287 lines
9.2 KiB
HTML
287 lines
9.2 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
|
|
<HTML>
|
|
<HEAD>
|
|
<META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.21">
|
|
<TITLE>FBB Packet-radio BBS mini-HOWTO: How to install Protus password utility</TITLE>
|
|
<LINK HREF="FBB-5.html" REL=next>
|
|
<LINK HREF="FBB-3.html" REL=previous>
|
|
<LINK HREF="FBB.html#toc4" REL=contents>
|
|
</HEAD>
|
|
<BODY>
|
|
<A HREF="FBB-5.html">Next</A>
|
|
<A HREF="FBB-3.html">Previous</A>
|
|
<A HREF="FBB.html#toc4">Contents</A>
|
|
<HR>
|
|
<H2><A NAME="s4">4.</A> <A HREF="FBB.html#toc4">How to install Protus password utility</A></H2>
|
|
|
|
<P><EM>Notice: Well, I have been using Protus
|
|
<B>connection filters</B> for a long time now.
|
|
At first, it was the version 3.1/1.2 for DosFBB515c
|
|
and, later, version 3.3 for Dos/WinFBB700. I have
|
|
found Protus as very useful utility because of its
|
|
implementation of automated BBS-to-BBS
|
|
forwarding protection, using MD2 algorithm.
|
|
One of the reasons to cover Protus
|
|
in this document is the fact that its author
|
|
haven't made a manual in English yet. I keep
|
|
trying to translate original manuals
|
|
from Spanish into English, but it is a hard work.
|
|
Any good 'Spanish-to-English'
|
|
translator is welcomed to contact me:
|
|
skoric at eunet dot rs</EM></P>
|
|
|
|
<P>Protus offers several interesting features:</P>
|
|
|
|
<P>
|
|
<UL>
|
|
<LI>It can send a presentation message to
|
|
all users, informing about possibility
|
|
to make users' access more safe,
|
|
|
|
|
|
</LI>
|
|
<LI>It can send messages to users who have
|
|
usual, non-restricted access, informing about
|
|
utility's existence,
|
|
|
|
|
|
</LI>
|
|
<LI>It can send messages to users who have no
|
|
valid access (before disconnecting them),
|
|
|
|
|
|
</LI>
|
|
<LI>It can send messages to new users who have
|
|
connected the BBS for the first time, informing
|
|
them about the password utility.
|
|
|
|
|
|
</LI>
|
|
<LI>It can send messages to users who have entered
|
|
wrong password (before disconnecting them),
|
|
|
|
|
|
</LI>
|
|
<LI>It can inform sysop about almost everything
|
|
related to users' connections (new user on
|
|
the system, unsuccessful connections etc),
|
|
|
|
|
|
</LI>
|
|
<LI>Messages mentioned above could be translated
|
|
into various languages and used similarly as various
|
|
language files that FBB system use,
|
|
|
|
|
|
</LI>
|
|
<LI>Messages mentioned above could be different
|
|
for different BBS ports,
|
|
|
|
|
|
</LI>
|
|
<LI>Protus could be activated/deactivated at various
|
|
intervals of time using CRON.SYS system file,
|
|
|
|
|
|
</LI>
|
|
<LI>Passwords could be managed remotely, using an
|
|
external server, developed by Jose EB5IVB,
|
|
|
|
|
|
</LI>
|
|
<LI>...
|
|
</LI>
|
|
</UL>
|
|
</P>
|
|
|
|
|
|
<P>Well, let's see what should be done in order to
|
|
implement secure access to the FBB packet
|
|
radio BBS, using Protus type of, so called, <EM>c_filter</EM>:</P>
|
|
|
|
<P>
|
|
<UL>
|
|
<LI>Users of Dos/WinFBB versions of Protus
|
|
already know that it is needed to create a new
|
|
directory <B>\FBB\PROTUS</B> where several
|
|
*.PRT files should be placed. In addition, the
|
|
main C_FILT*.DLL files should be copied
|
|
into <B>\FBB\BIN</B> directory, as well as a couple
|
|
of "system", (i.e. config) *.PRT files that are going to
|
|
be within <B>\FBB\SYSTEM</B> directory.
