You are not logged in.

#1 2016-03-04 15:26:52

vyu223
Member
Registered: 2013-02-18
Posts: 24

Please verify my Mopidy HTTP server setup is secure.

Hi all,

I just want to make sure that my understanding of this is sufficient and that my setup is secure.

I've tried doing my due diligence through a Google search and reading the wikis, but alas, with my limited knowledge of networking and security, I must ask if someone can very easily digitally tear me a new one.

I'm setting up a Mopidy HTTP server open to the network with no authentication. It is to be run on my personal laptop that has my personal information on it.

The setup is as follows:

-Mopidy HTTP server is run as a separate user.

-That user is in its own group that no other user is a part of.

-That user is not in group "wheel".

-But is in group audio for direct access to external DAC for bit-perfect audio.

-Only users in group "wheel" can use sudo.

-Root login is disabled.

-My personal home directory has no execution permission for "group" and "others" (700).

Is this good enough to secure my system? I also realize that lots of stuff in / is readable by any user. This bothers me, but I can't think of a clean way to rectify this that doesn't get in the way of normal tasks or doesn't break my system. I wonder how bad this could be other than possible wifi passwords stored in plaintext. Ugh. And, if I understand correctly, this is if someone, somehow, through Mopidy's API, is able to perform arbitrary commands as the user that started the server. But I can't assume that won't happen.

Thanks for your time.

Edit: added second bullet point.

Last edited by vyu223 (2016-03-04 15:30:07)

Offline

Board footer

Powered by FluxBB