| 14 | | 4) Licence |
| | 24 | -------------------------------------------- |
| | 25 | |
| | 26 | 1) Requirements |
| | 27 | - Linux 2.6 |
| | 28 | - super (to selectively gain root privileges) |
| | 29 | - Python 2.4 |
| | 30 | - some python packages: |
| | 31 | clearsilver 0.10 for python |
| | 32 | python-configobj 4.x |
| | 33 | cherrypy 2.x |
| | 34 | |
| | 35 | |
| | 36 | 2) Installation |
| | 37 | For Debian, Ubuntu and other derivates you should use the debian package: |
| | 38 | see https://systemausfall.org/toolforge/debian/ |
| | 39 | |
| | 40 | There are currently no official rpm packages of the CryptoBox. |
| | 41 | |
| | 42 | For source installation follow these steps: |
| | 43 | Get the source: |
| | 44 | http://cryptobox.org/download |
| | 45 | |
| | 46 | Extract tarball and change to the new directory: |
| | 47 | tar xzf cryptobox-0.?.?.tar.gz |
| | 48 | |
| | 49 | Install the program: |
| | 50 | python setup.by install |
| | 51 | |
| | 52 | The installed files can be found in your local python installation directory. |
| | 53 | The default location should be: |
| | 54 | /usr/lib/python2.4/site-packages/cryptobox |
| | 55 | |
| | 56 | As some actions of the cryptobox require root privileges, you have to add the |
| | 57 | following line to /etc/super.tab: |
| | 58 | CryptoBoxRootActions /usr/bin/CryptoBoxRootActions cryptobox |
| | 59 | The script /usr/bin/CryptoBoxRootActions is used to execute all actions |
| | 60 | requiring root privileges. Please check it to make sure, that your system will |
| | 61 | not get compromised. |
| | 62 | |
| | 63 | |
| | 64 | 3) Setup |
| | 65 | |
| | 66 | a) Start at bootup |
| | 67 | Set NO_START in /etc/default/cryptobox-server to "0". |
| | 68 | The CryptoBox webserver will get started by its runlevel control script |
| | 69 | after during booting. |
| | 70 | |
| | 71 | b) Define managed devices |
| | 72 | You may restrict which blockdevices should be accessible to the CryptoBox. |
| | 73 | Simply set [Main]->AllowedDevices in /etc/cryptobox-server/cryptobox.conf |
| | 74 | to a comma separated list of device prefixes: e.g. /dev/sd gives access to |
| | 75 | all SCSI devices, while /dev/hda3 restricts it to this single partition. |
| | 76 | The user executing the webserver (by default: 'cryptobox') must have write |
| | 77 | access to these devices. Usually the cryptobox user is member of the 'disk' |
| | 78 | group. This gives control over most devices. |
| | 79 | Be careful with this setting, as you may expose important data to public |
| | 80 | read and write access. |
| | 81 | |
| | 82 | c) Listening port and interface |
| | 83 | By default, the CryptoBox webserver listens to tcp port 8080 on all network |
| | 84 | interfaces. You can change this setting in /etc/default/cryptobox-server. |
| | 85 | Also take a look at your firewall settings. |
| | 86 | |
| | 87 | d) Disable plugins |
| | 88 | The CryptoBox contains a lot of plugins. As some of them could expose |
| | 89 | unwanted features to your users, you should carefully select which plugins |
| | 90 | to disable. |
| | 91 | Quite likely candidates for disabling are: |
| | 92 | - shutdown: poweroff or reboot the computer |
| | 93 | - network: change IP, gateway or dns settings of the server |
| | 94 | - partition: partition blockdevices |
| | 95 | - volume_format_fs: format a disk/partition (plaintext/encrypted) |
| | 96 | Take a look at /usr/share/cryptobox-server/plugins for the list of |
| | 97 | other plugins. |
| | 98 | The setting [Main]->DisabledPlugins in /etc/cryptobox-server/cryptobox.conf |
| | 99 | is a comma separated list of plugin names. Capitalization is important! |
| | 100 | |
| | 101 | e) Separate configuration partition |
| | 102 | The CryptoBox webserver requires a writeable directory for proper |
| | 103 | operation. If your root filesystem is not writeable (e.g. booting from a |
| | 104 | cdrom, read-only mounted flash memory, ...) you may use a seperated |
| | 105 | partition to store runtime settings. The CryptoBox will automatically |
| | 106 | creates it, when you use partition one of your disks with its interface. |
| | 107 | The setting [Main]->UseConfigPartition (see |
| | 108 | /etc/cryptobox-server/cryptobox.conf) defines, whether you want to use a |
| | 109 | separate partition (value "1") or if you want to store your runtime |
| | 110 | settings in the root filesystem (typically below |
| | 111 | /var/cache/cryptobox-server). |
| | 112 | |
| | 113 | f) Samba/WebDAV/NFS/??? integration (aka. event script handling) |
| | 114 | The CryptoBox allows you to add event handling scripts for most of the |
| | 115 | interesting events: bootup/shutdown of the webserver and mount/umount |
| | 116 | of single volumes. |
| | 117 | If you want to automatically publish your mounted volumes with samba |
| | 118 | or similar fileservers, then you should take a closer look at the |
| | 119 | example scripts for samba and apache-webdav in |
| | 120 | /usr/share/doc/cryptobox-server/event-scripts. |
| | 121 | You may also just publish the mount directory of the CryptoBox. This |
| | 122 | will expose all mounted volumes very easily. Review the configuration |
| | 123 | file for the setting [Locations]->MountParentDir. |
| | 124 | |
| | 125 | g) Take a close look at the configuration file to check all other options |
| | 126 | before you start the CryptoBox webserver. |
| | 127 | |
| | 128 | |
| | 129 | 4) Usage |
| | 130 | Use your favourite web browser to go to http://localhost:8080 and browse the |
| | 131 | webinterface of the CryptoBox. |
| | 132 | Some parts of the interface are restricted to administrative access. The |
| | 133 | default access combination is the user 'admin' and the password 'admin'. Please |
| | 134 | change this setting immediately. |
| | 135 | The plugin 'user_manager' allows you to add users and to change passwords. |
| | 136 | The plugin 'plugin_manager' lets you configure, which plugins require |
| | 137 | administrative authentication. |
| | 138 | |
| | 139 | The user manual (available via the 'help' plugin) should give you exhaustive |
| | 140 | usage information. |
| | 141 | The current version of the online manual is available at: |
| | 142 | https://systemausfall.org/trac/cryptobox/wiki/CryptoBoxUser |
| | 143 | |
| | 144 | |
| | 145 | 5) Development |
| | 146 | bug reports: please use our issue tracker |
| | 147 | https://systemausfall.org/trac/cryptobox/newticket |
| | 148 | |
| | 149 | email: |
| | 150 | cryptobox@systemausfall.org |
| | 151 | |
| | 152 | The CryptoBox project is mainly driven by sense.lab (http://senselab.org). |
| | 153 | |
| | 154 | |
| | 155 | 6) Acknowledgements |
| | 156 | Besides the core development team, these people helped a lot: |
| | 157 | Clavdia Horvat, Tadej Brce & Dušan Rebolj - slovenian translation |
| | 158 | rike - french translation |
| | 159 | |
| | 160 | We also want to thank the numerous developers of the Free Software, the |
| | 161 | CryptoBox depends on and that was used in development. |
| | 162 | |
| | 163 | |
| | 164 | 7) Licence |
