Create warning emails from daily tests

doc/EN/index.org

@@ -17,7 +17,7 @@
 #+end_quote
 
 #+BEGIN_CENTER
-[[file:images/beaglebone_logo.jpg]]
+[[./release3.html][New version 3 (Stretch)]]
 #+END_CENTER
 
 So you want to run your own internet services? Email, chat, VoIP, web sites, file synchronisation, wikis, blogs, social networks, media hosting, backups. Freedombone enables you to do all of that in a self-hosted way, where you keep control of your data and it resides in your own home.

doc/EN/release3.org

@@ -0,0 +1,68 @@
+#+TITLE:
+#+AUTHOR: Bob Mottram
+#+EMAIL: bob@freedombone.net
+#+KEYWORDS: freedombone
+#+DESCRIPTION: Version 3
+#+OPTIONS: ^:nil toc:nil
+#+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
+
+#+BEGIN_CENTER
+[[file:images/logo.png]]
+#+END_CENTER
+
+#+BEGIN_EXPORT html
+<center>
+<h1>Version 3: Building an internet run by the users, for the users</h1>
+</center>
+#+END_EXPORT
+
+The internet may still be mostly in the clutches of a few giant megacorporations and dubious governments with sketchy agendas, but it doesn't have to remain that way. With the third version of the Freedombone system there is now more scope than before to take back your privacy, have ownership of personal data and run your own online communities without unnecessary or unwelcome intermediaries.
+
+Freedombone version 3 is based on Debian 9 (Stretch). It was released in July 2017 and includes:
+
+ * Faster initial setup
+ * More [[./apps.html][installable apps]] than the previous release, including CryptPad, Koel, NextCloud, PostActiv, Friendica and Matrix/RiotWeb
+ * Automated [[https://github.com/hardenedlinux/STIG-4-Debian][security tests]]
+ * Improved XMPP configuration to support all of the XEPs needed by the [[https://conversations.im][Conversations]] app
+ * Improved account and domain blocking controls for GNU Social and PostActiv for a better federated network experience
+ * Uses [[https://en.wikipedia.org/wiki/EdDSA][elliptic curve]] based GPG keys by default for better performance on low power single board computers
+ * Pre-downloaded repos distributed within images for faster and more autonomous app installs
+
+* Installation
+
+The simplest way to install is from a pre-made disk image. Images can be [[https://freedombone.net/downloads/v3][downloaded here]]. You will need to have previously obtained a domain name and have a dynamic DNS account somewhere.
+
+Copy the image to a microSD card or USB thumb drive, replacing sdX with the identifier of the USB thumb drive. Don't include any numbers (so for example use sdc instead of sdc1).
+
+#+BEGIN_SRC bash
+dd bs=1M if=myimagefile.img of=/dev/sdX conv=fdatasync
+#+END_SRC
+
+And wait. It will take a while to copy over. When that's done plug the microSD or USB drive into the target hardware which you want to use as a server and power on. If you're using an old laptop or netbook as the server then you will need to set the BIOS to boot from USB.
+
+As the system boots for the first time the login is:
+
+#+BEGIN_SRC bash
+username: fbone
+password: freedombone
+#+END_SRC
+
+If you're installing from a microSD card on a single board computer without a screen and keyboard attached then you can ssh into it with:
+
+#+BEGIN_SRC bash
+ssh fbone@freedombone.local -p 2222
+#+END_SRC
+
+Using the initial password "freedombone". If you have trouble accessing the server then make sure you have Avahi installed and [[https://en.wikipedia.org/wiki/Multicast_DNS][mDNS]] enabled.
+
+You will then be shown a new randomly generated password. It's very important that you write this down somewhere or transfer it to a password manager before going further, because you'll need this to log in later.
+
+* Upgrading from a previous install
+
+To upgrade from the Debian Jessie version first create a master keydrive. Go to the *Administrator control panel* and select *Backup and restore* then *Backup GPG key to USB (master keydrive)*. Insert a LUKS encrypted USB drive. When that is done Create a full backup by selecting *Backup data to USB drive* and using another LUKS encrypted USB drive.
+
+Follow the installation infstructions for the new Freedombone version, as described in the previous section. When the new system starts installing it will ask if you want to restore your GPG keys. Select *yes* and plug in your master keydrive.
+
+When the initial setup is complete go to the *Administrator control panel* and select *Backup and restore* then *Restore data from USB drive* followed by *all*. Insert the backup USB drive which you made previously. This will restore the base system, including any emails.
+
+You can now go to *Add/Remove apps* on the *Administrator control panel* and add the apps you want. Once they're installed you can recover their content and settings from *Backup and Restore*.

