LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
LinkBack Search this Thread
Old 07-31-2007, 10:31 AM   #1
michael.barnes
LQ Newbie
 
Registered: Jan 2007
Location: North Texas
Distribution: SUSE 9, 10; CentOS4,5;Redhat; (K)Ubuntu; Knoppix
Posts: 23

Rep: Reputation: 0
How to set up invisible drop box?


I have a CentOS5 server with a NIC attached to our administrative LAN. This server is basically invisible on the admin network and serves as a gateway to a highly restricted subnet. It has no ports open, does not respond to ping, etc. Completely stealth. I need a public drop box on another computer for users to place files needed by this server. I have Samba shares available on the admin LAN.

What I want to do is have the stealth box monitor the public drop box folder. When a file is placed in the folder, the stealth server must retrieve the file, then delete it from the public folder. I cannot mount the folder on the stealth server, that would defeat the stealthiness.

I have thought of using a cron job with scp or wget or something. But that poses a couple of problems for me. First, I don't know how it would delete the file in the remote folder. Plus, I need a fairly fast response time, so the cron job would have to run every minute. My problem with that is the file transfer time. In the case of large files, the cron job will restart the copy script before the first one is done. Ultimately, I get a bunch of transfer scripts going, all trying to transfer the same file, until things start to lock up.

One thought I had was for the public folder to detect a new file and issue a UDP or other one-way broadcast, which the stealth server could listen for but not reply or respond to. That could trigger the transfer script to process the file. I'm just not smart enough to set that up.

Any and all ideas, questions, or comments appreciated.

Michael
 
Old 07-31-2007, 04:01 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,345

Rep: Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945
i'm not sure i totally follow the issues of mounting being a security risk. i would probably look to do an scp with preshared keys and if you feel that the copy job would take too long i would just look to either use some form of flag file to lock the script out, or just check for an scp process in the output of ps or similar to look for before starting the copy. in fact why not just see if a file is already in the local location, even partly. that would be fairly clean if you then delete the remote file before returning your attention to the local file. back on the mounting side, you could make things simpler with scp if you were to replace the scp command itself with an sshfs mount and then just mv files as if they were local.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Drop connections to port 80 at firewall machine also drop at protected network? Niceman2005 Linux - Security 2 10-27-2005 08:21 AM
iptables - drop all -> allow needed OR allow all -> drop specific lucastic Linux - Security 5 12-21-2004 02:07 AM
drop down box / new selection gmarais Programming 4 03-08-2004 02:57 AM
PERL: populating a drop down box from the DB vous Programming 3 08-27-2003 07:41 AM
Is a box set for me? hyperpimp Linux - General 8 06-15-2002 10:59 AM


All times are GMT -5. The time now is 10:33 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration