tyler.durden/glass-isc-dhcp
1
0
Fork 0
mirror of https://github.com/Akkadius/glass-isc-dhcp.git synced 2025-07-29 16:45:48 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Chris Miles 2017-10-04 23:07:45 -05:00 committed by GitHub
parent f56d3cfae6
commit b00eb620c7
1 changed files with 13 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
README.md
View File

@ -138,7 +138,7 @@ curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash -
sudo apt-get install -y nodejs sudo apt-get install -y nodejs
</pre> </pre>
## Install Glass ## Install Glass (as root)
<pre> <pre>
cd /opt cd /opt
git clone https://github.com/Akkadius/glass-isc-dhcp.git git clone https://github.com/Akkadius/glass-isc-dhcp.git
@ -153,26 +153,18 @@ npm start
* For Debian this is all that is needed and Glass should start immediately * For Debian this is all that is needed and Glass should start immediately
* For Ubuntu users - you will have additional Apparmor config to add * For Ubuntu users - you will have additional Apparmor config to add
* **Highly Recommended** to iptables port 3000 to close off Glass if you are facing the public on your server * **Highly Recommended** to iptables port 3000 to close off Glass if you are facing the public on your server
* [Glass Process Keepalive](#glass-process-keepalive)
## Apparmor (Ubuntu LTS) ## Apparmor
* Ubuntu uses AppArmor by default - you will most likely run into file access issues without exemptions * Ubuntu uses AppArmor by default - you will most likely run into file access issues without exemptions
### Option 1) Add file exemptions to apparmor (For glass and dhcpd)
<pre> <pre>
sed -i '/\/etc\/dhcp\/\*\*/a\ \ \/var\/lib\/dhcp\/\*\* lrw,' /etc/apparmor.d/usr.sbin.dhcpd sed -i '/\/etc\/dhcp\/\*\*/a\ \ \/var\/lib\/dhcp\/\*\* lrw,' /etc/apparmor.d/usr.sbin.dhcpd
sed -i '/\/etc\/dhcp\/\*\*/a\ \ \/opt\/glass-isc-dhcp\/\*\* lrw,' /etc/apparmor.d/usr.sbin.dhcpd sed -i '/\/etc\/dhcp\/\*\*/a\ \ \/opt\/glass-isc-dhcp\/\*\* lrw,' /etc/apparmor.d/usr.sbin.dhcpd
service apparmor restart service apparmor restart
</pre> </pre>
### Option 2) Disable completely (not recommended)
<pre>
sudo ln -s /etc/apparmor.d/usr.sbin.dhcpd /etc/apparmor.d/disable/
sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.dhcpd
</pre>
## Glass Configuration ## Glass Configuration
* Glass configuration is stored in **./config/glass_config.json** * Glass configuration is stored in **./config/glass_config.json**
* All of these settings can be edited in both Glass Settings and Glass Alerts within the Web Interface, if you have custom file locations you will need to edit this config file before starting * All of these settings can be edited in both Glass Settings and Glass Alerts within the Web Interface, if you have custom file locations you will need to edit this config file before starting
@ -198,6 +190,16 @@ sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.dhcpd
} }
</pre> </pre>
## Glass Process Keepalive
* To keep your server alive through reboots, possible crashes and process restarts, we need to use a process monitor and for simplicity we will use NodeJS's **Forever**. Forever is already installed during Glass installation. We will add it to our **crontab**
<pre>
crontab -l > mycrontab
echo "@reboot cd /opt/glass-isc-dhcp && /usr/bin/forever --minUptime 10000 --spinSleepTime 10000 -a -o ./logs/glass-process.log -e ./logs/glass-error.log ./bin/www" >> mycrontab
crontab mycrontab
rm mycrontab
</pre>
## Secure your Server ## Secure your Server
* Glass runs on web port 3000 - if you're going to run this on a production server, make sure that you lock it down from the outside world if anyone can access it. Even if they don't have a password - vulnerabilities can surface at any point in the future and your system becomes a prime target * Glass runs on web port 3000 - if you're going to run this on a production server, make sure that you lock it down from the outside world if anyone can access it. Even if they don't have a password - vulnerabilities can surface at any point in the future and your system becomes a prime target