peterw wrote:
> I just wanted to say thanks to the pCP crew for adding the Security page
> to the Beta web UI for 6.0! I do hope you'll promote that to the
> mainstream admin UI, although I suggest you consider a few tweaks:
> 1) add a Password Confirmation input on the httpd settings page
> 2)
Greg Erskine wrote:
>
> This option will be available in pCP6.0.0 when we release it. Best to
> wait.
>
I just wanted to say thanks to the pCP crew for adding the Security page
to the Beta web UI for 6.0! I do hope you'll promote that to the
mainstream admin UI, although I suggest you
Greg Erskine wrote:
> Some people consider using port 80 to be less secure because it is the
> http default.
>
Agreed which is why I replied here. I also agree the LMS stuff is off
topic, sorry about that.
trigdog's
Some people consider using port 80 to be less secure because it is the
http default.
The LMS http port number is really not part of piCorePlayer security. It
might confuse people talking about it in the same thread/post/paragraph
as piCorePlayer http port.
Greg Erskine wrote:
>
>
> You can't do this.
>
> Most people only change the LMS port if it clashes with other software.
> 9001 is usually used.
>
>
I see LMS doesn't support 80 now. I was just trying to make a more user
friendly url to get to the LMS server. I created a host file
Greg Erskine wrote:
>
>
> If you are using pCP6.0.0-b1 you *may* be able to edit your pcp config
> file manually (/usr/local/etc/pcp/pcp.cfg)?
>
>
Actually, I just tried this on 5.0 before I saw this replyit seems
to have worked just fine when I edited manually and used "pcp br" to
hi trigdog,
trigdog wrote:
> Is there anyway to change the default WWW_PORT="80" in the config to
> something like 8080?
This option will be available in pCP6.0.0 when we release it. Best to
wait.
27918
If you are using pCP6.0.0-b1 you *may* be able to edit your pcp config
file manually
paul- wrote:
> You should be able to add SERVER_PORT=8080 to the config.
> > > >
> >
> > Thanks, I will give it try tonight.
> >
> > QUOTE=paul-;947624]Not sure why you would want to change LMS
> > interface...we don't offer a way to do that.> >
>
> Oh, I thought I saw it in the LMS
Not sure why you would want to change LMS interface...we don't offer
a way to do that.
piCorePlayer a small player for the Raspberry Pi in RAM.
Homepage: https://www.picoreplayer.org
Please 'donate'
Greg Erskine wrote:
>
>
> Just remove the # on the last line and make sure there is a newline
> added to the end of the last line.
>
>
This is great. Is there anyway to change the default WWW_PORT="80" in
the config to something like 8080? It would be nice if I could change
the LMS to 80
Grazie mille :-)
cfuttrup's Profile: http://forums.slimdevices.com/member.php?userid=32784
View this thread: http://forums.slimdevices.com/showthread.php?t=109401
___
unix
RE: pCP5.0.0
One small step towards increased security, for those that can't wait for
the Web GUI to be updated and know vi.
The httpd web server now uses a configuration file /etc/httpd.conf
Code:
$ sudo cat httpd.conf
# Maintained by piCorePlayer
H:/home/tc/www
peterw wrote:
> a widely available case that looks sufficient for an audio HAT:
> https://www.thingiverse.com/thing:2268017
Yup, that's the DesignSpark case that I'm using, and it looks like a
nice 3D-printed extension.
/Claus
cfuttrup wrote:
> Hi Peter
>
> I've had success with the DesignSpark case and a Dremel tool. Please
> see: http://www.cfuttrup.com/touch_upgrade.html
>
> ... but yes, finding a good case for a different board and/or with
> different features requires some work, or you use a setup without a
peterw wrote:
> Greg, I am still playing with pCP a bit.
>
> Frankly the biggest problem is finding a case for a touchscreen that
> will work with (and enclose and protect) a 3B+ and an I2S DAC.** :-) The
> Smartipi case with optional extended backs is about the best I've found
> so far, but
Greg, I am still playing with pCP a bit.
