Find the answer to your Linux question:
Results 1 to 4 of 4
I was curious about how these various hardware and software appliances are created. Many vendors give you no local GUI & shell access, and a web portal to access their ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Aug 2011
    Posts
    2

    Linux Software Appliance


    I was curious about how these various hardware and software appliances are created.

    Many vendors give you no local GUI & shell access, and a web portal to access their appliance.

    Others find a way to lock you out completely and give you a local GUI for some config and usually a web portal.

    My question is how do they create that limited GUI for basic IP config and other application parameters?

  2. #2
    Linux Enthusiast
    Join Date
    Jan 2005
    Location
    Saint Paul, MN
    Posts
    679
    It is usually a web-based GUI. Otherwise they create their own shell which is the default shell for the user account that can log into the machine. In the latter, they only allow what is needed.

  3. #3
    Just Joined!
    Join Date
    Apr 2013
    Posts
    3
    I don't know if i well understand your question, however, i trying to respond you. The GUI is created with a simple programming language, usually is Python, and always with this they limit you.

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Enthusiast
    Join Date
    Jan 2005
    Location
    Saint Paul, MN
    Posts
    679
    On the appliance that we develop at work, the GUI is web based (and has many defined permissions that can be assigned (or not assigned) to users on an individual basis.

    We have a simple very limited shell (written mostly in bash with about 0.1% in python) that has a normal single user access to to change the password for this user, set IP address or use DHCP, check raid status, handle the raid alarms, etc and it is mostly enter a single letter and then answer questions and then we process that data. The user times out at any input and pops back to the menu and a sub-menu will pop back to its parent menu. When the top menu times out the user is logged out. If you are planning to write something like this do not let the user get anywhere on the system such as pulling user names (/etc/passwd) or be able to do stuff with sudo. You must look for injection attacks, multiple commands, attempts to execute a command within the data entered (lots of validation and then special handling of that data). This task needs a lot of verification and then have as many people as you can attempt to break into the system prior to a user usage.

    The actual execution section is in C++ stripped and has lots of stuff that makes decoding much harder and even searching for strings does not show anything. Of course this is not located in a path that the "simple user" could possibly see. It is written such that an invalid request appears to be accepted and lots of code is executed before it returns indicating a failure. We even will delete the code and account that owns the account if the code detects an attempt to run it in a debugger or its parent is not correct. This will delete the user account even if it moved to another machine (I warned a tester and his account was deleted and he had to have the admin staff restore his LDAP account and his home directory when he moved it out of the appliance to his machine (as he had root access to the appliance) and assumed that this could not be done and wanted more tools to attempt getting it's workings visible.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •