[hackerspaces] Wikileaks mass mirroring party

Isaac Hacksimov isaac.hacksimov at patiomaravillas.net
Mon Dec 6 17:28:50 CET 2010


We have used the shell scponly to secure our server and avoid anything
other than rsync for the WL user that could ssh into our machine:
http://sublimation.org/scponly/wiki/index.php/Main_Page

Unfortunately the Debian package for scponly is not compiled with the
required features to work with rsync. Download scpony and compile it
with the option --enable-rsync-compat .

Once installed change the user's shell edition /etc/passwd and change
"/bin/bash" with "/usr/local/bin/scponly"

happy hacking,

Root be with WikiLeaks

isaac

2010/12/6 Steve Clement <steve at localhost.lu>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 12/06/2010 01:47 AM, Sébastien Spike wrote:
>> I second this opinion.
>>
>> I'm currently configuring a FreeBSD jails environment for a wikileaks mirror.
>>
>
> That would be the wiser decision.
>
> For all those who just added a user to their Boxes, use the: rbash
> (restricted) this will "lock" them somehow in until you get either a
> VirtualMachine or some other security going.
>
> As they push you content it might well be that some rogue piece of
> web-script will enumerate the  capabilities on your Machine to
> subsequently snoop your data.
>
>> Once they'll use account, you will then be able to check the content
>> and evaluate if it's or not a legitime use.
>
> On way would be to take a set of files (dunno, 100) hash them, publish
> that hash on a "trusted" platform and compare those hashes.
> But really the best way would be a PGP-sign for each file.
>
> So you already have your ditto WebOfTrust.
>
> cheers,
>
> Steve
> - --
> The Hackerspace in Luxembourg!
> syn2cat Hackerspace.lu A.S.B.L.
> 11, rue du Cimetière | L-8018 Strassen
> http://www.hackerspace.lu
> xmpp:SteveClement at jabber.hackerspaces.org
> mailto:steve at hackerspace.lu
> .lu: +352 20 333 55 65
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iQIcBAEBAgAGBQJM/JfsAAoJEGmiD1Cb5K7p7ZUP/3oW5yoXpPfymYaZS7klW173
> Zj/T4HppLQaYncstPN1+QJMdjXydu5HN6Uo+hOTMWY0phk2YRY91kgHZ8sK33Lnn
> YEfsnV51OfzwSlepFX72JZ9XrsU5lVgT2M6HKrbH/6GT8OjB35hS2ju0KO5jD1Cd
> sfz44Lj1510957W63/mUJihupsuJO0RQLBVJKAT/6/gTIajzvvfVDkTOgv21f9lf
> mPCU2OJEkIx/5XcYWbpWXPG6ttMyp19h+XAh7ganWQzrzomfNInEcRp2sUTDP4X3
> bh+d1ivtFVDW402nqrQpXiAnItXb0IZmhAbNRcDtjWBWzFuDHKV/f/J/fjEpxA66
> eDdLvIScPIM01GAeYW5U3lwRKifghWpbtAs84xTFrI1ucjQJMKULVOrKKml+hxUh
> ceehoF8fFBsYXWrs1Q4IdBYe8r2a19YOe1+XSenCxVRnQje+8gVymcWi739psjwI
> o58xxtBBlgm4Hkfj8sDTK3nUfvenQxmGBXwj692Pbnqnbk6jlzH7/nVWHQ7C5ssf
> cCVBDg/NoxXHzuxOA7Wz1HZbld3mSnljTYzuP+nih6aIqzFz1kLAawd3AQOcP0jo
> 5XILurGMKms2DdgU+nyna/Vuj5GhSdh657GmY4OgWBFF3AnqDnFsziVo/XSwjjI9
> rIXiKI9rFapEYxnKvScT
> =p0tH
> -----END PGP SIGNATURE-----
> _______________________________________________
> Discuss mailing list
> Discuss at lists.hackerspaces.org
> http://lists.hackerspaces.org/mailman/listinfo/discuss
>



-- 
I do not fear computers. I fear the lack of them. - ISAAC ASIMOV

Isaac Hacksimov
# gpg --recv-key E29B1A5D


More information about the Discuss mailing list