I should make clear that my approach was time sensitive (which is why I stayed in shell) and requires only OpenBSD 5.0 base.
Trade-offs being mainly efficiency; depending on how often the "monitor-usage.cgi" script is called. I'd say that it complies with most of the tenants below: + Small is beautiful. + Make each program do one thing well. + Build a prototype as soon as possible. + Choose portability over efficiency. + Store data in flat text files. + Use software leverage to your advantage. + Use shell scripts to increase leverage and portability. + Avoid captive user interfaces. + Make every program a filter. Cheers, - Byron On Tue, Aug 21, 2012, at 10:01 AM, Hermes Ojeda Ruiz wrote: > I was working few weeks ago to recover the project Wicap-PHP: > > https://github.com/LogicalBricks/wicap-php > > Caleb Phillips give me the source code to maintain. Now it works for > OpenBSD 5.x. The behavior is really simple, but maybe need a good install > script. > > On Tue, Aug 21, 2012 at 10:10 AM, Stuart Henderson > <s...@spacehopper.org>wrote: > > > On 2012-08-21, David Diggles <da...@elven.com.au> wrote: > > > On Mon, Aug 20, 2012 at 12:42:16PM -0700, Byron Klippert wrote: > > >> The web interfaces interact with the system through CGI scripts, httpd > > >> is run chroot disabled (httpd_flags="-u"). > > > > > > Just one comment for now. You can run it as chroot if you copy any > > > dependancies into the chroot, including binaries, libraries. > > > > > ...and be sure to update them if patches come out. > > > > depends what's needed, but it's often not really a security win > > to copy enough of the OS into the chroot jail so that scripts can > > run, especially if it means it's unlikely to be kept updated. > > > > OTOH if the only need for non-chroot is to access PF tables, and > > the scripts are in a language which can easily run inside chroot > > (e.g. perl with mod_perl), see the 'tabled' package. > > > > > > > -- > Hermes Ojeda Ruiz > LogicalBricks Solutions > http://logicalbricks.com
