Digniin Amni oo ku saabsan SlickStack

Boggan wuxuu soo koobayaa walaacyada amniga ee SlickStack iyo sababta naqshaddiisa caadiga ah ay u keeni karto in server-yadu u nuglaadaan fulinta kood fog iyo weerarada dhex-dhexaad (man-in-the-middle). Waxa kale oo uu bixiyaa tallaabooyin yareyn ah iyo beddelaad ammaan badan.

Soo Koobid

  • Soo-dejino fog oo joogto ah oo jadwalaysan sida root iyada oo loo marayo cron
  • Hubinta SSL waa la boodaa iyadoo la adeegsanayo --no-check-certificate
  • Qoraallada la soo dejiyey ma laha checksums/saxiixyo
  • Milkiyadda root iyo rukhsadaha lagu dabaqay skriptyada la soo helay

Caddayn: Cron iyo Oggolaanshooyinka

Soo-dejinta cron (3 saacadood iyo 47 daqiiqo kasta)

47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/08-cron-half-daily https://slick.fyi/crons/08-cron-half-daily.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/09-cron-daily https://slick.fyi/crons/09-cron-daily.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/10-cron-half-weekly https://slick.fyi/crons/10-cron-half-weekly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/11-cron-weekly https://slick.fyi/crons/11-cron-weekly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/12-cron-half-monthly https://slick.fyi/crons/12-cron-half-monthly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/13-cron-monthly https://slick.fyi/crons/13-cron-monthly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/14-cron-sometimes https://slick.fyi/crons/14-cron-sometimes.txt' > /dev/null 2>&1

Milkiyadda root iyo rukhsado xaddidan (si isdaba joog ah loo dabaqay)

47 */3 * * * /bin/bash -c 'chown root:root /var/www/crons/*cron*' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'chown root:root /var/www/crons/custom/*cron*' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'chmod 0700 /var/www/crons/*cron*' > /dev/null 2>&1

Qaabkan wuxuu suurto gal ka dhigaa fulinta kood aan xadidnayn oo laga keeno domain fog wuxuuna kordhiyaa khatarta MITM iyadoo la boodayo hubinta shahaadada.

Sidoo kale eeg commit-kii meesha URL-yada cron laga bedelay GitHub CDN una wareejiyey slick.fyi: farqiga commit.

Tilmaamaha Yareynta

  1. Dami shaqooyinka cron ee SlickStack oo ka saar qoraallada la soo dejiyey galalka cron.
  2. Ka samee kormeer tixraacyada ka hadhay ee slick.fyi iyo soo jiidashada scripts-ka fog; ku beddel walxaha la nooceeyay oo leh checksum ama gebi ahaanba ka saar.
  3. Beddel aqoonsiyada iyo furayaasha haddii SlickStack uu ku socday nidaamyadiina isagoo leh xuquuqda root.
  4. Dib u dhis server-yada saameeyay marka ay suurtagal tahay si loo hubiyo xaalad nadiif ah.

Xulashooyin Badbaado Leh

Ka fiirso WordOps ama qalabyo kale oo ka fogaada fulinta root-ka fog iyo bixiya sii-deynno la kormeeri karo, oo noocaysan leh isla markaana wata checksums/saxiixyo.

Tixraacyo