I feel pretty comfortable using local wallet/remote MN daemon with a script to email me if anyone manages to logon to the MN via ssh.
I treat my masternode as already compromised, therefore no sensitive info and no wallet, etc, never enter passphrases on it. Then the script below emails me if anyone logs in. The second I see one of those emails, if the ip is not mine, I'll be shutting down by local wallet machine and probably network until I can investigate. I figure the time between when the attacker netstats my home IP and figures out the number of exploits he'd need, I'll have shut down my wallet long before.
Just add something like this to the end of .bashrc
echo 'Root Shell Access (single1) on:' `date` `who` | mail -s "Alert: Root Access"
address@mailbox.comHome network has multiple diverse gateways, and attacker will shut down everything if he tries to come in through available means. Also since the mn is essentially empty/blank, i feel no risk there.
Also supervisord can ensure the process remains up, probably can email the status from there too. Also ping or port scan your box to ensure it's up and 9999 is open, might want to close icmp. Also do masternode list | grep *your ip* to ensure it's still running.
I hadn't thought of process monitoring beyond supervisord, if I put something together maybe I'll post it here.
