Hello everybody!

Is there actually anything to consider when I have MysticBBS mounted on a remote storage NAS (NFS or iSCSI) on my Linux? Regarding semaphore integration or customizations that this works without problems?

Best regards

Alisha

--- GoldED+/LNX 1.1.5--b20170303
* Origin: ----> Alisha Stutz -> bufferzone.abad1dea.to (2:301/1)

Hello Alisha!

On 28 Oct 2022, Alisha Stutz said the following...

Is there actually anything to consider when I have MysticBBS mounted on a remote storage NAS (NFS or iSCSI) on my Linux? Regarding semaphore integration or customizations that this works without problems?

I ran my Mystic home on an SMB share for quite some time, and it seemed to work well. If you have trashcan functionality/recycled folders enabled on your share in one way or another, log changes, message base updates (and associated relinking) might yield lots of copies of old files, but other than that, I think it should work just fine.

I still have my message bases and file bases on an SMB share, but let the Mystic home (including logs) reside on local disk now.

Best regards
Zip

--- Mystic BBS v1.12 A48 2022/07/15 (Linux/64)
* Origin: Star Collision BBS, Uppsala, Sweden (21:1/202)

Hello Alisha, i have all mystic folders and datas on my NAS connected throught NFS and all work fine, semaphore also... I don't know why but semaphores are recognized and start the incoming and toss procedures.
Maybe they don't use inotify?

--- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
* Origin: REtrogaming ACTivities (REACT) BBS (21:4/183)

Hello everybody!

Is there actually anything to consider when I have MysticBBS mounted on a remote storage NAS (NFS or iSCSI) on my Linux? Regarding semaphore integration or customizations that this works without problems?

This is just ME, as Mystic is safe - but I wouldn't wanna run any service that has users connecting to it from such a secure machine. If some user did get in, a NAS seems like the last thing I'd want them to have any access to. Sure, I know a smart sysOp can protect - but I'd much rather have my bbS on a Raspberry Pi, old computer that only runs it - or something less important. :P



|07p|15AULIE|1142|07o
|08.........

--- Mystic BBS v1.12 A48 2022/07/15 (Linux/64)
* Origin: 2o fOr beeRS bbs>>>20ForBeers.com:1337 (21:2/150)

This is just ME, as Mystic is safe - but I wouldn't wanna run any
service that has users connecting to it from such a secure machine. If some user did get in, a NAS seems like the last thing I'd want them to have any access to. Sure, I know a smart sysOp can protect - but I'd
much rather have my bbS on a Raspberry Pi, old computer that only runs
it - or something less important. :P

Yeah, I have similar concerns with a BBS :) I run mine in a cloud VPS for this specific reason.

I'm pretty opposed to the idea of opening up my home firewall. Even if I had some kind of BBS VLAN, it would still be me allowing external connections into my home, which is simply something I am not a fan of.

--- Mystic BBS v1.12 A48 2022/07/11 (Linux/64)
* Origin: m O N T E R E Y b B S . c O M (21:4/173)

On 02 Nov 2022, paulie420 said the following...

This is just ME, as Mystic is safe - but I wouldn't wanna run any
service that has users connecting to it from such a secure machine. If some user did get in, a NAS seems like the last thing I'd want them to have any access to. Sure, I know a smart sysOp can protect - but I'd
much rather have my bbS on a Raspberry Pi, old computer that only runs
it - or something less important. :P

I agree with Paulie here, that is why I run all of my BBS' in seperate VM's All on their own separate VLan which can not access my main Lan but my main Lan can access the VLan. If you want to put it on a NAS, I suggest using a VM to do so, I know Synology offers Virtual Machine support, or Docker. This way you can access your BBS' via your NAS but the BBS will not be accessing your NAS, I used to store my Message Bases, and File Bases on my NAS I still have my File bases on it. Only thing is i Idon't give it anything else but a shared directory..

... A Mystic asking for a hot-dog: "Make me one with everything"

--- Mystic BBS v1.12 A48 2022/07/15 (Linux/64)
* Origin: The Wrong Number Family Of BBS' - Wrong Number ][ (21:4/131)

This is just ME, as Mystic is safe - but I wouldn't wanna run any service that has users connecting to it from such a secure machine. I some user did get in, a NAS seems like the last thing I'd want them t have any access to. Sure, I know a smart sysOp can protect - but I'd much rather have my bbS on a Raspberry Pi, old computer that only run it - or something less important. :P

I agree with Paulie here, that is why I run all of my BBS' in seperate VM's All on their own separate VLan which can not access my main Lan but my main Lan can access the VLan. If you want to put it on a NAS, I
suggest using a VM to do so, I know Synology offers Virtual Machine support, or Docker. This way you can access your BBS' via your NAS but
the BBS will not be accessing your NAS, I used to store my Message
Bases, and File Bases on my NAS I still have my File bases on it. Only thing is i Idon't give it anything else but a shared directory..

Ahh, thats a decent idea if they really wanna use that NAS machine. Throw it in a docker and lock it up... or a VM as you said. Good ideas..



|07p|15AULIE|1142|07o
|08.........

--- Mystic BBS v1.12 A48 2022/07/15 (Linux/64)
* Origin: 2o fOr beeRS bbs>>>20ForBeers.com:1337 (21:2/150)

On 07 Nov 2022, paulie420 said the following...

Ahh, thats a decent idea if they really wanna use that NAS machine.
Throw it in a docker and lock it up... or a VM as you said. Good ideas..

