installation

Docker, an advanced chroot utility

Fri, 11/29/2019 - 19:09 — Alexis Wilke

Chasm—just like a Docker creates a chasm between two sets of software

SECURITY WARNING

Before installing Docker and containers with services on your Linux system, make sure to read and understand the risks as mentioned on this Docker and iptables page. Especially, Docker will make all your containers visible to the entire world through your Internet connection. This is great if you want to indeed share that service with the rest of the world, it's very dangerous if you are working on that container service since it could have security issues that need patching and such. Docker documents a way to prevent that behavior by adding the following rule to your firewall:

iptables -I DOCKER-USER -i eth0 ! -s 192.168.1.0/24 -j DROP

This means that unless the IP address matches 192.168.1.0/24, the access is refused. The `eth0` interface name should be replaced with the interface name you use as the external ethernet connection. During development, you should always have such a rule.

That has not worked at all for me because my local network includes many other computers on my LAN and this rule blocks them all. So really not a useful idea.

Instead, I created my own entries based on some other characteristics. That includes the following lines in my firewall file:

*filter
:DOCKER-USER - [0:0]

-A DOCKER-USER -j early_forward
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 80 --ctdir ORIGINAL -j DROP
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 8080 --ctdir ORIGINAL -j DROP
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 8081 --ctdir ORIGINAL -j DROP

My early_forward allows my LAN to continue to work. These are my firewall rules that allow my LAN computers to have their traffic forwarded as expected.

Then I have three rules that block port 80, 8080, and 8081 from Docker.

Docker will add new rules that will appear after (albeit not within the DOCKER-USER list) and will open ports for whatever necessary service you install in your Dockers.

Note that the only ports you have to block are ports that Docker will share and that you have otherwise open on your main server. If Docker opens port 5000 and your firewall does not allow connections to port 5000 from the outside, then you're already safe. On my end I have Apache running so as a result I block quite usual HTTP ports from Docker.

Docker

As we are helping various customers, we encounter new technologies.

In the old days, we used chroot to create a separate environment where you could have your own installation and prevent the software from within that environment access to everything on your computer. This is particularly useful for publicly facing services liek Apache, Bind, etc.

MobileKey Installation

Get the tarball or the zip file of the module from Drupal.org (MobileKey on Drupal).

Go to one of you module folders and extract the file you downloaded.

The default installation folder is sites/all/modules, if you have a multi-site installation and want the module for just a few sites, go to sites/<sitename>/modules instead (create the modules folder if it doesn't exist yet.) It is recommended that you do not install under the top modules folder as this one is reserved for Drupal Core modules.

At that point, go to your Drupal website and go to Administer » Site building ...

MobileKey (The module —)

Introduction to the MobileKey module

The MobileKey module is an extension of the ThemeKey module that gives you a way to switch theme based on whether the user is viewing your website with mobile phone.

The installation is very simple. Follow the default Drupal 6.x installation steps (extract the tarball under your sites/all/modules/ folder.)

The module currently supports two features, a switch to force a mobile specific theme and a global redirect for your website front page.

Add new comment

Protected Node Installation

The basics of the Protected Node installation are easy:

Get one of the tarball from Drupal.org
Extract the files under sites/all/modules or some other modules folder
Go to Administer » Site building » Modules and install the module (package Access)
As the administrator (UID = 1) you are done.

Once you have installed the module, you probably want to change the permissions. Permissions allow your users to access the Protected Node functionality based on their roles. Please, see the point about Permissions for more information about those.

Now, you're ready ...

Protect

How to bypass Drupal strong security?

Thu, 02/17/2011 - 17:45 — Alexis Wilke

Interestingly enough, today I received a Security Advisory from Drupal saying that users received an email from a hacker asking them to install a Trojan module on their Drupal system.

I find it quite interesting since, if Drupal wasn't secure, the hackers would not have to ask you to make it unsecure, would they?

However, this shows how many CMS systems introduce a security issue problem to your web server installation since it is required to let your web server execute any one PHP file...

All the files installed on your web server and that are directly accessible from the outside (i.e. ...

jsMath Installation

Requirements

In order to use the jsMath for displaying mathematics with TeX Drupal 6.x module you need:

The actual jsmath Drupal module
The jsMath library

End

jsMath for displaying mathematics with TeX Drupal 6.x module

This is a quick helper to get you started with jsMath for displaying mathematics with TeX Drupal 6.x module.

I include an installation procedure and some sample of equations you can write and corresponding result. This very website does not run jsMath for several reasons, one being that it is slow and the other is that we don't really need it on our corporate website.

If you find an issue, please, file it in the jsMath Drupal queue.

Add new comment

SimpleMenu Custom Theme

Introduction

The newer versions of SimpleMenu allows for an easy way of adding custom themes.

There are two main ways to add new SimpleMenu themes:

1. In the simplemenu themes folder;

2. In your theme folder.

SimpleMenu themes folder

CSS

If you look under the simplemenu folder, you will see a sub-folder named themes. You can place your own specialized themes in that folder to make them available system-wide (i.e. if you are using many themes or use one Drupal installation for many websites.) In other words, this folder is viewed as a global theme folder.

The themes folder ...

Read more

To Do Block

Installation

Go to Administer » Site building » Modules and click on To Do Block to install the Block extension for the To Do module.

To Do Actions

Installation

Go to Administer » Site building » Modules and click on To Do Action to install the Action extension for the To Do module.

This module requires the installation of the Drupal Core Trigger module.