X-ISP and Maintaining Multiple Account Records
As with any program that allows users to connect or disconnect the system to or from a network, security concerns must be addressed. The areas of most concern to me are the entering of account passwords at setup time (not dial-up time) and the transmission of authentication data.
X-ISP saves all account information in the .xisprc file in the user's home directory, including user name and passwords for the accounts. The rc file is readable only by the owner, so as long as there has not been a breach of the user's security, there should be no problem. As a secondary line of defense, X-ISP encrypts the password in the rc file using encrypt(3). The key used to encrypt the rc file is scrambled to remove any visibility in the binary. Since the encryption key resides in the source code, the possibility exists that someone could come up with the key and decode a user's rc files. Therefore, it would be best to change the encryption key in the source code before compiling X-ISP. The documentation outlines the procedure for changing the encryption key.
For PAP authentication, X-ISP calls pppd with the +ua option. PPPD version 2.3 no longer supports the +ua option, so if you are using that version of pppd, the PAP authentication mode will not be available. X-ISP creates a temporary file with login details in the user's home directory before calling pppd during a connect request, then removes the file as soon as the connection is established. This prevents any plaintext files with login details from sticking around. For PAP/CHAP-Secrets login, the appropriate files must be edited aside from X-ISP.
A potential liability may occur since X-ISP requires the user to be a member of the root group. Two remedies exist: either create a new group for X-ISP and add appropriate permissions to the program and data files, or use sudo. Creating a new group and adding users and files to it is probably the most straightforward way to tighten security on X-ISP. However, by allowing users access through sudo, the system administrator can allow the use of X-ISP without creating a new group or adding users to the root group and still maintain security integrity.
This should give you a good start with X-ISP, as well as a little insight into how it works. In the next release of X-ISP, a PTT editor will enable users to add entries to the TelCo database. The PTT information editor envisioned for X-ISP version 2.4 enables editing of all tariff rules for PTTs known to X-ISP, and also adding your own PTT information through a versatile GUI interface. The fields of the editor pop-up window shown in Figure 6 are the result of analyzing the PTTs currently known to X-ISP (version 2.3p7) plus a handful more which haven't yet made it into the distribution.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- Profiles and RC Files
- Astronomy for KDE
- Understanding Ceph and Its Place in the Market
- Maru OS Brings Debian to Your Phone
- Snappy Moves to New Platforms
- Git 2.9 Released
- OpenSwitch Finds a New Home
- What's Our Next Fight?
- The Giant Zero, Part 0.x
With all the industry talk about the benefits of Linux on Power and all the performance advantages offered by its open architecture, you may be considering a move in that direction. If you are thinking about analytics, big data and cloud computing, you would be right to evaluate Power. The idea of using commodity x86 hardware and replacing it every three years is an outdated cost model. It doesn’t consider the total cost of ownership, and it doesn’t consider the advantage of real processing power, high-availability and multithreading like a demon.
This ebook takes a look at some of the practical applications of the Linux on Power platform and ways you might bring all the performance power of this open architecture to bear for your organization. There are no smoke and mirrors here—just hard, cold, empirical evidence provided by independent sources. I also consider some innovative ways Linux on Power will be used in the future.Get the Guide