old-www/HOWTO/FBB-4.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
 <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.21">
 <TITLE>FBB Packet-radio BBS mini-HOWTO: How to install Protus password utility</TITLE>
 <LINK HREF="FBB-5.html" REL=next>
 <LINK HREF="FBB-3.html" REL=previous>
 <LINK HREF="FBB.html#toc4" REL=contents>
</HEAD>
<BODY>
<A HREF="FBB-5.html">Next</A>
<A HREF="FBB-3.html">Previous</A>
<A HREF="FBB.html#toc4">Contents</A>
<HR>
<H2><A NAME="s4">4.</A> <A HREF="FBB.html#toc4">How to install Protus password utility</A></H2>

<P><EM>Notice: Well, I have been using Protus
<B>connection filters</B> for a long time now. 
At first, it was the version 3.1/1.2 for DosFBB515c
and, later, version 3.3 for Dos/WinFBB700. I have 
found Protus as very useful utility because of its 
implementation of automated BBS-to-BBS
forwarding protection, using MD2 algorithm.
One of the reasons to cover Protus
in this document is the fact that its author
haven't made a manual in English yet. I keep
trying to translate original manuals
from Spanish into English, but it is a hard work.
Any good 'Spanish-to-English'
translator is welcomed to contact me:
skoric at eunet dot rs</EM></P>

<P>Protus offers several interesting features:</P>

<P>
<UL>
<LI>It can send a presentation message to
all users, informing about possibility
to make users' access more safe,


</LI>
<LI>It can send messages to users who have
usual, non-restricted access, informing about 
utility's existence,


</LI>
<LI>It can send messages to users who have no
valid access (before disconnecting them),


</LI>
<LI>It can send messages to new users who have
connected the BBS for the first time, informing
them about the password utility.


</LI>
<LI>It can send messages to users who have entered
wrong password (before disconnecting them),


</LI>
<LI>It can inform sysop about almost everything
related to users' connections (new user on
the system, unsuccessful connections etc),


</LI>
<LI>Messages mentioned above could be translated
into various languages and used similarly as various
language files that FBB system use,


</LI>
<LI>Messages mentioned above could be different
for different BBS ports,


</LI>
<LI>Protus could be activated/deactivated at various
intervals of time using CRON.SYS system file,


</LI>
<LI>Passwords could be managed remotely, using an
external server, developed by Jose EB5IVB,


</LI>
<LI>...
</LI>
</UL>
</P>


<P>Well, let's see what should be done in order to
implement secure access to the FBB packet
radio BBS, using Protus type of, so called, <EM>c_filter</EM>:</P>

<P>
<UL>
<LI>Users of Dos/WinFBB versions of Protus
already know that it is needed to create a new
directory <B>\FBB\PROTUS</B> where several 
*.PRT files should be placed. In addition, the
main C_FILT*.DLL files should be copied
into <B>\FBB\BIN</B> directory, as well as a couple 
of "system", (i.e. config) *.PRT files that are going to 
be within <B>\FBB\SYSTEM</B> directory.


</LI>
<LI>After the sysop has copied all files into
their proper locations, it is needed to make
some configuration. The most important files
are two "system" ones: <CODE>CONFIG.PRT</CODE> and 
<CODE>USERS.PRT</CODE> that should be carefully 
adopted to any particular situation. Other *.PRT 
files will work as they are in original, but they may
be translated because they are originated
in Spanish (those files are just the parts of
information that are sent to users who
connect to the BBS). For your information,
I usually don't care much about, because my
BBS's are so called "open systems". It means
they work quite normal for <EM>all</EM> users in the
same way as they worked <EM>before</EM> 
implementing Protus. Only a couple of callsigns 
have password installed and, when connecting,
they know what they are doing, so, they don't need
any additional info. Your mileage may vary.


</LI>
<LI>So far - so good. After everything mentioned has
been done, you have to restart your FBB in order
for Protus utility to be activated. In all
connections to your BBS (including console),
you should see a line like this: <B>{PROTUS-4.0}</B>
just after the well known line [FBB-7.00-AB1FHMRX$]. It
only gives an information that Protus is active on the
system. Users of your BBS who don't have
their passwords, connect just normally as before.
Users who's callsigns have password implemented,
are prompted for password just after their connections.
<PHR><P>
<LI>The author of Protus, Jesus EB5AGF, has made
several working "modes" of its utility. It
is possible for users to have various kinds
of passwords: a fixed phrase (similar as those you
are used to when connect to the Internet
via telephone line, but this way the phrase
can be masqueraded within the longer answer);
a changeable answer to the 5 random numbers (just
like usual FBB sysop's password); a mode
that uses automatic answer from user's client
packet programs; implementation of MD2 and
MD5 algorithms; FBB-to-FBB automatic
protection etc. FYI, my WinFBB is equipped
with 16-bit Protus 4.0 (13 August 1999).
There is also a 32-bit module of the same date
that would be called from within 32-bit WinFBB
(I haven't tested those 32-bit applications).</LI>
</P>

