Parcourir la source

Instructions for Bitmessage daemon

Bob Mottram il y a 11 ans
Parent
révision
73e40c0819
1 fichiers modifiés avec 166 ajouts et 12 suppressions
  1. 166
    12
      beaglebone.txt

+ 166
- 12
beaglebone.txt Voir le fichier

@@ -2503,6 +2503,159 @@ chmod g+s /var/www/$HOSTNAME/htdocs
2503 2503
 
2504 2504
 With a web browser visit your domain and enter an administrator username and password.
2505 2505
 
2506
+** Install Bitmessage
2507
+
2508
+[[https://bitmessage.org][Bitmessage]] is a new type of messaging system intended to fulfill the same role as email, but without the security problems.  In particular, Bitmessage attempts to not just encrypt the content but also the metadata.  It's message broadcasting system makes it exceedingly difficult for an attacker to know which computer a message is destined for.  The only way you know whether a message has been sent to you is whether you are able to decrypt it from the passing stream of messages.
2509
+
2510
+Although similar to Bitcoin in some regards, such as "/proof of work/", Bitmessage has no block chain and messages are only buffered for approximately three days after which they are deleted from any given node.
2511
+
2512
+Installing Bitmessage as a daemon will increase the size of the network, and therefore the level of security for all users.
2513
+
2514
+#+BEGIN_SRC: bash
2515
+apt-get install python screen
2516
+cd /tmp
2517
+git clone https://github.com/Bitmessage/PyBitmessage.git
2518
+cd PyBitmessage
2519
+make install
2520
+#+END_SRC
2521
+
2522
+Save and exit.
2523
+
2524
+#+BEGIN_SRC: bash
2525
+emacs /etc/init.d/pybitmessage
2526
+#+END_SRC
2527
+
2528
+Add the following text:
2529
+
2530
+#+BEGIN_SRC: bash
2531
+#!/bin/bash
2532
+# /etc/init.d/bitmessage
2533
+
2534
+### BEGIN INIT INFO
2535
+# Provides:          pybitmessage
2536
+# Required-Start:    $remote_fs $syslog
2537
+# Required-Stop:     $remote_fs $syslog
2538
+# Default-Start:     2 3 4 5
2539
+# Default-Stop:      0 1 6
2540
+# Short-Description: starts bitmessage as a background daemon, suitable for servers
2541
+# Description:       This file should be used to construct scripts to be
2542
+#                    placed in /etc/init.d.
2543
+### END INIT INFO
2544
+
2545
+# Author: Super-Nathan <BM-Gu2k3Wy2hpTMYBxSoM2937SPcuU6xzEj>
2546
+
2547
+#Settings
2548
+SERVICE='pybitmessage'
2549
+LOGFILE='/dev/null' # this disables logging
2550
+# LOGFILE='/var/log/bitmessage.log' # comment out the above line and un-comment this line to save a log
2551
+COMMAND="python bitmessagemain.py > $LOGFILE"
2552
+USERNAME='bitmsg'
2553
+NICELEVEL=19 # from 0-19 the bigger the number, the less the impact on system resources
2554
+HISTORY=1024
2555
+PBM_LOCATION="/usr/local/share/pybitmessage"
2556
+INVOCATION="nice -n ${NICELEVEL} ${COMMAND}"
2557
+PATH='/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/bin/core_perl:/sbin:/usr/sbin:/bin:/usr/local/share/pybitmessage'
2558
+
2559
+
2560
+
2561
+
2562
+bm_start() {
2563
+echo "Starting $SERVICE..."
2564
+cd ${PBM_LOCATION}
2565
+su --command "screen -h ${HISTORY} -dmS ${SERVICE} ${INVOCATION}" $USERNAME
2566
+}
2567
+
2568
+
2569
+bm_stop() {
2570
+echo "Stopping $SERVICE"
2571
+su --command "screen -p 0 -S ${SERVICE} -X stuff "'^C'"" $USERNAME
2572
+}
2573
+
2574
+
2575
+#Start-Stop here
2576
+case "$1" in
2577
+  start)
2578
+    bm_start
2579
+    ;;
2580
+  stop)
2581
+    bm_stop
2582
+    ;;
2583
+  restart)
2584
+    bm_stop
2585
+    sleep 60s
2586
+    bm_start
2587
+    ;;
2588
+    *)
2589
+  echo "Usage: $0 {start|stop|restart}"
2590
+  exit 1
2591
+  ;;
2592
+esac
2593
+
2594
+exit 0
2595
+#+END_SRC
2596
+
2597
+Save and exit.
2598
+
2599
+Add a user which will be specifically for Bitmessage.  Since bitmessage is still a relatively young and experimental project, this adds further compartmentalisation such that if there are any bugs within PyBitmessage then an attacker can't neccessarily gain control of root or any other user account.  Here we create a user called /bitmsg/ and give it a long random password.
2600
+
2601
+#+BEGIN_SRC: bash
2602
+adduser bitmsg
2603
+#+END_SRC
2604
+
2605
+Create a /keys.dat/ file which is used to configure Bitmessage.
2606
+
2607
+#+BEGIN_SRC: bash
2608
+mkdir /home/bitmsg/.config
2609
+mkdir /home/bitmsg/.config/PyBitmessage
2610
+emacs /home/bitmsg/.config/PyBitmessage/keys.dat
2611
+#+END_SRC
2612
+
2613
+Add the following:
2614
+
2615
+#+BEGIN_SRC: bash
2616
+[bitmessagesettings]
2617
+settingsversion = 7
2618
+port = 8444
2619
+timeformat = %%a, %%d %%b %%Y  %%I:%%M %%p
2620
+blackwhitelist = black
2621
+startonlogon = false
2622
+minimizetotray = false
2623
+showtraynotifications = false
2624
+startintray = false
2625
+socksproxytype = none
2626
+sockshostname = localhost
2627
+socksport = 9050
2628
+socksauthentication = false
2629
+sockslisten = false
2630
+socksusername =
2631
+sockspassword =
2632
+keysencrypted = false
2633
+messagesencrypted = false
2634
+defaultnoncetrialsperbyte = 640
2635
+defaultpayloadlengthextrabytes = 14000
2636
+minimizeonclose = false
2637
+maxacceptablenoncetrialsperbyte = 0
2638
+maxacceptablepayloadlengthextrabytes = 0
2639
+userlocale = system
2640
+namecoinrpctype = namecoind
2641
+namecoinrpchost = localhost
2642
+namecoinrpcuser =
2643
+namecoinrpcpassword =
2644
+namecoinrpcport = 8336
2645
+sendoutgoingconnections = True
2646
+daemon = true
2647
+#+END_SRC
2648
+
2649
+Save and exit. Then enable the daemon and run it.
2650
+
2651
+#+BEGIN_SRC: bash
2652
+rm -f /tmp/-usr-local-share-pybitmessage-*.lock
2653
+chown -R bitmsg:bitmsg /home/bitmsg
2654
+chmod +x /etc/init.d/pybitmessage
2655
+update-rc.d pybitmessage defaults
2656
+service pybitmessage start
2657
+#+END_SRC
2658
+
2506 2659
 ** Install Tripwire
2507 2660
 
