On the Messenger protion I know we can edit the messenger files. I was wonder if there was a way to dynamically put text into the messenger to say why it was bloked.
For example in the csf.deny we put
196.168.0.0/10 #Trying to inject hacking scripts
Could messenger pull the text past the # and in the code we could have something like:
Our firewall blocked your IP because <block_reason> etc...
And possibly even a date??
Just wondering if this might be a doable enchancement and what others thought.
Messenger
There are security implications with being able to display the reason for a block in two areas:
1. It's usually not a good idea to tell a hackers why they were blocked (even if it is helpful in a false-positive situation)
2. It would mean a compromise on the security of the lfd Messenger daemon which loads the initial data (web page and images) into memory and then drops all privileges to the non-priv user it runs under. As the non-priv user it doesn't have any access to the csf files which contain the details of the block (they're only accessible by root)
1. It's usually not a good idea to tell a hackers why they were blocked (even if it is helpful in a false-positive situation)
2. It would mean a compromise on the security of the lfd Messenger daemon which loads the initial data (web page and images) into memory and then drops all privileges to the non-priv user it runs under. As the non-priv user it doesn't have any access to the csf files which contain the details of the block (they're only accessible by root)