free
/
freedombone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

html

This commit is contained in:
Bob Mottram 2015-11-03 19:50:15 +00:00
parent 6b0a1fc97f
commit 79f47c27a8
4 changed files with 70 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
website/EN/backups.html
View File

@ -4,7 +4,7 @@
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title></title>
<!-- 2015-09-29 Tue 13:05 -->
<!-- 2015-11-03 Tue 19:49 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="generator" content="Org-mode" />
<meta name="author" content="Bob Mottram" />
@ -187,7 +187,7 @@ for the JavaScript code in this tag.
</tr>
<tr>
<td class="org-left"><a href="#orgheadline4">Distributed backups</a></td>
<td class="org-left"><a href="#orgheadline4">Distributed/remote backups</a></td>
</tr>
<tr>
@ -208,16 +208,20 @@ As part of the Freedombone installation the GPG key used to encrypt backups will
<pre class="src src-bash">ssh username@domainname -p 2222
su
freedombone-keydrive -u [username] --master
control
</pre>
</div>
<p>
Select <i>Backup and Restore</i> then <i>Backup GPG key to USB drive (master keydrive)</i>.
</p>
<p>
Keep this USB drive in some safe place, since it will enable you to restore from previous backups.
</p>
<p>
A pro-tip for the best possible security is to create multiple USB drives containing key fragments, and then to distribute them amongst your friends. In the worst case just ask for the drives back and you'll be able to reconstruct the backup key. You can do this by ommitting the <i>&#x2013;master</i> option in the above command and then repeating the process with a number of different USB drives (typically 4 or more).
A pro-tip for the best possible security is to create multiple USB drives containing key fragments (fragment keydrive), and then to distribute them amongst your friends. In the worst case just ask for the drives back and you'll be able to reconstruct the backup key. You can do this by selecting <i>fragment keydrive</i> and then repeating the process with a number of different USB drives (typically 4 or more).
</p>
</div>
</div>
@ -240,12 +244,16 @@ Log into the system and become the root user, then run the <i>backup</i> command
<pre class="src src-bash">ssh username@domainname -p 2222
su
backup
control
</pre>
</div>
<p>
Type in the password for the USB drive, then the backup will begin.
Select <i>Backup and Restore</i> and then <i>Backup data to USB drive</i>.
</p>
<p>
Type in the LUKS password for the USB drive, then the backup will begin.
</p>
<p>
@ -264,62 +272,46 @@ Log into the system and become the root user:
<pre class="src src-bash">ssh username@domainname -p 2222
su
control
</pre>
</div>
<p>
If this is a new Freedombone installation then you will first need to restore your backup keys. That can be done as follows:
If this is a new Freedombone installation then you will first need to restore your backup keys. That can be done by selecting <i>Backup and Restore</i> then <i>Restore GPG key from USB keydrive</i>. When that's done remove the keydrive and plug in the backup drive.
</p>
<div class="org-src-container">
<pre class="src src-bash">freedombone-recoverkey -u [username]
</pre>
</div>
<p>
Or on a Beaglebone Black you can use the option:
Select <i>Backup and Restore</i> then <i>Restore data from USB drive</i>.
</p>
<div class="org-src-container">
<pre class="src src-bash">freedombone-recoverkey -u [username] --drive sda
</pre>
</div>
<p>
Remove any existing drive and insert the USB thumb drive containing your backup into the front socket of the Beaglebone Black, then run the command:
</p>
<div class="org-src-container">
<pre class="src src-bash">restore
</pre>
</div>
<p>
Enter the password for the USB drive. When the restore is complete you can remove the USB drive.
Enter the LUKS password for the USB drive. When the restore is complete you can remove the USB drive.
</p>
</div>
</div>
<div id="outline-container-orgheadline4" class="outline-2">
<h2 id="orgheadline4">Distributed backups</h2>
<h2 id="orgheadline4">Distributed/remote backups</h2>
<div class="outline-text-2" id="text-orgheadline4">
<p>
Distributed backups are a better way of ensuring the persistence of your data, such that even if your system gets stolen or destroyed then the data will still be recoverable from your friends. Since the backups are encrypted your friends (or anyone else with access to their systems) won't be able to read your backed up content even if their systems are subsequently compromised.
</p>
<p>
Firstly you will need to have a user account on one or more of your friends servers. They don't necessarily need to be using Freedombone, just some version of GNU/Linux with ssh access. They can create a user account for you with the <b>adduser &lt;username&gt;</b> command when logged in as root and then give you the username and password via a secure method, such as on paper or via an encrypted email or via an XMPP chat using OTR. Make sure that the password used is a strong one - preferably a long random string stored in a password manager - so that dictionary attacks will not be easy. Also for maximum resilience put your password manager file onto a USB thumb drive and carry it with you.
Firstly you will need to have a user account on one or more of your friends servers. They don't necessarily need to be using Freedombone, just some version of GNU/Linux with ssh access. They can create a user account for you with the control panel on a Freedombone system or with the <b>adduser &lt;username&gt;</b> command on any other system when logged in as root and then give you the username and password via a secure method, such as on paper, via an encrypted email, Tox or via an XMPP chat using OTR. Make sure that the password used is a strong one - preferably a long random string stored in a password manager - so that dictionary attacks will not be easy. Also for maximum resilience put your password manager file onto a USB thumb drive and carry it with you.
</p>
<div class="org-src-container">
<pre class="src src-bash">ssh username@domainname -p 2222
freedombone-remote
su
control
</pre>
</div>
<p>
Select <i>Backup and Restore</i> then <i>Configure remote backups</i>.
</p>
<p>
You can then enter the usernames, domains and ssh logins for one or more remote servers. The system will try to backup to these remote locations once per day.
</p>
@ -342,53 +334,22 @@ First log in and if you don't already have one then create a new friends list:
<div class="org-src-container">
<pre class="src src-bash">ssh username@domainname -p 2222
freedombone-remote
su
control
</pre>
</div>
<p>
Configure the remote server login details.
Select <i>Backup and Restore</i> then <i>Restore GPG key from USB (master keydrive)</i>. Select the username then plug in your keydrive and restore the key.
</p>
<p>
Now become the root user:
Now select <i>Configure remote backups</i> and configure the locations and logins for the remote server.
</p>
<div class="org-src-container">
<pre class="src src-bash">su
</pre>
</div>
<p>
Plug in the USB drive containing the backup key and restore it.
Finally select <i>Restore from remote backup</i> and enter the domain name of the remote server that you wish to restore from.
</p>
<div class="org-src-container">
<pre class="src src-bash">freedombone-recoverkey -u [username]
</pre>
</div>
<p>
Or on a Beablebone Black:
</p>
<div class="org-src-container">
<pre class="src src-bash">freedombone-recoverkey -u [username] -d sda
</pre>
</div>
<p>
Then use the command:
</p>
<div class="org-src-container">
<pre class="src src-bash">restorefromfriend &lt;friends server domain name&gt;
</pre>
</div>
</div>
</div>
<div id="outline-container-orgheadline7" class="outline-3">
@ -406,18 +367,13 @@ Log in as root:
<pre class="src src-bash">ssh username@domainname -p 2222
su
control
</pre>
</div>
<p>
Then use the command:
Select <i>Backup and Restore</i> then <i>Restore from remote backup</i> and enter the domain name of the remote server that you wish to restore from.
</p>
<div class="org-src-container">
<pre class="src src-bash">restorefromfriend &lt;friends server domain name&gt;
</pre>
</div>
</div>
</div>
</div>

