I was recently tasked with setting up a secure SVN server for internal use. In particular, the repository it's to be serving up is only to be accessible by 2 people, and contains somewhat sensitive data that is not to be accessible by anyone else (bank statements, that sort of thing). I was asked by another person how I had accomplished this, so read on for more details.
The goal here was for a secure SVN server which 2 people could access. Now, we have a server that we restrict access to because it processes private things like e-mail, VPN traffic (pretty much all of our traffic from individuals goes over the VPN), etc… However, only Evelyn and I have access to that system.
I toyed with some ideas for using “scponly” to set up restricted accounts that could only run SVN. However, “scponly” would require accounts in “/etc/passwd”, which tends to be a “camels nose under the tent-flap” as far as security goes. Once you have user accounts, even if it's running in a chroot environment, it tends to open up a lot of security holes you wouldn't otherwise have.
Also, it's not clear to me that scponly+svn “fails secure”. It seems to me that a misconfiguration could easily allow much more access than you might otherwise want. The SVN server also seems to have this problem. Also, I'm reluctant to use the SVN server because the CVS pserver has been difficult to secure in the past.
In the end, I decided to use the SVN DAV server running in Apache. As I mentioned above, this server is our VPN server as well, so we not only have secure access to this Apache server, we also have “static” IPs that I can restrict using iptables firewall rules as well as the Apache “allow” statements. I have it bind to only the VPN server interface, so it's not even listening on a publicly accessible interface.
Best of all, this solution was simple to implement. It took me longer to think of the solution than to implement it. All it required was creating the repository, adding firewall rules to allow access from the 2 users in question, and configuring Apache to use SVN DAV for this repository.
It was literally a 5 minute implementation, once I'd put 45 minutes in on evaluating the possible solutions and coming up with this one.comments powered by Disqus