I agree w/MasterC, use SSH.
I wouldn't want an automated script updating critical system files on my behalf.
Having port22 open is way more secure than having port 25 or http open...
And if you set it up the way I do, it's almost impossible for someone else to
get in via SSH.
Edit the /etc/ssh/sshd_config file and make three changes.
For the first change; force all connections to use SSH2, it is newer and more
secure than SSH1. Unless you are using an older distro that only has protocol 1,
you won't need the latter.
Make a copy of the following line (uncomment it) and remove the 1.
#Protocol 2,1
Protocol 2
Next; do not allow root to log in directly. Force someone to log in as a regular
user, then "su -" to root...
#PermitRootLogin yes
PermitRootLogin no
Last, but most important; change the port that SSH is expecting connections on:
#Port 22
Port XX (where XX = your new portnumber)
See
http://dshield.org/ and pick a port number that has nothing else running on it.
Then change the port num to that.
Here's an example of a port that has nothing assigned to it, and no viruses/trojans
are targeted at it.
http://dshield.org/port_report.php?port=60 Change the 60 to
some other port number (like 59) to see a slightly different example (trojan).
Note: Do not change the /etc/services file. This way incoming SSH connections still
get directed to port 22 (which will fail).
Now, not only does someone have to know that you are accepting SSH connections,
but they also have to know which port it is running on...
To initialize the changes, restart sshd:
# /etc/init.d/sshd restart
And don't forget to open up a hole in the firewall for the new port number that you've
assigned to SSH.
---
To log in via SSH on a different port than the default, use the -p option:
# ssh -p XX hostname
To test, try:
$ ssh localhost
ssh: connect to host localhost port 22: Connection refused
$ ssh -p XX localhost
The authenticity of host 'localhost (127.0.0.1)'... <snip>
---
More: If you really want to be anal, you could even put specific host info into
the /etc/hosts.allow and hosts.deny file and only allow certain hosts to connect
via SSH, etc...
HTH,
/Les