Hi Edward, On Sat, Jun 07, 2008 at 08:25:00PM +0100, Edward Kerr wrote: > I am about to include about this script in my /etc/rc.local file
[...] > How can I get it to produce an output in a log / text file so I can see > what it did and if it was successful? Aside from making it not remove the temp file as already suggested, you could put: set -x near the top of the script which would cause it to print out (to stdout) everything that it is doing. However, this is a terrible script and I would urge you not to use it. Even from a cursory glance I can see several problems with it: > UNAME=xxx # username > PWORD=xxx # password (plaintext, sorry!) Not only plain text so any user can read it from this file if you left it world readable, but see later. > TEMP=/tmp/tmp.ddns # temporary file A fixed file name for temporary file, so any user can create /tmp/tmp.ddns as a link to an arbitrary file such as /boot/vmlinuz then next time your script runs it overwrites your kernel with its output. Should be using mktemp(1) or similar. > wget --quiet --no-check-certificate -O $TEMP > 'http://'$UNAME':'$PWORD'@updates.dnsomatic.com/nic/update?' so now the plain text password that you kept secure by keeping this script readable only by root is used on the command line which is visible to any user with "top" or "ps" or by looking in /proc.. Surely dnsomatic.com has a method whereby you don't need to send your plain text password over the internet? Perhaps use of this script could be justified on a single user machine, but it would be better to come up with a generally more secure version. If you are going to continue using this script I would suggest not running it as root (which is what would happen if you just added it to rc.local). I don't see it doing anything that requires root, so why not create its own user and run it as that, e.g. with sudo -u dnsomatic /usr/local/sbin/dnsomatic.sh or whatever. Cheers, Andy -- http://bitfolk.com/ -- No-nonsense VPS hosting Encrypted mail welcome - keyid 0x604DE5DB
signature.asc
Description: Digital signature
_______________________________________________ Peterboro mailing list Peterboro@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/peterboro
