On Mon, Aug 26, 2002 at 06:54:30PM +0100, Raphael Mankin wrote:
Sudo is purely for interactive use: it requires you to type a password. Suexec
Not necessarily. Usually the very first thing I do after I install a new system is add 'lxs : NOPASSWD all' with visudo (I believe that's rite, but it might not kwite be).
Sudo is a very flexible program which allows you to add the privileges of any user for any command to any set of users.
I would suggest: 1: Set up sudo so 'nobody' can run 'myscript' 2: Validate the IP address. Do not let anything which doesn't match completely through. Watch out for special IP addresses like 127.0.0.1 and 255.255.0.0 (&c). Beware of buffer overflows. 3: Run 'myscript', passing the IP as a parameter. 'myscript' runs iptables to ban the IP and adds an appropriate line to the firewall script.
If you follow RM's instructions, beware of 'disk full' DoS attacks and similar.
Isn't the random quote appropriate?
Alexis