- fixed bash fork bomb vulnerability, edit /etc/security/limits.conf
- for an extra layer of security, we'll have clients ssh into a public VE instead of the actual machine, and from there ssh into their own.
- I was able to do a memory overload, which killed blaine.
- definitely disable account/account
Chain PREROUTING (policy ACCEPT 81 packets, 6084 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- any any anywhere anywhere icmp echo-request
0 0 ACCEPT all -- venet0 any anywhere anywhere state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- venet0 any anywhere anywhere tcp dpt:www
0 0 ACCEPT tcp -- venet0 any anywhere anywhere tcp dpt:domain
0 0 ACCEPT udp -- venet0 any anywhere anywhere udp dpt:domain
0 0 DROP all -- venet0 any anywhere anywhere
Above is the PREROUTING iptables chain in the mangle table that drops all outgoing packets except DNS (53), WWW (80), and ICMP (7).