free
/
freedombone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update documentation for the new user menu

This commit is contained in:
Bob Mottram 2016-04-06 19:00:27 +01:00
parent 23ccaa6cd7
commit 3e75f58d70
13 changed files with 124 additions and 173 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
README.md
View File

@ -182,18 +182,16 @@ After installing for the first time it's a good idea to create some keydrives. T
This is the traditional security model in which you carry your full keyring on an encrypted USB drive. To make a master keydrive first format a USB drive as a LUKS encrypted drive. In Ubuntu this can be done from the *Disk Utility* application. Then plug it into the Freedombone system, then from your local machine run:
ssh myusername@mydomainname -p 2222
sudo control
Select *Backup and Restore* then *Backup GPG key to USB (master keydrive)*.
Select *Administrator controls* then *Backup and Restore* then *Backup GPG key to USB (master keydrive)*.
**Fragment keydrives**
This breaks your GPG key into a number of fragments and randomly selects one to add to the USB drive. First format a USB drive as a LUKS encrypted drive. In Ubuntu this can be done from the *Disk Utility* application. Plug it into the Freedombone system then from your local machine run the following commands:
ssh myusername@mydomainname -p 2222
sudo control
Select *Backup and Restore* then *Backup GPG key to USB (fragment keydrive)*.
Select *Administrator controls* then *Backup and Restore* then *Backup GPG key to USB (fragment keydrive)*.
Fragments are randomly assigned and so you will need at least three or four keydrives to have enough fragments to reconstruct your original key in a worst case scenario. You can store fragments for different Freedombone systems on the same encrypted USB drive, so you can help to ensure that your friends can also recover their systems. This might be called *"the web of backups"* or *"the web of encryption"*. Since you can only write a single key fragment from your Freedombone system to a given USB drive each friend doesn't have enough information to decrypt your backups or steal your identity, even if they turn evil. This is based on the assumption that it may be difficult to get three or more friends to conspire against you all at once.
@ -206,6 +204,5 @@ Administering the system
To administer the system after installation log in via ssh, become the root user and then launch the control panel.
ssh fbone@freedombone.local -p 2222
sudo control
From there you will be able to perform various tasks, such as backups, adding and removing users and so on. You can also do this via commands, which are typically installed as /usr/local/bin/freedombone* and the corresponding manpages.
Select *Administrator controls* and from there you will be able to perform various tasks, such as backups, adding and removing users and so on. You can also do this via commands, which are typically installed as /usr/local/bin/freedombone* and the corresponding manpages.

18
doc/EN/backups.org
View File

@ -30,10 +30,9 @@ As part of the Freedombone installation the GPG key used to encrypt backups will
#+BEGIN_SRC bash
ssh username@domainname -p 2222
sudo control
#+END_SRC
Select /Backup and Restore/ then /Backup GPG key to USB drive (master keydrive)/.
Select /Administrator controls/ then /Backup and Restore/ then /Backup GPG key to USB drive (master keydrive)/.
Keep this USB drive in some safe place, since it will enable you to restore from previous backups.
@ -47,10 +46,9 @@ Log into the system and become the root user, then run the /backup/ command.
#+BEGIN_SRC bash
ssh username@domainname -p 2222
sudo control
#+END_SRC
Select /Backup and Restore/ and then /Backup data to USB drive/.
Select /Administrator controls/ then /Backup and Restore/ and then /Backup data to USB drive/.
Type in the LUKS password for the USB drive, then the backup will begin.
@ -60,10 +58,9 @@ Log into the system and become the root user:
#+BEGIN_SRC bash
ssh username@domainname -p 2222
sudo control
#+END_SRC
If this is a new Freedombone installation then you will first need to restore your backup keys. That can be done by selecting /Backup and Restore/ then /Restore GPG key from USB keydrive/. When that's done remove the keydrive and plug in the backup drive.
Select /Administrator controls/ then if this is a new Freedombone installation then you will first need to restore your backup keys. That can be done by selecting /Backup and Restore/ then /Restore GPG key from USB keydrive/. When that's done remove the keydrive and plug in the backup drive.
Select /Backup and Restore/ then /Restore data from USB drive/.
@ -75,10 +72,9 @@ Firstly you will need to have a user account on one or more of your friends serv
#+BEGIN_SRC bash
ssh username@domainname -p 2222
sudo control
#+END_SRC
Select /Backup and Restore/ then /Configure remote backups/.
Select /Administrator controls/ then /Backup and Restore/ then /Configure remote backups/.
You can then enter the usernames, domains and ssh logins for one or more remote servers. The system will try to backup to these remote locations once per day.
* Restore from a friend
@ -89,10 +85,9 @@ First log in and if you don't already have one then create a new friends list:
#+BEGIN_SRC bash
ssh username@domainname -p 2222
sudo control
#+END_SRC
Select /Backup and Restore/ then /Restore GPG key from USB (master keydrive)/. Select the username then plug in your keydrive and restore the key.
Select /Administrator controls/ then /Backup and Restore/ then /Restore GPG key from USB (master keydrive)/. Select the username then plug in your keydrive and restore the key.
Now select /Configure remote backups/ and configure the locations and logins for the remote server.
@ -104,10 +99,9 @@ Log in as root:
#+BEGIN_SRC bash
ssh username@domainname -p 2222
sudo control
#+END_SRC
Select /Backup and Restore/ then /Restore from remote backup/ and enter the domain name of the remote server that you wish to restore from.
Select /Administrator controls/ then /Backup and Restore/ then /Restore from remote backup/ and enter the domain name of the remote server that you wish to restore from.
#+BEGIN_EXPORT html
<center>

