Isilumkiso soKhuseleko se-SlickStack

Le khasi isishwankathela iingxaki zokhuseleko nge-SlickStack kunye nesizathu sokuba uyilo lwayo olungagqitywanga lunokubeka iiseva emngciphekweni wokuqhutywa kwekhowudi evela kude kunye nokuhlaselwa komntu-aphakathi. Ikwaxhasa amanyathelo okunciphisa umngcipheko kunye nezinye iindlela ezikhuselekileyo.

Isishwankathelo

  • Ukukhutshelwa kude rhoqo okulindelwe njenge-root nge-cron
  • Ukuqinisekiswa kwe-SSL kudlulwa kusetyenziswa --no-check-certificate
  • Akukho checksums/signatures kwizikripthi ezikhutshelweyo
  • Ubunini be-root kunye neemvume ezisetyenzisiweyo kwiiskripthi ezifunyiweyo

Ubungqina: i-cron kunye neemvume

Ukukhutshelwa kwe-cron (yonke iiyure ezi-3 nemizuzu engama-47)

47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/08-cron-half-daily https://slick.fyi/crons/08-cron-half-daily.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/09-cron-daily https://slick.fyi/crons/09-cron-daily.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/10-cron-half-weekly https://slick.fyi/crons/10-cron-half-weekly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/11-cron-weekly https://slick.fyi/crons/11-cron-weekly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/12-cron-half-monthly https://slick.fyi/crons/12-cron-half-monthly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/13-cron-monthly https://slick.fyi/crons/13-cron-monthly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/14-cron-sometimes https://slick.fyi/crons/14-cron-sometimes.txt' > /dev/null 2>&1

Ubunini be-root kunye neemvume ezithintelayo (ezisetyenziswa rhoqo)

47 */3 * * * /bin/bash -c 'chown root:root /var/www/crons/*cron*' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'chown root:root /var/www/crons/custom/*cron*' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'chmod 0700 /var/www/crons/*cron*' > /dev/null 2>&1

Le ndlela ivumela ukuqhutywa kwekhowudi enganyanzelekanga evela kwidomeyini ekude kwaye inyusa umngcipheko we-MITM (man-in-the-middle) ngokudlula kokuqinisekiswa kwezatifikethi.

Jonga kwakhona i-commit apho ii-URL ze-cron zatshintshwa zisuka ku-GitHub CDN zaya ku-slick.fyi: umahluko we-commit.

Isikhokelo sokunciphisa umonakalo

  1. Khubaza imisebenzi ye-cron yeSlickStack kwaye susa izikripthi ezikhutshelweyo kwiidirektori ze-cron.
  2. Ukuhlolwa kwezikhombisi ezisele ezibhekisa ku-slick.fyi kunye nokutsalwa kweeskripthi ezikude; zitshintshe ngee-artifact ezinenguqulelo kunye ne-checksum okanye uzisuse ngokupheleleyo.
  3. Tshintsha iziqinisekiso kunye neezitshixo ukuba i-SlickStack yasebenza ngeemvume ze-root kwiinkqubo zakho.
  4. Yakha kwakhona iiseva ezichaphazelekileyo xa kunokwenzeka ukuqinisekisa imeko ecocekileyo.

Ezinye iindlela ezikhuselekileyo

Cinga ngeWordOps okanye ezinye izixhobo ezikuphepha ukusebenzisa i-root kude kwaye zibonelele ngee-release ezinokuhlolwa, ezineenguqulelo kunye nee-checksum/iziginesha.

Izikhombisi