[hackerspaces] Wikileaks mass mirroring party
Mark Huson
mehuman at gmail.com
Mon Dec 6 17:55:31 CET 2010
openssh has chroot jails built in so there is no need to use a wrapper
like scponly anymore.
http://www.debian-administration.org/articles/590
On Mon, Dec 6, 2010 at 11:28 AM, Isaac Hacksimov
<isaac.hacksimov at patiomaravillas.net> wrote:
> We have used the shell scponly to secure our server and avoid anything
> other than rsync for the WL user that could ssh into our machine:
> http://sublimation.org/scponly/wiki/index.php/Main_Page
>
> Unfortunately the Debian package for scponly is not compiled with the
> required features to work with rsync. Download scpony and compile it
> with the option --enable-rsync-compat .
>
> Once installed change the user's shell edition /etc/passwd and change
> "/bin/bash" with "/usr/local/bin/scponly"
>
> happy hacking,
>
> Root be with WikiLeaks
>
> isaac
>
> 2010/12/6 Steve Clement <steve at localhost.lu>:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On 12/06/2010 01:47 AM, Sébastien Spike wrote:
>>> I second this opinion.
>>>
>>> I'm currently configuring a FreeBSD jails environment for a wikileaks mirror.
>>>
>>
>> That would be the wiser decision.
>>
>> For all those who just added a user to their Boxes, use the: rbash
>> (restricted) this will "lock" them somehow in until you get either a
>> VirtualMachine or some other security going.
>>
>> As they push you content it might well be that some rogue piece of
>> web-script will enumerate the capabilities on your Machine to
>> subsequently snoop your data.
>>
>>> Once they'll use account, you will then be able to check the content
>>> and evaluate if it's or not a legitime use.
>>
>> On way would be to take a set of files (dunno, 100) hash them, publish
>> that hash on a "trusted" platform and compare those hashes.
>> But really the best way would be a PGP-sign for each file.
>>
>> So you already have your ditto WebOfTrust.
>>
>> cheers,
>>
>> Steve
>> - --
>> The Hackerspace in Luxembourg!
>> syn2cat Hackerspace.lu A.S.B.L.
>> 11, rue du Cimetière | L-8018 Strassen
>> http://www.hackerspace.lu
>> xmpp:SteveClement at jabber.hackerspaces.org
>> mailto:steve at hackerspace.lu
>> .lu: +352 20 333 55 65
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.10 (GNU/Linux)
>>
>> iQIcBAEBAgAGBQJM/JfsAAoJEGmiD1Cb5K7p7ZUP/3oW5yoXpPfymYaZS7klW173
>> Zj/T4HppLQaYncstPN1+QJMdjXydu5HN6Uo+hOTMWY0phk2YRY91kgHZ8sK33Lnn
>> YEfsnV51OfzwSlepFX72JZ9XrsU5lVgT2M6HKrbH/6GT8OjB35hS2ju0KO5jD1Cd
>> sfz44Lj1510957W63/mUJihupsuJO0RQLBVJKAT/6/gTIajzvvfVDkTOgv21f9lf
>> mPCU2OJEkIx/5XcYWbpWXPG6ttMyp19h+XAh7ganWQzrzomfNInEcRp2sUTDP4X3
>> bh+d1ivtFVDW402nqrQpXiAnItXb0IZmhAbNRcDtjWBWzFuDHKV/f/J/fjEpxA66
>> eDdLvIScPIM01GAeYW5U3lwRKifghWpbtAs84xTFrI1ucjQJMKULVOrKKml+hxUh
>> ceehoF8fFBsYXWrs1Q4IdBYe8r2a19YOe1+XSenCxVRnQje+8gVymcWi739psjwI
>> o58xxtBBlgm4Hkfj8sDTK3nUfvenQxmGBXwj692Pbnqnbk6jlzH7/nVWHQ7C5ssf
>> cCVBDg/NoxXHzuxOA7Wz1HZbld3mSnljTYzuP+nih6aIqzFz1kLAawd3AQOcP0jo
>> 5XILurGMKms2DdgU+nyna/Vuj5GhSdh657GmY4OgWBFF3AnqDnFsziVo/XSwjjI9
>> rIXiKI9rFapEYxnKvScT
>> =p0tH
>> -----END PGP SIGNATURE-----
>> _______________________________________________
>> Discuss mailing list
>> Discuss at lists.hackerspaces.org
>> http://lists.hackerspaces.org/mailman/listinfo/discuss
>>
>
>
>
> --
> I do not fear computers. I fear the lack of them. - ISAAC ASIMOV
>
> Isaac Hacksimov
> # gpg --recv-key E29B1A5D
> _______________________________________________
> Discuss mailing list
> Discuss at lists.hackerspaces.org
> http://lists.hackerspaces.org/mailman/listinfo/discuss
>
More information about the Discuss
mailing list