Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I run a shared RH server at work. I recently added a standalone data aquisition box, and since it could be an attack vector, I want to be smart about securing it.
Security of the DAQ itself doesn't matter. It runs Debian. Because the DAQ is used by technicians, it has autologin and public password. The scary part is that it needs to upload data to the RH web site at odd intervals, but I don't want anyone, even if they root the DAQ system, to be able to cause trouble on the RH server.
Right now the DAQ shared user is user Bob that does not exist on the server. It rsyncs the data to the webserver through ssh. When it does so, it ssh's as a user Charlie on the RH server with public key auth. The directory in the web root for the data and the files there are owned and grouped Charlie; Charlie is not in any other groups including the web- users group.
In principle now the entire world can log onto the webserver via ssh as Charlie. I am looking for suggestion on how to do this differently, or better sandbox that user. The only thing Charlie should be allowed to do is rsync legitimate data files to 1 directory in the web root. Can I remove Charlie's shell altogether and still allow him to use rsync?
Any chance you can reverse the ssh direction, so the DAQ is a stand-alone system and a user on the RH server automatically rsyncs the data from the DAQ?
I considered that, but I want the data available on the server within seconds of measurement. The only thing I could think to do was run a cron script on the server to rsync every 30 seconds or something but that is a lot of unneeded processing considering the DAQ may be off for days at a time and only does a measurement every 10 minutes in use. Maybe that would be OK though.
Understandable. How about if the DAQ sends the data to an unprivileged and jailed account who can only see its own home directory and supporting directories with no shell access? You can use jailkit to set this up easily.
The DAQ would use sftp to dump the file to the jailed user's home, then you have a second script running as Charlie go grab those files when they appear and put them in the proper location in the web root.
You'd want to sanitize the files to make sure there isn't anything malicious in them, but you'd have to do that regardless.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.