X-ISP and Maintaining Multiple Account Records
As with any program that allows users to connect or disconnect the system to or from a network, security concerns must be addressed. The areas of most concern to me are the entering of account passwords at setup time (not dial-up time) and the transmission of authentication data.
X-ISP saves all account information in the .xisprc file in the user's home directory, including user name and passwords for the accounts. The rc file is readable only by the owner, so as long as there has not been a breach of the user's security, there should be no problem. As a secondary line of defense, X-ISP encrypts the password in the rc file using encrypt(3). The key used to encrypt the rc file is scrambled to remove any visibility in the binary. Since the encryption key resides in the source code, the possibility exists that someone could come up with the key and decode a user's rc files. Therefore, it would be best to change the encryption key in the source code before compiling X-ISP. The documentation outlines the procedure for changing the encryption key.
For PAP authentication, X-ISP calls pppd with the +ua option. PPPD version 2.3 no longer supports the +ua option, so if you are using that version of pppd, the PAP authentication mode will not be available. X-ISP creates a temporary file with login details in the user's home directory before calling pppd during a connect request, then removes the file as soon as the connection is established. This prevents any plaintext files with login details from sticking around. For PAP/CHAP-Secrets login, the appropriate files must be edited aside from X-ISP.
A potential liability may occur since X-ISP requires the user to be a member of the root group. Two remedies exist: either create a new group for X-ISP and add appropriate permissions to the program and data files, or use sudo. Creating a new group and adding users and files to it is probably the most straightforward way to tighten security on X-ISP. However, by allowing users access through sudo, the system administrator can allow the use of X-ISP without creating a new group or adding users to the root group and still maintain security integrity.
This should give you a good start with X-ISP, as well as a little insight into how it works. In the next release of X-ISP, a PTT editor will enable users to add entries to the TelCo database. The PTT information editor envisioned for X-ISP version 2.4 enables editing of all tariff rules for PTTs known to X-ISP, and also adding your own PTT information through a versatile GUI interface. The fields of the editor pop-up window shown in Figure 6 are the result of analyzing the PTTs currently known to X-ISP (version 2.3p7) plus a handful more which haven't yet made it into the distribution.
Getting Started with DevOps - Including New Data on IT Performance from Puppet Labs 2015 State of DevOps Report
August 27, 2015
12:00 PM CDT
DevOps represents a profound change from the way most IT departments have traditionally worked: from siloed teams and high-anxiety releases to everyone collaborating on uneventful and more frequent releases of higher-quality code. It doesn't matter how large or small an organization is, or even whether it's historically slow moving or risk averse — there are ways to adopt DevOps sanely, and get measurable results in just weeks.
Free to Linux Journal readers.Register Now!
- Three More Lessons
- Django Models and Migrations
- August 2015 Issue of Linux Journal: Programming
- Hacking a Safe with Bash
- The Controversy Behind Canonical's Intellectual Property Policy
- Secure Server Deployments in Hostile Territory, Part II
- Huge Package Overhaul for Debian and Ubuntu
- Shashlik - a Tasty New Android Simulator
- Embed Linux in Monitoring and Control Systems
- KDE Reveals Plasma Mobile