Thinking more about the CLI_PROXY_CMDUSER and CLI_PROXY_CMD variable idea is not consistent with our security model. By design the CLI "root" user has more privileges than the "admin" web interface user. Adding such variables would circumvent that by savvy "admin" web users. A no go.
Lonnie On Jan 28, 2014, at 5:48 PM, Michael Knill wrote: > Thanks Lonnie. All seems a bit hard. i might leave it for now. > > Regards > Michael Knill > > > > > On 29/01/2014, at 10:32 AM, Lonnie Abelbeck <[email protected]> wrote: > >> Hi Michael, >> >> A new tab won't do it, you would need to patch the /etc/init.d/shellinaboxd >> service script, something like: >> -- >> @@ -12,7 +12,7 @@ >> echo "Starting shellinaboxd..." >> >> shellinaboxd -u root -g nobody --no-beep >> --background=/var/run/shellinaboxd.pid \ >> - --disable-ssl --localhost-only >> --service=/admin/cli/:nobody:nobody:/:/bin/login >> + --disable-ssl --localhost-only >> --service=/admin/cli/:root:nobody:/:/usr/bin/iftop >> fi >> } >> >> -- >> BUT, I would not recommend it since if any bug in iftop allowed you exit to >> shell (we do disable "!" subshell access) the user would have full root >> access, and iftop needs root access to run. >> >> Additionally you should never edit the service scripts for production boxes >> since upgrades will be ignored for that file and no doubt cause much hair >> pulling sometime down the line. This would be a good example for you to >> build your own custom production AstLinux images by using a patch in the >> buildsystem so the change would occur at the base read-only level and if the >> script changed much your patch would simply have to be regenerated. >> >> Another idea would be to add CLI_PROXY_CMDUSER and CLI_PROXY_CMD variables >> -- >> + --disable-ssl --localhost-only >> --service=/admin/cli/:${CLI_PROXY_CMDUSER:-nobody}:nobody:/:${CLI_PROXY_CMD:-/bin/login} >> -- >> But that still seems kind of dangerous, but will leave it open for >> discussion. >> >> Of course any of the above requires "CLI Proxy Server" (shellinabox) to be >> enabled, which is disabled by default. >> >> Lonnie >> >> >> On Jan 28, 2014, at 4:14 PM, Michael Knill wrote: >> >>> Yes thanks Michael but the CLI proxy is not something that I would want to >>> give to the staff user! >>> I might create myself a new tab. I will use the Netstat one as a template. >>> >>> Thanks all. >>> >>> Regards >>> Michael Knill >>> >>> >>> On 28/01/2014, at 8:02 PM, Michael Keuter <[email protected]> wrote: >>> >>>> >>>> Am 28.01.2014 um 02:41 schrieb Michael Knill >>>> <[email protected]>: >>>> >>>>> PS. A similar iftop page would be good too :) >>>> >>>> You can do this with the included CLI Proxy Server (Shellinabox) with the >>>> "CLI" tab/link in the GUI if you want :-). >>>> >>>>> Regards >>>>> Michael Knill >>>>> >>>>> >>>>> >>>>> >>>>> On 28/01/2014, at 11:36 AM, Lonnie Abelbeck <[email protected]> >>>>> wrote: >>>>> >>>>>> Michael, >>>>>> >>>>>> Ahhh, does https://pbx3/admin/netstat/ in a browser work? >>>>>> >>>>>> If not, then you must have a custom /mnt/kd/lighttpd.conf which is >>>>>> missing the new netstat proxy stuff. >>>>>> >>>>>> @NETSTAT_SERVER@$HTTP["scheme"] == "https" { >>>>>> @NETSTAT_SERVER@ proxy.server += ( "/admin/netstat/" => >>>>>> @NETSTAT_SERVER@ ( "localhost" => >>>>>> @NETSTAT_SERVER@ ( >>>>>> @NETSTAT_SERVER@ "host" => "127.0.0.1", >>>>>> @NETSTAT_SERVER@ "port" => "667" >>>>>> @NETSTAT_SERVER@ ) >>>>>> @NETSTAT_SERVER@ ) >>>>>> @NETSTAT_SERVER@ ) >>>>>> @NETSTAT_SERVER@} >>>>>> >>>>>> Probably best to start with the new /stat/etc/lighttpd.conf and make >>>>>> your custom changes to that for /mnt/kd/lighttpd.conf. 'diff -u' is >>>>>> your friend. >>>>>> >>>>>> Lonnie >>>>>> >>>>>> >>>>>> On Jan 27, 2014, at 6:18 PM, Michael Knill wrote: >>>>>> >>>>>>> Yes all the other tabs work fine. I should have mentioned that I have >>>>>>> my www directory in /mnt/kd. >>>>>>> >>>>>>> Regards >>>>>>> Michael Knill >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> On 28/01/2014, at 10:59 AM, Lonnie Abelbeck <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> Michael, >>>>>>>> >>>>>>>> Yes, this should be simple.... Does the Network tab -> HTTPS Server >>>>>>>> Directory: match where you are looking ? >>>>>>>> >>>>>>>> Does >>>>>>>> >>>>>>>> $ show-union | grep '\.php' >>>>>>>> >>>>>>>> output anything ? >>>>>>>> >>>>>>>> Lonnie >>>>>>>> >>>>>>>> >>>>>>>> On Jan 27, 2014, at 5:49 PM, Michael Knill wrote: >>>>>>>> >>>>>>>>> No its all there. Does it work on Alix? >>>>>>>>> >>>>>>>>> Regards >>>>>>>>> Michael Knill >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On 28/01/2014, at 10:42 AM, Lonnie Abelbeck >>>>>>>>> <[email protected]> wrote: >>>>>>>>> >>>>>>>>>> Michael, >>>>>>>>>> >>>>>>>>>> Possibly you have a edited version of the web interface that is >>>>>>>>>> missing the new /admin/netstat.php tab ? >>>>>>>>>> >>>>>>>>>> Lonnie >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Jan 27, 2014, at 5:35 PM, Michael Knill wrote: >>>>>>>>>> >>>>>>>>>>> Yes. It would have given me a message if not :) >>>>>>>>>>> >>>>>>>>>>> Regards >>>>>>>>>>> Michael Knill >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On 28/01/2014, at 10:30 AM, Lonnie Abelbeck >>>>>>>>>>> <[email protected]> wrote: >>>>>>>>>>> >>>>>>>>>>>> Michael, >>>>>>>>>>>> >>>>>>>>>>>> Do you have "NetStat Server: [ enabled ]" in the Network tab ? >>>>>>>>>>>> Then [ Restart Netstat Server ] >>>>>>>>>>>> >>>>>>>>>>>> Lonnie >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> On Jan 27, 2014, at 5:23 PM, Michael Knill wrote: >>>>>>>>>>>> >>>>>>>>>>>>> To the group. >>>>>>>>>>>>> >>>>>>>>>>>>> I just upgraded to 1.1.4 and my Netstat tab is 404 - Not Found. >>>>>>>>>>>>> Any ideas where to troubleshoot? >>>>>>>>>>>>> >>>>>>>>>>>>> Regards >>>>>>>>>>>>> Michael Knill >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> ------------------------------------------------------------------------------ >>>>>>>>>>>>> CenturyLink Cloud: The Leader in Enterprise Cloud Services. >>>>>>>>>>>>> Learn Why More Businesses Are Choosing CenturyLink Cloud For >>>>>>>>>>>>> Critical Workloads, Development Environments & Everything In >>>>>>>>>>>>> Between. >>>>>>>>>>>>> Get a Quote or Start a Free Trial Today. >>>>>>>>>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk_______________________________________________ >>>>>>>>>>>>> Astlinux-users mailing list >>>>>>>>>>>>> [email protected] >>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>>>>>>>>>>>> >>>>>>>>>>>>> Donations to support AstLinux are graciously accepted via PayPal >>>>>>>>>>>>> to [email protected]. >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> ------------------------------------------------------------------------------ >>>>>>>>>>>> CenturyLink Cloud: The Leader in Enterprise Cloud Services. >>>>>>>>>>>> Learn Why More Businesses Are Choosing CenturyLink Cloud For >>>>>>>>>>>> Critical Workloads, Development Environments & Everything In >>>>>>>>>>>> Between. >>>>>>>>>>>> Get a Quote or Start a Free Trial Today. >>>>>>>>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> Astlinux-users mailing list >>>>>>>>>>>> [email protected] >>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>>>>>>>>>>> >>>>>>>>>>>> Donations to support AstLinux are graciously accepted via PayPal >>>>>>>>>>>> to [email protected]. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> ------------------------------------------------------------------------------ >>>>>>>>>>> CenturyLink Cloud: The Leader in Enterprise Cloud Services. >>>>>>>>>>> Learn Why More Businesses Are Choosing CenturyLink Cloud For >>>>>>>>>>> Critical Workloads, Development Environments & Everything In >>>>>>>>>>> Between. >>>>>>>>>>> Get a Quote or Start a Free Trial Today. >>>>>>>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Astlinux-users mailing list >>>>>>>>>>> [email protected] >>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>>>>>>>>>> >>>>>>>>>>> Donations to support AstLinux are graciously accepted via PayPal to >>>>>>>>>>> [email protected]. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> ------------------------------------------------------------------------------ >>>>>>>>>> CenturyLink Cloud: The Leader in Enterprise Cloud Services. >>>>>>>>>> Learn Why More Businesses Are Choosing CenturyLink Cloud For >>>>>>>>>> Critical Workloads, Development Environments & Everything In Between. >>>>>>>>>> Get a Quote or Start a Free Trial Today. >>>>>>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk >>>>>>>>>> _______________________________________________ >>>>>>>>>> Astlinux-users mailing list >>>>>>>>>> [email protected] >>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>>>>>>>>> >>>>>>>>>> Donations to support AstLinux are graciously accepted via PayPal to >>>>>>>>>> [email protected]. >>>>>>>>> >>>>>>>>> >>>>>>>>> ------------------------------------------------------------------------------ >>>>>>>>> CenturyLink Cloud: The Leader in Enterprise Cloud Services. >>>>>>>>> Learn Why More Businesses Are Choosing CenturyLink Cloud For >>>>>>>>> Critical Workloads, Development Environments & Everything In Between. >>>>>>>>> Get a Quote or Start a Free Trial Today. >>>>>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk >>>>>>>>> _______________________________________________ >>>>>>>>> Astlinux-users mailing list >>>>>>>>> [email protected] >>>>>>>>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>>>>>>>> >>>>>>>>> Donations to support AstLinux are graciously accepted via PayPal to >>>>>>>>> [email protected]. >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> ------------------------------------------------------------------------------ >>>>>>>> CenturyLink Cloud: The Leader in Enterprise Cloud Services. >>>>>>>> Learn Why More Businesses Are Choosing CenturyLink Cloud For >>>>>>>> Critical Workloads, Development Environments & Everything In Between. >>>>>>>> Get a Quote or Start a Free Trial Today. >>>>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk >>>>>>>> _______________________________________________ >>>>>>>> Astlinux-users mailing list >>>>>>>> [email protected] >>>>>>>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>>>>>>> >>>>>>>> Donations