src/freedombone-utils-cron

@@ -79,9 +79,16 @@ function randomize_cron {
 
 function schedule_stig_tests {
     echo '#!/bin/bash' > /etc/cron.daily/stig_tests
+    echo "ADMIN_EMAIL_ADDRESS=${MY_USERNAME}@\${HOSTNAME}" >> /etc/cron.daily/stig_tests
     echo "pkill ${PROJECT_NAME}-tests" >> /etc/cron.daily/stig_tests
     echo 'rm -rf /tmp/*' >> /etc/cron.daily/stig_tests
-    echo "${PROJECT_NAME}-tests --stig yes" >> /etc/cron.daily/stig_tests
+    echo "${PROJECT_NAME}-tests --stig yes 2> /tmp/daily-stig-tests" >> /etc/cron.daily/stig_tests
+    echo 'if [ ! "$?" = "0" ]; then' >> /etc/cron.daily/stig_tests
+    echo "    echo \"\$(cat /tmp/daily-stig-tests)\" | mail -s \"${PROJECT_NAME} STIG test failures\" \$ADMIN_EMAIL_ADDRESS" >> /etc/cron.daily/stig_tests
+    echo 'fi' >> /etc/cron.daily/stig_tests
+    echo 'if [ -f /tmp/daily-stig-tests ]; then' >> /etc/cron.daily/stig_tests
+    echo '  rm /tmp/daily-stig-tests' >> /etc/cron.daily/stig_tests
+    echo 'fi' >> /etc/cron.daily/stig_tests
     chmod +x /etc/cron.daily/stig_tests
 }
 

website/EN/index.html

@@ -3,7 +3,7 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2017-06-27 Tue 13:17 -->
+<!-- 2017-06-30 Fri 10:02 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title></title>
@@ -255,12 +255,10 @@ for the JavaScript code in this tag.
 </blockquote>
 
 <div class="org-center">
-
-<div class="figure">
-<p><img src="images/beaglebone_logo.jpg" alt="beaglebone_logo.jpg" />
+<p>
+<a href="./release3.html">New version 3 (Stretch)</a>
 </p>
 </div>
-</div>
 
 <p>
 So you want to run your own internet services? Email, chat, VoIP, web sites, file synchronisation, wikis, blogs, social networks, media hosting, backups. Freedombone enables you to do all of that in a self-hosted way, where you keep control of your data and it resides in your own home.

