commit 4ff2130c877f931ccd1e892fd96652a481003ae7 Merge: 6de8015 4c554d7 Author: Ximin Luo infinity0@gmx.com Date: Wed Nov 20 16:05:12 2013 +0000

Merge branch 'fac-build'

Conflicts: facilitator/doc/facilitator-howto.txt

Makefile | 12 +- facilitator/.gitignore | 28 ++ facilitator/INSTALL | 31 ++ facilitator/Makefile | 21 -- facilitator/Makefile.am | 149 ++++++++ facilitator/README | 37 +- facilitator/appengine/README | 11 - facilitator/appengine/app.yaml | 3 +- facilitator/appengine/config.go | 16 + facilitator/appengine/fp-reg.go | 7 +- facilitator/autogen.sh | 2 + facilitator/configure.ac | 49 +++ facilitator/default/facilitator | 11 + facilitator/default/facilitator-email-poller | 7 + facilitator/default/facilitator-reg-daemon | 11 + facilitator/doc/appengine-howto.txt | 56 --- facilitator/doc/appspot-howto.txt | 72 ++++ facilitator/doc/email-howto.txt | 75 ++++ facilitator/doc/facilitator-design.txt | 44 +++ facilitator/doc/facilitator-howto.txt | 199 ----------- facilitator/doc/gmail-howto.txt | 61 ---- facilitator/doc/http-howto.txt | 49 +++ facilitator/doc/server-howto.txt | 55 +++ facilitator/examples/facilitator-relays | 7 + facilitator/examples/fp-facilitator.conf.in | 30 ++ facilitator/examples/reg-email.pass | 10 + facilitator/fac.py | 35 +- facilitator/facilitator | 16 +- facilitator/facilitator-email-poller | 47 ++- facilitator/facilitator-test | 437 ----------------------- facilitator/facilitator-test.py | 439 ++++++++++++++++++++++++ facilitator/init.d/facilitator | 120 ------- facilitator/init.d/facilitator-email-poller | 119 ------- facilitator/init.d/facilitator-email-poller.in | 131 +++++++ facilitator/init.d/facilitator-reg-daemon | 119 ------- facilitator/init.d/facilitator-reg-daemon.in | 132 +++++++ facilitator/init.d/facilitator.in | 133 +++++++ facilitator/relays | 4 - 38 files changed, 1591 insertions(+), 1194 deletions(-)

diff --cc facilitator/doc/server-howto.txt index 0000000,6f71772..bf1bb0b mode 000000,100644..100644 --- a/facilitator/doc/server-howto.txt +++ b/facilitator/doc/server-howto.txt @@@ -1,0 -1,55 +1,55 @@@ + This document describes how to configure a server running the facilitator on + Debian 7. It is not necessary to make things work, but gives you some added + security, and is a good reference if you want to create a dedicated VM for a + facilitator from scratch. + + We will use the domain name fp-facilitator.example.com. + + == Basic and security setup + + Install some essential packages and configure a firewall. + + # cat >/etc/apt/apt.conf.d/90suggests<<EOF + APT::Install-Recommends "0"; + APT::Install-Suggests "0"; + EOF - # apt-get remove portmap ++ # apt-get remove rpcbind + # apt-get update + # apt-get upgrade + # apt-get install shorewall shorewall6 + + Away from the facilitator, generate an SSH key for authentication: + + $ ssh-keygen -f ~/.ssh/fp-facilitator + $ ssh-copy-id -i ~/.ssh/fp-facilitator.pub root@fp-facilitator.example.com + + Then log in and edit /etc/ssh/sshd_config to disable password + authentication: + + PasswordAuthentication no + + Configure the firewall to allow only SSH and HTTPS. + + # cd /etc/shorewall + # cp /usr/share/doc/shorewall/examples/Universal/{interfaces,policy,rules,zones} . + Edit /etc/shorewall/rules: + SECTION NEW + SSH(ACCEPT) net $FW + HTTPS(ACCEPT) net $FW + + # cd /etc/shorewall6 + # cp /usr/share/doc/shorewall6/examples/Universal/{interfaces,policy,rules,zones} . + Edit /etc/shorewall6/rules: + SECTION NEW + SSH(ACCEPT) all $FW + HTTPS(ACCEPT) all $FW + + Edit /etc/default/shorewall and /etc/default/shorewall6 and set + + startup=1 + + Restart servers. + + # /etc/init.d/ssh restart + # /etc/init.d/shorewall start + # /etc/init.d/shorewall6 start