Ubuntu is awesome because it doesn't make me learn stuff unless I want to learn them. The defaults are sensible and configuration is usually pretty easy. I'd like security to be as easy as this.
Immediately bring down the network interface (eth0).
I'm actually curious how you are using and administering Ubuntu Server without knowing these things. Or at the very least, not stumbling across the "shutdown" or "ip" commands--ever.
Perhaps OP means they want to be able to turn on a setting whereby this automatically happens when a big zero day comes out - like, Canonical becomes aware that certain packages are vulnerable and has a way of pushing instructions to affected machines to tell them to isolate themselves.
It's silly I even have to type this out, but I'm clearly aware of sudo shutdown now, and it isn't helpful.
1. I want the system to progressively fallback to more aggressive measures. Don't lock me out of ssh just because nginx has a 0day. Don't take out my static file hosting if there's just a rails vulnerability. This is the type of stuff I don't want to think about I just want to set my paranoia level.
2. Of course I know how to shutdown a server immediately, but knowing when to do a hard shutdown vs one that waits for the processes to clean up isn't something I feel qualified to make a decision on.
I don't understand why usability around security is so brutal. How many times are we going to get locked out of our ssh because of a shitty chown. How many times are our servers going to get hacked and our DBs dumped just because admins and software developers don't have the tools to confidently mitigate 0days? Just make it easy for me.
If you already have a security vulnerability scanner that runs arbitrary triggers when something is detected, can't you just use ssh to run whichever command you want? i.e ssh root@machine 'systemctl halt'
HEADLINE: Secure, immediate isolation or power down
DESCRIPTION: When a zero day like heartbleed comes out I want the operating system to give me the option to immediately disconnect from the internet, or even power down the OS. I also want the ability to call these commands myself so that if I have a wider scanner, like Appcanary, I can trigger the shutdown command myself.
I want this command to get called anytime there is a reasonable (>10% chance) that the server could give out shell level access through nothing more than normal internet traffic, and I want the OS to take care of it.
Ubuntu is awesome because it doesn't make me learn stuff unless I want to learn them. The defaults are sensible and configuration is usually pretty easy. I'd like security to be as easy as this.