5
doc/EN/controlpanel.org
View File

@ -29,13 +29,14 @@
| [[User management menu]] |
* Main menu
You can access the main menu by logging into the system, then running the *control* command with root privileges.
You can access the main menu by logging into the system.
#+BEGIN_SRC bash
ssh myusername@mydomain -p 2222
sudo control
#+END_SRC
Then selecting /Administrator controls/.
It should look like this:
#+BEGIN_CENTER

27
doc/EN/faq.org
View File

@ -67,10 +67,9 @@ Yes. Freedombone can support a small number of users, for a "/friends and family
#+BEGIN_SRC bash
ssh username@mydomainname -p 2222
sudo control
#+END_SRC
Select /Manage Users/ and then /Add a user/. You will be prompted for a username and you can also optionally provide their ssh public key.
Select /Administrator controls/ then /Manage Users/ and then /Add a user/. You will be prompted for a username and you can also optionally provide their ssh public key.
Something to consider when having more than a single user on the system is the security situation. The original administrator user will have access to all of the data for other users (including their encryption keys), so if you do add extra users they need to have *complete trust* in the administrator.
@ -80,19 +79,17 @@ To remove a user:
#+BEGIN_SRC bash
ssh username@mydomainname -p 2222
sudo control
#+END_SRC
Select /Manage Users/ and then /Delete a user/. Note that this will delete all of that user's files and email.
Select /Administrator controls/ then /Manage Users/ and then /Delete a user/. Note that this will delete all of that user's files and email.
* How do I reset the tripwire?
The tripwire will be automatically reset once per week. If you want to reset it earlier then do the following:
#+BEGIN_SRC bash
ssh username@mydomain -p 2222
sudo control
#+END_SRC
Select "reset tripwire" using cursors and space bar then enter.
Select /Administrator controls/ then "reset tripwire" using cursors and space bar then enter.
* Is metadata protected?
#+BEGIN_QUOTE
"/We kill people based on metadata/"
@ -104,10 +101,9 @@ Even when using Freedombone metadata analysis by third parties is still possible
* How do I create email processing rules?
#+BEGIN_SRC bash
ssh username@domainname -p 2222
sudo control
#+END_SRC
Select /Email Filtering Rules/ then you can add rules to be applied to incoming email addresses or mailing lists. If you prefer to do things directly on the command line, without the control panel, then the following commands are available:
Select /Administrator controls/ then /Email Filtering Rules/ then you can add rules to be applied to incoming email addresses or mailing lists. If you prefer to do things directly on the command line, without the control panel, then the following commands are available:
| freedombone-addlist | Adds a mailing list |
| freedombone-rmlist | Removes a mailing list |
@ -180,10 +176,9 @@ Suppose that some new encryption vulnerability has been announced and that you n
#+BEGIN_SRC bash
ssh myusername@mydomain -p 2222
sudo control
#+END_SRC
Then select /Security Settings/. You will then be able to edit the crypto settings for all of the installed applications. *Be very careful when editing*, since any mistake could make your system less secure rather than more.
Select /Administrator controls/ then select /Security Settings/. You will then be able to edit the crypto settings for all of the installed applications. *Be very careful when editing*, since any mistake could make your system less secure rather than more.
* How do I get a domain name?
Suppose that you have bought a domain name (rather than using a free subdomain on freedns) and you want to use that instead.
@ -229,10 +224,9 @@ If you did the full install or selected the social variant then the system will
#+BEGIN_SRC bash
ssh username@mydomainname -p 2222
sudo control
#+END_SRC
Select *Security settings* then *Create a new Let's Encrypt certificate*.
Select /Administrator controls/ then *Security settings* then *Create a new Let's Encrypt certificate*.
One thing to be aware of is that Let's Encrypt doesn't support many dynamic DNS subdomains, such as those from freeDNS, so to run Hubzilla and GNU Social you will need to have your own official domains for those. There are many sites from which you can buy cheap domain names, and while this isn't ideal in terms of making you dependent upon another company it's the only option currently.
* How do I renew a Let's Encrypt certificate?
@ -242,19 +236,17 @@ If you need to manually renew a certificate:
#+BEGIN_SRC bash
ssh username@mydomainname -p 2222
sudo control
#+END_SRC
Select *Security settings* then *Renew Let's Encrypt certificate*.
Select /Administrator controls/ then *Security settings* then *Renew Let's Encrypt certificate*.
* I tried to renew a Let's Encrypt certificate and it failed. What should I do?
Most likely it's because Let's Encrypt doesn't support your particular domain or subdomain. Currently free subdomains tend not to work. You'll need to buy a domain name, link it to your dynamic DNS account and then do:
#+BEGIN_SRC bash
ssh username@mydomainname -p 2222
sudo control
#+END_SRC
Select *Security settings* then *Create a new Let's Encrypt certificate*.
Select /Administrator controls/ then *Security settings* then *Create a new Let's Encrypt certificate*.
* Why use self-signed certificates?
Almost everywhere on the web you will read that self-signed certificates are worthless. They bring up /scary-scary looking/ browser warnings and gurus will advise you not to use them. Self-signed certificates are quite useful though. What the scary warnings mean - and it would be good if they explained this more clearly - is that you have an encrypted connection established but there is /no certainty about who that connection is with/.
@ -274,10 +266,9 @@ Often ISPs will run their own SMTP mail server which you can use for proxying, t
#+BEGIN_SRC bash
ssh username@mydomainname -p 2222
sudo control
#+END_SRC
Select *Outgoing Email Proxy* and enter the details for your ISP SMTP server.
Select /Administrator controls/ then *Outgoing Email Proxy* and enter the details for your ISP SMTP server.
This may work, at least when using Mutt, and admittedly if it does then it's a compromise in which you are using some infrastructure which is not controlled by the community - with all of the usual hazards which go along with that.

