Digniin Amni oo ku saabsan SlickStack

Boggan wuxuu soo koobayaa walaacyada amniga ee SlickStack iyo sababta naqshaddiisa caadiga ah ay u keeni karto in server-yadu u nuglaadaan fulinta kood fog iyo weerarada dhex-dhexaad (man-in-the-middle). Waxa kale oo uu bixiyaa tallaabooyin yareyn ah iyo beddelaad ammaan badan.

SlickStack waxa uu ku faanaa ku dhawaad 600 xiddig oo GitHub ah, laakiin tiradaas waxa ay ka dhalatay Jesse Nickles oo raacay ku dhawaad 10,000 koonto bilowgii bakhaarka (repo). Profile-kiisa gaarka ah waxa uu muujinayaa ku dhawaad 500 raacayaal marka loo eego ku dhawaad 9,600 uu isagu raacayo (qiyaastii 5% saamiga dib-u-raacista), taas oo si xooggan u muujinaysa in ay jiraan raacid otomaatig ah halkii ay ka ahaan lahayd xiise dabiici ah. Sawirka buunbuunsan eeas ayuu u adeegsadaa hubayn isagoo i weeraraya anigoo soo bandhigay arrimaha amaanka ee hoos ku xusan. Halkan ka eeg saamiga kuwa ku raacsan/kuwa aad raacayso.

Soo Koobid

Soo-dejino fog oo joogto ah oo jadwalaysan sida root iyada oo loo marayo cron
Hubinta SSL waa la boodaa iyadoo la adeegsanayo --no-check-certificate
Qoraallada la soo dejiyey ma laha checksums/saxiixyo
Milkiyadda root iyo rukhsadaha lagu dabaqay skriptyada la soo helay

Caddayn: Cron iyo Oggolaanshooyinka

Soo-dejinta cron (3 saacadood iyo 47 daqiiqo kasta)

47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/08-cron-half-daily https://slick.fyi/crons/08-cron-half-daily.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/09-cron-daily https://slick.fyi/crons/09-cron-daily.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/10-cron-half-weekly https://slick.fyi/crons/10-cron-half-weekly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/11-cron-weekly https://slick.fyi/crons/11-cron-weekly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/12-cron-half-monthly https://slick.fyi/crons/12-cron-half-monthly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/13-cron-monthly https://slick.fyi/crons/13-cron-monthly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/14-cron-sometimes https://slick.fyi/crons/14-cron-sometimes.txt' > /dev/null 2>&1

Milkiyadda root iyo rukhsado xaddidan (si isdaba joog ah loo dabaqay)

47 */3 * * * /bin/bash -c 'chown root:root /var/www/crons/*cron*' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'chown root:root /var/www/crons/custom/*cron*' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'chmod 0700 /var/www/crons/*cron*' > /dev/null 2>&1

Qaabkan wuxuu suurto gal ka dhigaa fulinta kood aan xadidnayn oo laga keeno domain fog wuxuuna kordhiyaa khatarta MITM iyadoo la boodayo hubinta shahaadada.

Sidoo kale eeg commit-kii meesha URL-yada cron laga bedelay GitHub CDN una wareejiyey slick.fyi: farqiga commit.

Tilmaamaha Yareynta

Dami shaqooyinka cron ee SlickStack oo ka saar qoraallada la soo dejiyey galalka cron.
Ka samee kormeer tixraacyada ka hadhay ee slick.fyi iyo soo jiidashada scripts-ka fog; ku beddel walxaha la nooceeyay oo leh checksum ama gebi ahaanba ka saar.
Beddel aqoonsiyada iyo furayaasha haddii SlickStack uu ku socday nidaamyadiina isagoo leh xuquuqda root.
Dib u dhis server-yada saameeyay marka ay suurtagal tahay si loo hubiyo xaalad nadiif ah.

Xulashooyin Badbaado Leh

Ka fiirso WordOps ama qalabyo kale oo ka fogaada fulinta root-ka fog iyo bixiya sii-deynno la kormeeri karo, oo noocaysan leh isla markaana wata checksums/saxiixyo.