Frankly the biggest problem is finding a case for a touchscreen that
will work with (and enclose and protect) a 3B+ and an I2S DAC.** :-) The
Smartipi case with optional extended backs is about the best I've found
so far, but it looks not quite
hi peterw,
Thanks for your continued interest in pCP. Are you still using it?
We understand the security issues you mention. We are working on
security in the background but generally don't discuss things we are
developing.
The current pCP has a method of disabling ssh. The next version of
peterw wrote:
> BTW, pCP seems to include OpenSSH's sshd so you might be able to do
> things like configure busybox httpd to listen on the loopback address
> only (looks like you'd want to edit /usr/local/etc/init.d/httpd)
Looks like a much simpler approach would be to "disable" the web UI
huxmut wrote:
> would a public/private certificate ever be an option ?
BTW, pCP seems to include OpenSSH's sshd so you might be able to do
things like configure busybox httpd to listen on the loopback address
only (looks like you'd want to edit /usr/local/etc/init.d/httpd), and
then use ssh
Cool.
Thanks Paul
rPi 3 + rasPi 7" LCD + HiFiBerry DiGi+ | rPi 2 + IQaudio DAC+ |rPi 2 +
HiFiBerry DAC+ | Squeeze Box Touch | LMS + XPenology on HP Gen 8 |
huxmut's Profile:
Busybox httpd doesnt support https. There are solutions like
stunnel that supposedly work without needing any changes to the httpd
code. But its not actively being worked on. Easier options for
access control is what we are looking at.
piCorePlayer a small player for the Raspberry Pi in
would a public/private certificate ever be an option ?
rPi 3 + rasPi 7" LCD + HiFiBerry DiGi+ | rPi 2 + IQaudio DAC+ |rPi 2 +
HiFiBerry DAC+ | Squeeze Box Touch | LMS + XPenology on HP Gen 8 |
huxmut's Profile:
hi peterw,
Yeah, the original piCorePlayer's configuration was done via a "setup"
script. :) The web interface is easier to use but there were some
circumstances where a script still made sense.
We have been doing some "security" development but it probably won't
make it into the next pCP. For
paul- wrote:
> You can shut It down. There is a command line program setup
Got it, thanks. Kinda fun that both setup & the alsa equalizer require
me to SSH in from 'xterm', which I haven't used much in years. :-)
owner of the stuff that used to reside at http://www.tux.org/~peterw/
You can shut It down. There is a command line program setup
piCorePlayer a small player for the Raspberry Pi in RAM.
Homepage: https://www.picoreplayer.org
Please 'donate'
I just finally decided to play with piCorePlayer -- nice work!
Am I missing something, or is there no official way to password-protect
the piCorePlayer web interface?
Thanks,
Peter
owner of the stuff that used to reside at http://www.tux.org/~peterw/
Note: The best way to reach me is
OK, eh, I chose the iptables.tcz package (from piCore repository - it's
the default), but it seems piCorePlayer downloads the wrong package
(!?). I get:
Downloading: ipv6-4.14.81-pcpCore_v7.tcz
Error on ipv6-4.14.81-pcpCore_v7.tcz
... but that's not iptables, that's the package next in the
Hi Paul
Thanks. i see the "Extensions" button now - when going from Normal to
Advanced ... and the need to resize first :-). I have to say it's really
nice to use piCorePlayer. It's quite an amazing piece of software.
Cheers,
Claus
You can install packages from the "Extensions" button on the main pCP
web page. Sometimes you might need to install kernel module packages
that are only found on the piCorePlayer repo first.
piCorePlayer a small player for the Raspberry Pi in RAM.
Homepage: https://www.picoreplayer.org
Hi Paul
My understanding is that iptables is not installed in a default
piCorePlayer, so I need to install it first. I understand that Tiny Core
has the following modules ready to install:
http://tinycorelinux.net/9.x/armv6/tcz/
... but exactly how does one install such packages in
I'm not going to get into your rules. But if you are just allowing
everything, what is the point.