36
website/EN/faq.html
View File

@ -4,7 +4,7 @@
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title></title>
<!-- 2015-10-28 Wed 21:50 -->
<!-- 2015-11-03 Tue 19:49 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="generator" content="Org-mode" />
<meta name="author" content="Bob Mottram" />
@ -277,7 +277,7 @@ It was originally designed to run on the Beaglebone Black, but that should be re
<h2 id="orgheadline4">Can I add more users to the system?</h2>
<div class="outline-text-2" id="text-orgheadline4">
<p>
Yes. Freedombone can support a small number of users, for a "<i>friends and family</i>" type of home installation. This gives them access to an email account, XMPP and the blog (depending on whether the variant which you installed includes those). To add a user login as root then run the command:
Yes. Freedombone can support a small number of users, for a "<i>friends and family</i>" type of home installation. This gives them access to an email account, XMPP, SIP phone and the blog (depending on whether the variant which you installed includes those). To add a user login as root then run the command:
</p>
<div class="org-src-container">
@ -286,6 +286,16 @@ Yes. Freedombone can support a small number of users, for a "<i>friends and fami
</pre>
</div>
<p>
Or optionally with an <i>ssh public key</i>, given either as a filename or directly pasted. Specifying an ssh key will allow the user to log in more securely if they wish to use the Mutt email client.
</p>
<div class="org-src-container">
<pre class="src src-bash">freedombone-adduser [username] [ssh public key]
</pre>
</div>
<p>
Something to consider when having more than a single user on the system is the security situation. The original administrator user will have access to all of the data for other users (including their encryption keys), so if you do add extra users they need to have <b>complete trust</b> in the administrator.
</p>
@ -320,7 +330,7 @@ The tripwire will be automatically reset once per week. If you want to reset it
<pre class="src src-bash">ssh username@mydomain -p 2222
su
freedombone-sec
control
</pre>
</div>
@ -333,15 +343,23 @@ Select "reset tripwire" using cursors and space bar then enter.
<h2 id="orgheadline7">Is metadata protected?</h2>
<div class="outline-text-2" id="text-orgheadline7">
<p>
Even when using Freedombone metadata analysis by third parties is still possible. They might have a much harder time knowing what the content is, but they can potentially construct extensive dossiers based upon who communicated with your server when. Metadata leakage is a general problem with most current web systems and it is hoped that more secure technology will become available in future. But for now if metadata protection is your main concern using Freedombone won't help.
Even when using Freedombone metadata analysis by third parties is still possible. They might have a much harder time knowing what the content is, but they can potentially construct extensive dossiers based upon who communicated with your server when. Metadata leakage is a general problem with most current web systems and it is hoped that more secure technology will become available in future. But for now if metadata protection is your main concern using Freedombone on its own won't help. You may be able to use Tor Messenger to protect the metadata of XMPP chat communications to some extent.
</p>
</div>
</div>
<div id="outline-container-orgheadline8" class="outline-2">
<h2 id="orgheadline8">How do I create email processing rules?</h2>
<div class="outline-text-2" id="text-orgheadline8">
<div class="org-src-container">
<pre class="src src-bash">ssh username@domainname -p 2222
su
control
</pre>
</div>
<p>
You can administer email in the traditional manner by editing folders or procmail rules, but for convenience some commands are available to make that process simpler. See the relevant manpages for more details.
Select <i>Email Filtering Rules</i> then you can add rules to be applied to incoming email addresses or mailing lists. If you prefer to do things directly on the command line, without the control panel, then the following commands are available:
</p>
<table border="2" cellspacing="0" cellpadding="6" rules="groups" frame="hsides">
@ -471,12 +489,12 @@ Suppose that some new encryption vulnerability has been announced and that you n
<pre class="src src-bash">ssh myusername@mydomain -p 2222
su
freedombone-sec
control
</pre>
</div>
<p>
You will then be able to edit the crypto settings for all of the installed applications. <b>Be very careful when editing</b>, since any mistake could make your system less secure rather than more.
Then select <i>Security Settings</i>. You will then be able to edit the crypto settings for all of the installed applications. <b>Be very careful when editing</b>, since any mistake could make your system less secure rather than more.
</p>
</div>
</div>
@ -736,7 +754,7 @@ The StartSSL certificates last for a year. You can check the expiry date of your
</p>
<p>
Before changing any certificates it's a good idea to make a backup of the existing system. Plug in a USB drive, log into the Freedombone and become the root user, then run the command <b>backup</b>. Backing up may take a while, but it ensures that if anything goes wrong and you mess up the certificates then there is a way to restore the previous ones.
Before changing any certificates it's a good idea to make a backup of the existing system. Use <i>Backup and Restore</i> from the control panel to make a backup of the system to a USB drive. Backing up may take a while, but it ensures that if anything goes wrong and you mess up the certificates then there is a way to restore the previous ones.
</p>
<p>
@ -759,7 +777,7 @@ Log in to the Freedombone, become the root user, then issue the renew command:
<pre class="src src-bash">ssh username@mydomainname -p 2222
su
freedombone-renew-cert -h mydomainname
freedombone-renew-cert -h mydomainname -p startssl
</pre>
</div>

