Opened 8 months ago

Closed 7 months ago

#70 closed Task (Done)

Rebuild goodnight with 19.07.7

Reported by: D Delmar Davis Owned by: D Delmar Davis
Priority: Important Milestone: Make Shit Happen / Own Your Shit.
Component: Development Keywords: openwrt
Cc: Joe Dumoulin

Description

And then put it in a box and send it for christs sake.

It's a wonder the old one hasn't been hacked yet.

Build docs at http://www.digithink.com/serverdocs/GoldCoastRouter/
Create updated build doc while you are at it.

Change History (11)

comment:1 Changed 7 months ago by D Delmar Davis

Status: assignedaccepted

comment:2 Changed 7 months ago by D Delmar Davis

Damn,
Had to re clone the repo to get at the current setup.
Configs changed enough to break my initial setup.
Am still setting up the build tree.
Hopefully I can get this out tomorrow.

comment:3 Changed 7 months ago by D Delmar Davis

More significant changes.
They finally added shadow passwords to the core. And syslog has much more capability conflicting with (/incorporating features of?) syslog-ng.

I want to push this back a week.

Joe? Does this work?

comment:4 Changed 7 months ago by D Delmar Davis

Created new repo under https://bitbucket.org/suspectdevicesadmin/goodknight-configuration/src/master/.
Will update docs there before moving the readme to digithink.com/serverdocs

comment:5 Changed 7 months ago by D Delmar Davis

Replicated network and firewall config from current router. Am reviewing some of the new configurations.
Re rebuilding. Also disabled the web-console access to bs2020s idrac. Guess no one else could get it to work either.

comment:6 Changed 7 months ago by D Delmar Davis

I think we have it worked out.

Docs updated at https://bitbucket.org/suspectdevicesadmin/goodknight-configuration/src/master/

Will install the build this evening. If it looks good I will ship it friday.

comment:7 Changed 7 months ago by D Delmar Davis

Seems to work but we missed a build option.
Need to rebuild with CONFIG_BUSYBOX_CONFIG_LOGIN (or whatever the new equiv is)
Not sure if anyone should be able to connect a console and have it be wide open.
That way we have the option of requiring a password.
SEE: https://oldwiki.archive.openwrt.org/doc/howto/serial.console.password

comment:8 Changed 7 months ago by D Delmar Davis

Reviewing the configuration it appears that the current default for CONFIG_BUSYBOX_CONFIG_LOGIN is 'y' so no need to rebuild.
Will test configuration tomorrow.

comment:9 Changed 7 months ago by D Delmar Davis

Under /etc/config/system option ttylogin '1' secures the serial consoe.

Add that to hardening lede doc.

comment:10 Changed 7 months ago by D Delmar Davis

Added postfix satellite configuration (to send mail) but wont be able to test until its in place.
May write an update.sh for it but it would suck if said updates locked us out. So I am on the fence about this.
Will back check the console configuration and set Joe's password to something we can discuss later and which should expire on first login.

Couldn't get git to talk to the bitbucket repo but I'm not too concerned about it.

Should be good to ship this weekend.

comment:11 Changed 7 months ago by D Delmar Davis

Resolution: Done
Status: acceptedclosed
Note: See TracTickets for help on using tickets.