itupdated docs - coffin - secure lan file storage on a device Err parazyd.org 70 hgit clone git://parazyd.org/coffin.git URL:git://parazyd.org/coffin.git parazyd.org 70 1Log /git/coffin/log.gph parazyd.org 70 1Files /git/coffin/files.gph parazyd.org 70 1Refs /git/coffin/refs.gph parazyd.org 70 1Submodules /git/coffin/file/.gitmodules.gph parazyd.org 70 1README /git/coffin/file/README.md.gph parazyd.org 70 1LICENSE /git/coffin/file/LICENSE.gph parazyd.org 70 i--- Err parazyd.org 70 1commit b51b18dfcb05b9a27dcf56a8e6d7e319da794d0c /git/coffin/commit/b51b18dfcb05b9a27dcf56a8e6d7e319da794d0c.gph parazyd.org 70 1parent 1806989bd2345e4b85ce7cfa552ee0eb9fc4e0a6 /git/coffin/commit/1806989bd2345e4b85ce7cfa552ee0eb9fc4e0a6.gph parazyd.org 70 hAuthor: parazyd URL:mailto:parazyd@dyne.org parazyd.org 70 iDate: Tue, 29 Mar 2016 18:45:59 +0200 Err parazyd.org 70 i Err parazyd.org 70 iupdated docs Err parazyd.org 70 i Err parazyd.org 70 iDiffstat: Err parazyd.org 70 i M README.md | 86 ++++++++++++++++++++++++++++++- Err parazyd.org 70 i M conf/README | 25 ++++++++++++++++++++++--- Err parazyd.org 70 i M conf/webdav.skel | 2 +- Err parazyd.org 70 i M helpers/gmakehook | 16 ++++++++++------ Err parazyd.org 70 i Err parazyd.org 70 i4 files changed, 117 insertions(+), 12 deletions(-) Err parazyd.org 70 i--- Err parazyd.org 70 1diff --git a/README.md b/README.md /git/coffin/file/README.md.gph parazyd.org 70 it@@ -27,10 +27,92 @@ Run `make install` as root in order to install and configure your Err parazyd.org 70 i device. Err parazyd.org 70 i Err parazyd.org 70 i ## Notes Err parazyd.org 70 i-* `gmakehook` can be used to create coffin hooks in a more user-friendly Err parazyd.org 70 i- manner. It is a GUI (zenity) helper script. Err parazyd.org 70 i+* The initscript is not yet finished, so you will have to start coffin manually, Err parazyd.org 70 i+ by entering the `src/` directory and running (as root) `./mourner` Err parazyd.org 70 i Err parazyd.org 70 i ## Usage Err parazyd.org 70 i+After installation, you will end up with an initscript in Err parazyd.org 70 i+/etc/init.d/coffin Err parazyd.org 70 i+You can start coffin by issuing `/etc/init.d/coffin start` and the watch Err parazyd.org 70 i+script will begin to watch your /dev for new devices. Err parazyd.org 70 i+ Err parazyd.org 70 i+### Hooks Err parazyd.org 70 i+Hooks are oneliners written on your USB key which will trigger actions Err parazyd.org 70 i+on the coffin depending on their content. You can either create them Err parazyd.org 70 i+manually or use ready scripts (GUI or CLI) from the `helpers` directory. Err parazyd.org 70 i+Those scripts are interactive and self-explanatory so I shan't document Err parazyd.org 70 i+them here. However, if you wish to create your hooks manually, continue Err parazyd.org 70 i+reading. Actually, read anyway, it will give you insight on how coffin Err parazyd.org 70 i+works. Err parazyd.org 70 i+ Err parazyd.org 70 i+#### Hook syntax Err parazyd.org 70 i+``` Err parazyd.org 70 i+action:userName:tombName:options Err parazyd.org 70 i+``` Err parazyd.org 70 i+So far there are only two actions (create, delete) but more are to be Err parazyd.org 70 i+added in the future. Err parazyd.org 70 i+To create a hook, add one or more to the `.coffin` directory in a file Err parazyd.org 70 i+called `hook`. Separate each hook with a newline. Err parazyd.org 70 i+##### Create hook Err parazyd.org 70 i+``` Err parazyd.org 70 i+create:userName:tombName:tombSize:features Err parazyd.org 70 i+create:undertaker:myAwesomeCrypt:50:webdav:sshfs Err parazyd.org 70 i+``` Err parazyd.org 70 i+So, to create a tomb, you will have to choose a username, a tomb name Err parazyd.org 70 i+and the size of your choice (in MiB). This is the bare minimum. Err parazyd.org 70 i+There are also features like `webdav` or `sshfs` that can be used to Err parazyd.org 70 i+access your files. Err parazyd.org 70 i+Currently implemented features: Err parazyd.org 70 i+* WebDAV Err parazyd.org 70 i+* SSHFS Err parazyd.org 70 i+ Err parazyd.org 70 i+Important note is that if you use any of the