CryptoNAS
  • Wiki
  • Timeline
  • Roadmap
  • Browse Source
  • View Tickets
  • New Ticket
  • Search
  • Last Change
  • Revision Log

root/trunk/README

Revision 1018, 7.4 kB (checked in by lars, 2 years ago)

synchronized changelog and README

  • Property svn:keywords set to Id
Line 
1 ********************************************
2 *          CryptoBox v0.3.xx               *
3 ********************************************
4
5 $Id$
6
7 This file describes the webserver CryptoBox.
8 The CryptoBox enables you to control the plaintext or encrypted harddisks of
9 your server via a webinterface.
10 Read on if you want to install the CryptoBox-server package on your computer.
11
12 For more information, see the website:
13         http://cryptobox.org
14
15 Table of contents:
16         1) Requirements
17         2) Installation
18         3) Setup
19         4) Usage
20         5) Data access
21         6) Development
22         7) Acknowledgements
23         8) Licence
24
25 --------------------------------------------
26
27 1) Requirements
28         - Linux 2.6
29         - super (to selectively gain root privileges)
30         - Python 2.4
31         - some python packages:
32                 clearsilver 0.10 for python
33                 python-configobj 4.x
34                 cherrypy 2.x
35
36
37 2) Installation
38 For Debian, Ubuntu and other derivates you should use the debian package:
39         see http://systemausfall.org/toolforge/debian/
40
41 Please follow the /usr/share/doc/cryptobox-server/README.Debian for
42 any special steps regarding Debian.
43
44 There are currently no official rpm or other packages of the CryptoBox.
45 Use the source installation on non-deb based distributions.
46
47 For source installation follow these steps:
48         Get the source:
49                 http://cryptobox.org/download
50
51         Extract tarball and change to the new directory:
52                 tar xzf cryptobox-0.?.?.tar.gz
53
54         Install the program:
55                 python setup.by install
56
57         Fulfil the requirements:
58                 read more in the user documentation
59
60 The installed pyhton modules can be found in your local python installation directory.
61 The default location should be:
62         /usr/lib/python2.4/site-packages/cryptobox/
63 The data files are (by default) installed to:
64         /usr/share/cryptobox-server/
65
66 As some actions of the cryptobox require root privileges, you have to add the
67 following line to /etc/super.tab:
68         CryptoBoxRootActions    /usr/bin/CryptoBoxRootActions   cryptobox
69 The script /usr/bin/CryptoBoxRootActions is used to execute all actions
70 requiring root privileges. Please check it to make sure, that your system will
71 not get compromised.
72
73
74 3) Setup
75
76  a) Start at bootup
77         Set NO_START in /etc/default/cryptobox-server to "0".
78         The CryptoBox webserver will get started by its runlevel control script
79         after bootup.
80
81  b) Define managed devices
82         You may restrict which blockdevices should be accessible to the CryptoBox.
83         Simply set [Main]->AllowedDevices in /etc/cryptobox-server/cryptobox.conf
84         to a comma separated list of device prefixes: e.g. /dev/sd gives access to
85         all SCSI devices, while /dev/hda3 restricts it to this single partition.
86         The user executing the webserver (by default: 'cryptobox') must have write
87         access to these devices. Usually the cryptobox user is member of the 'disk'
88         group. This gives control over most devices.
89         Be careful with this setting, as you may expose important data to public
90         read and write access.
91
92  c) Listening port and interface
93         By default, the CryptoBox webserver listens to tcp port 8080 on all network
94         interfaces. You can change this setting in /etc/default/cryptobox-server.
95         Also take a look at your firewall settings.
96
97  d) Disable plugins
98         The CryptoBox contains a lot of plugins. As some of them could expose
99         unwanted features to your users, you should carefully select which plugins
100         to disable.
101         Quite likely candidates for disabling are:
102                 - shutdown: poweroff or reboot the computer
103                 - network: change IP, gateway or dns settings of the server
104                 - partition: partition blockdevices
105                 - volume_format_fs: format a disk/partition (plaintext/encrypted)
106         Take a look at /usr/share/cryptobox-server/plugins for the list of
107         other plugins.
