Monthly Archives: March 2014

Security and Pen

Prompted by this:

Summary: use non-default features but none of the security ones in Pen and you can end up with something not very secure. First I thought “why do that?” but realized that Debian ship Pen without a lot of configuration hints. So here are a few:

  • Don’t run Pen as root
  • Use a jail
  • Use access lists to limit access


Here’s what needs to be done to create a chroot jail for Pen and run it there as a non-root user. Start/stop script added.

useradd pen
mkdir -p /var/lib/pen/etc /var/lib/pen/tmp
chown pen /var/lib/pen/tmp
grep ^pen: /etc/passwd > /var/lib/pen/etc/passwd
cat << EOF > /var/lib/pen/etc/pen.cfg
acl 0 deny
control_acl 0
acl 1 deny
client_acl 1
server 0 address port 88
cat << EOF > /etc/init.d/pen

case "\$1" in
start )
        pen -j /var/lib/pen -C 10080 -F /etc/pen.cfg -p /tmp/ 8080
stop )
        kill \`cat /var/lib/pen/tmp/\`
* )
        echo "Usage: \$0 start|stop"
chmod +x /etc/init.d/pen