16
website/EN/installation.html
View File

@ -4,7 +4,7 @@
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title></title>
<!-- 2015-11-01 Sun 23:01 -->
<!-- 2015-11-03 Tue 19:49 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="generator" content="Org-mode" />
<meta name="author" content="Bob Mottram" />
@ -595,14 +595,12 @@ This is the traditional security model in which you carry your full keyring on a
<pre class="src src-bash">ssh myusername@mydomainname -p 2222
su
freedombone-keydrive -u myusername -d sdb --master yes
<span class="org-keyword">exit</span>
<span class="org-keyword">exit</span>
control
</pre>
</div>
<p>
If you are on a Beaglebone Black then use <i>sda</i> rather than <i>sdb</i> for the drive parameter.
Select <i>Backup and Restore</i> then <i>Backup GPG key to USB (master keydrive)</i>.
</p>
</div>
</div>
@ -617,12 +615,14 @@ This breaks your GPG key into a number of fragments and randomly selects one to
<pre class="src src-bash">ssh myusername@mydomainname -p 2222
su
freedombone-keydrive -u myusername -d sdb
<span class="org-keyword">exit</span>
<span class="org-keyword">exit</span>
control
</pre>
</div>
<p>
Select <i>Backup and Restore</i> then <i>Backup GPG key to USB (fragment keydrive)</i>.
</p>
<p>
Fragments are randomly assigned and so you will need at least three or four keydrives to have enough fragments to reconstruct your original key in a worst case scenario. You can store fragments for different Freedombone systems on the same encrypted USB drive, so you can help to ensure that your friends can also recover their systems. This might be called "<i>the web of backups</i>" or "<i>the web of encryption</i>". Since you can only write a single key fragment from your Freedombone system to a given USB drive each friend doesn't have enough information to decrypt your backups or steal your identity, even if they turn evil. This is based on the assumption that it may be difficult to get three or more friends to conspire against you all at once.
</p>

4
website/EN/variants.html
View File

@ -4,7 +4,7 @@
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title></title>
<!-- 2015-09-08 Tue 19:53 -->
<!-- 2015-11-03 Tue 19:49 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="generator" content="Org-mode" />
<meta name="author" content="Bob Mottram" />
@ -215,7 +215,7 @@ Freedombone may be installed either in its entirety or as different variants wit
<tr>
<td class="org-left"><b>Chat</b></td>
<td class="org-left">Encrypted IRC and XMPP services for one-to-one and many-to-many chat</td>
<td class="org-left">Encrypted IRC, XMPP, Tox and VoIP services for one-to-one and many-to-many chat</td>
</tr>
<tr>