[CentOS-gsoc] GSOC Proposal discussion for Extendable system hardening tool

Thu Mar 12 22:35:38 UTC 2015
vladiksonic@mail.ru <vladiksonic at mail.ru>

 Hello!

I am interested in writing the same project. In my humble opinion, macro language is and overkill, but from the other side. Imagine having 100 recipes there. You might as well have quite some predefined functions for that. And that might scale rather poorly, or it will end up being quite alike bash. I think that using sh directly is a better way, because I think that 80% of the calls will be a simple one-liner (like - all the firewall operations are one-liners, database operations are close to that, basic web-server checking goes there as well, and so on), and, well, recipes will be multi-file anyway - sh scripts can be put into a separate folder; But maybe there is a better way to go without sh, and without writing a macro langauge;

--
Good luck, 
Vladislav Babkin

Четверг, 12 марта 2015, 5:41 +05:30 от Aneesh Dogra <lionaneesh at gmail.com>:
>Hello,
>
>My name is Aneesh Dogra. I am studying computer science in IIIT Delhi. I have been involved in a few open source projects (primarly libav and sugarlabs) since 2-3 years. I have won GCI twice [1] [2] and mentored in GSoC for Sugarlabs (2 years ago) and been a GSOC student last year. I have a fairly active/updated github [3] and linkedin [4] profile.
>
>I have experience in security pentesting, C, python and shell. 
>
>Extendable System hardening tool:
>Here's what I understand of the idea: Create a tool to enforce some secure habits on the server depending on the inputs (modes/recipes). The trick here is the make this very general. Here's my proposed solution, after thinking over it for a while: 
>
>1) There will be 2 components of the tool, recipe and modes.
>- A recipe will be provided through a cdn to users for different modes.
>- Each mode's recipe will have data so as to what to do to strengthen the system.
>
>2) The tool would parse the recipe file and execute the instructions listed in the file, now either we could demand some bash scripts in the recipe file, but this won't be neat. I was thinking of making predefined functions in the tool and using some macros to represent them in the recipe file. I'll need some help on this. Can we discuss this?
>
>Is having bash code written in the recipes a bad idea?
>
>[1] :  http://google-opensource.blogspot.in/2012/02/google-code-in-2011-grand-prize-winners.html
>[2] :  http://google-opensource.blogspot.in/2013/02/google-code-in-2012-grand-prize-winners.html
>[3] :  https://github.com/lionaneesh
>[4] :  linkedin.com/in/aneeshdogra
>[5] :  https://github.com/lionaneesh/jsonDB
>
>
>-- 
>Regardless, I hope you're well and happy -
>Aneesh
>_______________________________________________
>CentOS-gsoc mailing list
>CentOS-gsoc at centos.org
>http://lists.centos.org/mailman/listinfo/centos-gsoc

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-gsoc/attachments/20150313/aa701e4e/attachment-0006.html>