question

stefanhart avatar image

Feature Request VenusOS: one start script for one network service / websocket over TLS

Hello,

I'm playing some hours on the command line on the VenusOS 2.33. Because I'm working also as a penetration tester (ethical hacker) and there are some security issues I've some thought about the actual configuration. Unmodified operation in a professional management vlan is therefore not possible.

#1: One should be able to disable services not necessary in some environment, eg llmnrd, simple-upnp, avahi, etc.

In a clear designed system it should be able to do this with the command update-rc.d and remove the corresponding symlink in /etc/rc5.d/. But some services are started here via daemontools supervise.

My workaround for a clear design: I touched a down-file in /services/$SERVICE/ and wrote a simple script eg /etc/init.d/llmnrd-supervised which controls the service via the svc command. Then you are able to enable or disable this service with add or delete of the symlink in rc5.d/

#2: the transmission of the Remote Console password in clear text over port tcp/81 or no password is not state of the art in 2019.

With the change to the lighttpd webserver it would be possible to pass the websocket traffic over tcp/443 and anyway the initial login. And with lighttpd you can have more sophisticated authentication, eg GSSAPI.

Then the VenusOS and the connected stuff can be used to power a computer rack with green energy and you will have a secure setup up to date in 2019.


--

Stefan H



Venus OS
10 |3000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 190.8 MiB each and 286.6 MiB total.

0 Answers