|
|
|
|
|
|
</LI>
|
|
<LI>After the sysop has copied all files into
|
|
their proper locations, it is needed to make
|
|
some configuration. The most important files
|
|
are two "system" ones: <CODE>CONFIG.PRT</CODE> and
|
|
<CODE>USERS.PRT</CODE> that should be carefully
|
|
adopted to any particular situation. Other *.PRT
|
|
files will work as they are in original, but they may
|
|
be translated because they are originated
|
|
in Spanish (those files are just the parts of
|
|
information that are sent to users who
|
|
connect to the BBS). For your information,
|
|
I usually don't care much about, because my
|
|
BBS's are so called "open systems". It means
|
|
they work quite normal for <EM>all</EM> users in the
|
|
same way as they worked <EM>before</EM>
|
|
implementing Protus. Only a couple of callsigns
|
|
have password installed and, when connecting,
|
|
they know what they are doing, so, they don't need
|
|
any additional info. Your mileage may vary.
|
|
|
|
|
|
</LI>
|
|
<LI>So far - so good. After everything mentioned has
|
|
been done, you have to restart your FBB in order
|
|
for Protus utility to be activated. In all
|
|
connections to your BBS (including console),
|
|
you should see a line like this: <B>{PROTUS-4.0}</B>
|
|
just after the well known line [FBB-7.00-AB1FHMRX$]. It
|
|
only gives an information that Protus is active on the
|
|
system. Users of your BBS who don't have
|
|
their passwords, connect just normally as before.
|
|
Users who's callsigns have password implemented,
|
|
are prompted for password just after their connections.
|
|
<PHR><P>
|
|
<LI>The author of Protus, Jesus EB5AGF, has made
|
|
several working "modes" of its utility. It
|
|
is possible for users to have various kinds
|
|
of passwords: a fixed phrase (similar as those you
|
|
are used to when connect to the Internet
|
|
via telephone line, but this way the phrase
|
|
can be masqueraded within the longer answer);
|
|
a changeable answer to the 5 random numbers (just
|
|
like usual FBB sysop's password); a mode
|
|
that uses automatic answer from user's client
|
|
packet programs; implementation of MD2 and
|
|
MD5 algorithms; FBB-to-FBB automatic
|
|
protection etc. FYI, my WinFBB is equipped
|
|
with 16-bit Protus 4.0 (13 August 1999).
|
|
There is also a 32-bit module of the same date
|
|
that would be called from within 32-bit WinFBB
|
|
(I haven't tested those 32-bit applications).</LI>
|
|
</P>
|
|
|
|
<P>
|
|
<LI>Well, the situation regarding working location
|
|
of Protus files under LinFBB is somewhat different.
|
|
I have become familiar to the directory structure
|
|
that DosFBB and WinFBB versions of Protus have
|
|
been using, so I considered that it was enough
|
|
to implement the same directory structure when
|
|
I started the installation of Protus under LinFBB.
|
|
It was wrong. After having pulled out the
|
|
remaining hair, the things started to work, so,
|
|
now I am going to tell you what to do.</LI>
|
|
</P>
|
|
|
|
<P>
|
|
<LI>I have already told you that I have been running
|
|
here both WinFBB under Windows NT and LinFBB
|
|
under Linux (see also <CODE>Linux+WinNT mini-HOWTO</CODE>
|
|
and <CODE>Lilo mini-HOWTO</CODE>). That means all Protus
|
|
stuff has already been installed in a way WinFBB has
|
|
required, except <EM>Linux</EM> executable of
|
|
<EM>c_filter</EM> file. I put that one file into <B>/fbb/bin</B>
|
|
directory and, after the next restart of LinFBB, I got the
|
|
info mentioned above: {PROTUS-4.0}. But the
|
|
password protection was not likely to work.
|
|
I was told by the author to make a new directory
|
|
<B>/var/ax25/fbb/protus</B> and put *.PRT files there.