9
doc/EN/installation.org
View File

@ -205,19 +205,17 @@ This is the traditional security model in which you carry your full keyring on a
#+BEGIN_SRC bash
ssh myusername@mydomainname -p 2222
sudo control
#+END_SRC
Select /Backup and Restore/ then /Backup GPG key to USB (master keydrive)/.
Select /Administrator controls/ then /Backup and Restore/ then /Backup GPG key to USB (master keydrive)/.
** Fragment keydrives
This breaks your GPG key into a number of fragments and randomly selects one to add to the USB drive. First format a USB drive as a LUKS encrypted drive. In Ubuntu this [[https://help.ubuntu.com/community/EncryptedFilesystemsOnRemovableStorage][can be done from the /Disk Utility/ application]]. Plug it into the Freedombone system then from your local machine run the following commands:
#+BEGIN_SRC bash
ssh myusername@mydomainname -p 2222
sudo control
#+END_SRC
Select /Backup and Restore/ then /Backup GPG key to USB (fragment keydrive)/.
Select /Administrator controls/ then /Backup and Restore/ then /Backup GPG key to USB (fragment keydrive)/.
Fragments are randomly assigned and so you will need at least three or four keydrives to have enough fragments to reconstruct your original key in a worst case scenario. You can store fragments for different Freedombone systems on the same encrypted USB drive, so you can help to ensure that your friends can also recover their systems. This might be called "/the web of backups/" or "/the web of encryption/". Since you can only write a single key fragment from your Freedombone system to a given USB drive each friend doesn't have enough information to decrypt your backups or steal your identity, even if they turn evil. This is based on the assumption that it may be difficult to get three or more friends to conspire against you all at once.
* On Client Machines
@ -237,10 +235,9 @@ To administer the system after installation log in via ssh, become the root user
#+BEGIN_SRC bash
ssh myusername@freedombone.local -p 2222
sudo control
#+END_SRC
From there you will be able to perform various tasks, such as backups, adding and removing users and so on. You can also do this via commands, which are typically installed as /usr/local/bin/freedombone* and the corresponding manpages.
Select /Administrator controls/ then from there you will be able to perform various tasks, such as backups, adding and removing users and so on. You can also do this via commands, which are typically installed as /usr/local/bin/freedombone* and the corresponding manpages.
#+BEGIN_EXPORT html
<center>

12
doc/EN/usage.org
View File

@ -59,10 +59,9 @@ Log into your system and open the control panel.
#+BEGIN_SRC bash
ssh username@domain -p 2222
sudo control
#+END_SRC
Select /Manage Users/ then /Change user ssh public key/. Copy and paste the public key here, then exit.
Select /Administrator controls/ then /Manage Users/ then /Change user ssh public key/. Copy and paste the public key here, then exit.
It's a good idea to also copy the contents of *~/.ssh/id_rsa* and *~/.ssh/id_rsa.pub* to you password manager, together with the private key password if you created one.
@ -75,10 +74,9 @@ You can also access your system via the Tor system using an onion address. To fi
#+BEGIN_SRC bash
ssh username@freedombone.local -p 2222
sudo control
#+END_SRC
Then select "About this system" and look for the onion address for ssh. You can then close the terminal and open another, then do the following:
Select /Administrator controls/ then select "About this system" and look for the onion address for ssh. You can then close the terminal and open another, then do the following:
#+BEGIN_SRC bash
sudo apt-get install tor connect-proxy
@ -197,10 +195,9 @@ By default the IRC server is set up to require a password for users to log in. T
#+BEGIN_SRC bash
ssh myusername@mydomain -p 2222
sudo control
#+END_SRC
Select the *IRC Menu* and then change the password. An empty password will allow anyone to log in, so you can have a globally accessible IRC system if you wish, although you might want to carefully consider whether that's wise.
Select /Administrator controls/ then *IRC Menu* and then change the password. An empty password will allow anyone to log in, so you can have a globally accessible IRC system if you wish, although you might want to carefully consider whether that's wise.
** XMPP/Jabber
*** Using with Profanity
@ -368,10 +365,9 @@ See the control panel for the RSS reader onion address.
#+BEGIN_SRC bash
ssh username@domainname -p 2222
sudo control
#+END_SRC
Then select the *About* screen.
Select /Administrator controls/ then select the *About* screen.
The RSS reader is accessible only via an onion address. This provides a reasonable degree of reading privacy, making it difficult for passive adversaries such as governments, corporations or criminals to create lists of sites which you are subscribed to.

9
doc/EN/usage_email.org
View File

@ -430,28 +430,25 @@ To subscribe to a mailing list log in as your user (i.e. not the root user).
#+BEGIN_SRC bash
ssh username@domainname -p 2222
sudo control
#+END_SRC
Select *Email filtering rules* then *Add a user to a mailing list*. If you want to do it purely from the commandline then see the manpage for *freedombone-addlist*.
Select /Administrator controls/ then *Email filtering rules* then *Add a user to a mailing list*. If you want to do it purely from the commandline then see the manpage for *freedombone-addlist*.
* Adding email addresses to a group/folder
Similar to adding mailing list folders you can also add specified email addresses into a group/folder.
#+BEGIN_SRC bash
ssh username@domainname -p 2222
sudo control
#+END_SRC
Select *Email filtering rules* then *Add email rule*. To do the same from the commandline see the manpage for *freedombone-addemail*.
Select /Administrator controls/ then *Email filtering rules* then *Add email rule*. To do the same from the commandline see the manpage for *freedombone-addemail*.
* Ignoring incoming emails
It is possible to ignore incoming emails if they are from a particular email address or if the subject line contains particular text.
#+BEGIN_SRC bash
ssh username@domainname -p 2222
sudo control
#+END_SRC
Select *Email filtering rules* then *Block/Unblock and email address* or *Block/Unblock email with subject line*. Also see the manpage for *freedombone-ignore*.
Select /Administrator controls/ then *Email filtering rules* then *Block/Unblock and email address* or *Block/Unblock email with subject line*. Also see the manpage for *freedombone-ignore*.
* Your own mailing list
If you want to set up a public mailing list then when installing the system remember to set the *PUBLIC_MAILING_LIST* variable within *freedombone.cfg* to the name of your list. The name should have no spaces in it. Public mailing lists are unencrypted so anyone will be able to read the contents, including non subscribers.