website/EN/release3.html

@@ -0,0 +1,364 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
+<head>
+<!-- 2017-06-30 Fri 13:57 -->
+<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
+<meta name="viewport" content="width=device-width, initial-scale=1" />
+<title></title>
+<meta name="generator" content="Org mode" />
+<meta name="author" content="Bob Mottram" />
+<meta name="description" content="Version 3"
+ />
+<meta name="keywords" content="freedombone" />
+<style type="text/css">
+ <!--/*--><![CDATA[/*><!--*/
+  .title  { text-align: center;
+             margin-bottom: .2em; }
+  .subtitle { text-align: center;
+              font-size: medium;
+              font-weight: bold;
+              margin-top:0; }
+  .todo   { font-family: monospace; color: red; }
+  .done   { font-family: monospace; color: green; }
+  .priority { font-family: monospace; color: orange; }
+  .tag    { background-color: #eee; font-family: monospace;
+            padding: 2px; font-size: 80%; font-weight: normal; }
+  .timestamp { color: #bebebe; }
+  .timestamp-kwd { color: #5f9ea0; }
+  .org-right  { margin-left: auto; margin-right: 0px;  text-align: right; }
+  .org-left   { margin-left: 0px;  margin-right: auto; text-align: left; }
+  .org-center { margin-left: auto; margin-right: auto; text-align: center; }
+  .underline { text-decoration: underline; }
+  #postamble p, #preamble p { font-size: 90%; margin: .2em; }
+  p.verse { margin-left: 3%; }
+  pre {
+    border: 1px solid #ccc;
+    box-shadow: 3px 3px 3px #eee;
+    padding: 8pt;
+    font-family: monospace;
+    overflow: auto;
+    margin: 1.2em;
+  }
+  pre.src {
+    position: relative;
+    overflow: visible;
+    padding-top: 1.2em;
+  }
+  pre.src:before {
+    display: none;
+    position: absolute;
+    background-color: white;
+    top: -10px;
+    right: 10px;
+    padding: 3px;
+    border: 1px solid black;
+  }
+  pre.src:hover:before { display: inline;}
+  /* Languages per Org manual */
+  pre.src-asymptote:before { content: 'Asymptote'; }
+  pre.src-awk:before { content: 'Awk'; }
+  pre.src-C:before { content: 'C'; }
+  /* pre.src-C++ doesn't work in CSS */
+  pre.src-clojure:before { content: 'Clojure'; }
+  pre.src-css:before { content: 'CSS'; }
+  pre.src-D:before { content: 'D'; }
+  pre.src-ditaa:before { content: 'ditaa'; }
+  pre.src-dot:before { content: 'Graphviz'; }
+  pre.src-calc:before { content: 'Emacs Calc'; }
+  pre.src-emacs-lisp:before { content: 'Emacs Lisp'; }
+  pre.src-fortran:before { content: 'Fortran'; }
+  pre.src-gnuplot:before { content: 'gnuplot'; }
+  pre.src-haskell:before { content: 'Haskell'; }
+  pre.src-hledger:before { content: 'hledger'; }
+  pre.src-java:before { content: 'Java'; }
+  pre.src-js:before { content: 'Javascript'; }
+  pre.src-latex:before { content: 'LaTeX'; }
+  pre.src-ledger:before { content: 'Ledger'; }
+  pre.src-lisp:before { content: 'Lisp'; }
+  pre.src-lilypond:before { content: 'Lilypond'; }
+  pre.src-lua:before { content: 'Lua'; }
+  pre.src-matlab:before { content: 'MATLAB'; }
+  pre.src-mscgen:before { content: 'Mscgen'; }
+  pre.src-ocaml:before { content: 'Objective Caml'; }
+  pre.src-octave:before { content: 'Octave'; }
+  pre.src-org:before { content: 'Org mode'; }
+  pre.src-oz:before { content: 'OZ'; }
+  pre.src-plantuml:before { content: 'Plantuml'; }
+  pre.src-processing:before { content: 'Processing.js'; }
+  pre.src-python:before { content: 'Python'; }
+  pre.src-R:before { content: 'R'; }
+  pre.src-ruby:before { content: 'Ruby'; }
+  pre.src-sass:before { content: 'Sass'; }
+  pre.src-scheme:before { content: 'Scheme'; }
+  pre.src-screen:before { content: 'Gnu Screen'; }
+  pre.src-sed:before { content: 'Sed'; }
+  pre.src-sh:before { content: 'shell'; }
