Hey, On 10.09.18 - 11:06, Florian Pritz via arch-devops wrote:
Another issue I have with using tenshi for us is that I'm conflicted about publishing the config we use. I'm worried that an attacker might look at the config and try to stay under the radar and within any alerting limits we set. Then again, there are probably easier ways to attack us. Any opinions here are welcome.
I think it should be fairly easy to put the actual values/limits/thresholds as variables into an ansible vault, so they are encrypted within the public git repository. Just as an idea, I'm not sure if we're already using ansible vaults for things like that or if we want to strictly avoid those. Cheers, Thore -- Thore Bödecker GPG ID: 0xD622431AF8DB80F3 GPG FP: 0F96 559D 3556 24FC 2226 A864 D622 431A F8DB 80F3