Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
korrat6054yObviously, it depends on what your threat model is. I'm going to assume that you trust the server. So that leaves a third party eavesdropping.
For question 1, the answer is yes and no. With https the path part of the url is encrypted, but the hostname of the server is not. -
I dislike the approach...
Nothing's worse then a cronjob command who doesn't log.
HTTPs is fully encrypted, so you are worried about another user on the same server reading configuration / logging files, I think?
If that is true, please stop.
You're obfuscating and that can be a pain in the arse to debug later.
At least the crontab (or cron configuration) must contain a script, and as such it's not hard to figure out what's happening...
If you want a "cleaner" approach, systemd timer / systemd services might be an idea. Mostly because it offers several extras compared to a simple crontab entry, and you can handle logging via the systemd unit in a cleaner way.
But please - don't obfuscate because of paranoia, it can make administration a real nut job. -
korrat6054yOn the topic of obfuscation: Why are you worried about webcall URL leaking out? Is the endpoint not using authentication? Because security through obscurity doesn't work.
-
@korrat It does no checking to determine if I should be making the call. Zero authentication. It just happily updates the ddns entry with whatever ip accessed it.
-
korrat6054y@Demolishun if you control this endpoint, that's where I would start. HTTPS might hide the endpoint from eavesdroppers but anyone could still bruteforce it
-
@korrat
It has some long hash looking number. I think its a UUID. That is what the docs for the ddns feature of cpanel points to.
https://w3.org/TR/capability-urls/...
I think it would take a long time to guess it. cpanel also makes it easy to regenerate a new url. I will probably change it periodically.
Related Rants
-
IHateForALiving10I attended a webcall with the cat on my shoulder, some manager complained it was not professional. Now, I do ...
-
nitwhiz11I got a friend who likes to travel randomly to random places.. he now found some dudes who share this hobby. ...
-
Definition75> testing cronjob > * * * * * /script.sh > CPU spike to 100% all time *FU#K*
So I think I have answered this, but here goes.
I have ddns service I need to update periodically. I chose once every 5 minutes. I am using this command:
/usr/bin/wget -O /dev/null -o /dev/null <webcall url>
I have it running every 5 minutes in a cronjob. I checked and wget is using port 443 to connect to my webcall url which is https. I am assuming this is hiding the details of the url. Is this true? Also, I don't like that the cronjob is sending the whole command to syslog. Is there a way to prevent it from syslogging this? I would rather keep the details of the url hidden as much as possible. I am the only user on the server, but am curious if there is a way.
So questions are:
1. Is wget hiding the details of the url from prying eyes? It is using port 443 for https.
2. Cannot I not log the cronjob command in syslog? I supose I could create a script that hides this.
question
ddns
cronjob
webcall