0a) Ssh must be reachable from the outside on all machines, as admins need to log as root
Ergo : As All services are required in some normal circumstances, most machines will have two or more services reachable from the outside
(In the future, there could be one ssh-only port forwarded machine on the LAN to act as an admin proxy, with other ssh services only available on the LAN)
0b) All non-root users are assumed "public access", either for missions or for open-source scripts
Ergo : close-sourced scripts should use root access
0c) All files restricted to root are assumed "critical data" by default
Ergo : open-sourced scripts should call a closed-source scripts, stored on the server, who uses root privileges to access critical data
Threat 1 : Root access
1a) Any service can allow to log or lock root with the good vulnerability
Fix : find service libs without either "root shell" or "root password nuke" exploits
1b) Root can read its own password
Fix : delete the /etc/passwd file
1b) Root can read files
Fix : find service libs without either "root computer" or "root file" exploits
Threat 2 : Privilege escalation
2a) metaxploit doesn't need /libs/ permissions to execute an exploit
