BSDstats v3.0 - The Security Rewrite

Thu Aug 17 18:03:35 UTC 2006

Marc G. Fournier wrote:
 > Over the past few days, I've been working with Paul Schmehl and Matthew 
 > Seaman to come up with a more "security sensitive" version of BSDstats ... 
 > one that reduces the amount of "sensitive information" stored in the 
 > database down to ... zero.  No IPs, no hostnames ...
 > [...]
 > From now forward, the stats will be viewable from:
 > 
 >           http://www.bsdstats.org

That's very cool.  I've installed it on some of my machines.
Unfortunately, I haven't been able to use it on all of them,
for reasons outlined below.

I've got a few suggestions and ideas ...

(1)  When run for the first time, you get an error message:
 : not found
That's because a few bogus spaces after the backslash in
the line containing the chmod command.  Those trailing
spaces should be removed.  I suppose I don't need to send
a PR for that.  :-)

(2)  Some people aborted the inital "sleep 900" (because
of the above-mentioned error message, or other reasons),
then restarted the script.  In this case there is no sleep,
and the submission _seems_ to be successful (no negative
feedback), but it isn't.

One way to improve the situation would be to check the
mtime on the /var/db/bsdstats file.  If it's younger than
900 seconds, a sleep is required.  For example, something
like this piece of shell code (untested):

FILETIME=$( stat -f %m $id_token_file )
NOW=$( date +%s )
if [ $(( $NOW - 900 )) -le $FILETIME ]; then
        SLEEPTIME=$(( 900 - ($NOW - $FILETIME) ))
        echo "Token key is younger than 15 minutes!"
        echo "Sleeping $SLEEPTIME seconds, please wait."
        sleep $SLEEPTIME
fi

(3)  Some sites require the use of a proxy for HTTP access.
Such sites usually have an entry in /etc/make.conf, so the
ports can fetch their distfiles:

FETCH_ENV=  FTP_PROXY=http://proxy.my.site:3128 \
            HTTP_PROXY=http://proxy.my.site:3128

The bsdstats script could easily pick up that entry and set
the environment variables appropriatly.  This line at the
beginning of the script should be sufficient:

export $( make -V FETCH_ENV 2>/dev/null )

(4)  Some sites have a proxy that requires authentication.
It is possible to include the password in the FETCH_ENV
entry in /etc/make.conf, but it's usually not a good idea
to do that, because you shouldn't write passwords to files
that are world-readable.

That problem could be solved in different ways.  One way
would be a periodic.conf setting that instructs the script
not to try to submit the data, but instead just print a
reminder to the admin that he should run the monthly script
manually (or print that reminder automatically when the
submission fails because the proxy denies access).
When the admin runs the script manually (which could be
detected by "test -t 0", i.e. stdin is a terminal), it
could ask for the HTTP proxy password and then set the
HTTP_PROXY_AUTH variable appropriately (see fetch(3)).

(5)  Some machines might not be able to access the web at
all.  For example, I'm right now working on a farm of 35
machines which don't have internet access, not even via
a proxy.  I can connect to them via ssh/scp (port 22) from
a management machine, and that management machine only has
web access via a proxy.

It would be nice to be able to request token keys on behalf
of those 35 servers from the management machine, transfer
them to the servers, run the data gathering script on the
servers (putting it into a file instead of submitting it
directyl), copy the results to the management machine and
finally submit them from there.  That's pretty complicated,
but I'm afraid I haven't gotten a better idea so far.  :-(

(6)  All of the statistics on the web page are sorted by
percentages.  It would be nice to be able to click on a
column header and have the table sorted by that value.
That would be especially useful for the release statistics
and the country statistics.

(If the PHP sources and a database export were publicly
available, I would have taken a shot at implementing it.)

(7)  In order to make the bsdstats project really useful,
it is very important to have as many FreeBSD people as
possible install it.  Currently, only very few people will
notice the port and bother to install it.  Therefore I
suggest to put bsdstats into the base system (it's only a
small script after all, no bloat), and add a small switch
to sysinstall which asks users whether they want to enable
it, creating appropriate periodic.conf entry for them, and
maybe even automatically running it when booting the newly
installed system for the first time.

Maybe it should be proposed and discussed in the arch@
mailing list.

Best regards
   Oliver

-- 
Oliver Fromme,  secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.

"File names are infinite in length, where infinity is set to 255 characters."
        -- Peter Collinson, "The Unix File System"