Some background information, I am new to setup and follow this guide:
https://www.digitalocean.com/community/articles/automated-provisioning-of-digitalocean-cloud-servers-with-salt-cloud-on-ubuntu-12-04
It explains how to remotely set up a solarium and a salt minion using the salt cloud setup. This also applies to several security measures, setting up another port for ssh, switching root access and creating another user with root privileges to use, but not least, setting up a firewall that opens the user ssh port and ports 4505, 4506 that are used by salt .
Question
The article says nothing about this, but shouldn't the same security measures for minions be taken into account?
The Bootstrap.sh script (which is used to raise the minion (s)) does not seem to implement these settings (for example, running sudo salt 'minion01' cmd.run 'cat /etc/ssh/sshd_config'shows that port 22 is used and root access is allowed for minion. It also sudo salt '*' cmd.run 'ufw verbose status'shows that the firewall is not installed
source
share