Solution to the UNSAFE Challenge is found here: https://github.com/twlinux/unsafe/blob/answer/SOLUTION.md.
The server has three critical vulnerabilities (that I can think of). Brainstorm for specific ways that you can fix the server, and what other considerations you should make.
- Outdated dependency. email@example.com is vulnerable to directory traversal. Update declaration in
- Unnecessary system services. Use
systemctlto stop unnecessary daemons. Disable remote root login for all services.
- Bad password. Just change it...