On 26-Aug-02 Alexis Lee wrote:
On Mon, Aug 26, 2002 at 06:54:30PM +0100, Raphael Mankin wrote:
Sudo is purely for interactive use: it requires you to type a password. Suexec
Not necessarily. Usually the very first thing I do after I install a new system is add 'lxs : NOPASSWD all' with visudo (I believe that's rite, but it might not kwite be).
True it can be done, but you are just opening up your system to hackers. Not a good idea. ;-(
Sudo is a very flexible program which allows you to add the privileges of any user for any command to any set of users.
I would suggest: 1: Set up sudo so 'nobody' can run 'myscript'
Aaargh! This destroys much of the point of user 'nobody'. 'Nobody' should have no privileges whatsoever.
The point of this exercise is to improve security, not to weaken it.
[snip]
If you follow RM's instructions, beware of 'disk full' DoS attacks and similar.
How? 'sort -u' or 'grep -v' to detect duplicates will prevent the IP list growing too big.
Bear in mind, though, that no security measure can be fully automatic. You always have to have a human eye keeping an occasional watch on it. I currently have a list of about 400 IPs that I block from my servers, but then after
30years in the business I do suffer from terminal paranoia.
---------------------------------- E-Mail: Raphael Mankin raph@panache.demon.co.uk Date: 27-Aug-02 Time: 18:50:13 ----------------------------------