The DroneBL small deployment and development VM
The DroneBL small deployment and development VM is a great way to jump into the maintenance and development process of DroneBL. It is also a great way to learn how the DroneBL system works in general.
The VM is a VMware instance, which can be used with various programs, including the free-as-in-beer VMware Server. It runs Debian Etch, and is configured in a similar way to the actual running configuration of the DroneBL web interface.
The VM contains a fully functional setup of DroneBL's software, including a DNSBL instance running rbldnsd.
You can use the VMware image to:
- Learn more about DroneBL's internals,
- Experiment with the DroneBL software,
- Write patches for DroneBL,
- Run your own blacklist.
Download
Important
This VM is not secure out of the box. Several steps must be manually taken in order to secure it. See the documentation later in this page or embedded into the notes in the VM for instructions on how to deploy the VM securely!
Tour
After downloading the VM tarball and extracting it (bzcat dronebl_vm_2007-10-10.tbz2 | tar xvf
),
open it in VMWare Workstation, Server, or Player. The screenshots for this tour will use
VMware Server for Linux. Here you can see the VM's notes, and you can edit it's networking
configuration.
The default setting is to use NAT, which gives the machine a private subnet that your computer is also on. This is useful for if you are developing on a laptop or other mobile device, which does not always have network access. If you are going to be deploying this in production, you most certaintly want bridged networking instead.
Start the VM up and let it boot. You should see a typical Linux console login prompt. Log in as dronebl with password changeme. If the VM was able to acquire an IP address, you should be able to see it with /sbin/ifconfig. In this example, the VM has been assigned the IP address of 192.168.134.128. Sure enough, if I visit http://192.168.134.128/ in a web browser, I am greeted with a blank DroneBL front page.
So, what works at this point?
- You can send new hosts to the DroneBL server using an RPC key.
- To find out the RPC key, click on Administrate in the DroneBL web interface, and login using admin and changeme. Then go to RPCKey Manager and make a note of the one registered there.
- Then you can submit new hosts to DroneBL by sending a POST request which is compliant with the RPC documentation. If you do not include a valid RPC key, the RPC call will be dropped.
- You can add new posts and remove posts to the DroneBL blogging module.
- You can generate and revoke RPC keys.
- You can generate graphs.
- You can generate an activity log.
- You can search for and remove hosts.
- If you configure the mail server, you can set up BOPM reporting.
Securing the VM
If you are going to use the DroneBL instance in production, you absolutely must secure it. To secure the machine, please follow the following instructions:
Generate a new sshd public/private keypair:
rm /etc/ssh/sshd_*key*; dpkg-reconfigure openssh-server
. This step is important, as the SSH key is already generated in the DroneBL instance.Change the MySQL root password: The MySQL root password is
dronebl
. You should change this to a more secure password. To do so, usemysqladmin -p password <your password here>
. You will be prompted for your old password -- enter it. Once you hit return, the password will be changed.Revoke all of the default RPC keys: Go to the DroneBL RPCKey Manager (/admin/rpckey), and revoke any keys listed. You can then grant new keys which can be trusted.
Drop the DroneBL default admin user: As there is no User Manager yet, you will need to go into the mysql console (
mysql -p dronebl -u root
) and run the following query:DELETE FROM `users` WHERE username=admin;
Change the root and dronebl user passwords:
su -c 'passwd root && passwd dronebl'
. You will be asked to enter the root password (changeme
) and set new ones.Move the rbldnsd node to a secure location: Because rbldnsd is a DDoS risk, you should move it to another location to ensure that the web interface is not attacked.
Other things to consider changing
Choose a different logo (/images/dronebl-logo.png).
Consider editing some of the documentation.
Help with the VM
If you have problems or questions about the VM, you might consider asking in the official
DroneBL IRC channel (irc.atheme.org #dronebl
). Good luck with your use of the DroneBL software
and small deployment VM!