[Wylug-help] PHP interacting with xinetd

Gary Stainburn gary.stainburn at ringways.co.uk
Wed Nov 7 13:53:11 GMT 2007 

On Wednesday 07 November 2007 12:31, Shaun Laughey wrote:
> Gary Stainburn wrote:
> > Hi folks.
> >
> > I've got a web site running on one server and I want to have it control a
> > service controlled by xinetd on another server.
> >
> > Anyone got any pointers/links that could help
> >
> > Gary
>
> Hiya Gary,
>
> I have done similar but not from a website - I had a client who only
> used PHP for EVERYTHING on their Windows and Linux boxen.
>
> Use the PHP ssh module and script it.
>
> http://uk3.php.net/manual/en/function.ssh2-exec.php*
>
> Or
>
> *(S)FTP a control file to the Victim and have a crontab on Victim look
> for a control file every minute and run the script there. Or use a file
> watching daemon to fire off the script. e.g. Gamin (I've only seen
> Python and Ruby bindings for Gamin)
>
> Either way security is a concern here when doing something like this -
> the SSH route is more secure but then how secure is your PHP you could
> be opening a shell to the outside world? You can use restricted shells
> and shared certificates to help reduce the threat. It logs in and runs
> it's _one_ available command and logs out. But then there could be ways
> round that.
>
> Good luck,
>
> Shaun Laughey.
>

Thanks for the ideas Shaun.  I had considered the ssh method but for the 
reasons you mention and also because it looks less flexible I've gone for a 
different method.

Instead I'm going to use AJAX from my PHP scripts to call a Perl CGI which 
will then use Net::Telnet to call the xinetd service.

The benefits of this are:

** The client (CGI) and server (xinetd service) will have a very restricted 
command-set in  a controlled environment providing the security
** The client <-> server connection will be interactive, with real-time 
feedback via the AJAX
** modular testing because using pseudo CGI scripts.

Well, that's the theory anyway
-- 
Gary Stainburn
 
This email does not contain private or confidential material as it
may be snooped on by interested government parties for unknown
and undisclosed purposes - Regulation of Investigatory Powers Act, 2000

More information about the Wylug-help mailing list