Hello,
I noticed about a week ago that my plex server had been exploited (almost a year ago - ouch). They got shell access as the plex user etc. - even when I ran plex on a non-default port - just my luck. Anyways, I formatted that machine and am now going to reinstall plex; however, I want to harden it a bit. My current thinking is to chroot the plex server processes and then to bring in the media into that chroot via a read-only mount in the chroot. I would limit stuff in the chroot to only the stuff plex needs. Has anyone else tried to harden plex and have any experience to share on this topic? I realize I could run it in a VM and have the VM mount the media storage over NFS or something, but a plain old chroot seems like a lot less overhead and simpler overall. If it were not for my family and friends whom I share plex with, I could just avoid all this by not running a public service (ideal). I thought about having them all connect via VPN, but that would be a tech support nightmare.
Any insight is appreciated!
Michael