20
website/EN/backups.html
View File

@ -3,7 +3,7 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2016-02-27 Sat 22:05 -->
<!-- 2016-04-06 Wed 18:52 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title></title>
@ -203,12 +203,11 @@ As part of the Freedombone installation the GPG key used to encrypt backups will
<div class="org-src-container">
<pre class="src src-bash">ssh username@domainname -p 2222
sudo control
</pre>
</div>
<p>
Select <i>Backup and Restore</i> then <i>Backup GPG key to USB drive (master keydrive)</i>.
Select <i>Administrator controls</i> then <i>Backup and Restore</i> then <i>Backup GPG key to USB drive (master keydrive)</i>.
</p>
<p>
@ -238,12 +237,11 @@ Log into the system and become the root user, then run the <i>backup</i> command
<div class="org-src-container">
<pre class="src src-bash">ssh username@domainname -p 2222
sudo control
</pre>
</div>
<p>
Select <i>Backup and Restore</i> and then <i>Backup data to USB drive</i>.
Select <i>Administrator controls</i> then <i>Backup and Restore</i> and then <i>Backup data to USB drive</i>.
</p>
<p>
@ -265,12 +263,11 @@ Log into the system and become the root user:
<div class="org-src-container">
<pre class="src src-bash">ssh username@domainname -p 2222
sudo control
</pre>
</div>
<p>
If this is a new Freedombone installation then you will first need to restore your backup keys. That can be done by selecting <i>Backup and Restore</i> then <i>Restore GPG key from USB keydrive</i>. When that's done remove the keydrive and plug in the backup drive.
Select <i>Administrator controls</i> then if this is a new Freedombone installation then you will first need to restore your backup keys. That can be done by selecting <i>Backup and Restore</i> then <i>Restore GPG key from USB keydrive</i>. When that's done remove the keydrive and plug in the backup drive.
</p>
<p>
@ -296,12 +293,11 @@ Firstly you will need to have a user account on one or more of your friends serv
<div class="org-src-container">
<pre class="src src-bash">ssh username@domainname -p 2222
sudo control
</pre>
</div>
<p>
Select <i>Backup and Restore</i> then <i>Configure remote backups</i>.
Select <i>Administrator controls</i> then <i>Backup and Restore</i> then <i>Configure remote backups</i>.
</p>
<p>
@ -326,12 +322,11 @@ First log in and if you don't already have one then create a new friends list:
<div class="org-src-container">
<pre class="src src-bash">ssh username@domainname -p 2222
sudo control
</pre>
</div>
<p>
Select <i>Backup and Restore</i> then <i>Restore GPG key from USB (master keydrive)</i>. Select the username then plug in your keydrive and restore the key.
Select <i>Administrator controls</i> then <i>Backup and Restore</i> then <i>Restore GPG key from USB (master keydrive)</i>. Select the username then plug in your keydrive and restore the key.
</p>
<p>
@ -357,12 +352,11 @@ Log in as root:
<div class="org-src-container">
<pre class="src src-bash">ssh username@domainname -p 2222
sudo control
</pre>
</div>
<p>
Select <i>Backup and Restore</i> then <i>Restore from remote backup</i> and enter the domain name of the remote server that you wish to restore from.
Select <i>Administrator controls</i> then <i>Backup and Restore</i> then <i>Restore from remote backup</i> and enter the domain name of the remote server that you wish to restore from.
</p>
<center>

9
website/EN/controlpanel.html
View File

@ -3,7 +3,7 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2016-02-27 Sat 23:18 -->
<!-- 2016-04-06 Wed 18:54 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title></title>
@ -219,16 +219,19 @@ for the JavaScript code in this tag.
<h2 id="orgheadline1">Main menu</h2>
<div class="outline-text-2" id="text-orgheadline1">
<p>
You can access the main menu by logging into the system, then running the <b>control</b> command with root privileges.
You can access the main menu by logging into the system.
</p>
<div class="org-src-container">
<pre class="src src-bash">ssh myusername@mydomain -p 2222
sudo control
</pre>
</div>
<p>
Then selecting <i>Administrator controls</i>.
</p>
<p>
It should look like this:
</p>

