RootdevWiki

CVSPServerLockdown

From RootdevWiki

CVS PServer is inherently insecure. It transmits passwords in plain text.

Frankly, it should not be used.

However, if you really must run it as an xinetd process, here's how you can make it slightly more secure:

Bind it to the loopback interface and only allow connections from localhost, as follows:

service cvspserver
{
        socket_type     = stream
        wait            = no
        user            = root
        bind            = 127.0.0.1
        only_from       = 127.0.0.1
        group           = www
        server          = /usr/bin/cvsrun
        disable         = no
}

You can back this up by adding an entry as follows to /etc/hosts.allow:

cvspserver:     127.0.0.1

• Views

  • Page
  • Discussion
  • View source
  • History

• Personal tools

  • Log in

• Toolbox

  • What links here
  • Related changes
  • Special pages
  • Printable version
  • Permanent link

• This page was last modified on 1 August 2008, at 00:17.
• This page has been accessed 245 times.
• Content is available under Attribution 3.0 Unported.
• Privacy policy
• About RootdevWiki
• Disclaimers