New Members
  • Content Count

  • Joined

  • Last visited

Posts posted by binaryanomaly

  1. 3 hours ago, iswrong said:

    I fully agree. Though, I think in practice this could lead to some problems:

    • Debian does not run AppArmor by default (only Ubuntu).
    • If the user is not aware of AppArmor, they might have troubles using Bittorrent Sync.
    • Bittorrent Sync can also be used as a normal user (there is a systemd unit file for this), this would require different AppArmor profiles.

    That said, I use the following profile:

    (I have created the /home/btsync directory to store folders.)

    Thanks @iswrong I start with your profile for the time being - until we have something from resilio ;)

    Personally I think it would make a lot of sense to have a locked down, secure standard configuration with apparmor (even if it's only for Ubuntu).
    People with special needs can always apply special settings and it makes them think twice
    Imho there is value in a secure standard configuration.

  2. Hi,

    1st question:

    • Is it from a security point of view relatively safe to directly expose the listening port to the internet?

    To my understanding this is necessary if I do not want to use a relay server and all devices are NATed?
    A VPN would restrict use cases a lot.
    I do of course not expose the Mgmt. UI - not sure how safe that would be at all.

    2nd question:

    • Additionally I was wondering why there is no apparmor profile installed by default. Wouldn't that be best practice for applications with direct internet exposure?