+  pre.src-sql:before { content: 'SQL'; }
+  pre.src-sqlite:before { content: 'SQLite'; }
+  /* additional languages in org.el's org-babel-load-languages alist */
+  pre.src-forth:before { content: 'Forth'; }
+  pre.src-io:before { content: 'IO'; }
+  pre.src-J:before { content: 'J'; }
+  pre.src-makefile:before { content: 'Makefile'; }
+  pre.src-maxima:before { content: 'Maxima'; }
+  pre.src-perl:before { content: 'Perl'; }
+  pre.src-picolisp:before { content: 'Pico Lisp'; }
+  pre.src-scala:before { content: 'Scala'; }
+  pre.src-shell:before { content: 'Shell Script'; }
+  pre.src-ebnf2ps:before { content: 'ebfn2ps'; }
+  /* additional language identifiers per "defun org-babel-execute"
+       in ob-*.el */
+  pre.src-cpp:before  { content: 'C++'; }
+  pre.src-abc:before  { content: 'ABC'; }
+  pre.src-coq:before  { content: 'Coq'; }
+  pre.src-groovy:before  { content: 'Groovy'; }
+  /* additional language identifiers from org-babel-shell-names in
+     ob-shell.el: ob-shell is the only babel language using a lambda to put
+     the execution function name together. */
+  pre.src-bash:before  { content: 'bash'; }
+  pre.src-csh:before  { content: 'csh'; }
+  pre.src-ash:before  { content: 'ash'; }
+  pre.src-dash:before  { content: 'dash'; }
+  pre.src-ksh:before  { content: 'ksh'; }
+  pre.src-mksh:before  { content: 'mksh'; }
+  pre.src-posh:before  { content: 'posh'; }
+  /* Additional Emacs modes also supported by the LaTeX listings package */
+  pre.src-ada:before { content: 'Ada'; }
+  pre.src-asm:before { content: 'Assembler'; }
+  pre.src-caml:before { content: 'Caml'; }
+  pre.src-delphi:before { content: 'Delphi'; }
+  pre.src-html:before { content: 'HTML'; }
+  pre.src-idl:before { content: 'IDL'; }
+  pre.src-mercury:before { content: 'Mercury'; }
+  pre.src-metapost:before { content: 'MetaPost'; }
+  pre.src-modula-2:before { content: 'Modula-2'; }
+  pre.src-pascal:before { content: 'Pascal'; }
+  pre.src-ps:before { content: 'PostScript'; }
+  pre.src-prolog:before { content: 'Prolog'; }
+  pre.src-simula:before { content: 'Simula'; }
+  pre.src-tcl:before { content: 'tcl'; }
+  pre.src-tex:before { content: 'TeX'; }
+  pre.src-plain-tex:before { content: 'Plain TeX'; }
+  pre.src-verilog:before { content: 'Verilog'; }
+  pre.src-vhdl:before { content: 'VHDL'; }
+  pre.src-xml:before { content: 'XML'; }
+  pre.src-nxml:before { content: 'XML'; }
+  /* add a generic configuration mode; LaTeX export needs an additional
+     (add-to-list 'org-latex-listings-langs '(conf " ")) in .emacs */
+  pre.src-conf:before { content: 'Configuration File'; }
+
+  table { border-collapse:collapse; }
+  caption.t-above { caption-side: top; }
+  caption.t-bottom { caption-side: bottom; }
+  td, th { vertical-align:top;  }
+  th.org-right  { text-align: center;  }
+  th.org-left   { text-align: center;   }
+  th.org-center { text-align: center; }
+  td.org-right  { text-align: right;  }
+  td.org-left   { text-align: left;   }
+  td.org-center { text-align: center; }
+  dt { font-weight: bold; }
+  .footpara { display: inline; }
+  .footdef  { margin-bottom: 1em; }
+  .figure { padding: 1em; }
+  .figure p { text-align: center; }
+  .inlinetask {
+    padding: 10px;
+    border: 2px solid gray;
+    margin: 10px;
+    background: #ffffcc;
+  }
+  #org-div-home-and-up
+   { text-align: right; font-size: 70%; white-space: nowrap; }
+  textarea { overflow-x: auto; }
+  .linenr { font-size: smaller }
+  .code-highlighted { background-color: #ffff00; }
+  .org-info-js_info-navigation { border-style: none; }
+  #org-info-js_console-label
+    { font-size: 10px; font-weight: bold; white-space: nowrap; }
+  .org-info-js_search-highlight
