We’re taking customers’ security and privacy pretty seriously.
On that page, you can find the applied securied measures and notes.
Measures
- firewall
- intrusion previention
- ssh daemon hardening
- OS-level permissions (matrix components run under separate Linux user and group)
- docker containers hardening
- single source of trust (any modifications done to matrix components configurations will be wiped and replaced on each maintenance run)
Data access
What data can be accessed by the etke.cc?
- any system file (because of the ssh access with sudo permissions)
- any plaintext (UNencrypted) information (e.g unencrypted text messages from bridged chats)
What data can NOT be accessed by the etke.cc?
- encrypted data (encrypted messages, files, etc.)
Audit
How customers can check what is going on on their servers?
/var/log/auth.log
available by default (due to default OS log rotation policies, there may be files like /var/log/auth.log.1
, /var/log/auth.log.2
, … as well)- The Linux Audit
- In 99.99% of all actions on the customers’ servers performed by the automation system, source code is available on gitlab.com/etke.cc