mirror of
https://github.com/fspc/Yellow-Bike-Database.git
synced 2025-10-31 00:45:35 -04:00
Documentation updates for secure terminals!
This commit is contained in:
Jonathan Rosenbaum
parent
f384c3b7ed
commit
e67302b991
@ -15,7 +15,6 @@ D. <Directory /var/www/html>
|
||||
AuthUserFile /var/htpasswd
|
||||
</Directory>
|
||||
|
||||
|
||||
SSL (do not settle for anything less)
|
||||
|
||||
Under Debian:
|
||||
@ -24,9 +23,12 @@ B. cp ssl-cert-snakeoil.key /etc/ssl/private/
|
||||
cp ssl-cert-snakeoil.pem /etc/ssl/certs/
|
||||
C. a2enmod ssl;
|
||||
a2ensite default-ssl.conf; (standard on debian-based distributions .. add <Directory> stanza above)
|
||||
a2dissite 000-default.conf;
|
||||
a2dissite 000-default.conf;
|
||||
|
||||
An alternative would be to use letsencrypt. If you are using a reverse proxy, usually nginx-proxy,
|
||||
make certain that HTTP_X_FORWARDED_FOR is used for identifying the originating IP address,
|
||||
because YBDB shops keep track of their unique ip.
|
||||
|
||||
|
||||
TERMINAL AUTOMATION AND SECURITY
|
||||
|
||||
Firefox (IceWeasel):
|
||||
@ -53,34 +55,56 @@ Firefox (IceWeasel):
|
||||
You may need to make adjustments for plugins.
|
||||
|
||||
Chrome:
|
||||
1. Download KeePass zip - http://keepass.info/download.html
|
||||
2. Unzip in ~/KeePass
|
||||
3. sudo chown root:root ~/KeePass; sudo chmod 0755 ~/KeePass;
|
||||
4. run .. mono KeePass.exe, create database and a key file in ~/KeePass
|
||||
5. mv KeePass.config.xml KeePass.config.enforced.xml
|
||||
6. sudo chown root:root KeePass.config.enforced.xml (and database/key file)
|
||||
7. sudo chmod 0444 KeePass.config.enforced.xml
|
||||
8. Most importantly in KeePass.config.enforced.xml between <Security> change true to
|
||||
<Policy><UnhidePasswords>false</UnhidePasswords></Policy> so that passwords cannot be seen.
|
||||
9. When setting up password database for KeePass use only a key file.
|
||||
10. Add the url along with username and password in the database.
|
||||
11. In Debian/Ubuntu: apt-get install mono-runtime mono-devel
|
||||
12. Install extension chromeIPass
|
||||
13. Install keepasshttp as explained at https://github.com/pfn/keepasshttp/ (put KeePassHttp.plgx in ~/KeePass)
|
||||
14. Follow the directions chromeIPass gives you, creating an identifier
|
||||
15. Good idea to restart chrome.
|
||||
16. In Chrome Settings "On Startup Continue where you left off"
|
||||
17. Afterwards, you can sudo chown -R root:root ~/KeePass/*
|
||||
You may need to make adjustments for plugins.
|
||||
1. Install keepass2: sudo apt-get install keepass2
|
||||
2. cd /usr/lib/keepass2; \
|
||||
sudo mv KeePass.config.xml KeePass.config.enforced.xml
|
||||
|
||||
edit file and add between <Configuration></Configuration>
|
||||
|
||||
<Security>
|
||||
<Policy><UnhidePasswords>false</UnhidePasswords></Policy>
|
||||
</Security>
|
||||
|
||||
sudo chmod 0400 KeePass.config.enforced.xml
|
||||
|
||||
[doc: https://keepass.info/help/base/configuration.htm]
|
||||
|
||||
3. Install libsecret-tools: sudo apt-get install libsecret-tools
|
||||
secret-tool store --label="PositiveSpin" keepass pos (remember password)
|
||||
|
||||
4. run keepass2;
|
||||
create new password database in ~/keepass
|
||||
assign password created with secret-tool to Master password
|
||||
create key file in ~/keepass
|
||||
In the password datatase, add the url for YBDB, username and password (created with htpasswd)
|
||||
close keepass2
|
||||
sudo chown -R root:root ~/keepass
|
||||
sudo chmod -R 0400 ~/keepass (change to 0600 if you want to change password, then back to 0400 when done)
|
||||
|
||||
5. Install chrome extension chromeIPass
|
||||
|
||||
6. Install keepasshttp from https://github.com/pfn/keepasshttp/ by putting KeePassHttp.plgx in /usr/lib/keepass2;
|
||||
sudo chmod 0644 /usr/lib/keepass2/KeePassHttp.plgx
|
||||
sudo apt-get install libmono-system-xml-linq4.0-cil libmono-system-data-datasetextensions4.0-cil \
|
||||
libmono-system-runtime-serialization4.0-cil mono-mcs
|
||||
|
||||
7. Follow the directions chromeIPass gives you, creating an identifier
|
||||
https://github.com/pfn/passifox/blob/master/documentation/chromeIPass.md goes into more detail
|
||||
|
||||
8. sudo su; visudo
|
||||
after: %sudo ALL=(ALL:ALL) ALL
|
||||
add: pos ALL=(ALL) NOPASSWD: /usr/bin/keepass2 (note pos is an example user account being used for X11)
|
||||
|
||||
9. In Chrome Settings "On Startup Continue where you left off" or
|
||||
"Open a specific page or set of pages" and add the YBDB POS url as one of those specific pages
|
||||
|
||||
DESKTOP STARTUP
|
||||
|
||||
1. LXDE - put a file with this format in ~/.config/auto with name of *desktop, e.g. keepass.desktop:
|
||||
1. LXDE - put a file with this format in ~/.config/autostart with name of *desktop, e.g. keepass.desktop:
|
||||
|
||||
[Desktop Entry]
|
||||
Type=Application
|
||||
Exec=/usr/bin/mono /home/ps/KeePass/KeePass.exe
|
||||
Exec=bash -c "secret-tool lookup keepass pos | sudo keepass2 /home/pos/keepass/PositiveSpin.kdbx -pw-stdin -keyfile:/home/pos/keepass/PositiveSpin.key
|
||||
|
||||
2. Gnome based Window manager, e.g. Mate - open gnome-session-properties from commandline,
|
||||
and add startup application.
|
||||
@ -101,9 +125,3 @@ the Point of Sale will be at the proper location which is usually the front of t
|
||||
walk-in/walk-out.
|
||||
|
||||
Word of wisdom: It is always good practice to occasionally change the password.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user