Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update cjdns/uci.lua with regards to security config #45

Open
ghost opened this issue Apr 27, 2015 · 4 comments
Open

Update cjdns/uci.lua with regards to security config #45

ghost opened this issue Apr 27, 2015 · 4 comments
Labels
bug
Milestone
shipping

Comments

@ghost
Copy link

ghost commented Apr 27, 2015

No description provided.

@ghost ghost added the bug label Apr 27, 2015
@ghost ghost modified the milestone: shipping Apr 27, 2015
@wfleurant
Copy link
Member

master is at:

commit 0bf4e4b9cd364c4b806e1e382c111ec3cce3d640
Author: Lars Gierth <[email protected]>
Date:   Thu Apr 23 04:29:13 2015 +0200

    cnacl: add mips64 plan

Config with in-list provided examples (auth pass, mac addrs, logging, ...)
see array security:

{
  "noBackground" : 0,
  "logging" : {
    "logTo" : "stdout"
  },
  "security" : [
    {
      "keepNetAdmin" : 1,
      "setuser" : "nobody"
    },
    {
      "chroot" : "/var/run/"
    },
    {
      "nofiles" : 0
    },
    {
      "noforks" : 1
    },
    {
      "seccomp" : 1
    },
    {
      "setupComplete" : 1
    }
  ],
  "router" : {
    "ipTunnel" : {
      "outgoingConnections" : [
        "6743gf5tw80ExampleExampleExampleExamplevlyb23zfnuzv0.k",
        "pw9tfmr8pcrExampleExampleExampleExample8rhg1pgwpwf80.k",
        "g91lxyxhq0kExampleExampleExampleExample6t0mknuhw75l0.k"
      ],
      "allowedConnections" : [
        {
          "ip6Prefix" : 0,
          "ip6Address" : "2001:123:ab::10",
          "ip4Prefix" : 24,
          "ip4Address" : "192.168.1.24",
          "publicKey" : "f64hfl7c4uxt6krmhPutTheRealAddressOfANodeHere7kfm5m0.k"
        },
        {
          "ip4Prefix" : 24,
          "ip4Address" : "192.168.1.25",
          "publicKey" : "ydq8csdk8p8ThisIsJustAnExampleAddresstxuyqdf27hvn2z0.k"
        }
      ]
    },
    "interface" : {
      "tunDevice" : "tun0",
      "type" : "TUNInterface"
    }
  },
  "interfaces" : {
    "ETHInterface" : [
      {
        "connectTo" : {
          "01:02:03:04:05:06" : {
            "publicKey" : "b",
            "password" : "a"
          }
        },
        "beacon" : 2,
        "bind" : "all"
      }
    ],
    "UDPInterface" : [
      {
        "connectTo" : {

        },
        "bind" : "0.0.0.0:31938"
      },
      {
        "connectTo" : {

        },
        "bind" : "[::]:31938"
      }
    ]
  },
  "admin" : {
    "password" : "sq8nhmxuqnc0j52gkgsw0816f6rhfmq",
    "bind" : "127.0.0.1:11234"
  },
  "authorizedPasswords" : [
    {
      "password" : "0kkqq8h71mpf4r7vh1pf00zbd3g2dck"
    },
    {
      "password" : "bllbz1up9f6y32g3r92xz6qj07n17fw"
    },
    {
      "password" : "5yq18jm0x3c6m0j458v3hdtd24s7j6k"
    },
    {
      "password" : "z89nr97fxxqrpmj4bzs4hrul043gdbg"
    }
  ],
  "ipv6" : "fc39:f3bd:36a0:1df6:983b:65fd:90b3:9c9f",
  "publicKey" : "w5h5z12h2w8mr8jxyqpj8sgluqfz7urw72sbmkpn9tspfq45p7r0.k",
  "privateKey" : "7e4f56834529b0bbb92ab699506eb252ac6368e6361d3ab9f14864b7172dd337"
}

@wfleurant
Copy link
Member

Whereabouts the 7 keys end up? Add mostly checkbox to settings? Keeping it simple vs. creating new page. wdyt?

@ghost
Copy link
Author

ghost commented May 2, 2015

What did you paste there, lol? :)

Do you think that UI for these security settings is neccessary? I thought we could just add them to the output of cjdrouteconf get and be done with it.

@wfleurant
Copy link
Member

no, no need for UI. We can add to what we have "setuser" and "exemptAngel".. I'll take'a peek at it tomorrow yea?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
shipping
Development

No branches or pull requests
1 participant
@wfleurant