108         The setting [Main]->DisabledPlugins in /etc/cryptobox-server/cryptobox.conf
109         is a comma separated list of plugin names. Capitalization is important!
110
111  e) Separate configuration partition
112         The CryptoBox webserver requires a writeable directory for proper
113         operation. If your root filesystem is not writeable (e.g. booting from a
114         cdrom, read-only mounted flash memory, ...) you may use a seperated
115         partition to store runtime settings. The CryptoBox will automatically
116         creates it, when you use partition one of your disks with its interface.
117         The setting [Main]->UseConfigPartition (see
118         /etc/cryptobox-server/cryptobox.conf) defines, whether you want to use a
119         separate partition (value "1") or if you want to store your runtime
120         settings in the root filesystem (typically below
121         /var/cache/cryptobox-server).
122
123  f) Samba/WebDAV/NFS/??? integration (aka. event script handling)
124         The CryptoBox allows you to add event handling scripts for most of the
125         interesting events: bootup/shutdown of the webserver and mount/umount
126         of single volumes.
127         If you want to automatically publish your mounted volumes with samba
128         or similar fileservers, then you should take a closer look at the
129         example scripts for samba and apache-webdav in
130         /usr/share/doc/cryptobox-server/event-scripts.
131         You may also just publish the mount directory of the CryptoBox. This
132         will expose all mounted volumes very easily. Review the configuration
133         file for the setting [Locations]->MountParentDir.
134
135  g) Take a close look at the configuration file to check all other options
136         before you start the CryptoBox webserver.
137
138
139 4) Usage
140 Use your favourite web browser to go to http://localhost:8080 and browse the
141 webinterface of the CryptoBox.
142 Some parts of the interface are restricted to administrative access. The
143 default access combination is the user 'admin' and the password 'admin'. Please
144 change this setting immediately.
145 The plugin 'user_manager' allows you to add users and to change passwords.
146 The plugin 'plugin_manager' lets you configure, which plugins require
147 administrative authentication.
148
149
150 5) Data access
151 Before you can access your plaintext or encrypted data on a volume, you have to
152 open it. To accomplish this, you have to go to the webinterface, select the
153 appropriate volume and click on "Open volume" in the "Activation" tab.
154
155 If you are running the CryptoBox locally, then you can access all open volumes
156 below the 'MountDir' as specified in the configuration file
157 (/etc/cryptobox-server/cryptobox.conf). The default mount location is
158 /var/cache/cryptobox/mnt.
159
160 If the CryptoBox package is running on a networking server, then you have to
161 configure your favourite fileserver (e.g. samba, webdav, nfs, ftp, ...) to
162 publish the subdirectories of the 'MountDir' (see above).
163 If you want to customize the publishing of volumes, then you may use the
164 event script feature fo the CryptoBox. See event-scripts/README for details.
165
166
167 6) Development
168 bug reports: please use our issue tracker
169         https://systemausfall.org/trac/cryptobox/newticket
170
171 email:
172         info@cryptobox.org
173
174 The CryptoBox project is mainly driven by sense.lab (http://senselab.org).
175
176
177 7) Acknowledgements
178 Besides the core development team, these people helped a lot:
179 Clavdia Horvat, Tadej Brce & Dušan Rebolj - Slovenian translation
180 rike - French translation
181 Fabrizio Tarizzo - Italian translation
182 kinneko - Japanese translation
183 Andrzej S. Kaznowski - Polish translation
184 Fadrique - Spanish translation
185 Michiel van Dijk - Dutch translation
186 Raimar - the blender dragon
187 Gilles Accad - French translation
188 ASpr - Russian translation
189
190 We also want to thank the numerous developers of the Free Software, the
191 CryptoBox depends on and that was used in development.
192
193
194 8) License
195 The code is licensed under the GPL v2.0 or above.
196 The documentation and all graphics are licenced under "Creative Commons Attribution
197 Share-Alike 2.5" (http://creativecommons.org/licenses/by-sa/2.5/).
198 See the file 'copyright' for details.
199
Note: See TracBrowser for help on using the browser.

Download in other formats:

  • Plain Text
  • Original Format
Trac Powered

The CryptoBox - A project started by
Sense.Lab e.V.


  • Login
  • Settings
  • Help/Guide
  • About Trac
  • TracAdmin-Konsole