Swartz Creek, Michigan: Linux Voodoo offers Linux consulting (and support) services (both free and commercial), Linux compatible hardware and software reviews and sales, Linux servers and desktop, the Voodoo Linux distribution and hardening systems, Linux driver development, Linux news,chat, message boards, Linux embedded jobs, security advisories, Linux howto's and newbie information. linux download red hat directpc direct pc linux linux software linux driver linux tutorial linux mandrake mandrake linux linux command netapp linux mount windows source decss linux game linux hp suse linux linux downloads linux firewall linux server linux programming linux red hat wine linux linux ppt linux operating system embedded linux linux distribution corel linux free linux free linux download linux help force 10baset linux linux laptop reset linux scsi d kill tape /proc linux router linux pda linux wallpaper red hat linux download linux kernel linux router project linux iso linux howto linux how to linux os linux application linux certification linux web hosting linux hosting linux modem peanut linux nokia rs 232 linux modem setting linux for window linux free download linux documentation project linux sms1 linux call back linux problem reading directory linux boot disk linux theme linux cluster linux closing port linux security dialogic linux linux emulator linux training linux startup dual boot window 2000 linux linux magazine linux auto rpm realtek rtl8019 linux driver download robomon linux linux estrutura de diretorios 3c589d config linux timeservice linux linux samba linux dvd player linux .ppt mplayer near download and linux red hat linux 7.2 linux mail server free linux software linux hardwarelinux anti virus redmond linux linux modem driver linux vpn pic microcontroller linux programmer aol for linux linux review linux wireless
WOW on Linux, yes our gaming systems do include World of Warcraft for Linux! Linux Voodoo Gaming systems include one copy of World of Warcraft, 1 year paid subscription to Transgaming.com so you can play over 200 popular Windows games on our linux systems. Too good to be true? Try it out for yourself.
Start shopping
notebooks
desktops
servers
appliances
accessories
software
Howto's
How to run Caudium as a non-privileged user; How to secure Caudium
Web servers are usually publicly accessible and represent your company, group
or entity so there are chances you want to strengthen the security of this
service.
As I already mentioned Caudium has a good security for public access behind
mostly written in a script language. However Caudium runs as root by
default. In the case a non-authorized user gains access to Caudium's
process, he might gain root privileges. Consequently,a lot of web servers run
as another user with minimal privileges. Doing this may require some
work, as you will have to change the owner of all the files Caudium needs
access to, so I give step-by-step instructions how to change those
permissions:
Find a good user name. This user name should be a normal user with the least privileges. Lots of distributions already have a special account for this. Common names include "www", "www-data", "httpd", "nobody" (Caudium on Debian GNU/Linux runs as www-data:www-data by default). We don't recommend "nobody" though; to quote Theo de Raadt:
$ ls -l
total 32
drwxr-sr-x 6 www-data www-data 4096 Feb 13 23:17 argument_cache
drwxr-sr-x 2 www-data www-data 4096 Feb 19 09:27 bgcache
drwxr-sr-x 2 www-data www-data 4096 Mar 4 22:28 configurations
drwxr-sr-x 4 root staff 4096 Feb 13 23:16 local
drwxr-sr-x 7 www-data www-data 4096 Mar 3 11:50 logs
drwxr-sr-x 2 root staff 4096 Feb 13 23:16 readme
drwxr-sr-x 19 www-data www-data 4096 Feb 19 20:13 server
drwxr-sr-x 2 www-data www-data 4096 Mar 3 19:28 var
$ id www-data
uid=33(www-data) gid=33(www-data) groups=33(www-data)
If users are allowed to log on the server, you might also change the
permissions of the logs directory.
If you have a Caudium specific distribution for your system (such as Debian GNU/Linux) check manually.
Don't forget to change the permissions of any script/directory you made
and for which Caudium needs to write to in your public filesystem.
Log into the CIF., go in the main Global variables tab, then in
Change uid and gid type the uid:gid data you choose. We typed 33:33
in our example. You can also type a login name and group name: www-data:www-data.
You can also enable the Change uid and gid permanently option but be sure to read the documentation first.
I will now speak about general security measures you can take if you are
very strict about security.
Don't allow users to execute scripts that are part of the server.
As Caudium is a single process server, it is possible to stop it, restart
it, access it, etc. with a user script. This include pike scripts, pike tag,
and PHP modules for Caudium.
If you do want to let your users run scripts, you can always use
CGI, or better uniscript (in this case it will be transparent to the user), in
order to run a script in a separate process using the fork(2) system call.
This will decrease the performance of Caudium but the security has a price,
and it is up to you to decide how much you want to pay.
Uniscript is a CGI-like wrapper. It will execute programs
as if they were CGI scripts but unlike CGI, it does not require you
to put these programs under a specific directory like /cgi-bin/. For
example each user can have his or her CGI script in his or her directory.
Moreover Caudium can execute them with the uid of the owner.
Don't use anything you don't need. Remove any modules you don't need in your virtual server.
Physically restrict access to the CIF.. Don't access it from the Internet if
possible. Few people know this, but it is now possible to see SSL
connections in clear text with a man-in-the-middle attack.
The dsniff software contains all the tools and explanation for this.
Turn off these options:
Global Variables -> show_internals.
Global Variables -> Version numbers -> Show Caudium Version Number.
Global Variables -> Version numbers -> Show Pike Version Number.
Turn off any debug options specific to a module. These
options are for developers, and they don't have security in
mind when they debug output.
Actually, this is security through obscurity and doesn't
increase the security of the server.
--Grendel
Output Caudium's log files to a separate partition. /var is a good choice for
that purpose.
Check the Caudium web site for patches.
If your job relies on your web server security, check the Caudium source.
Now Shipping from:
California - Florida - Georgia - Massachusetts - Michigan - New Jersey - Pennsylvania - Tennessee - Texas
We only ship within the USA and APO's.
We do not ship on national US holidays or on weekends.
Asterisk Debian Linux, WOW on Linux, yes our gaming systems do include World of Warcraft for Linux! Linux Voodoo Gaming systems include one copy of World of Warcraft, 1 year paid subscription to Transgaming.com so you can play over 200 popular Windows games on our linux systems. Too good to be true? Try it out for yourself.
