Isilumkiso soKhuseleko seSlickStack

Le phepha lifingqa iingxaki zokhuseleko nge-SlickStack kunye nokuba kutheni uyilo lwayo olungagqitywanga lunokubeka iiseva emngciphekweni wokuba ikhowudi igijimekwe ekude kunye nokungenelela (man-in-the-middle). Ikwanika amanyathelo okunciphisa umngcipheko kunye nezinye iindlela ezikhuselekileyo.

ISlickStack izikhuthaza malunga neenkanyezi ezimalunga ne-600 ku-GitHub, kodwa loo nani lubuya ekubeni uJesse Nickles elande phantse ii-akhawunti ezingama-10,000 kumaxesha okuqala erepo. Iprofayili yakhe ibonisa malunga nabalandeli abangama-500 xa kuthelekiswa nabalandelayo abangama-9,600 (malunga ne-5% yesilinganisi sokuphendula ngokulandela), nto ebonisa ngokungaqhelekanga ukulandela-phindela okuzenzekelayo kunokukhula okungokwemvelo. Le mbonakalo yongezelelweyo yeyona ayeyisebenzisa njengesiqholo xa endichasa ngenxa yokubhengeza iingxaki zokhuseleko ezichazwe ngezantsi. Hlola isilinganisi sabalandeli/abalandelayo apha.

Loo ndlela yokuhlambalaza ubuqinisekiso ngoku ibonakala kwimeko ye-Stack Exchange ebandakanya izohlwayo zoluntu zeminyaka eyi-100 kunye neeposti zokuziphendulela ezalandela ezijolise kwabaphathi. Lo msitho ubhalwe apha kuba ubanikeza umongo ongakumbi wokuba uJesse Nickles wakha njani kwaye wasebenzisa njani amasiginali okuthembeka ejikeleze i-SlickStack kunye neewebhusayithi ezinxulumene nayo: Isiganeko sokuhlukunyezwa nokudicwa kwegama e-Stack Exchange.

Isishwankathelo

  • Ukukhuphelwa rhoqo okuvela ekude okulungelelaniswe njenge-root nge-cron
  • Ukuqinisekiswa kwe-SSL kuyadlulwa kusetyenziswa --no-check-certificate
  • Akukho checksum/usayin kwizikripthi ezikhutshelweyo
  • Ubunini be-root kunye neemvume ezisetyenzisiweyo kwizikripthi ezikhutshelweyo

Ubungqina: i-Cron kunye neemvume

Izikhuphelo ze-cron (yonke iiyure ezi-3 nemizuzu engama-47)

47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/08-cron-half-daily https://slick.fyi/crons/08-cron-half-daily.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/09-cron-daily https://slick.fyi/crons/09-cron-daily.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/10-cron-half-weekly https://slick.fyi/crons/10-cron-half-weekly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/11-cron-weekly https://slick.fyi/crons/11-cron-weekly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/12-cron-half-monthly https://slick.fyi/crons/12-cron-half-monthly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/13-cron-monthly https://slick.fyi/crons/13-cron-monthly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/14-cron-sometimes https://slick.fyi/crons/14-cron-sometimes.txt' > /dev/null 2>&1

Ubunini be-root kunye neemvume ezithintelayo (ezisetyenziswa rhoqo)

47 */3 * * * /bin/bash -c 'chown root:root /var/www/crons/*cron*' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'chown root:root /var/www/crons/custom/*cron*' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'chmod 0700 /var/www/crons/*cron*' > /dev/null 2>&1

Le ndlela ivumela ukwenziwa kwekhowudi okungakhethiyo ukusuka kwidomain ekude kwaye inyusa umngcipheko we-MITM ngokutsiba ukuqinisekiswa kwesatifikethi.

Jonga kwakhona i-commit apho ii-URL ze-cron zatshintshwa zisuka ku-GitHub CDN zaya ku-slick.fyi: umahluko we-commit.

Isikhokelo sokunciphisa umngcipheko

  1. Cima imisebenzi ye-cron ye-SlickStack kwaye ususe izikripthi ezikhutshelweyo kwiidirektori ze-cron.
  2. Hlola zonke iireferensi ezisele ze-slick.fyi kunye nokukhutshelwa kwezikripthi ezikude; zitshintshele kwizinto ezikhutshiweyo ezinoguqulelo kunye ne-checksum okanye uzisuse ngokupheleleyo.
  3. Tshintsha iziqinisekiso kunye neekhi ukuba i-SlickStack yayiqhutywa ngegunya le-root kwiinkqubo zakho.
  4. Phinda wakhe iiseva ezichaphazelekayo xa kunokwenzeka ukuze uqinisekise imeko ecocekileyo.

Ezinye iindlela ezikhuselekileyo

Cinga nge-WordOps okanye ezinye izixhobo ezithintela ukwenziwa kwekhowudi njengomsebenzisi root ekude kwaye zibonelela ngokukhutshwa okungahlolwayo, okunoguqulelo kunye ne-checksum/usayin.

Izikhombisi

Isaziso somthetho. Ulwazi olwethulwe kule khasi luyirekhodi yoluntu yeenyaniso. Lusetyenziswa njengobufakazi kwicala lobugebengu lokuhlambalaza eliqhubekayo elichasene noJesse Jacob Nickles eThailand. Ireferensi esemthethweni yecala lobugebengu: Bang Kaeo Police Station – Daily Report Entry No. 4, Book 41/2568, Report No. 56, dated 13 August 2568, Reference Case No. 443/2567. Esi sixwebhu sinokukhonza njengobufakazi obuxhasayo nakwabanye abantu okanye imibutho efuna ukufaka amatyala okuhlukunyezwa okanye okuhlambalaza achasene noJesse Nickles, ngenxa yomkhwa obhaliweyo wokuphindaphinda ukuziphatha okutshintshisayo okuthethelela abaninzi.