0a) Ssh must be reachable from the outside on all machines, as admins need to log as root
Ergo : As All services are required in some normal circumstances, most machines will have two or more services reachable from the outside
(In the future, there could be one ssh-only port forwarded machine on the LAN to act as an admin proxy, with other ssh services only available on the LAN)
0b) All non-root users are assumed "public access", either for missions or for open-source scripts
Ergo : close-sourced scripts should use root access
0c) All files restricted to root are assumed "critical data" by default
Ergo : open-sourced scripts should call a closed-source scripts, stored on the server, who uses root privileges to access critical data
Threat 1 : Root access
Threat 1 : Root access
1a) Any service can allow to log or lock root with the good vulnerability
1a) Any service can allow to log or lock root with the good vulnerability
Fix : find service libs without either "root shell" or "root password nuke" exploits
Fix : find service libs without either "root shell" or "root password nuke" exploits
1b) Root can read its own password
1b) Root can read files
Fix : delete the /etc/passwd file
Fix : find service libs without either "root computer" or "root file" exploits
Threat 2 : Privilege escalation
Threat 2 : Privilege escalation
2a) metaxploit doesn't need /libs/ permissions to execute an exploit
2a) metaxploit doesn't need /libs/ permissions to execute an exploit
