Is there actually anything to consider when I have MysticBBS mounted on a remote storage NAS (NFS or iSCSI) on my Linux? Regarding semaphore integration or customizations that this works without problems?
Hello everybody!
Is there actually anything to consider when I have MysticBBS mounted on a remote storage NAS (NFS or iSCSI) on my Linux? Regarding semaphore integration or customizations that this works without problems?
This is just ME, as Mystic is safe - but I wouldn't wanna run any
service that has users connecting to it from such a secure machine. If some user did get in, a NAS seems like the last thing I'd want them to have any access to. Sure, I know a smart sysOp can protect - but I'd
much rather have my bbS on a Raspberry Pi, old computer that only runs
it - or something less important. :P
This is just ME, as Mystic is safe - but I wouldn't wanna run any
service that has users connecting to it from such a secure machine. If some user did get in, a NAS seems like the last thing I'd want them to have any access to. Sure, I know a smart sysOp can protect - but I'd
much rather have my bbS on a Raspberry Pi, old computer that only runs
it - or something less important. :P
This is just ME, as Mystic is safe - but I wouldn't wanna run any service that has users connecting to it from such a secure machine. I some user did get in, a NAS seems like the last thing I'd want them t have any access to. Sure, I know a smart sysOp can protect - but I'd much rather have my bbS on a Raspberry Pi, old computer that only run it - or something less important. :P
I agree with Paulie here, that is why I run all of my BBS' in seperate VM's All on their own separate VLan which can not access my main Lan but my main Lan can access the VLan. If you want to put it on a NAS, I
suggest using a VM to do so, I know Synology offers Virtual Machine support, or Docker. This way you can access your BBS' via your NAS but
the BBS will not be accessing your NAS, I used to store my Message
Bases, and File Bases on my NAS I still have my File bases on it. Only thing is i Idon't give it anything else but a shared directory..
Ahh, thats a decent idea if they really wanna use that NAS machine.
Throw it in a docker and lock it up... or a VM as you said. Good ideas..
Thanks bud.. My son who is a security minded guy has been complaining to me that I have these ports open to the public, when I said they are BBS' his answer was yea so?!? So when I got my Ubiquiti Dream Router I
decided to do things right and create a separate VLAN for all of my
BBS'.. He has been pushing me more and more towards learning Docker (I know it is easy to understand) to just containerize everything and keep
it as you say locked away, but my set up is I have a computer which runs all of the VM's in Proxmox, then backs up to an Xpenology NAS,which is also on the same VLAN as the BBS machine. Everything is away from my
main lan.. Ohwell..
Docker isn't a panacea for security, just keep in mind that if your user is part of the 'docker' group, it's possible to break out of the docker container and do things as root.
I see and hear many people think "docker" = "not secure" - primarily because of the lack of understanding of this docker group.
Like anything deployed on a publically network connected system, you should understand the security around what you are deploying before trusting it implicitly.
That said, I've been primarily using docker for many years now, on many systems, and I've never been compromised. In fact, I think the last time
I was compromised (probably 10+ years ago now) I concluded that they got in via a vulnerability in SSH (that machine only had ssh and nginx on
it).
Docker isn't a panacea for security, just keep in mind that if your user is part of the 'docker' group, it's possible to break out of the docker container and do things as root.
In other words, make sure it's configured in a secure manner, don't just assume it's safe :)
Thanks bud.. My son who is a security minded guy has been complaining to me that I have these ports open to the public, when I said they are BBS' his answer was yea so?!? So when I got my Ubiquiti Dream Router I
decided to do things right and create a separate VLAN for all of my
BBS'.. He has been pushing me more and more towards learning Docker (I know it is easy to understand) to just containerize everything and keep
it as you say locked away, but my set up is I have a computer which runs all of the VM's in Proxmox, then backs up to an Xpenology NAS,which is also on the same VLAN as the BBS machine. Everything is away from my
main lan.. Ohwell..
Hello everybody!
Is there actually anything to consider when I have MysticBBS mounted on remote storage NAS (NFS or iSCSI) on my Linux? Regarding semaphore integration or customizations that this works without problems?
