On 02/03/2021 17:30, Alexander Bokovoy wrote:
On ti, 02 maalis 2021, Ed Greshko wrote:
> On 02/03/2021 06:03, Lennart Poettering wrote:
>> On Fr, 26.02.21 21:01, Alexander Bokovoy (abokovoy(a)redhat.com) wrote:
>>
>>> Digital Ocean updates pushed with cloud-init use. Cloud-init does not
>>> have any native support for systemd-resolved. It means it writes
>>> something that systemd-resolved imports into own state. I would argue
>>> that your arguments for systemd-wide configuration rules do not apply
>>> here. Either you'd need to fix cloud-init or allow for a variance in
>>> input data that comes to systemd-resolved from third parties.
>> Hmm, cloud-init has no direct support for resolved.conf? But how is it
>> then that that file is modified? I don't get it?
>>
>
> Pardon my "editorial" comment here. I'm rather down on Digital Ocean.
Servers in their
> network have been responsible for the majority of sustained brute force ssh attacks
on my
> systems. I find myself filing multiple abuse reports with them weekly.
This can be said about pretty much every public cloud provider with
'cheap' systems that easy to deploy and remove. I see 'ssh' attacks
everywhere to any just created machine.
While I do see attacks from "everywhere" the attacks are generally short lived.
With
Digital Ocean I get attacks that last for hours. I would think these kind of providers
could detect outgoing attacks.
Oh, well.
--
People who believe they don't make mistakes have already made one.