You wanted to know if it would be wiped out during update, and the
answer is. it depends. Where is your config script? And how is it
being called?
piCorePlayer a small player for the
Hi paul
I have just picked someones recommendations for a start - to allow
"everything" ... I haven't actually configured iptables yet, because it
isn't installed on my piCorePlayer yet.
Cheers,
Claus
cfuttrup's
Where are you doing the configuration steps?
piCorePlayer a small player for the Raspberry Pi in RAM.
Homepage: https://www.picoreplayer.org
Please 'donate'
(https://www.paypal.com/cgi-bin/webscr?cmd=_donations=U7JHY5WYHCNRU=GB_code=USD=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted)
Sorry to bring this to the surface again. Can anyone offer help how to
install iptables?
Presumably it's available as a package from Tiny Core -> piCore. Is
there a simple command that installs iptables?
Next about the configuration, I'm far from an expert, never done this
before. Would this
cfuttrup wrote:
> Is iptables already there on the piCorePlayer, and do I have to edit a
> text file on the system, to accomplish this?
No
Yes
Greg Erskine's Profile: http://forums.slimdevices.com/member.php?userid=7403
DJanGo wrote:
> How does a Hacker / Cracker gets his way into the IOT Devices like a
> lms?
Hi DJanGo - you have many good points (I only quote one line in your
response above). IOT are potential targets and in these times, we should
think how to reduce the risk in a product like piCorePlayer.
d6jg wrote:
> Sensible password. Internal network only no port forwarding etc
> Other than that why?
Hi d6jg
Internal only ... is that something I'd do with iptables?
Is iptables already there on the piCorePlayer, and do I have to edit a
text file on the system, to accomplish this?
Sorry
Gaffophone wrote:
> [FONT=verdana]Are there recommendations or best practices to secure
> piCorePlayer?
There are many improvements on the security but most of them are on the
other side - not yours and they are not RPI / Picore related.
How does a Hacker / Cracker gets his way into the IOT
Sensible password. Internal network only no port forwarding etc
Other than that why?
VB2.4[/B] STORAGE *QNAP TS419P (NFS)
[B]Living Room* - Joggler & SB3 -> Onkyo TS606 -> Celestion F20s
*Office* - Pi3+Sreen -> Sony TAFE320 -> Celestion F10s / Pi2+DAC & SB3
-> Onkyo CRN755 -> Wharfedale Modus
cfuttrup wrote:
>
> Also I wonder if piCorePlayer could be setup to accept interaction with
> a specific IP address only (my NAS running LMS has fixed IP) and/or MAC
> address?
>
That would be iptables role.
piCorePlayer a small player for the Raspberry Pi in RAM.
Homepage:
Hi cfuttrup,
If you are "super paranoid" about security issues I would not have a
Raspberry Pi on my network.
One of the advantages of piCore is it is in RAM. The system is a clean
rebuild on each boot. So a hacker, unless they were TinyCore savvy,
could do their thing, but after a reboot it
I'm intersted in this topic. Just installed a RPi w. piCorePlayer +
JiveLite on my network.
Bluetooth and WiFi is disabled, only using Ethernet. I changed the
password for tc (tiny-core, I hope it was saved).
Is there some way in which a hacker could potentially get access to tc
and manipulate
Nothing to worry then. Thanks a lot!
Gaffophone's Profile: http://forums.slimdevices.com/member.php?userid=68400
View this thread: http://forums.slimdevices.com/showthread.php?t=109401
Yes you can install iptables on pCP, but its really not neccessary.
You can shut down all services, so only squeezelite/jivelite is
running.
LMS itself is not designed to be ran accessible from the internet. LMS
and associated devices should only be on your local network.If you
want
44 matches
Mail list logo