+    { background-color: #ffff00; color: #000000; font-weight: bold; }
+  .org-svg { width: 90%; }
+  /*]]>*/-->
+</style>
+<link rel="stylesheet" type="text/css" href="freedombone.css" />
+<script type="text/javascript">
+/*
+@licstart  The following is the entire license notice for the
+JavaScript code in this tag.
+
+Copyright (C) 2012-2017 Free Software Foundation, Inc.
+
+The JavaScript code in this tag is free software: you can
+redistribute it and/or modify it under the terms of the GNU
+General Public License (GNU GPL) as published by the Free Software
+Foundation, either version 3 of the License, or (at your option)
+any later version.  The code is distributed WITHOUT ANY WARRANTY;
+without even the implied warranty of MERCHANTABILITY or FITNESS
+FOR A PARTICULAR PURPOSE.  See the GNU GPL for more details.
+
+As additional permission under GNU GPL version 3 section 7, you
+may distribute non-source (e.g., minimized or compacted) forms of
+that code without the copy of the GNU GPL normally required by
+section 4, provided you include this license notice and a URL
+through which recipients can access the Corresponding Source.
+
+
+@licend  The above is the entire license notice
+for the JavaScript code in this tag.
+*/
+<!--/*--><![CDATA[/*><!--*/
+ function CodeHighlightOn(elem, id)
+ {
+   var target = document.getElementById(id);
+   if(null != target) {
+     elem.cacheClassElem = elem.className;
+     elem.cacheClassTarget = target.className;
+     target.className = "code-highlighted";
+     elem.className   = "code-highlighted";
+   }
+ }
+ function CodeHighlightOff(elem, id)
+ {
+   var target = document.getElementById(id);
+   if(elem.cacheClassElem)
+     elem.className = elem.cacheClassElem;
+   if(elem.cacheClassTarget)
+     target.className = elem.cacheClassTarget;
+ }
+/*]]>*///-->
+</script>
+</head>
+<body>
+<div id="preamble" class="status">
+<a name="top" id="top"></a>
+</div>
+<div id="content">
+<div class="org-center">
+
+<div class="figure">
+<p><img src="images/logo.png" alt="logo.png" />
+</p>
+</div>
+</div>
+
+<center>
+<h1>Version 3: Building an internet run by the users, for the users</h1>
+</center>
+
+<p>
+The internet may still be mostly in the clutches of a few giant megacorporations and dubious governments with sketchy agendas, but it doesn't have to remain that way. With the third version of the Freedombone system there is now more scope than before to take back your privacy, have ownership of personal data and run your own online communities without unnecessary or unwelcome intermediaries.
+</p>
+
+<p>
+Freedombone version 3 is based on Debian 9 (Stretch). It was released in July 2017 and includes:
+</p>
+
+<ul class="org-ul">
+<li>Faster initial setup</li>
+<li>More <a href="./apps.html">installable apps</a> than the previous release, including CryptPad, Koel, NextCloud, PostActiv, Friendica and Matrix/RiotWeb</li>
+<li>Automated <a href="https://github.com/hardenedlinux/STIG-4-Debian">security tests</a></li>
+<li>Improved XMPP configuration to support all of the XEPs needed by the <a href="https://conversations.im">Conversations</a> app</li>
+<li>Improved account and domain blocking controls for GNU Social and PostActiv for a better federated network experience</li>
+<li>Uses <a href="https://en.wikipedia.org/wiki/EdDSA">elliptic curve</a> based GPG keys by default for better performance on low power single board computers</li>
+<li>Pre-downloaded repos distributed within images for faster and more autonomous app installs</li>
+</ul>
+
+<div id="outline-container-orgcc70622" class="outline-2">
+<h2 id="orgcc70622">Installation</h2>
+<div class="outline-text-2" id="text-orgcc70622">
+<p>
