Gargadin Tsaro na SlickStack

Wannan shafi yana taƙaita damuwar tsaro game da SlickStack da dalilin da ya sa ƙirar sa ta tsohuwa za ta iya sa sabobin su kasance cikin haɗarin aiwatar da lambar daga nesa da hare-haren man-in-the-middle. Hakanan yana bayar da matakan rage haɗari da madadin hanyoyi masu aminci.

Takaitawa

  • Sauke fayiloli daga nesa akai-akai da aka tsara su su gudana azaman root ta cron
  • Ana kaucewa tabbatarwar SSL ta amfani da --no-check-certificate
  • Babu checksum/sa hannu (signature) a kan rubutun da aka sauke
  • Mallakar root da izini da aka sanya a kan rubutun da aka sauke

Shaida: Cron da Izini

Saukar cron (kowane sa'o'i 3 da mintuna 47)

47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/08-cron-half-daily https://slick.fyi/crons/08-cron-half-daily.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/09-cron-daily https://slick.fyi/crons/09-cron-daily.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/10-cron-half-weekly https://slick.fyi/crons/10-cron-half-weekly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/11-cron-weekly https://slick.fyi/crons/11-cron-weekly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/12-cron-half-monthly https://slick.fyi/crons/12-cron-half-monthly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/13-cron-monthly https://slick.fyi/crons/13-cron-monthly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/14-cron-sometimes https://slick.fyi/crons/14-cron-sometimes.txt' > /dev/null 2>&1

Mallakar root da izinin takura (an sanya sau da yawa)

47 */3 * * * /bin/bash -c 'chown root:root /var/www/crons/*cron*' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'chown root:root /var/www/crons/custom/*cron*' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'chmod 0700 /var/www/crons/*cron*' > /dev/null 2>&1

Wannan tsarin yana ba da damar aiwatar da lambar daga wani yanki na nesa kuma yana ƙara haɗarin MITM ta hanyar tsallake tabbatarwar takaddun shaida.

Duba kuma commit inda aka canza URLs na cron daga GitHub CDN zuwa slick.fyi: diff na commit.

Jagorar rage illoli

  1. Kashe ayyukan cron na SlickStack kuma cire skript ɗin da aka sauke daga kundunan cron.
  2. Bincike don saura tunatarwa ga slick.fyi da jan rubutun nesa; maye gurbinsu da kayan da ke da sigar (versioned) kuma tare da checksum, ko cire su gaba ɗaya.
  3. Canja takardun shaidar shiga da makullai idan SlickStack ya gudana da damar root a kan tsarin ku.
  4. Sake gina sabobin da abin ya shafa idan zai yiwu domin tabbatar da tsantsar yanayi.

Zaɓuɓɓukan da suka fi aminci

Yi la'akari da WordOps ko wasu kayan aikin da ke gujewa aiwatarwar root daga nesa kuma ke samar da sakin da za a iya duba su, masu sigar daban-daban, tare da checksums/sa hannun dijital.

Ambatoci