|
|
|
|
|
|
by alexandercrohde
2242 days ago
|
|
|
Kind of a tough situation. I personally wouldn't be ready to accept this is the last such vulnerability that will be found. In light of this attack, maybe going forward have a setup script that creates an SSH tunnel back to a machine that can talk to the salt-master for you. You could then have VPN, but if it's flakey at all, it could cost the ability to update machines. Or perhaps (and I say this as a saltstack user) ansible really is the more secure model for those scenarios. |
|
|