rset(1) : Formulas

Contributing

Formulas

The examples listed on scriptedconfiguration.org are meant to give users a quick way to get started with a variety of tasks on various platform. The source for this web site is available as a snapshot

rm -r rset-www.git
git clone http://scriptedconfiguration.org/rset-www.git
cd rset-www.git

After adding or editing content (in Haml syntax), mail the output of git diff to ericshane@eradman.com.

Feel free to add your name to the list of contributors in the HTML comment section of each page, along with a brief summary of the type of contribution you made

/
  Eric Radman <ericsane@eradman.com> 2018 - Initial draft

Source

Source contributions to the rset(1) can be made by creating a pull request on GitHub.

If you prefer you may also mail a diff of your working copy to ericshane@eradman.com.

Notes on the Security Model

For the most part rset(1) does not trust the remote hosts it manages, and takes several steps to prevent an attacker from reading configuration intended for another host. To this end, the following patterns are employed:

  1. Files and directories intended only for specific hosts are explicitly listed for each host. Only the contents of _rutils directory is copied implicitly.
  2. Scripts embedded in pln(5) files are not copied, they are piped to the interpreter over SSH. This ensures that temporary files are never left behind containing sensitive information.

Several measures are also taken to prevent the compromise of the host running rset

  1. Large files are serviced by a local web server (darkhttpd by default) which only serves content under _sources.
  2. On OpenBSD, pledge(2) is used to eliminate write access to system resources and to sandbox the http server.

Last updated on September 12, 2018