+The simplest way to install is from a pre-made disk image. Images can be <a href="https://freedombone.net/downloads/v3">downloaded here</a>. You will need to have previously obtained a domain name and have a dynamic DNS account somewhere.
+</p>
+
+<p>
+Copy the image to a microSD card or USB thumb drive, replacing sdX with the identifier of the USB thumb drive. Don't include any numbers (so for example use sdc instead of sdc1).
+</p>
+
+<div class="org-src-container">
+<pre><code class="src src-bash">dd <span class="org-variable-name">bs</span>=1M <span class="org-variable-name">if</span>=myimagefile.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
+</code></pre>
+</div>
+
+<p>
+And wait. It will take a while to copy over. When that's done plug the microSD or USB drive into the target hardware which you want to use as a server and power on. If you're using an old laptop or netbook as the server then you will need to set the BIOS to boot from USB.
+</p>
+
+<p>
+As the system boots for the first time the login is:
+</p>
+
+<div class="org-src-container">
+<pre><code class="src src-bash">username: fbone
+password: freedombone
+</code></pre>
+</div>
+
+<p>
+If you're installing from a microSD card on a single board computer without a screen and keyboard attached then you can ssh into it with:
+</p>
+
+<div class="org-src-container">
+<pre><code class="src src-bash">ssh fbone@freedombone.local -p 2222
+</code></pre>
+</div>
+
+<p>
+Using the initial password "freedombone". If you have trouble accessing the server then make sure you have Avahi installed and <a href="https://en.wikipedia.org/wiki/Multicast_DNS">mDNS</a> enabled.
+</p>
+
+<p>
+You will then be shown a new randomly generated password. It's very important that you write this down somewhere or transfer it to a password manager before going further, because you'll need this to log in later.
+</p>
+</div>
+</div>
+
+<div id="outline-container-org48b12d2" class="outline-2">
+<h2 id="org48b12d2">Upgrading from a previous install</h2>
+<div class="outline-text-2" id="text-org48b12d2">
+<p>
+To upgrade from the Debian Jessie version first create a master keydrive. Go to the <b>Administrator control panel</b> and select <b>Backup and restore</b> then <b>Backup GPG key to USB (master keydrive)</b>. Insert a LUKS encrypted USB drive. When that is done Create a full backup by selecting <b>Backup data to USB drive</b> and using another LUKS encrypted USB drive.
+</p>
+
+<p>
+Follow the installation infstructions for the new Freedombone version, as described in the previous section. When the new system starts installing it will ask if you want to restore your GPG keys. Select <b>yes</b> and plug in your master keydrive.
+</p>
+
+<p>
+When the initial setup is complete go to the <b>Administrator control panel</b> and select <b>Backup and restore</b> then <b>Restore data from USB drive</b> followed by <b>all</b>. Insert the backup USB drive which you made previously. This will restore the base system, including any emails.
+</p>
+
+<p>
+You can now go to <b>Add/Remove apps</b> on the <b>Administrator control panel</b> and add the apps you want. Once they're installed you can recover their content and settings from <b>Backup and Restore</b>.
+</p>
+</div>
+</div>
+</div>
+<div id="postamble" class="status">
+
+<style type="text/css">
+.back-to-top {
+    position: fixed;
+    bottom: 2em;
+    right: 0px;
+    text-decoration: none;
+    color: #000000;
+    background-color: rgba(235, 235, 235, 0.80);
+    font-size: 12px;
+    padding: 1em;
+    display: none;
+}
+
+.back-to-top:hover {
+    background-color: rgba(135, 135, 135, 0.50);
+}
+</style>
+
+<div class="back-to-top">
+<a href="#top">Back to top</a> | <a href="mailto:bob@freedombone.net">E-mail me</a>
+</div>
+</div>
+</body>
+</html>