www.delorie.com/gnu/docs/cfengine/cfengine-Tutorial_96.html   search  
Buy GNU books!

GNU cfengine

[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

7.19 Privacy (encryption)

Encryption (privacy) is not often a big deal in system administration. With the exception of the distribution of passwords and secret keys themselves, there is little or no reason to maintain any level of privacy when transferring system files (binaries for instance). If you find yourself using a tool like cfengine to transmit company secrets from one place to another you should probably book yourself into the nearest asylum for a checkup. Cfengine is not about super-secure communication, but it can be used to perform the simple job of file distribution through an encrypted link (e.g. as a NIS replacement or other password distributor). Cfengine uses the triple DES implemenation in the OpenSSL distribution (or equivalent) to provide `good enough' privacy during remote copying.

The most important issue in system security is authentication. Without the ability to guarantee the identity of a user or of trusted information it is impossible to speak of security at all. Although services like pidentd can go some way to confirming the identity of a user, the only non-spoofable way of confirming identity is to use a shared secret -- i.e. a password. A password works by demanding that two parties who want to trust one another must both know a piece of information which untrusted parties do not.

Following the second world war, the now famous pair, Julius and Ethel Rosenberg were convicted and executed for spying on the U.S. bomb project for the Soviet Union in 1953. At one point they improvised a clever password system: a cardboard Jell-O box was torn in two and one half given to a contact whom they later would need to identify. The complex edge shape and colour matching made a complex key quite impossible to forge. Our bodies use a similar method of receptor identification of molecules for immune responses as well as for smell (with some subtleties). Without matching secrets it is impossible to prove someone's identity.

To copy a file over an encrypted link, you write:

    source dest=destination encrypt=true server=myserver

Bear in mind that the server must be a trusted host. Privacy won't help you if the data you are collecting are faulty. In order to use the encryption there must be a public/private key pair on each host. The public key must be known by both hosts. You can use the program cfkey to generate a new key file. This public key file must then be distributed. Cfagent/cfrun and cfservd can exchange keys securely over the network. This is fine, provided you trust the sources of the keys (how do you know the key is from the host/user who claims to have sent it?).

Under encrypted communications cfengine conceals the names and contents of files. Provided the private key files are private, this has the added side effect of authenticating both hosts for one another.

On the server side, you can choose whether root on a client host should have server-root's privileges to read protected files on the server. In the `cfservd.conf' file you make a list:

  TrustKeysFrom = ( ip-address/series )


  /filetree *.domain.country root=myhost,yourhost

  /etc/shadow *.domain.country encrypt=true

In the second example, you can also restrict access to certain files to encrypted lines, i.e. demand that clients use a private connection to collect the file, in order to prevent wiretapping.

[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

  webmaster     delorie software   privacy  
  Copyright 2003   by The Free Software Foundation     Updated Jun 2003