to support AstLinux are graciously accepted via PayPal to >>>>>>>> [email protected]. >>>>>>> >>>>>>> >>>>>>> ------------------------------------------------------------------------------ >>>>>>> CenturyLink Cloud: The Leader in Enterprise Cloud Services. >>>>>>> Learn Why More Businesses Are Choosing CenturyLink Cloud For >>>>>>> Critical Workloads, Development Environments & Everything In Between. >>>>>>> Get a Quote or Start a Free Trial Today. >>>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk >>>>>>> _______________________________________________ >>>>>>> Astlinux-users mailing list >>>>>>> [email protected] >>>>>>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>>>>>> >>>>>>> Donations to support AstLinux are graciously accepted via PayPal to >>>>>>> [email protected]. >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> ------------------------------------------------------------------------------ >>>>>> CenturyLink Cloud: The Leader in Enterprise Cloud Services. >>>>>> Learn Why More Businesses Are Choosing CenturyLink Cloud For >>>>>> Critical Workloads, Development Environments & Everything In Between. >>>>>> Get a Quote or Start a Free Trial Today. >>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk >>>>>> _______________________________________________ >>>>>> Astlinux-users mailing list >>>>>> [email protected] >>>>>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>>>>> >>>>>> Donations to support AstLinux are graciously accepted via PayPal to >>>>>> [email protected]. >>>>> >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> WatchGuard Dimension instantly turns raw network data into actionable >>>>> security intelligence. It gives you real-time visual feedback on key >>>>> security issues and trends. Skip the complicated setup - simply import >>>>> a virtual appliance and go from zero to informed in seconds. >>>>> http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk >>>>> _______________________________________________ >>>>> Astlinux-users mailing list >>>>> [email protected] >>>>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>>>> >>>>> Donations to support AstLinux are graciously accepted via PayPal to >>>>> [email protected]. >>>> >>>> >>>> Michael >>>> >>>> http://www.mksolutions.info >>>> >>>> >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> WatchGuard Dimension instantly turns raw network data into actionable >>>> security intelligence. It gives you real-time visual feedback on key >>>> security issues and trends. Skip the complicated setup - simply import >>>> a virtual appliance and go from zero to informed in seconds. >>>> http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk_______________________________________________ >>>> Astlinux-users mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>>> >>>> Donations to support AstLinux are graciously accepted via PayPal to >>>> [email protected]. >>> >>> >>> ------------------------------------------------------------------------------ >>> WatchGuard Dimension instantly turns raw network data into actionable >>> security intelligence. It gives you real-time visual feedback on key >>> security issues and trends. Skip the complicated setup - simply import >>> a virtual appliance and go from zero to informed in seconds. >>> http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk >>> _______________________________________________ >>> Astlinux-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>> >>> Donations to support AstLinux are graciously accepted via PayPal to >>> [email protected]. >>> >>> >> >> >> ------------------------------------------------------------------------------ >> WatchGuard Dimension instantly turns raw network data into actionable >> security intelligence. It gives you real-time visual feedback on key >> security issues and trends. Skip the complicated setup - simply import >> a virtual appliance and go from zero to informed in seconds. >> http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk >> _______________________________________________ >> Astlinux-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> [email protected]. > > > ------------------------------------------------------------------------------ > WatchGuard Dimension instantly turns raw network data into actionable > security intelligence. It gives you real-time visual feedback on key > security issues and trends. Skip the complicated setup - simply import > a virtual appliance and go from zero to informed in seconds. > http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk > _______________________________________________ > Astlinux-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > [email protected]. > > ------------------------------------------------------------------------------ WatchGuard Dimension instantly turns raw network data into actionable security intelligence. It gives you real-time visual feedback on key security issues and trends. Skip the complicated setup - simply import a virtual appliance and go from zero to informed in seconds. http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