2508 2661
 Tripwire will try to detect any intrusions into your system. It's a good idea to install it after you have installed all of the other programs which you intend to use.
@@ -2535,18 +2688,19 @@ apt-get install rkhunter
2535 2688
 * Router/Firewall ports
2536 2689
 The following ports on your internet router/firewall should be forwarded to the BBB.
2537 2690
 
2538
-| Protocol |     Port/s |
2539
-|----------+------------|
2540
-| Gopher   |         70 |
2541
-| HTTP     |         80 |
2542
-| HTTPS    |        443 |
2543
-| IMAP     |        143 |
2544
-| IRC SSL  |       6670 |
2545
-| SIP      | 5060..5061 |
2546
-| SMTP     |         25 |
2547
-| SMTPS    |        465 |
2548
-| SSH      |         22 |
2549
-| XMPP     | 5222..5223 |
2691
+| Protocol   |     Port/s |
2692
+|------------+------------|
2693
+| Gopher     |         70 |
2694
+| HTTP       |         80 |
2695
+| HTTPS      |        443 |
2696
+| IMAP       |        143 |
2697
+| IRC SSL    |       6670 |
2698
+| SIP        | 5060..5061 |
2699
+| SMTP       |         25 |
2700
+| SMTPS      |        465 |
2701
+| SSH        |         22 |
2702
+| XMPP       | 5222..5223 |
2703
+| Bitmessage |       8444 |
2550 2704
 
2551 2705
 * Hints and Tips
2552 2706
 ** Messaging security