Changeset 2069

Show
Ignore:
Timestamp:
02/18/05 00:21:45 (18 years ago)
Author:
jalet
Message:

Improved the SECURITY document

Files:
1 modified

Legend:

Unmodified
Added
Removed
  • pykota/trunk/SECURITY

    r2028 r2069  
    2020==================================================================== 
    2121 
    22   These recommendations are there because as of April 28th 2003  
    23   PyKota doesn't enforce them. You may or may not follow them, 
    24   depending on your user's IT knowledge, how much your trust them, 
    25   etc... 
    26    
    27 ==================================================================== 
    28  
    2922How to improve PyKota's security : 
    3023---------------------------------- 
    3124 
    32   - Most of the stuff which was there was deleted because PyKota's 
    33     configuration files permissions should take care of most 
    34     security problems. BUT of course, you have to set them correctly ! 
     25  - Secure your printers :   
     26   
     27    Tell them to refuse any print job not coming from your print server.  
     28    Do this with telnet to set ACLs based on incoming IP addresses if  
     29    possible, or through any other way.  
     30         
     31    Put all your printers on a private unroutable subnet, different from  
     32    the subnet on which your client hosts will reside. Ensure that the  
     33    only machine allowed to access to this subnet is your print server.  
    3534     
    36   - Secure your printer :   
     35     
     36  - Secure your print servers :   
    3737   
    38     Tell it to refuse any print job not coming from your print 
    39     server. 
     38    Don't give shell access to your users on your print servers, and  
     39    don't let them execute unauthorized commands : they could very well  
     40    compile and/or execute tools like NetCat, and send datas directly to  
     41    the printer in the case the printer is networked, thus bypassing the  
     42    printing system and PyKota.  
     43         
     44    Ensure that no regular user can read PyKota administrator's  
     45    configuration file, but that both the PyKota Administrator and the  
     46    user the printing system is run as can read it. With CUPS under  
     47    Debian you may want to do :  
    4048     
    41     Don't give shell access to your users on your print server, 
    42     or don't let them execute unauthorized commands : they could 
    43     very well compile and execute tools like NetCat, and send  
    44     datas directly to the printer in the case the printer is 
    45     networked, thus bypassing the printing system and PyKota. 
     49        $ chown pykota.pykota pykota.conf pykotadmin.conf     
     50        $ chmod 640 pykota.conf 
     51        $ chmod 600 pykotadmin.conf 
     52         
     53    Depending on your needs, you may want to put the user the printing  
     54    system is run as in the group 'pykota', and relax permissions a bit  
     55    so that this user can read the pykotadmin.conf file while printing.  
     56    For example :  
    4657     
    47   - Ensure that no regular user can read PyKota administrator's  
    48     configuration file, but that both the print quota administrator and  
    49     the user the printing system is run as can read it. Depending on  
    50     your system's configuration, this may give something like :  
    51      
    52       $ chown lp.lpadmin /etc/pykota/pykotadmin.conf 
    53       $ chmod 640 /etc/pykota/pykotadmin.conf 
    54      
    55     If the print quota administrator is root then he will always be 
    56     able to read PyKota's configuration file. 
     58        $ chmod 640 pykotadmin.conf 
     59        $ adduser lp pykota 
     60          (this makes user 'lp' a member of group 'pykota') 
    5761     
    5862    Letting any user read PyKota administrator's configuration file may  
    59     expose passwords or database information which would allow write 
    60     access to the database, and so may transform your print quota 
    61     management in a nightmare. 
     63    expose passwords or database information which would allow write  
     64    access to the database, and so may transform your print quota  
     65    management in a nightmare.  
    6266   
    6367    If you want to let users generate their own print quota reports,  
    64     then ensure that /etc/pykota/pykota.conf is readable by 
    65     everyone, but writeable only by the root user : 
     68    then ensure that /etc/pykota/pykota.conf is readable by these users.  
     69    To do this you can either put this users in the group 'pykota' while  
     70    ensuring they can't read pykotadmin.conf with 'chmod 600 pykotadmin.conf' 
     71    or simply allow everyone to read pykota.conf with 'chmod 644 pykota.conf' 
     72       
     73  - Secure your CGI scripts :     
     74   
     75    If you use printquota.cgi or dumpykota.cgi, ensure that the user  
     76    they are run as can read the pykota.conf file but NOT the  
     77    pykotadmin.conf file.  
     78         
     79    The particular user they will be run as depends on your web server's  
     80    settings.  
     81         
     82    If you want to further restrict the access to these CGI scripts,  
     83    please read your web server's documentation to add either  
     84    encryption, authentication or both.  
     85         
     86    The CGI scripts will honor the content of the REMOTE_USER CGI  
     87    environment variable which is set by your web server if an  
     88    authentication took place. If REMOTE_USER contains 'root' then, even  
     89    if you didn't authenticate using the real root account and password,  
     90    the scripts will consider they have been run by a PyKota  
     91    administrator and will report all datas if asked to do so. If  
     92    REMOTE_USER is not present, which means that you didn't chose to  
     93    secure access to your CGI scripts, the same will happen. If  
     94    REMOTE_USER contains something else, only datas pertaining to this  
     95    user will be made available through the web.  
    6696     
    67       $ chown root.root /etc/pykota/pykota.conf 
    68       $ chmod 644 /etc/pykota/pykota.conf 
    69        
    70     NB : If you use the printquota.cgi CGI script, ensure that 
    71          the user this script is run as (e.g. nobody or www-data) 
    72          can read PyKota's configuration file /etc/pykota/pykota.conf 
    73          BUT can't read PyKota administrator's configuration file 
    74          /etc/pykota/pykotadmin.conf 
    75          Refer to Apache's documentation for details. 
    76    
     97    NB : In any case, the CGI scripts actually included in PyKota only 
     98    do readonly accesses to PyKota's database. 
     99     
    77100  - Secure your database connection : 
    78101   
     
    93116    explained elsewhere in PyKota's documentation. 
    94117     
    95     For the OpenLDAP backend, YOU have to ensure that no regular 
     118    For the LDAP backend, you have to ensure that no regular 
    96119    user can write to any PyKota specific attribute or objectClass. 
    97120    Otherwise they could modify their quota at will.