SVN installation configuration and security considerations

0x00 SVN IntroductionSubversion (SVN for short) is an open-source version control system. Compared with the cross-region (RCS) and CVS, it uses a branch management system. Its design goal is to replace CVS. More and more control services on the Internet are transferred from CVS to Subversion. Subversion of the official website is: http://subversion.tigris.org/Chinese site: the Subversion Chinese site, the SVNBook Chinese version, the Subversion Chinese community, and the Chinese SVN technical materials all provide very detailed and diverse instructions. You can check them one by one if you have time. Subversion uses the server-client structure. Of course, both the server and client can run on the same server. On the server side is a Subversion warehouse that stores all the controlled data, and on the other end is a Subversion client program, which manages the local ing of some of the controlled data (called "Working Copies "). The two ends are accessed through multiple channels of various warehouse Access layers (Repository Access (RA. In these channels, you can operate warehouses through different network protocols, such as HTTP, SSH, or local files.0x01 installation and configurationInstall SVN # yum install subversion to test whether the installation is successful # svnserve -- version if the version information is displayed, it indicates that the installation is successful and the repository is created # svnadmin create/home/svn/repo set the password for svn to change the configuration file/home/svn/repo/conf/svnserve. conf remove the # anonymous access permission before # [general]. It can be read, write, or none. The default value is read anon-access = none to authenticate the user's permission. It can be read, write, none, the default value is write auth-access = write password database path # password-db = passwd remove the previous # modify the configuration file passwd # vim/home/svn/repo/conf/passwd = front yesusername, password: [users] name = passwo Rd starts the SVN server. For a single code repository # svnserve-d-r/home/svn -- listen-host 192.168.1.100svn, the default port is 3690, which is opened on the firewall. /Sbin/iptables-a input-I eth0-p tcp -- dport 3690-j ACCEPT/sbin/service iptables save import the/var/www/html/directory to the svn repo directory svn import/var/www/html/file: /// home/svn/repo-m "test"0x02 notes1. Check out (export result. svn folder directory tree) svn co http: // path [local directory full path] -- username -- password svn co svn: // path [local directory full path] -- username -- password svn checkout http: // path [local directory full path] -- username svn checkout svn: // path [local directory full path] -- if the username does not contain the -- password parameter, the system will prompt you to enter the password. We recommend that you do not use the -- password option in plain text. Username and password are two short-term, not one. If the full path of the local directory is not specified, the local directory is checked out. 2. Export (export a clean one. svn folder directory tree) svn export [-r version] http: // path [local directory full path] -- username svn export [-r version] svn: // path [local directory full path] -- username svn export detected locally (. svn folder) Directory full path local directory full path to export first from the version library to clean the working directory tree form is to specify the URL. If the version number is specified, the corresponding version is exported. If no version is specified, the latest version is exported to the specified location. If the full path of the local directory is omitted, the last part of the URL is used as the name of the local directory. The second method is to specify the full path of the local directory to be exported. All local modifications will be retained. But files that are not under Version Control (that is, new files that are not submitted, because there is no related information record in the. svn folder) will not be copied. In a realistic development environment, we strongly recommend that you use the export function svn export instead of svn co. This may cause serious problems. Many administrators directly put the code from svn co to the web directory. In this way, the. svn hidden folder is exposed to the Internet environment. Hackers can gradually find out the site structure by using the "entries" file contained in it for version information tracking. Svn and entries folders are exposed to the Internet. The more serious problem is that SVN generates. the svn directory also contains. A copy of the source code file ending with svn-base (the path of the earlier version of SVN is the text-base directory, and the later version of SVN is the pristine directory). If the server does not parse the suffix, hackers can directly obtain the file source code. Then, you may be able to directly obtain webshell. If an online production environment already exists. if you do not want to delete the svn directory, you can set a ban on the server to access this directory: In addition, svn is updated to 1.7 +. the svn/entries directory does not contain the file directory list. Apache: <Directory ~ "\. Svn"> Order allow, denyDeny from all </Directory> Nginx: location ~ ^ (. *) \/\. Svn \/{return 404;} attaches two scripts for traversing. svn/entries to display the website directory structure: http://up.2cto.com/2013/0801/20130801103823514.zip

Refer:

Subversion Quick Start Tutorial: http://www.bkjia.com/ OS /201308/232571.html

Build a secure version control environment with Apache and Subversion: http://www.bkjia.com/Article/201308/232575.html

Centos svn installation, configuration and use: http://www.bkjia.com/ OS /201308/232576.html

Svn command in linux: http://www.bkjia.com/ OS /201308/232577.html

Summary: http://www.bkjia.com/Article/201203/124841.html