search

SeattleMeshnet / meshbox

The Hyperboria peering device
https://github.com/hyperboria/cjdns
GNU General Public License v3.0
141 stars 25 forks source link

Update cjdns/uci.lua with regards to security config #45

Open ghost opened 9 years ago

wfleurant commented 9 years ago

master is at:

commit 0bf4e4b9cd364c4b806e1e382c111ec3cce3d640
Author: Lars Gierth <larsg@systemli.org>
Date:   Thu Apr 23 04:29:13 2015 +0200

    cnacl: add mips64 plan

Config with in-list provided examples (auth pass, mac addrs, logging, ...) see array security:

{
  "noBackground" : 0,
  "logging" : {
    "logTo" : "stdout"
  },
  "security" : [
    {
      "keepNetAdmin" : 1,
      "setuser" : "nobody"
    },
    {
      "chroot" : "/var/run/"
    },
    {
      "nofiles" : 0
    },
    {
      "noforks" : 1
    },
    {
      "seccomp" : 1
    },
    {
      "setupComplete" : 1
    }
  ],
  "router" : {
    "ipTunnel" : {
      "outgoingConnections" : [
        "6743gf5tw80ExampleExampleExampleExamplevlyb23zfnuzv0.k",
        "pw9tfmr8pcrExampleExampleExampleExample8rhg1pgwpwf80.k",
        "g91lxyxhq0kExampleExampleExampleExample6t0mknuhw75l0.k"
      ],
      "allowedConnections" : [
        {
          "ip6Prefix" : 0,
          "ip6Address" : "2001:123:ab::10",
          "ip4Prefix" : 24,
          "ip4Address" : "192.168.1.24",
          "publicKey" : "f64hfl7c4uxt6krmhPutTheRealAddressOfANodeHere7kfm5m0.k"
        },
        {
          "ip4Prefix" : 24,
          "ip4Address" : "192.168.1.25",
          "publicKey" : "ydq8csdk8p8ThisIsJustAnExampleAddresstxuyqdf27hvn2z0.k"
        }
      ]
    },
    "interface" : {
      "tunDevice" : "tun0",
      "type" : "TUNInterface"
    }
  },
  "interfaces" : {
    "ETHInterface" : [
      {
        "connectTo" : {
          "01:02:03:04:05:06" : {
            "publicKey" : "b",
            "password" : "a"
          }
        },
        "beacon" : 2,
        "bind" : "all"
      }
    ],
    "UDPInterface" : [
      {
        "connectTo" : {

        },
        "bind" : "0.0.0.0:31938"
      },
      {
        "connectTo" : {

        },
        "bind" : "[::]:31938"
      }
    ]
  },
  "admin" : {
    "password" : "sq8nhmxuqnc0j52gkgsw0816f6rhfmq",
    "bind" : "127.0.0.1:11234"
  },
  "authorizedPasswords" : [
    {
      "password" : "0kkqq8h71mpf4r7vh1pf00zbd3g2dck"
    },
    {
      "password" : "bllbz1up9f6y32g3r92xz6qj07n17fw"
    },
    {
      "password" : "5yq18jm0x3c6m0j458v3hdtd24s7j6k"
    },
    {
      "password" : "z89nr97fxxqrpmj4bzs4hrul043gdbg"
    }
  ],
  "ipv6" : "fc39:f3bd:36a0:1df6:983b:65fd:90b3:9c9f",
  "publicKey" : "w5h5z12h2w8mr8jxyqpj8sgluqfz7urw72sbmkpn9tspfq45p7r0.k",
  "privateKey" : "7e4f56834529b0bbb92ab699506eb252ac6368e6361d3ab9f14864b7172dd337"
}
wfleurant commented 9 years ago

Whereabouts the 7 keys end up? Add mostly checkbox to settings? Keeping it simple vs. creating new page. wdyt?

ghost commented 9 years ago

What did you paste there, lol? :)

Do you think that UI for these security settings is neccessary? I thought we could just add them to the output of cjdrouteconf get and be done with it.

wfleurant commented 9 years ago

no, no need for UI. We can add to what we have "setuser" and "exemptAngel".. I'll take'a peek at it tomorrow yea?