8.2. Security
OliveTin should be reasonably secure. Here are some security considerations in the design of the app;
-
Admins have full control over what commands can by run using
config.yaml
. -
OliveTin does not accept any action (command) arguments by design at the moment, as this has huge potential for exploitation and needs to be handled carefully.
-
OliveTin listens on just 1 open public port by default (1337). The rest of the ports only listen on
localhost
so you don’t have to worry about them in your firewall. -
Standard Linux controls can be used to run OliveTin as non-root, with
sudo
permissions if needed. See the action customization section of these docs for more details.