[Nick Daly]
> Yeesh. It should run as a non-privileged user, now tracked as a 2.0
> release goal [0]:
>
> : FreedomBox 2.0: Plinth: Run as non-root user.
>
> It probably should run as a service-specific user, to compartmentalize
> the permissions as much as possible.
I suspect it should be a 0.3
[Tim Retout]
> Hmm, is the ssh port going to be public-facing?
It is at the moment, at least. ssh is open on eth0 as well as eth1.
And got two users with well known passwords, root and fbx.
> If it's being exposed via pagekite etc., it would be worth checking
> whether denyhosts is going to do t
I'd like to throw one more alternative into the mix:
On Wed, Mar 19, 2014 at 1:38 AM, Petter Reinholdtsen wrote:
> - iptables / ufw rules
> - libpam-shield - locks out remote attackers trying password guessing
> - libpam-abl - blocks hosts which are attempting a brute force attack
> - fai
On Mon, Mar 17, 2014 at 11:06 PM, Petter Reinholdtsen wrote:
>
> [Alberto Fuentes]
>> echo "fb ip" fbx >>/etc/hosts
>>
>> then navigate to fbx
>
> You are right. This actually work. When I visit
> http:// I add fbx to /etc/hosts on my local machine and then access http://fbx/,
> I get JWChat.
>
On Tue, Mar 18, 2014 at 10:45:19PM +0100, Anders Jackson wrote:
>
> Den 18 mar 2014 22:18 skrev "Petter Reinholdtsen" :
> >
> > [Anders Jackson]
> > > This can be done directly by iptables, (but not yet with iptables6 for
> > > ip6tables ).
> > >
> > > So I would suggest using a firewall utility i
[Petter Reinholdtsen]
> I agree that avahi/mdns would be very useful, and will change
> freedombox-setup to pull in avahi-daemon, avahi-utils and libnss-mdns
> on the freedombox.
This is now in place, and freshly built images (or upgraded images)
will get avahi-daemon installed by default.
> With
Nick Daly writes:
> I'd like to throw one more alternative into the mix:
>
> On Wed, Mar 19, 2014 at 1:38 AM, Petter Reinholdtsen wrote:
>> - iptables / ufw rules
>> - libpam-shield - locks out remote attackers trying password guessing
>> - libpam-abl - blocks hosts which are attempting a
I just now got the first feedback from the ftpmasters on the
freedombox-setup package. All of them seem easily fixable. If you
got time to spare, please send me pull requests to
https://github.com/petterreinholdtsen/freedombox-setup > or
commit directly to
http://anonscm.debian.org/gitweb/?p=free
On 20 Mar 2014 10:36, "Petter Reinholdtsen" wrote:
>
> [Petter Reinholdtsen]
> > I agree that avahi/mdns would be very useful, and will change
> > freedombox-setup to pull in avahi-daemon, avahi-utils and libnss-mdns
> > on the freedombox.
>
> This is now in place, and freshly built images (or upg
Hi.
What exactly is new in version 0.2 compared to version 0.1? I belive
we should make a list and put it in the wiki. I never tried v0.1, so
I do not know.
Btw, I built some test images of todays versions of the packages, and
made them available for download and testing from
http://ftp.skoleli
[Tim Retout]
> Hm, your client machine needs libnss-mdns, and avahi-daemon needs to
> be running on the freedombox...
This is all in place already.
> if the daemon stops responding, the address will no longer work. It
> would be worth checking the logs, perhaps?
These are all avahi and rsyslog r
Petter Reinholdtsen writes:
> And this work for a while, when using a virtual machine on my wheezy
> laptop. But just a few minutes after the freedombox was booted (or
> avahi-daemon restarted), the freedombox.local mDNS name is no longer
> known. Anyone know what is going on here?
likely not
Den 20 mar 2014 08:53 skrev "alberto fuentes" :
>
> On Mon, Mar 17, 2014 at 11:06 PM, Petter Reinholdtsen
wrote:
> >
> > [Alberto Fuentes]
> >> echo "fb ip" fbx >>/etc/hosts
> >>
> >> then navigate to fbx
> >
> > You are right. This actually work. When I visit
> > http:// > I add fbx to /etc/hos
Petter Reinholdtsen writes:
> [Petter Reinholdtsen]
>> I agree that avahi/mdns would be very useful, and will change
>> freedombox-setup to pull in avahi-daemon, avahi-utils and libnss-mdns
>> on the freedombox.
>
> This is now in place, and freshly built images (or upgraded images)
> will get av
Hi Pere!
On Thu, Mar 20, 2014 at 9:00 AM, Petter Reinholdtsen wrote:
> What exactly is new in version 0.2 compared to version 0.1? I belive
> we should make a list and put it in the wiki. I never tried v0.1, so
> I do not know.
The 0.1 release announcement [0] featured a functioning Privoxy.
E
[Nick Daly]
> Hi Pere!
Hi. :)
> The 0.1 release announcement [0] featured a functioning Privoxy.
> Everything else, since then, is new.
>
> The full feature list now includes (by my count):
>
> - JWChat (XMPP)
> - Plinth
> - Tor
> - OwnCloud (with 4GB images)
> - Privoxy
> - Source packages
> -
On Thu, Mar 20, 2014 at 11:11 AM, Petter Reinholdtsen wrote:
> What about the ssh server? Was it present in 0.1?
Yup, that's how we administered the box remotely.
> And the latest version contain avahi daemon, ldap server and lxc
> support. There is also a DNS and DHCP server handed out on eth
[Nick Daly]
> That's nuts! Can we map each of these to the owning services?
Sure:
root@freedombox:~# lsof -i|grep LISTEN
dnsmasq 1452dnsmasq7u IPv4 4677 0t0 TCP *:domain (LISTEN)
dnsmasq 1452dnsmasq9u IPv6 4679 0t0 TCP *:domain (LISTEN)
apache2 1609
On Thu, Mar 20, 2014 at 12:28 PM, Petter Reinholdtsen wrote:
> root@freedombox:~# lsof -i|grep LISTEN
> privoxy 1838privoxy4u IPv6 5137 0t0 TCP localhost:8118
> (LISTEN)
Should privoxy be configured to listen on the either/both network
interfaces? It was configured to listen e
[James Valleroy]
> Should privoxy be configured to listen on the either/both network
> interfaces? It was configured to listen everywhere in
> freedombox-privoxy[0].
I guess it should, but as can be seen in the thread starting on
http://lists.alioth.debian.org/pipermail/freedombox-discuss/2013-Sep
20 matches
Mail list logo