|
|
I <EM>didn't move</EM> files from <B>\FBB\PROTUS</B>
|
|
but rather <EM>copied</EM> them into the new location,
|
|
because I wanted Protus to continue working under WinFBB
|
|
as before. The utility still didn't want to run, unless I
|
|
<EM>also</EM> copied additional two *.PRT files from
|
|
<B>\FBB\SYSTEM</B> to the same new location
|
|
(<B>/var/ax25/fbb/protus</B>). After I did that, Protus
|
|
became functional.</LI>
|
|
</P>
|
|
|
|
<P>
|
|
<LI>Well, I suppose, the above info would be
|
|
useful for those of you who intend to run
|
|
*both* Windows and Linux FBB's on the same machine.
|
|
For the majority of LinFBB-only users, it is just
|
|
important to make <B>/var/ax25/fbb/protus</B>
|
|
where <EM>all</EM> *.prt files should be placed.
|
|
<EM>Only</EM> c_filter executable should go to
|
|
<B>/fbb/bin</B> and that's it.</LI>
|
|
</P>
|
|
|
|
<P>
|
|
<LI>About FBB-to-FBB protection: *both* partners
|
|
have to install Protus. Password for the
|
|
forwarding partner's callsign must be the
|
|
same at *both* sides of the link. The versions
|
|
of Protus don't need to be the same (neither
|
|
the versions of FBB, neither the operating
|
|
systems, HI!). Anyway, MD5 algorithm will only
|
|
work if both parties have Protus 4.x and
|
|
above (I still don't use that, but it is not
|
|
a problem, because my two boxes, DosFBB-Protus3.3 and
|
|
WinFBB/LinFBB-Protus4.0, make all things OK with MD2).</LI>
|
|
</P>
|
|
|
|
<P>
|
|
<LI>One of the interesting features of Protus is to
|
|
log unsuccessful connections. Due to the
|
|
<EM>different</EM> locations of *.prt files here, I have
|
|
separate logs for WinFBB and LinFBB "c_filtering".
|
|
Those of you who are going to run only one operating
|
|
system and appropriate version of FBB, will have <EM>one</EM>
|
|
complete log of connection errors, users make when try to
|
|
connect your BBS.</LI>
|
|
</P>
|
|
|
|
<P>
|
|
<LI>As it was told earlier, if you implemented
|
|
password protection for only <EM>some</EM> of your
|
|
users (but not for all of them who connect
|
|
normally) - your system is considered as
|
|
the "open" one. It means that will be logged
|
|
only unsuccessful tries to enter the system
|
|
by "protected" callsigns. But, if you decided
|
|
that your BBS can be accessed by <EM>only</EM> those
|
|
callsigns who have Protus password, that
|
|
means your system is the "closed" one.
|
|
Then, there is no way a user could enter your
|
|
FBB unless its callsign has given a password
|
|
within your Protus. Any unauthorized try to
|
|
connect your BBS is also logged.</LI>
|
|
</P>
|
|
|
|
<P>
|
|
<LI>In addition, you may decide to have a "guest"
|
|
access or a "read-only" as <EM>default</EM> for
|
|
some BBS's access ports and/or for users who enter
|
|
the wrong password. Many combinations are possible.
|
|
You could even password protect your own FBB console!</LI>
|
|
</P>
|
|
|
|
<P>
|
|
<LI>To finish with this topic for now, just to
|
|
inform you that my X11 LinFBB is equipped
|
|
with Protus v4.1b7 (15 February 2000). It
|
|
has some minor bugs, for example, it logs
|
|
incoming connections with a SSID of -48 if
|
|
a user doesn't have a SSID at all (of course,
|
|
in such case a SSID of -0 would be expected).</LI>
|
|
</P>
|
|
|
|
</PHR></LI>
|
|
</UL>
|
|
</P>
|
|
|
|
|
|
|
|
<HR>
|
|
<A HREF="FBB-5.html">Next</A>
|
|
<A HREF="FBB-3.html">Previous</A>
|
|
<A HREF="FBB.html#toc4">Contents</A>
|
|
</BODY>
|
|
</HTML>
|