[clue-admin] CVS pserver access
Jed S. Baer
thag at frii.com
Mon Mar 14 21:45:07 MST 2005
Well, I'm preparing to set up the CVS pserver, because it seems a
reasonable thing to do to provide anonymous read-only access to the CVS
repository. The reason being that if there's prospects for CLUEbies to
review site developments, but without providing SSH and commit access, I
would like for that to be possible. And, at the moment, I need to do a
little studying to figure out how to allow commit access to the
development area without allowing commit to production anyway, but that's
a tangent.
The only reason I get slightly hesitant about doing this is that it
involves firing up the inetd service, and I figure that the fewer services
running, the fewer exploits there are to worry about. But the pserver
requires inetd, so there's no way around it, AFAIK. Oh, and it's one more
service (meaning inetd itself) to keep configuration data on -- just
looking at it from an overall sysadmin point of view.
I will note that looking at the xinetd.conf manpage, having inetd running
does provide some interesting quasi-IDS sort of features, such as the
SENSOR attribute. And, there was the note over in CLUE-Tech about
throttling dictionary attacks using inetd as well, and maybe that'd be
something to do for ssh, since inetd will be running anyway.
I'll post a followup once I've got it up and running. In the meantime, if
anyone has any particular suggestions, I'm all ears.
jed
--
http://s88369986.onlinehome.us/freedomsight/
Key fingerprint = B027 FEFB 4281 CC72 67D1 4237 F2D0 D356 077A A30E
... it is poor civic hygiene to install technologies that could someday
facilitate a police state. -- Bruce Schneier
More information about the clue-admin
mailing list