ClairVoyanT SysAdmin
CVTSA is a suite of tools that allows users to administrate a GNU/Linux system via the Web or email, without running daemons and opening ports on their own computer. WEBCVTSA is a tool that allows users to administrate a GNU/Linux system by using a form on a Web page to post commands. It supports Blowfish encryption and has a lot of interesting applications.
| Licenses | GPL |
|---|
Recent releases
- 22 Mar 2005 09:16
Changes: Support was added for sending confirmation emails when commands are executed. The README file was updated. A configuration script was added. Logging of executed commands with relative date was implemented.
- 20 Mar 2005 23:49
Changes: Some little bugs were fixed and a logging option was added.
- 14 Mar 2005 13:44
Changes: Command execution with forking execlp has been fixed.
- 21 Feb 2005 23:57
Changes: Minor bugfixes.
- 17 Feb 2005 11:22
No changes have been submitted for this release.
- All comments
Recent commentsSend your scripts...
IF YOU HAVE WRITTEN USEFUL SCRIPTS YOU CAN SEND THEM TO ME AND I'LL RELEASE A SPECIAL PACKET CONTAINING A COLLECTION OF ALL BEST SCRIPTS. SEND THEM TO ardoino.gnu@disi.unige.it
Re: This is a really, *really* bad idea.
Uhm... a total rsa encryption with a passwords file filled with a list of oneuse passwords is better...
Re: This is a really, *really* bad idea.
> Uhm...the idea of a simple signature is
> unsecure, can you tell me how to break
> the security of a signed email that is
> created by one-use passwords and
> commands?
> The password changes every time CVTSA
> receives an email, so nobody cound use
> captured emails.................
Oh, good! That prevents replay attacks, and usage of a captured password. It does /not/ prevent command messages from being modified in-flight, and commands are still plaintext and so any information within them need be considered public -- but nonetheless, it's a very big improvement.
Re: This is a really, *really* bad idea.
Uhm...the idea of a simple signature is unsecure, can you tell me how to break the security of a signed email that is created by one-use passwords and commands?
The password changes every time CVTSA receives an email, so nobody cound use captured emails.................
I think that it is enough safe....
I'm working to this and to other security features, and as I promised the new releases will contain them....
Re: This is a really, *really* bad idea.
> If you use any type of encryption you
> will not able to send emails from
> everywhere.
GnuPG runs on laptops and a great many handhelds. As for sending email from other computers, one can easily carry a copy of GnuPG and one's (password-encrypted) key on a keychain flash device or like portable, USB-enabled storage.
Not that encryption and signature validation are enough -- one would also want some kind of replay attack prevention before this system could be considered even marginally secure, as otherwise a malicious individual could replay legitimate, properly signed messages originally sent by an authorized system administrator at times when running those same commands would be undesirable.
I appreciate that you're trying to write tools to make system administration easier -- but publishing such tools without giving thought to the security implications of their use is every bit as irresponsible as giving a public seminar encouraging individuals to leave their houses unlocked when they go out to ensure easier access when they return home.