Chrooting and Encrypting Temboz on Debian
Temboz is an excellent RSS aggregator written in Python by Fazal Majid. At the time of writing Temboz (0.7.1) is a standalone solution with a built-in webserver (Python's BaseHTTPServer). Naturally, it would be very cool to also have Temboz available as a set of plain Python files with a MySQL interface, especially since my favorite web server Lighttpd has a lighter footprint than BaseHTTPServer, but at least for now running it on a remote server means opening up an additional port (or proxy requests from a certain url to Temboz running on localhost).
These scripts were born out of my eagerness to have this great piece of software available remotely with reasonable security. I have no reason to believe that the Temboz code is inherently insecure in any way, but as a matter of policy I want all remote services isolated in chroot jails. Granted, many sysadmins never bother to chroot, but if are the healthily paranoid sort, then this is for you. Secondly, instructions on how to use a chrooted copy of Stunnel to encrypt the connection is given to protect the login information from travelling over the internet in cleartext.
The scripts are wrappers around Makejail and should, if everything goes right, leave you with a working jail with very little manual intervention. Your mileage may vary depending on your system, but the scripts are well-commented if you need to hack something (in case of which I would warmly welcome changes/additions). Please also let me know if you successfully run the scripts on any other version of Temboz or Debian than those stated below. Download, tar xvzf tsampa-tembozchroot* and see README for full instructions.
tsampa-tembozchroot-0.1.tar.gz
(11k)
- Verified to work with at least: Debian Sarge + Temboz 0.7.1