Aiccu/Security

From SixXS Wiki
Jump to: navigation, search

aiccu.conf

protect your config file

  • see Aiccu/Installation#Configuration:
    • Because your username and password are in the aiccu.config file, it might be a good idea to protect them from being read by anyone but 'root'. Do a
chmod 600 /etc/aiccu.conf
to do this.

use username and password which offer less options

In case the above method didn't stop the attacker :-( Do not use the username and pwd which could give an attacker on your system access to more

  • in your aiccu.conf use instead of the "main username/password for logging into the website" e.g. a TIC password

use a config file from another location

The config file is normally copied to 

/etc/aiccu.conf

You could create it at another place and tell it aiccu like this: 

/usr/sbin/aiccu start /your/path/aiccu.conf

Issue:

  • via top one can still see the aiccu.conf path, so you could hide the call in a shell script for example

use newest GNUtls

Aiccu uses GnuTLS

  • before installing aiccu:
    • make sure you have the newest version
  • after installing:
    • imagine you have compiled aiccu a long time ago


see also

Retrieved from "http://www.sixxs.net/wiki/?title=Aiccu/Security&oldid=4801"