29
website/EN/faq.html
View File

@ -3,7 +3,7 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2016-03-23 Wed 21:10 -->
<!-- 2016-04-06 Wed 18:58 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title></title>
@ -327,12 +327,11 @@ Yes. Freedombone can support a small number of users, for a "<i>friends and fami
<div class="org-src-container">
<pre class="src src-bash">ssh username@mydomainname -p 2222
sudo control
</pre>
</div>
<p>
Select <i>Manage Users</i> and then <i>Add a user</i>. You will be prompted for a username and you can also optionally provide their ssh public key.
Select <i>Administrator controls</i> then <i>Manage Users</i> and then <i>Add a user</i>. You will be prompted for a username and you can also optionally provide their ssh public key.
</p>
<p>
@ -354,12 +353,11 @@ To remove a user:
<div class="org-src-container">
<pre class="src src-bash">ssh username@mydomainname -p 2222
sudo control
</pre>
</div>
<p>
Select <i>Manage Users</i> and then <i>Delete a user</i>. Note that this will delete all of that user's files and email.
Select <i>Administrator controls</i> then <i>Manage Users</i> and then <i>Delete a user</i>. Note that this will delete all of that user's files and email.
</p>
</div>
</div>
@ -373,12 +371,11 @@ The tripwire will be automatically reset once per week. If you want to reset it
<div class="org-src-container">
<pre class="src src-bash">ssh username@mydomain -p 2222
sudo control
</pre>
</div>
<p>
Select "reset tripwire" using cursors and space bar then enter.
Select <i>Administrator controls</i> then "reset tripwire" using cursors and space bar then enter.
</p>
</div>
</div>
@ -406,12 +403,11 @@ Even when using Freedombone metadata analysis by third parties is still possible
<div class="org-src-container">
<pre class="src src-bash">ssh username@domainname -p 2222
sudo control
</pre>
</div>
<p>
Select <i>Email Filtering Rules</i> then you can add rules to be applied to incoming email addresses or mailing lists. If you prefer to do things directly on the command line, without the control panel, then the following commands are available:
Select <i>Administrator controls</i> then <i>Email Filtering Rules</i> then you can add rules to be applied to incoming email addresses or mailing lists. If you prefer to do things directly on the command line, without the control panel, then the following commands are available:
</p>
<table border="2" cellspacing="0" cellpadding="6" rules="groups" frame="hsides">
@ -540,12 +536,11 @@ Suppose that some new encryption vulnerability has been announced and that you n
<div class="org-src-container">
<pre class="src src-bash">ssh myusername@mydomain -p 2222
sudo control
</pre>
</div>
<p>
Then select <i>Security Settings</i>. You will then be able to edit the crypto settings for all of the installed applications. <b>Be very careful when editing</b>, since any mistake could make your system less secure rather than more.
Select <i>Administrator controls</i> then select <i>Security Settings</i>. You will then be able to edit the crypto settings for all of the installed applications. <b>Be very careful when editing</b>, since any mistake could make your system less secure rather than more.
</p>
</div>
</div>
@ -629,12 +624,11 @@ If you did the full install or selected the social variant then the system will
<div class="org-src-container">
<pre class="src src-bash">ssh username@mydomainname -p 2222
sudo control
</pre>
</div>
<p>
Select <b>Security settings</b> then <b>Create a new Let's Encrypt certificate</b>.
Select <i>Administrator controls</i> then <b>Security settings</b> then <b>Create a new Let's Encrypt certificate</b>.
</p>
<p>
@ -656,12 +650,11 @@ If you need to manually renew a certificate:
<div class="org-src-container">
<pre class="src src-bash">ssh username@mydomainname -p 2222
sudo control
</pre>
</div>
<p>
Select <b>Security settings</b> then <b>Renew Let's Encrypt certificate</b>.
Select <i>Administrator controls</i> then <b>Security settings</b> then <b>Renew Let's Encrypt certificate</b>.
</p>
</div>
</div>
@ -675,12 +668,11 @@ Most likely it's because Let's Encrypt doesn't support your particular domain or
<div class="org-src-container">
<pre class="src src-bash">ssh username@mydomainname -p 2222
sudo control
</pre>
</div>
<p>
Select <b>Security settings</b> then <b>Create a new Let's Encrypt certificate</b>.
Select <i>Administrator controls</i> then <b>Security settings</b> then <b>Create a new Let's Encrypt certificate</b>.
</p>
</div>
</div>
@ -730,12 +722,11 @@ Often ISPs will run their own SMTP mail server which you can use for proxying, t
<div class="org-src-container">
<pre class="src src-bash">ssh username@mydomainname -p 2222
sudo control
</pre>
</div>
<p>
Select <b>Outgoing Email Proxy</b> and enter the details for your ISP SMTP server.
Select <i>Administrator controls</i> then <b>Outgoing Email Proxy</b> and enter the details for your ISP SMTP server.
</p>
<p>

