Test your ruTorrent installation

S

somus1735

Member
May 25, 2018
833
0
16
This is a script that will test your ruTorrent installation from a remote computer. The most important thing it tests is that your RPC mounts are secure. If they're not, then your computer could be hacked. It currently tests this:

- RPC mount points are protected (requires password)
- user1 can't access user2's RPC mount point
- user1 can access his own RPC mount point
- No files in rutorrent/conf or rutorrent/share can be accessed
- Only an authenticated user can access ruTorrent
- .svn dirs can't be accessed
- user1 can't execute code (NOTE: only a few tests!)

These are only remote tests. Any user with shell access could do more stuff.

If you can think of other tests, let me know and I'll add them.

Code:
wget -O httpd-test.sh http://autodl-irssi.svn.sourceforge.net/viewvc/autodl-irssi/trunk/httpd-test.sh?content-type=text/plain
sh httpd-test.sh 192.168.0.123 /rutorrent user1 pass1 /RPC1 user2 pass2 /RPC2
sh httpd-test.sh 192.168.0.123 /rutorrent user1 pass1 /RPC1

The IP address is the server. /rutorrent is the URL path to ruTorrent. The rest are self-explanatory.
If you need HTTPS access, edit the file and change protocol=http to https and port=80 to 443.

You will need curl and xmlrpc installed. xmlrpc is compiled (but not automatically installed) when you compile XMLRPC-C. Debian/Ubuntu users: apt-get install libxmlrpc-c3-dev
 
R

randac56

Member
May 25, 2018
915
0
16
Thanks for this cool script! I'm trying to lock down my rutorrent installation and I'm still failing two tests:
FAILED: XMLRPC: Could execute code (execute_capture)
FAILED: XMLRPC: Could execute code (execute_capture_nothrow)

Any idea on how I can lock those down. It's now a quest to pass your script 100%. smiley.gif
 

Attachments

J

jith45

Member
May 25, 2018
960
0
16
Jumped of joy when I found this script, but unfortunately I'm unable to get it to run.
Could some kind soul help me? smiley.gif

I wgetted this:
http://autodl-irssi.svn.sourceforge.net/viewvc/autodl-irssi/trunk/httpd-test.sh?revision=461&view=markup&pathrev=660

chmoded it and ran it as such:

Code:
./httpd-test.sh my.secretdomain.tld / myuser mypass /RPC2(I have rutorrent straight on webroot)

This is the output I get:

Server: my.secretdomain.tld
Web server: Cherokee/1.2.2 (Debian GNU/Linux)
Could not detect rtorrent version. Is it running?

What am I doing wrong?
 

Attachments

R

randac56

Member
May 25, 2018
915
0
16
I ran mine as:
Code:
./httpd-test.sh ipaddress /rutorrent user pass RPC2
Try taking off the leading slash on /RPC2.
 
P

peshua19

Member
May 25, 2018
897
0
16
L

lisas4567

Member
May 25, 2018
773
0
16
jith45 said:
Jumped of joy when I found this script, but unfortunately I'm unable to get it to run.
Could some kind soul help me?


I wgetted this:
http://autodl-irssi.svn.sourceforge.net/viewvc/autodl-irssi/trunk/httpd-test.sh?revision=461&view=markup&pathrev=660

chmoded it and ran it as such:

Code:
./httpd-test.sh my.secretdomain.tld / myuser mypass /RPC2(I have rutorrent straight on webroot)

This is the output I get:

Server: my.secretdomain.tld
Web server: Cherokee/1.2.2 (Debian GNU/Linux)
Could not detect rtorrent version. Is it running?

What am I doing wrong?
Click to expand...
I am also running Debian, but on lighttpd, but I am getting the same error. After installing curl and xmlrpc, the script fails to run with:

Server: host.domain.tld
Web server: lighttpd/1.4.30
Could not detect rtorrent version. Is it running?

I can connect to rutorrent via HTTPS at /rutorrent in my web browser, and mount is RPC2. I run this when I call the script:

./httpd-test.sh host.domain.tld /rutorrent user password /RPC2

and I also tried without the slash in front of RPC2 with the same error.


Any hints on troubleshooting this so I can make sure my rutorrent installation is secure?
 
You must log in or register to reply here.
Top Bottom