This is just ME, as Mystic is safe - but I wouldn't wanna run any service th has users connecting to it from such a secure machine. If some user did get a NAS seems like the last thing I'd want them to have any access to. Sure, I know a smart sysOp can protect - but I'd much rather have my bbS on a Raspbe Pi, old computer that only runs it - or something less important. :P
|07p|15AULIE|1142|07o
|08.........
Yeah, I run Mystic on a Pi4, as well as hosting a website for the bbs.. That's all it does.
And for some reason, i can't configure ssh, or can't get it as a login to Mystic, despite everyting as far as I know is loaded correctly.
---
Yeah, I run Mystic on a Pi4, as well as hosting a website for the bbs.. That's all it does.
And for some reason, i can't configure ssh, or can't get it as a login to Mystic, despite everyting as far as I know is loaded correctly.
sudo apt-get update
sudo apt-get install build-essential
sudo apt-get install gcc-9 g++-9
sudo apt-get install zip unzip
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-9 9
sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-9 9
wget http://www.mysticbbs.com/downloads/cl345.zip
mkdir cl345
cd cl345
unzip -ax ../cl345.zip
sudo make shared
sudo mv libcl.so.3.4.5 /usr/lib/libcl.so
sudo rm /mystic/data/ssl.cert
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-11 11 sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-11 11 reboot the system
Follow these instructions and cryptlib 3.4.5 will work perfect...
Ok here is the fix from Alysha..
I'm not sure I would recommend this fix - there are ways to fix the cryptlib package itself without changing your entire build system.
I'm getting errors regarding my instruction type x86-64. Does this not support 64bit?
I'm not sure I would recommend this fix - there are ways to fix the cryptlib package itself without changing your entire build system.
I'll see if I can get access to the wiki and update with instructions for fixing the cryptlib source so that it compiles.
I'm getting errors regarding my instruction type x86-64. Does this no support 64bit?
I'll see if I can get access to the wiki and update with instructions for fixing the cryptlib source so that it compiles.
On 12 Nov 2022, Capt Kirk said the following...
Yeah, I run Mystic on a Pi4, as well as hosting a website for the bbs.. That's all it does.
And for some reason, i can't configure ssh, or can't get it as a login Mystic, despite everyting as far as I know is loaded correctly.
---
Make sure you have the correct cryptlib installed, When I moved my BBS from Windows to Linux I lost SSH connections, AND lost email sending for password resets and access upgrades. I found a post on the Fido Mystic Echo where Aly (can't remember her last name) came up with a fix to assembling it. I will l for it and post it here. 3.x.6 does not work and 3.x.4 does not work either. must be the 3.x.5 I can't remember the version number thus the x in the numbers. I will post what I find here so fsxNet folk can use the fix..
This fix will give you SSH and fix the gmail send mail routines..
... Electricity is really just organized lightning.
Ok here is the fix from Alysha.. ---------------------------------------------------------------------------- sudo apt-get update
sudo apt-get install build-essential
sudo apt-get install gcc-9 g++-9
sudo apt-get install zip unzip
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-9 9
sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-9 9
wget http://www.mysticbbs.com/downloads/cl345.zip
mkdir cl345
cd cl345
unzip -ax ../cl345.zip
sudo make shared
sudo mv libcl.so.3.4.5 /usr/lib/libcl.so
sudo rm /mystic/data/ssl.cert
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-11 11
sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-11 11 reboot the system
Follow these instructions and cryptlib 3.4.5 will work perfect...
Al
... A Skydiver is taken by the gravity of his situation.
I posted an answer before I saw this, I will give it a shot when I log out of here.
On 14 Nov 2022, Capt Kirk said the following...
I posted an answer before I saw this, I will give it a shot when I lo out of here.
It's a lot of extra work to get it to compile like someone else said changin the builder is not the way to go about it but for me it worked. 3.4.6 compil perfectly with the latest build tools, 3.4.5 doesn't, there was another post around which changed a couple of lines to something else and it built, but S support was no good as the sending a password reset email via gmail did not work. Good luck and let us know how it goes...
Al
... The dog ate my .REP packet
Sysop: | Eric Oulashin |
---|---|
Location: | Beaverton, Oregon, USA |
Users: | 96 |
Nodes: | 16 (0 / 16) |
Uptime: | 16:51:46 |
Calls: | 4,606 |
Calls today: | 7 |
Files: | 8,491 |
Messages: | 349,381 |
Posted today: | 1 |