125
website/EN/installation.html
View File

@ -3,7 +3,7 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2016-04-06 Wed 14:35 -->
<!-- 2016-04-06 Wed 18:50 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title></title>
@ -170,11 +170,11 @@ for the JavaScript code in this tag.
</colgroup>
<tbody>
<tr>
<td class="org-left"><a href="#orgcbeb5c6">Building an image for a Single Board Computer or Virtual Machine</a></td>
<td class="org-left"><a href="#orgheadline1">Building an image for a Single Board Computer or Virtual Machine</a></td>
</tr>
<tr>
<td class="org-left"><a href="#org561a41c">Checklist</a></td>
<td class="org-left"><a href="#orgheadline2">Checklist</a></td>
</tr>
<tr>
@ -182,34 +182,34 @@ for the JavaScript code in this tag.
</tr>
<tr>
<td class="org-left"><a href="#org84e979f">Installation</a></td>
<td class="org-left"><a href="#orgheadline3">Installation</a></td>
</tr>
<tr>
<td class="org-left"><a href="#org2acc932">Social Key Management - the 'Unforgettable Key'</a></td>
<td class="org-left"><a href="#orgheadline4">Social Key Management - the 'Unforgettable Key'</a></td>
</tr>
<tr>
<td class="org-left"><a href="#org7ba815b">Final Setup</a></td>
<td class="org-left"><a href="#orgheadline5">Final Setup</a></td>
</tr>
<tr>
<td class="org-left"><a href="#orgca4804f">Keydrives</a></td>
<td class="org-left"><a href="#orgheadline6">Keydrives</a></td>
</tr>
<tr>
<td class="org-left"><a href="#orgb1a9030">On Client Machines</a></td>
<td class="org-left"><a href="#orgheadline7">On Client Machines</a></td>
</tr>
<tr>
<td class="org-left"><a href="#org6fc0eae">Administering the system</a></td>
<td class="org-left"><a href="#orgheadline8">Administering the system</a></td>
</tr>
</tbody>
</table>
<div id="outline-container-orgcbeb5c6" class="outline-2">
<h2 id="orgcbeb5c6">Building an image for a Single Board Computer or Virtual Machine</h2>
<div class="outline-text-2" id="text-orgcbeb5c6">
<div id="outline-container-orgheadline1" class="outline-2">
<h2 id="orgheadline1">Building an image for a Single Board Computer or Virtual Machine</h2>
<div class="outline-text-2" id="text-orgheadline1">
<p>
You don't have to trust images downloaded from random internet locations signed with untrusted keys. You can build one from scratch yourself, and this is the recommended procedure for maximum security. For guidance on how to build images see the manpage for the <b>freedombone-image</b> command.
</p>
@ -295,9 +295,9 @@ If the image build fails with an error such as "<i>Error reading from server. Re
</div>
</div>
<div id="outline-container-org561a41c" class="outline-2">
<h2 id="org561a41c">Checklist</h2>
<div class="outline-text-2" id="text-org561a41c">
<div id="outline-container-orgheadline2" class="outline-2">
<h2 id="orgheadline2">Checklist</h2>
<div class="outline-text-2" id="text-orgheadline2">
<p>
Before installing Freedombone you will need a few things.
</p>
@ -311,17 +311,17 @@ Before installing Freedombone you will need a few things.
</ul>
</div>
</div>
<div id="outline-container-org84e979f" class="outline-2">
<h2 id="org84e979f">Installation</h2>
<div class="outline-text-2" id="text-org84e979f">
<div id="outline-container-orgheadline3" class="outline-2">
<h2 id="orgheadline3">Installation</h2>
<div class="outline-text-2" id="text-orgheadline3">
<p>
There are three install options: Laptop/Desktop/Netbook, SBC and Virtual Machine.
</p>
</div>
<div id="outline-container-org7ed0a15" class="outline-3">
<h3 id="org7ed0a15">On a Laptop, Netbook or Desktop machine</h3>
<div class="outline-text-3" id="text-org7ed0a15">
<div id="outline-container-orgheadline9" class="outline-3">
<h3 id="orgheadline9">On a Laptop, Netbook or Desktop machine</h3>
<div class="outline-text-3" id="text-orgheadline9">
<p>
If you have an existing system, such as an old laptop or netbook which you can leave running as a server, then install a new version of Debian Jessie onto it. During the Debian install you won't need the print server or the desktop environment, and unchecking those will reduce the attack surface. Once Debian enter the following commands:
</p>
@ -340,9 +340,9 @@ freedombone menuconfig
</div>
</div>
<div id="outline-container-orge190975" class="outline-3">
<h3 id="orge190975">On a single board computer (SBC)</h3>
<div class="outline-text-3" id="text-orge190975">
<div id="outline-container-orgheadline10" class="outline-3">
<h3 id="orgheadline10">On a single board computer (SBC)</h3>
<div class="outline-text-3" id="text-orgheadline10">
<p>
Currently the following boards are supported:
</p>
@ -426,9 +426,9 @@ Using the password 'freedombone'. Take a note of the new login password and then
</div>
</div>
<div id="outline-container-org8cf8e11" class="outline-3">
<h3 id="org8cf8e11">As a Virtual Machine</h3>
<div class="outline-text-3" id="text-org8cf8e11">
<div id="outline-container-orgheadline11" class="outline-3">
<h3 id="orgheadline11">As a Virtual Machine</h3>
<div class="outline-text-3" id="text-orgheadline11">
<p>
Virtualbox and Qemu are supported. You can run a 64 bit Qemu image with:
</p>
@ -450,42 +450,42 @@ The default login will be username 'fbone' and password 'freedombone'. Take a no
</div>
</div>
<div id="outline-container-org2acc932" class="outline-2">
<h2 id="org2acc932">Social Key Management - the 'Unforgettable Key'</h2>
<div class="outline-text-2" id="text-org2acc932">
<div id="outline-container-orgheadline4" class="outline-2">
<h2 id="orgheadline4">Social Key Management - the 'Unforgettable Key'</h2>
<div class="outline-text-2" id="text-orgheadline4">
<p>
During the install procedure you will be asked if you wish to import GPG keys. If you don't already possess GPG keys then just select "Ok" and they will be generated during the install. If you do already have GPG keys then there are a few possibilities
</p>
</div>
<div id="outline-container-org67b9067" class="outline-3">
<h3 id="org67b9067">You have the gnupg keyring on an encrypted USB drive</h3>
<div class="outline-text-3" id="text-org67b9067">
<div id="outline-container-orgheadline12" class="outline-3">
<h3 id="orgheadline12">You have the gnupg keyring on an encrypted USB drive</h3>
<div class="outline-text-3" id="text-orgheadline12">
<p>
If you previously made a master keydrive containing the full keyring (the .gnupg directory). This is the most straightforward case, but not as secure as splitting the key into fragments.
</p>
</div>
</div>
<div id="outline-container-org633470b" class="outline-3">
<h3 id="org633470b">You have a number of key fragments on USB drives retrieved from friends</h3>
<div class="outline-text-3" id="text-org633470b">
<div id="outline-container-orgheadline13" class="outline-3">
<h3 id="orgheadline13">You have a number of key fragments on USB drives retrieved from friends</h3>
<div class="outline-text-3" id="text-orgheadline13">
