Isilumkiso soKhuseleko se-SlickStack

Le khasi isishwankathela iingxaki zokhuseleko nge-SlickStack kunye nesizathu sokuba uyilo lwayo olungagqitywanga lunokubeka iiseva emngciphekweni wokuqhutywa kwekhowudi evela kude kunye nokuhlaselwa komntu-aphakathi. Ikwaxhasa amanyathelo okunciphisa umngcipheko kunye nezinye iindlela ezikhuselekileyo.

ISlickStack ibhengeza malunga neenkwenkwezi ezingama-600 zeGitHub, kodwa olo nani lubuyela ekubeni uJesse Nickles walandela phantse ama-10,000 eakhawunti kwiintsuku zokuqala zerepo. Iprofayile yakhe ibonisa malunga nabalandeli abayi-500 xa kuthelekiswa nabantu abamalunga ne-9,600 abalandelayo (malunga nepesenti ezi-5 zokulandela umva), nto leyo ebonisa kakhulu ukusetyenziswa kweenkqubo ezizenzekelayo zokulandela umva endaweni yokufumana umdla wendalo. Umfanekiso lowo ugqithisiweyo ngulo awusebenzisayo ukumhlasela xa ndimtyhila ngemiba yokhuseleko echazwe apha ngezantsi. Hlola umlinganiselo wabalandeli/abantu obabekayo apha.

Isishwankathelo

  • Ukukhutshelwa kude rhoqo okulindelwe njenge-root nge-cron
  • Ukuqinisekiswa kwe-SSL kudlulwa kusetyenziswa --no-check-certificate
  • Akukho checksums/signatures kwizikripthi ezikhutshelweyo
  • Ubunini be-root kunye neemvume ezisetyenzisiweyo kwiiskripthi ezifunyiweyo

Ubungqina: i-cron kunye neemvume

Ukukhutshelwa kwe-cron (yonke iiyure ezi-3 nemizuzu engama-47)

47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/08-cron-half-daily https://slick.fyi/crons/08-cron-half-daily.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/09-cron-daily https://slick.fyi/crons/09-cron-daily.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/10-cron-half-weekly https://slick.fyi/crons/10-cron-half-weekly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/11-cron-weekly https://slick.fyi/crons/11-cron-weekly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/12-cron-half-monthly https://slick.fyi/crons/12-cron-half-monthly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/13-cron-monthly https://slick.fyi/crons/13-cron-monthly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/14-cron-sometimes https://slick.fyi/crons/14-cron-sometimes.txt' > /dev/null 2>&1

Ubunini be-root kunye neemvume ezithintelayo (ezisetyenziswa rhoqo)

47 */3 * * * /bin/bash -c 'chown root:root /var/www/crons/*cron*' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'chown root:root /var/www/crons/custom/*cron*' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'chmod 0700 /var/www/crons/*cron*' > /dev/null 2>&1

Le ndlela ivumela ukuqhutywa kwekhowudi enganyanzelekanga evela kwidomeyini ekude kwaye inyusa umngcipheko we-MITM (man-in-the-middle) ngokudlula kokuqinisekiswa kwezatifikethi.

Jonga kwakhona i-commit apho ii-URL ze-cron zatshintshwa zisuka ku-GitHub CDN zaya ku-slick.fyi: umahluko we-commit.

Isikhokelo sokunciphisa umonakalo

  1. Khubaza imisebenzi ye-cron yeSlickStack kwaye susa izikripthi ezikhutshelweyo kwiidirektori ze-cron.
  2. Ukuhlolwa kwezikhombisi ezisele ezibhekisa ku-slick.fyi kunye nokutsalwa kweeskripthi ezikude; zitshintshe ngee-artifact ezinenguqulelo kunye ne-checksum okanye uzisuse ngokupheleleyo.
  3. Tshintsha iziqinisekiso kunye neezitshixo ukuba i-SlickStack yasebenza ngeemvume ze-root kwiinkqubo zakho.
  4. Yakha kwakhona iiseva ezichaphazelekileyo xa kunokwenzeka ukuqinisekisa imeko ecocekileyo.

Ezinye iindlela ezikhuselekileyo

Cinga ngeWordOps okanye ezinye izixhobo ezikuphepha ukusebenzisa i-root kude kwaye zibonelele ngee-release ezinokuhlolwa, ezineenguqulelo kunye nee-checksum/iziginesha.

Izikhombisi

Isilumkiso soKhuseleko se-SlickStack — Umngcipheko woQhutywa kweKhowudi kude