features listed above you Err parazyd.org 70 i+will have to add according files as well. For more info, please consult Err parazyd.org 70 i+the README file inside the `conf/` directory. Err parazyd.org 70 i+ Err parazyd.org 70 i+##### Delete hook Err parazyd.org 70 i+``` Err parazyd.org 70 i+delete:userName:tombName Err parazyd.org 70 i+delete:undertaker:myAwesomeCrypt Err parazyd.org 70 i+``` Err parazyd.org 70 i+To delete an existing tomb, you will have to reuse your username you Err parazyd.org 70 i+used to create that tomb, and the tomb's name. You will also have to Err parazyd.org 70 i+have the tomb's keyfile along with it in order to delete your stuff. Err parazyd.org 70 i+Coffin will automatically delete your WebDAV info, but will keep the ssh Err parazyd.org 70 i+key if there is any. Err parazyd.org 70 i+ Err parazyd.org 70 i+#### Okay, I made a hook (I think?). What do I do now? Err parazyd.org 70 i+Provided it's correct, just plug your USB key to a box running coffin Err parazyd.org 70 i+and the magic happens. Coffin will recognize if there are any hooks and Err parazyd.org 70 i+perform according actions. After your first tomb is created, you can Err parazyd.org 70 i+plug the USB key back into your computer and there you will find some Err parazyd.org 70 i+new files coffin needs to work correctly. Err parazyd.org 70 i+ Err parazyd.org 70 i+##### ttab Err parazyd.org 70 i+The ttab is a file holding info on your tombs. It's syntax is Err parazyd.org 70 i+supersimple: Err parazyd.org 70 i+``` Err parazyd.org 70 i+userName:tombName:dostuff Err parazyd.org 70 i+undertaker:myAwesomeCrypt:true Err parazyd.org 70 i+``` Err parazyd.org 70 i+You already recognize your username and tomb name. The third part is a Err parazyd.org 70 i+boolean value, telling coffin to either do stuff with this tomb or leave Err parazyd.org 70 i+it alone (ex: to open/close or not to open/close). You will have to edit Err parazyd.org 70 i+this value manually if you wish to do anything. The default value on a Err parazyd.org 70 i+newly created tomb is `true`. Err parazyd.org 70 i+ Err parazyd.org 70 i+Whether you've changed this value or not, you can plug your key back Err parazyd.org 70 i+into the coffin box and depending on the boolean value, coffin could Err parazyd.org 70 i+close your tomb and make your files unreadable and encrypted :) Err parazyd.org 70 i+ Err parazyd.org 70 i+#### How do I access my files? Err parazyd.org 70 i+If you haven't added any features like WebDAV, your only way is Err parazyd.org 70 i+accessing your files the way you accessed your box when installing. Err parazyd.org 70 i+If you've enabled WebDAV, just use a WebDAV client and connect to your Err parazyd.org 70 i+box with `https://addressof.coffin/tombName`. The SSL certificate was Err parazyd.org 70 i+generated on installation and the fingerprint was shown to you. Compare Err parazyd.org 70 i+it now and set it to trusted if everything is okay. Login with the info Err parazyd.org 70 i+you provided when creating your tomb's hook. Err parazyd.org 70 i Err parazyd.org 70 i ## Troubleshooting Err parazyd.org 70 i Err parazyd.org 70 1diff --git a/conf/README b/conf/README /git/coffin/file/conf/README.gph parazyd.org 70 it@@ -1,9 +1,28 @@ Err parazyd.org 70 i-To generate a WebDAV login entry by yourself, issue Err parazyd.org 70 i+Here's some more info on the features Err parazyd.org 70 i Err parazyd.org 70 i+# WebDAV Err parazyd.org 70 i+To generate a WebDAV login entry by yourself, issue the Err parazyd.org 70 i+following command: Err parazyd.org 70 i+ Err parazyd.org 70 i+#################### Err parazyd.org 70 i `echo -n "yourUsername:WebDAV:" \ Err parazyd.org 70 i && echo -n "yourUsername:WebDAV:yourDavPassword" \ Err parazyd.org 70 i | md5sum \ Err parazyd.org 70 i | awk '{print $1}'` Err parazyd.org 70 i+#################### Err parazyd.org 70 i+ Err parazyd.org 70 i+Add it to the 'davpasswd' file which is located in Err parazyd.org 70 i+/etc/apache2/DAV/davpasswd on your coffin box. Or add it now here, Err parazyd.org 70 i+before installation. Err parazyd.org 70 i+ Err parazyd.org 70 i+The file 'webdav.skel' located in this directory is an example entry Err parazyd.org 70 i+for the WebDAV of your tomb. Insert correct info in it, and copy it to Err parazyd.org 70 i+your USB's .coffin directory and name it 'webdav.conf'. You have to do Err parazyd.org 70 i+this every time for each new tomb you create. Err parazyd.org 70 i+Remember to set the ':webdav' feature in your hook ;) Err parazyd.org 70 i Err parazyd.org 70 i-and add the output to 'davpasswd' which is located in the Err parazyd.org 70 i-apache directory. Or add it now here, before installing. Err parazyd.org 70 i+# SSHFS Err parazyd.org 70 i+In order to get SSH access with your new username, copy your SSH Err parazyd.org 70 i+pubkey to your USB's .coffin directory and name it 'tombName.pub' Err parazyd.org 70 i+You only have to do this once-per-username, not for every tomb. Err parazyd.org 70 i+Remember to set the ':sshfs' feature in your hook ;) Err parazyd.org 70 1diff --git a/conf/webdav.skel b/conf/webdav.skel /git/coffin/file/conf/webdav.skel.gph parazyd.org 70 it@@ -9,5 +9,5 @@ alias /yourTombName /media/yourTombName Err parazyd.org 70 i AuthType Digest Err parazyd.org 70 i AuthName WebDAV Err parazyd.org 70 i AuthUserFile /etc/apache2/DAV/davpasswd Err parazyd.org 70 i- Require user yourCoffinUsername Err parazyd.org 70 i+ Require user yourUsername Err parazyd.org 70 i Err parazyd.org 70 1diff --git a/helpers/gmakehook b/helpers/gmakehook /git/coffin/file/helpers/gmakehook.gph parazyd.org 70 it@@ -227,7 +227,11 @@ function _mountkey { Err parazyd.org 70 i sudo mkdir -p $keymount Err parazyd.org 70 i sudo mount $USBKEY $keymount Err parazyd.org 70 i Err parazyd.org 70 i- [[ -d $coffindot ]] || sudo mkdir $coffindot Err parazyd.org 70 i+ sudo chown $UID:$GID $keymount Err parazyd.org 70 i+ Err parazyd.org 70 i+ [[ -d $coffindot ]] || { Err parazyd.org 70 i+ mkdir $coffindot Err parazyd.org 70 i+ } Err parazyd.org 70 i } Err parazyd.org 70 i Err parazyd.org 70 i function _main { Err parazyd.org 70 it@@ -384,15 +388,15 @@ function _create { Err parazyd.org 70 i Err parazyd.org 70 i [[ $feats =~ "webdav" ]] && _writedavinfo Err parazyd.org 70 i [[ $? = 0 ]] && { _zenerr "Error" "Error writing WebDAV info." && exec _main } Err parazyd.org 70 i- [[ -n $sshpubkey ]] && sudo cp $sshpubkey $coffindot/$tombid.pub Err parazyd.org 70 i+ [[ -n $sshpubkey ]] && cp $sshpubkey $coffindot/$tombid.pub Err parazyd.org 70 i [[ $? = 0 ]] && { _zenerr "Error" "Error writing SSH info." && exec _main } Err parazyd.org 70 i Err parazyd.org 70 i- [[ -n $bindhook ]] && print "$bindhook" | sudo tee $coffindot/bindhooks Err parazyd.org 70 i+ [[ -n $bindhook ]] && print "$bindhook" | tee $coffindot/bindhooks Err parazyd.org 70 i [[ $? = 0 ]] && { _zenerr "Error" "Error writing bind-hook info." && exec _main } Err parazyd.org 70 i- [[ -n $posthook ]] && print "$posthook" | sudo tee $coffindot/posthooks Err parazyd.org 70 i+ [[ -n $posthook ]] && print "$posthook" | tee $coffindot/posthooks Err parazyd.org 70 i [[ $? = 0 ]] && { _zenerr "Error" "Error writing post-hook info." && exec _main } Err parazyd.org 70 i Err parazyd.org 70 i- print "create:${UNDERTAKER}:${TOMBNAME}:${TOMBSIZE}:${feats}" | sudo tee $hooks Err parazyd.org 70 i+ print "create:${UNDERTAKER}:${TOMBNAME}:${TOMBSIZE}:${feats}" >> $hooks Err parazyd.org 70 i Err parazyd.org 70 i _umountkey && _zeninfo "Success" "$hooks written successfully!\nPlug the USB key in the coffin to activate it." Err parazyd.org 70 i exec _main Err parazyd.org 70 it@@ -447,7 +451,7 @@ function _delete { Err parazyd.org 70 i [[ $? = 0 ]] && _zeninfo "gmakehook" "Postponing..." && _umountkey && exec _main Err parazyd.org 70 i } Err parazyd.org 70 i Err parazyd.org 70 i- print "delete:${UNDERTAKER}:${TOMBNAME}" | sudo tee $hooks Err parazyd.org 70 i+ print "delete:${UNDERTAKER}:${TOMBNAME}" >> sudo tee $hooks Err parazyd.org 70 i _umountkey && _zeninfo "Success" "$hooks written successfully!\nPlug the USB key in a coffin to activate it." Err parazyd.org 70 i exec _main Err parazyd.org 70 i } Err parazyd.org 70 .