<p>
If you previously made some USB drives containing key fragments then retrieve them from your friends and plug them in one after the other. After the last drive has been read then remove it and just select "Ok". The system will then try to reconstruct the key. For this to work you will need to have previously made three or more <a href="#orgca4804f">Keydrives</a>.
If you previously made some USB drives containing key fragments then retrieve them from your friends and plug them in one after the other. After the last drive has been read then remove it and just select "Ok". The system will then try to reconstruct the key. For this to work you will need to have previously made three or more <a href="#orgheadline6">Keydrives</a>.
</p>
</div>
</div>
<div id="outline-container-org1fe74d2" class="outline-3">
<h3 id="org1fe74d2">You can specify some ssh login details for friends servers containing key fragments</h3>
<div class="outline-text-3" id="text-org1fe74d2">
<div id="outline-container-orgheadline14" class="outline-3">
<h3 id="orgheadline14">You can specify some ssh login details for friends servers containing key fragments</h3>
<div class="outline-text-3" id="text-orgheadline14">
<p>
Enter three or more sets of login details and the installer will try to retrieve key fragments and then assemble them into the full key. This only works if you previously were using remote backups and had social key management enabled.
</p>
</div>
</div>
</div>
<div id="outline-container-org7ba815b" class="outline-2">
<h2 id="org7ba815b">Final Setup</h2>
<div class="outline-text-2" id="text-org7ba815b">
<div id="outline-container-orgheadline5" class="outline-2">
<h2 id="orgheadline5">Final Setup</h2>
<div class="outline-text-2" id="text-orgheadline5">
<p>
Any manual post-installation setup instructions or passwords can be found in /home/username/README. You should remove any passwords from that file and store them within a password manager such as KeepassX.
</p>
@ -598,16 +598,16 @@ On your internet router, typically under firewall settings, open the following p
</div>
</div>
<div id="outline-container-orgca4804f" class="outline-2">
<h2 id="orgca4804f">Keydrives</h2>
<div class="outline-text-2" id="text-orgca4804f">
<div id="outline-container-orgheadline6" class="outline-2">
<h2 id="orgheadline6">Keydrives</h2>
<div class="outline-text-2" id="text-orgheadline6">
<p>
After installing for the first time it's a good idea to create some keydrives. These will store your gpg key so that if all else fails you will still be able to restore from backup. There are two ways to do this:
</p>
</div>
<div id="outline-container-orge7fc013" class="outline-3">
<h3 id="orge7fc013">Master Keydrive</h3>
<div class="outline-text-3" id="text-orge7fc013">
<div id="outline-container-orgheadline15" class="outline-3">
<h3 id="orgheadline15">Master Keydrive</h3>
<div class="outline-text-3" id="text-orgheadline15">
<p>
This is the traditional security model in which you carry your full keyring on an encrypted USB drive. To make a master keydrive first format a USB drive as a LUKS encrypted drive. In Ubuntu this can be <a href="https://help.ubuntu.com/community/EncryptedFilesystemsOnRemovableStorage">done from the <i>Disk Utility</i> application</a>. Then plug it into the Freedombone system, then from your local machine run:
</p>
@ -615,18 +615,17 @@ This is the traditional security model in which you carry your full keyring on a
<div class="org-src-container">
<pre class="src src-bash">ssh myusername@mydomainname -p 2222
sudo control
</pre>
</div>
<p>
Select <i>Backup and Restore</i> then <i>Backup GPG key to USB (master keydrive)</i>.
Select <i>Administrator controls</i> then <i>Backup and Restore</i> then <i>Backup GPG key to USB (master keydrive)</i>.
</p>
</div>
</div>
<div id="outline-container-orgf721691" class="outline-3">
<h3 id="orgf721691">Fragment keydrives</h3>
<div class="outline-text-3" id="text-orgf721691">
<div id="outline-container-orgheadline16" class="outline-3">
<h3 id="orgheadline16">Fragment keydrives</h3>
<div class="outline-text-3" id="text-orgheadline16">
<p>
This breaks your GPG key into a number of fragments and randomly selects one to add to the USB drive. First format a USB drive as a LUKS encrypted drive. In Ubuntu this <a href="https://help.ubuntu.com/community/EncryptedFilesystemsOnRemovableStorage">can be done from the <i>Disk Utility</i> application</a>. Plug it into the Freedombone system then from your local machine run the following commands:
</p>
@ -634,12 +633,11 @@ This breaks your GPG key into a number of fragments and randomly selects one to
<div class="org-src-container">
<pre class="src src-bash">ssh myusername@mydomainname -p 2222
sudo control
</pre>
</div>
<p>
Select <i>Backup and Restore</i> then <i>Backup GPG key to USB (fragment keydrive)</i>.
Select <i>Administrator controls</i> then <i>Backup and Restore</i> then <i>Backup GPG key to USB (fragment keydrive)</i>.
</p>
<p>
@ -648,9 +646,9 @@ Fragments are randomly assigned and so you will need at least three or four keyd
</div>
</div>
</div>
<div id="outline-container-orgb1a9030" class="outline-2">
<h2 id="orgb1a9030">On Client Machines</h2>
<div class="outline-text-2" id="text-orgb1a9030">
<div id="outline-container-orgheadline7" class="outline-2">
<h2 id="orgheadline7">On Client Machines</h2>
<div class="outline-text-2" id="text-orgheadline7">
<p>
You can configure laptops or desktop machines which connect to the Freedombone server in the following way. This alters encryption settings to improve overall security.
</p>
@ -668,9 +666,9 @@ freedombone-client
</div>
</div>
<div id="outline-container-org6fc0eae" class="outline-2">
<h2 id="org6fc0eae">Administering the system</h2>
<div class="outline-text-2" id="text-org6fc0eae">
<div id="outline-container-orgheadline8" class="outline-2">
<h2 id="orgheadline8">Administering the system</h2>
<div class="outline-text-2" id="text-orgheadline8">
<p>
To administer the system after installation log in via ssh, become the root user and then launch the control panel.
</p>
@ -678,12 +676,11 @@ To administer the system after installation log in via ssh, become the root user
<div class="org-src-container">
<pre class="src src-bash">ssh myusername@freedombone.local -p 2222
sudo control
</pre>
</div>
<p>
From there you will be able to perform various tasks, such as backups, adding and removing users and so on. You can also do this via commands, which are typically installed as /usr/local/bin/freedombone* and the corresponding manpages.
Select <i>Administrator controls</i> then from there you will be able to perform various tasks, such as backups, adding and removing users and so on. You can also do this via commands, which are typically installed as /usr/local/bin/freedombone* and the corresponding manpages.
</p>
<center>

