|
Scheduling scripts means you have to store the script including the necessary passwords to connect to
other applications like a database. That is an obvious security issue. But although you can store it somewhere else, e.g. in a cronjob, it is somewhere visible, in clear text. This tool stores the complete command like it shall be executed including sensitive data like usernames and passwords in an encrypted data repository. You can now parameterise username and password. The tool will call the script or eternal command with username and password parameter without ever storing them in clear text. It retrieves the sensitive data from its own encrypted data repository, just decrypting it for the very short time into memory to execute the command. All you have to do is to edit an ini file with the command to be executed. The name of the section in the ini file will be the keyword (like an alias) to execute the defined command. The ini file itself will be deleted after digesting the informations and the tool will store it into its own encrypted data repository. After this first initialisation the passwords will never be stored in the filesystem. Yet this tool does not pretend to be unhackable. It will just enhence security at the server by avoiding the need to store passwords in clear text into the filesystem. |
The features are:
Requirements are: SUN Java JRE 1.5 or above. OS: Windows or Linux. For other OS please request. |
Here an example how to use the program1. Edit the ini file according your needs. Example ini file # This is a sample ini. Once read by the tool, it will be deleted. # The section mastersettings must be in every ini. It defines data for all other sections / commands. [mastersettings] masterpassword = jlk3493ncleqos.x starttimeframe = 01:00 # start time frame in which it is allowed to execute ANY command. endtimeframe = 22:00 # end time frame in which it is allowed to execute ANY command. notdays = # Days in which it is not allowed to execute ANY command. notmonths = # months in which ANY command must not be executed. onlyuser = backupadmin # only this user shall execute ANY command. keyfile = /home/backupadmin/logo.gif #Name of section is the keyword to execute command with this section. [startbackup] command = /home/backupadmin/scripts/backup.sh -u root -p k93.34slsxy # command to be executed (containing possibly passwords). starttimeframe = 01:00 # start time frame in which it is allowed to execute this command. endtimeframe = 04:00 # end time frame in which it is allowed to execute this command. notdays = mo,tu,we,th # Days in which it is not allowed to execute the command. notmonths = # months in which the command must not be executed. onlyuser = backupadmin # only this user shall execute the command. [clean] command = /home/backupadmin/scripts/clean.sh -u root -p k93.34slsxy starttimeframe = 04:00 # start time frame in which it is allowed to execute this command. endtimeframe = 06:00 # end time frame in which it is allowed to execute this command. onlyuser = backupadmin # only this user shall execute the command. 2. Read ini file from safex and create an encrypted repository. ./safex.jar -read backupcom.ini INFO File backupcom.ini had been erased. Stored encrypted data into ./backupcom.dat 3. Execute the encrypted command with an alias. ./safex.jar -key startbackup backupcom.dat backup.sh: backup script successfully finished. 4. Forbidden time stops the execution. Execution at (out of timeframe): Sa 16. Jan 16:19:26 CET 2010 ./safex.jar -key startbackup backupcom.dat WARNING Did not execute, time is not valid due to master settings. |
OrderThe basic version costs 126,- Euro per host with 100 entries. For customized versions or other operating systems please request. You need other security software ? Please request. Submit your order please to: order@itnetwork-x.net |
ImpressumComing in the mid of february 2010. |