Hey this looks like a fun thing to play with, I like what you've
done. I logged in and accessed it. Now that it's been some time
since you announced it and it's still running, I guess it has had
some testing already.
I don't see anything wrong with what you have done after a quick look, it seems like you took some steps to secure it.
If you care about security you want to think about defense in depth. Even if there don't appear to be ways for arbitrary filesystem or network access to happen, you have to consider the effect of bugs in your program and bugs in python itself.
To protect against unwanted filesystem access, I suggest:
To protect against unwanted network access:
What level of protection is necessary will depend on the severity of impact in the case it gets hacked, and also your own level of conscientiousness.
Also consider putting in some monitoring; monitor network
bandwith and CPU usage at least (perhaps # of logins as well) and
set up an alert if those go outside limits, so you get timely
notification if something should happen.
Have fun,
Alex
P.S. this brings to mind https://en.wikipedia.org/wiki/Russell_Coker#SELinux_Play_Machine, which is no longer operating.
When you say "expose it to the internet via SSH", do you mean
expose it to everyone (e.g. by publishing the pssword), or will
there still be some restrictions on who can access it? If the
former, you should be able to set up ssh without any password
required.
Hello fellow Debianites!
I want do do a custom CLI for a project, and I am quite happy with the
Python cmd module. Aside from having a practically un-googleable name
it is very nice, and does a lot with very little code. So far, so good.
But:
If I write a Python script with this module, and expose it to the
internet via SSH, will hell break loose? So far I've done the
following:
1. Put my script in /usr/local/bin/turtle (the canonical example in the
docs is something with turtle), you can see the sourcecode of my script
here:
https://pi.h5.or.at/mockturtle.txt
This script does absolutely nothing sensible, you can try it out
by doing a
ssh -l admin probe.aisg.at
from a IPv6 capable host (sorry, no IPv4). The password is "admin".
Any and all suggestions on stuff that is stupid and crazy from a
security standpoint in this script are very much appreciated!
2. Then I put /usr/local/bin/turtle in /etc/shells
3. I added a user "admin" that has /usr/local/bin/turtle as shell
4. I added following stanza to /etc/ssh/sshd_config
Match User admin
X11Forwarding no
AllowTcpForwarding no
ForceCommand /usr/local/bin/turtle
5. In the script I tried to catch the Ctrl-C signal, so the interpreter
does not give out too obvious error messages (that show what is going
on behind the scenes).
Is this enough to harden this setup against escaping into a shell
or the full python interpreter, to do something nasty? Or is it
completely crazy, because theere is some way to abuse a setup like
this, that I have not found yet?
TIA
Ralph