14
website/EN/usage.html
View File

@ -3,7 +3,7 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2016-04-05 Tue 21:49 -->
<!-- 2016-04-06 Wed 18:59 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title></title>
@ -276,12 +276,11 @@ Log into your system and open the control panel.
<div class="org-src-container">
<pre class="src src-bash">ssh username@domain -p 2222
sudo control
</pre>
</div>
<p>
Select <i>Manage Users</i> then <i>Change user ssh public key</i>. Copy and paste the public key here, then exit.
Select <i>Administrator controls</i> then <i>Manage Users</i> then <i>Change user ssh public key</i>. Copy and paste the public key here, then exit.
</p>
<p>
@ -308,12 +307,11 @@ You can also access your system via the Tor system using an onion address. To fi
<div class="org-src-container">
<pre class="src src-bash">ssh username@freedombone.local -p 2222
sudo control
</pre>
</div>
<p>
Then select "About this system" and look for the onion address for ssh. You can then close the terminal and open another, then do the following:
Select <i>Administrator controls</i> then select "About this system" and look for the onion address for ssh. You can then close the terminal and open another, then do the following:
</p>
<div class="org-src-container">
@ -585,12 +583,11 @@ By default the IRC server is set up to require a password for users to log in. T
<div class="org-src-container">
<pre class="src src-bash">ssh myusername@mydomain -p 2222
sudo control
</pre>
</div>
<p>
Select the <b>IRC Menu</b> and then change the password. An empty password will allow anyone to log in, so you can have a globally accessible IRC system if you wish, although you might want to carefully consider whether that's wise.
Select <i>Administrator controls</i> then <b>IRC Menu</b> and then change the password. An empty password will allow anyone to log in, so you can have a globally accessible IRC system if you wish, although you might want to carefully consider whether that's wise.
</p>
</div>
</div>
@ -1018,12 +1015,11 @@ See the control panel for the RSS reader onion address.
<div class="org-src-container">
<pre class="src src-bash">ssh username@domainname -p 2222
sudo control
</pre>
</div>
<p>
Then select the <b>About</b> screen.
Select <i>Administrator controls</i> then select the <b>About</b> screen.
</p>
<p>

11
website/EN/usage_email.html
View File

@ -3,7 +3,7 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2016-02-27 Sat 22:12 -->
<!-- 2016-04-06 Wed 18:55 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title></title>
@ -948,12 +948,11 @@ To subscribe to a mailing list log in as your user (i.e. not the root user).
<div class="org-src-container">
<pre class="src src-bash">ssh username@domainname -p 2222
sudo control
</pre>
</div>
<p>
Select <b>Email filtering rules</b> then <b>Add a user to a mailing list</b>. If you want to do it purely from the commandline then see the manpage for <b>freedombone-addlist</b>.
Select <i>Administrator controls</i> then <b>Email filtering rules</b> then <b>Add a user to a mailing list</b>. If you want to do it purely from the commandline then see the manpage for <b>freedombone-addlist</b>.
</p>
</div>
</div>
@ -967,12 +966,11 @@ Similar to adding mailing list folders you can also add specified email addresse
<div class="org-src-container">
<pre class="src src-bash">ssh username@domainname -p 2222
sudo control
</pre>
</div>
<p>
Select <b>Email filtering rules</b> then <b>Add email rule</b>. To do the same from the commandline see the manpage for <b>freedombone-addemail</b>.
Select <i>Administrator controls</i> then <b>Email filtering rules</b> then <b>Add email rule</b>. To do the same from the commandline see the manpage for <b>freedombone-addemail</b>.
</p>
</div>
</div>
@ -986,12 +984,11 @@ It is possible to ignore incoming emails if they are from a particular email add
<div class="org-src-container">
<pre class="src src-bash">ssh username@domainname -p 2222
sudo control
</pre>
</div>
<p>
Select <b>Email filtering rules</b> then <b>Block/Unblock and email address</b> or <b>Block/Unblock email with subject line</b>. Also see the manpage for <b>freedombone-ignore</b>.
Select <i>Administrator controls</i> then <b>Email filtering rules</b> then <b>Block/Unblock and email address</b> or <b>Block/Unblock email with subject line</b>. Also see the manpage for <b>freedombone-ignore</b>.
</p>
</div>
</div>