We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
For developer team - sudo admin security Topic is solved
For developer team - sudo admin security
I have see the source code of vesta and I have doubt relation to user admin:admin and all privileges that this user has in ubuntu.
Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
So in case the Web server process gets hijacked through some vulnerability, they can have privileges like root with user admin, does vesta have another security mechanism to avoid this ?
Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
So in case the Web server process gets hijacked through some vulnerability, they can have privileges like root with user admin, does vesta have another security mechanism to avoid this ?
Re: For developer team - sudo admin security
Fail2Ban as brute force detection, also you should not host any websites under admin user. Also the templates have open_basedir restrictions active, so I think we can say vesta is save.