securing installation

Henning Glawe glaweh at physik.fu-berlin.de
Wed Sep 12 11:36:06 CEST 2007


On Wed, Sep 12, 2007 at 11:10:56AM +0200, Michael Tautschnig wrote:
> [...]
> > The only question is where should I add the code that views the cgi script? 
> >  Should I add in the rcS file?  And where?  I guess some things have to be 
> > configure first before I start the download.
> >
> I think a hook for the task confdir should do; just note that you can't put that
> into the config space :-), but it must go in the NFSROOT instead.

well, the nfsroot is usually exported to a bunch of machines, with
no_root_squash enabled... i.e. unless you have a separate "install-net"
any attacker kidnapping an IP address of a legitimate machine has full access
to the nfsroot ;)

I took a different approach, based on the assumption that the ssh private key
should never leave a client:
- in a hook partition.DEFAULT, the pre-existing installation is searched for
  ssh host keys and this is copied to the tmpfs if the hostname matches (this
  catches the case of a host-rename or swapped hard disk)
- in scripts/DEFAULT/40restore_hostkeys.sh, the keys from tmpfs are copied to
  the freshly installed target.
- in DEFAULT/45log_public_hostkeys.sh, the pubkeys are copied to the logdir,
  so they are uploaded to the logserver in task_savelog

-- 
c u
henning


More information about the linux-fai mailing list