Securing-a-server.md

-TODO
+Threats against a rented service server:  
+0) Someone on the router is able to block the port  
+Fix : all following security measures must be applied on the router too.  
+0b) Anybody on the LAN can contact the router  
+Fix : non-root users must *never* have execute rights to Browser.exe, *for all machines on the LAN*  
+
+1) Someone with read-write access can scp a binary with the X permission (/libs/ permission is not required to execute an exploit)  
+Fix : delete all user folders and remove "u" perms for "everyone"  
+2)  
+- find service libs without either "root shell" or "root password nuke" exploits
+- delete the passwd file (is this even normal?)
+- make sure Browser.exe isn't available to normal users
 
 Copy from issue 9
 THIS MODEL IS NOT SECURE TO THE WAY USERS CAN USE ESCALATION SCRIPTS