<P>
<LI>Well, the situation regarding working location
of Protus files under LinFBB is somewhat different.
I have become familiar to the directory structure
that DosFBB and WinFBB versions of Protus have
been using, so I considered that it was enough
to implement the same directory structure when
I started the installation of Protus under LinFBB.
It was wrong. After having pulled out the
remaining hair, the things started to work, so,
now I am going to tell you what to do.</LI>
</P>

<P>
<LI>I have already told you that I have been running 
here both WinFBB under Windows NT and LinFBB 
under Linux (see also <CODE>Linux+WinNT mini-HOWTO</CODE> 
and <CODE>Lilo mini-HOWTO</CODE>). That means all Protus 
stuff has already been installed in a way WinFBB has 
required, except <EM>Linux</EM> executable of 
<EM>c_filter</EM> file. I put that one file into <B>/fbb/bin</B> 
directory and, after the next restart of LinFBB, I got the
info mentioned above: {PROTUS-4.0}. But the
password protection was not likely to work.
I was told by the author to make a new directory 
<B>/var/ax25/fbb/protus</B> and put *.PRT files there. 
I <EM>didn't move</EM> files from <B>\FBB\PROTUS</B> 
but rather <EM>copied</EM> them into the new location, 
because I wanted Protus to continue working under WinFBB 
as before. The utility still didn't want to run, unless I 
<EM>also</EM> copied additional two *.PRT files from 
<B>\FBB\SYSTEM</B> to the same new location
(<B>/var/ax25/fbb/protus</B>). After I did that, Protus 
became functional.</LI>
</P>

<P>
<LI>Well, I suppose, the above info would be
useful for those of you who intend to run
*both* Windows and Linux FBB's on the same machine.
For the majority of LinFBB-only users, it is just
important to make <B>/var/ax25/fbb/protus</B>
where <EM>all</EM> *.prt files should be placed. 
<EM>Only</EM> c_filter executable should go to 
<B>/fbb/bin</B> and that's it.</LI>
</P>

<P>
<LI>About FBB-to-FBB protection: *both* partners
have to install Protus. Password for the
forwarding partner's callsign must be the
same at *both* sides of the link. The versions
of Protus don't need to be the same (neither
the versions of FBB, neither the operating
systems, HI!). Anyway, MD5 algorithm will only
work if both parties have Protus 4.x and
above (I still don't use that, but it is not
a problem, because my two boxes, DosFBB-Protus3.3 and
WinFBB/LinFBB-Protus4.0, make all things OK with MD2).</LI>
</P>

<P>
<LI>One of the interesting features of Protus is to
log unsuccessful connections. Due to the
<EM>different</EM> locations of *.prt files here, I have
separate logs for WinFBB and LinFBB "c_filtering".
Those of you who are going to run only one operating 
system and appropriate version of FBB, will have <EM>one</EM> 
complete log of connection errors, users make when try to
connect your BBS.</LI>
</P>

<P>
<LI>As it was told earlier, if you implemented
password protection for only <EM>some</EM> of your
users (but not for all of them who connect
normally) - your system is considered as
the "open" one. It means that will be logged
only unsuccessful tries to enter the system
by "protected" callsigns. But, if you decided
that your BBS can be accessed by <EM>only</EM> those
callsigns who have Protus password, that
means your system is the "closed" one.
Then, there is no way a user could enter your
FBB unless its callsign has given a password
within your Protus. Any unauthorized try to
connect your BBS is also logged.</LI>
</P>

<P>
<LI>In addition, you may decide to have a "guest" 
access or a "read-only" as <EM>default</EM> for 
some BBS's access ports and/or for users who enter 
the wrong password. Many combinations are possible. 
You could even password protect your own FBB console!</LI>
</P>

<P>
<LI>To finish with this topic for now, just to
inform you that my X11 LinFBB is equipped
with Protus v4.1b7 (15 February 2000). It
has some minor bugs, for example, it logs
incoming connections with a SSID of -48 if
a user doesn't have a SSID at all (of course,
in such case a SSID of -0 would be expected).</LI>
</P>

</PHR></LI>
</UL>
</P>



<HR>
<A HREF="FBB-5.html">Next</A>
<A HREF="FBB-3.html">Previous</A>
<A HREF="FBB.html#toc4">Contents</A>
</BODY>
</HTML>