On 07/26/2007 10:18 AM, Guillermo Garron wrote:
Hi List,
I am creating a PHP small program that will interact with MySQL and
will have the policies for the people in my office, i.e.:
Who can or can not access MSN messenger
Who can or can not access WWW
etc. once this is stored, a shell script with the iptables rules
should be created, and then run.
I do not want to run it with Apache, so I was thinking on creating a
CRON job that will run it as root once every n minutes, but the issue
i see here, is that if somebody "break" my Apache security he will be
able to create any script he likes and my CRON will run it, killing my
server security.
any better ideas about how can I achieve my goal?
thanks in advance.
best regards.
It depends upon how simple the iptables rules are meant to be; however,
you can let the web script write a list of port numbers to disk, and the
cron-job could take that list, validate it, and convert it to a list of
iptables rules.
The validation done by the cron-job would be the key security effort.
HTH
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
