Actions

Byzantium Live Distro: Difference between revisions

From HacDC Wiki

No edit summary
No edit summary
Line 75: Line 75:
** [http://interfacelab.com/nginx-php-fpm-apc-awesome/ How to set up PHP under nginx with the FastCGI Process Manager.]
** [http://interfacelab.com/nginx-php-fpm-apc-awesome/ How to set up PHP under nginx with the FastCGI Process Manager.]
* lighttpd
* lighttpd
* [http://www.lighttpd.net/ lighttpd]
** [http://redmine.lighttpd.net/wiki/1/TutorialLighttpdAndPHP How to set up PHP under lighttpd as a FastCGI process.]


Needs to:
Needs to:
* ...be reconfigurable.
* ...be readily reconfigurable.
* ...support PHP.
* ...support PHP.
* ...not use too much RAM or disk space.
* ...not use too much RAM or disk space.
Line 85: Line 87:


==Packages built for Byzantium==
==Packages built for Byzantium==
* CherryPy - Porteus and Slackware don't package it so I made one for usIt's been checked into Git.
* babeld - For great mesh routing.
* batman-adv - Kernel module which implements mesh routing at OSI layer 2.  We may not use it but it's there if we need it.
* batctl - Utility for configurating and manipulating batman-adv.
** Dependency of batman-adv.
* ahcpd - For configuring mesh nodes that don't want to use the random RFC-1918 IP address generator.
* CherryPy - Python module that implements a fast multi-threaded HTTP (web application) server.
** Dependency of the control panelWithout this, there is no control panel.
* pySetupTools - Required for installing some Python modules.
* pySetupTools - Required for installing some Python modules.
* Mako - Python HTML templating system.
* Mako - Python HTML templating system.
** Dependency of the control panel.
** Dependency of the control panel.
* MarkupSafe - Python library that implements a Unicode string that is aware of HTML escaping rules and does automatic string escaping.
** Dependency of Mako.
* Git - Converted Slackware v13.37 package.
* Git - Converted Slackware v13.37 package.
* Curl - Converted Slackware v13.37 package.
* Curl - Converted Slackware v13.37 package.
** Dependency of git.
** Dependency of git.
** Note: To make git work without "error setting certificate verify locations" errors, you need to run the following command as the root user: git config --system http.sslcainfo /usr/share/curl/ca-bundle.crt
** Note: To make git work without "error setting certificate verify locations" errors, you need to run the following command as the root user: git config --system http.sslcainfo /usr/share/curl/ca-bundle.crt
* rrdtool - Used by traffic_stats.sh to monitor network traffic and build graphs.


==Links==
==Links==
Line 101: Line 112:


==Timeline==
==Timeline==
* .....uhh....
* 20 October 2011 - Live demo, presentation, and networking at [http://contactcon.com/ ContactCon].

Revision as of 22:25, 7 August 2011

Description

We are building a portable live Linux distribution based on Porteus Linux. Porteus itself is a fork of Slax that has been brought up to date with Slackware 13.37 and uses a 2.6.38.8 kernel. Porteus can use binary packages from Slackware 13.37 after conversion to Porteus' native format.

Code Repositories

Github page Subversion repo for Porteus packages

Goals

  • Make it possible for people in emergency situations to communicate and collaborate.
  • Make it possible for people in areas where the communications infrastructure is compromised to communicate and collaborate.
  • Provide services to support communication and collaboration.
  • Will be secure out of the box.
    • Best practices for isolating running services will be followed.
    • Best practices for configuration web applications will be followed.
    • Least privilege will be followed wherever possible.
  • Will be extensively documented.
    • A Creative Commons-licensed book will be made available with the Byzantium distribution as well as separately
    • Will explain the finer points of setting up a mesh, as well as accompanying projects (such as dialup gateways and long-haul transports).
    • Will be translated into as many languages as possible.
  • Widely compatible.
    • Users need to be able to boot their desktop/laptop/netbook from Byzantium media and set up a node.
    • As little fiddling with network drivers as possible.
  • Rapidly deployable.
    • Users need to be able to configure their Byzantium node rapidly and with little assistance.
    • Emergency situations.
    • Control panel aims to be as self-documenting as possible.
  • Aims to protect confidentiality of traffic.
    • Opportunistic IPsec?
    • All services default to SSLv3/TLSv1.
  • Aims to protect integrity of traffic.
    • SSLv3/TLSv1.
  • Meshes should grow without the direction of a central authority.
    • Anyone can set up a mesh node.
    • Anyone can set up services on the mesh.
    • Services packaged by default can be managed (activated and deactivated) from the control panel
    • Services packaged by default will come preconfigured with secure defaults and a mobile-friendly theme where appropriate.
    • This is a calculated risk. The threat models of Tor and I2P take this into account as well.
  • Byzantium nodes need to be rapidly clonable.
    • One copy of the live distribution needs to become many on demand.
    • Nodes need to be clonable without taking the node down.
  • Persistent storage has to be an option.
    • Built into Porteus.
      • save.dat file
      • removable media
      • media Porteus is installed to
  • Dependencies will be automatically managed by the control panel.

Features

  • Can support multiple mesh routing protocols.
  • Modular configuration back end.
  • Multiple pre-packaged, pre-configured web applications for communication and collaboration.
  • All services can be independently activated and deactivated.
  • Aims for security by default.
    • Services are not active unless explicitly triggered.
    • Services are configured using best practices for security.
    • Services support strong cryptography by default.
  • Supports gatewaying from the mesh to the Net over a live connection.
  • Supports persistent (encrypted) storage on demand (not default).

ToDo

Pick a web server to host applications:

Needs to:

  • ...be readily reconfigurable.
  • ...support PHP.
  • ...not use too much RAM or disk space.
  • ...support passthrough for other apps like
    • ...crypto.cat.
    • ...etherpad-lite.

Packages built for Byzantium

  • babeld - For great mesh routing.
  • batman-adv - Kernel module which implements mesh routing at OSI layer 2. We may not use it but it's there if we need it.
  • batctl - Utility for configurating and manipulating batman-adv.
    • Dependency of batman-adv.
  • ahcpd - For configuring mesh nodes that don't want to use the random RFC-1918 IP address generator.
  • CherryPy - Python module that implements a fast multi-threaded HTTP (web application) server.
    • Dependency of the control panel. Without this, there is no control panel.
  • pySetupTools - Required for installing some Python modules.
  • Mako - Python HTML templating system.
    • Dependency of the control panel.
  • MarkupSafe - Python library that implements a Unicode string that is aware of HTML escaping rules and does automatic string escaping.
    • Dependency of Mako.
  • Git - Converted Slackware v13.37 package.
  • Curl - Converted Slackware v13.37 package.
    • Dependency of git.
    • Note: To make git work without "error setting certificate verify locations" errors, you need to run the following command as the root user: git config --system http.sslcainfo /usr/share/curl/ca-bundle.crt
  • rrdtool - Used by traffic_stats.sh to monitor network traffic and build graphs.

Links

Place links relevant to any part of the process of making this livedistro here.

Porteus Official Website Processes for building Porteus packages.

Timeline

  • .....uhh....
  • 20 October 2011 - Live demo, presentation, and networking at ContactCon.