Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
The deprec gem is a set of tasks for Capistrano. These tasks provide for the installation, configuration and control of system services on servers running Ubuntu linux. Deprec was created in 2006 by Mike Bailey to setup an environment for running Ruby on Rails web applications on Ubuntu servers. Since then its uses have grown to installing Xen virtualization, mail, monitoring, high availability IP failover and other services.
The tasks are run at the command line on your workstation and connect to remote servers via ssh to run commands and copy out files.
Deprec-2.x is a complete rewrite of the project that achieves the following:
Deprec and Capistrano are written in the Ruby programming language however no knowledge of Ruby is required to use it. Users should be able to write new tasks and modify existing options without prior knowledge of Ruby.
Deprec can using rubygems5.
sudo gem install deprec # installs deprec and dependancies
depify -c # creates ~/.caprc which you may edit
cap -T # should list lots of deprec tasks
The .caprc file is loaded every time you use Capistrano. It in turn loads the deprec tasks so you always have them available. Editing the .caprc file in your home directory allows you to specify the location of your ssh key and enable some other useful options (documented in the comments). You can also put tasks here that you want access to, regardless of the current working directory.
I plan to document other things I use deprec for on http://www.deprec.org/. Feel free to poke around and see what's there. I use deprec to provision and manage servers so you might find some things in there I haven't documented. Lucky you.
The tasks run commands that may make changes to your workstation and remote server. You are advised to read the source and use at your own risk.
Deprec is written and maintained by Mike Bailey mike@bailey.net.au. More about me here: [http://mike.bailey.net.au/]
Deprec was inspired and uses the brilliantly executed Capistrano. Thanks Jamis! This gem includes a modified copy of Neil Wilson's very useful vmbuilder_plugins gem.
Deprec wouldn't be what it is without the contributions of many people, a few of whom are listed here:
Square Circle Triangle: commissioned work that has included in the project. Eric Harris-Braun: great testing, bug reports and suggestions Gus Gollings: helped restore www.deprec.org Craig Ambrose: testing, documentation and beer
github forks of note: isaac paulreimer jasherai saimonmoore zippy
Deprec is licenced under the GPL. This means that you can use it in commercial or open source applications. More details found here: http://www.gnu.org/licenses/gpl.html
deprec - deployment recipes for capistrano Copyright (C) 2006-2008 Mike Bailey
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
FAQs
Unknown package
We found that deprec demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.