Thanks bud.. My son who is a security minded guy has been complaining to me that I have these ports open to the public, when I said they are BBS' his answer was yea so?!? So when I got my Ubiquiti Dream Router I decided to do things right and create a separate VLAN for all of my BBS'.. He has been pushing me more and more towards learning Docker (I know it is easy to understand) to just containerize everything and keep it as you say locked away, but my set up is I have a computer which runs all of the VM's in Proxmox, then backs up to an Xpenology NAS,which is also on the same VLAN as the BBS machine. Everything is away from my main lan.. Ohwell..

Al

... There are three kinds of people: Those who can count, and those who can't

--- Mystic BBS v1.12 A48 2022/07/15 (Linux/64)
* Origin: The Wrong Number Family Of BBS' - Wrong Number ][ (21:4/131)

Thanks bud.. My son who is a security minded guy has been complaining to me that I have these ports open to the public, when I said they are BBS' his answer was yea so?!? So when I got my Ubiquiti Dream Router I
decided to do things right and create a separate VLAN for all of my
BBS'.. He has been pushing me more and more towards learning Docker (I know it is easy to understand) to just containerize everything and keep
it as you say locked away, but my set up is I have a computer which runs all of the VM's in Proxmox, then backs up to an Xpenology NAS,which is also on the same VLAN as the BBS machine. Everything is away from my
main lan.. Ohwell..

Docker isn't a panacea for security, just keep in mind that if your user is part of the 'docker' group, it's possible to break out of the docker container and do things as root.

In other words, make sure it's configured in a secure manner, don't just assume it's safe :)

--- Mystic BBS v1.12 A48 2022/07/11 (Linux/64)
* Origin: m O N T E R E Y b B S . c O M (21:4/173)

Re: Re: MysticBBS on NAS (NFS or iSCSI)
By: esc to Bucko on Tue Nov 08 2022 06:18 pm

Howdy,

Docker isn't a panacea for security, just keep in mind that if your user is part of the 'docker' group, it's possible to break out of the docker container and do things as root.

I see and hear many people think "docker" = "not secure" - primarily because of the lack of understanding of this docker group.

For clarity:
https://docs.docker.com/engine/security

Is a must read for anybody concerned (or doesnt understand) docker security.

Like anything deployed on a publically network connected system, you should understand the security around what you are deploying before trusting it implicitly.

That said, I've been primarily using docker for many years now, on many systems, and I've never been compromised. In fact, I think the last time I was compromised (probably 10+ years ago now) I concluded that they got in via a vulnerability in SSH (that machine only had ssh and nginx on it).


...ëîåï
--- SBBSecho 3.15-Linux
* Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

I see and hear many people think "docker" = "not secure" - primarily because of the lack of understanding of this docker group.

Per docker's own documentation:

"Warning: The docker group grants privileges equivalent to the root user. For details on how this impacts security in your system, see Docker Daemon Attack Surface."

Docker containers also share the same kernel as the host as well as a number of other resources. So yes, it's containerized, but not like...qemu, for example.

Anyway Docker is a very common attack surface due to how widespread it is. When doing pentests it has always been one of the initial details to enumerate. *shrug*

I think the confusion is people hear "container" and they think everything becomes completely isolated, which is not the case.

Like anything deployed on a publically network connected system, you should understand the security around what you are deploying before trusting it implicitly.

Agreed! I don't think a lot of people do this, though. :(

That said, I've been primarily using docker for many years now, on many systems, and I've never been compromised. In fact, I think the last time
I was compromised (probably 10+ years ago now) I concluded that they got in via a vulnerability in SSH (that machine only had ssh and nginx on
it).

Nice. I was compromised a number of years ago because of php. Go figure. :/

--- Mystic BBS v1.12 A48 2022/07/11 (Linux/64)
* Origin: m O N T E R E Y b B S . c O M (21:4/173)

On 08 Nov 2022, esc said the following...

Docker isn't a panacea for security, just keep in mind that if your user is part of the 'docker' group, it's possible to break out of the docker container and do things as root.

In other words, make sure it's configured in a secure manner, don't just assume it's safe :)

Thanks for the tips,, I don't know anything about it and haven't played with it much.. One of these days I will.. ;)

... THE fIRST sTEP iS tO tAKE oFF tHE cAPS lOCK

--- Mystic BBS v1.12 A48 2022/07/15 (Linux/64)
* Origin: The Wrong Number Family Of BBS' - Wrong Number ][ (21:4/131)

Thanks bud.. My son who is a security minded guy has been complaining to me that I have these ports open to the public, when I said they are BBS' his answer was yea so?!? So when I got my Ubiquiti Dream Router I
decided to do things right and create a separate VLAN for all of my
BBS'.. He has been pushing me more and more towards learning Docker (I know it is easy to understand) to just containerize everything and keep
it as you say locked away, but my set up is I have a computer which runs all of the VM's in Proxmox, then backs up to an Xpenology NAS,which is also on the same VLAN as the BBS machine. Everything is away from my
main lan.. Ohwell..

IMO the vlan is super important for sysOps; I think every sysOp should be running their own router w/ software that sandboxes the board... I bet less than half (guess) do so the correct way - I didn't have a PfSense for a couple years w/ 2o.... oops.



|07p|15AULIE|1142|07o
|08.........

--- Mystic BBS v1.12 A48 2022/07/15 (Linux/64)
* Origin: 2o fOr beeRS bbs>>>20ForBeers.com:1337 (21:2/150)

Re: Re: MysticBBS on NAS (NFS or iSCSI)
By: paulie420 to Alisha Stutz on Wed Nov 02 2022 15:48:35

Hello everybody!

Is there actually anything to consider when I have MysticBBS mounted on remote storage NAS (NFS or iSCSI) on my Linux? Regarding semaphore integration or customizations that this works without problems?

This is just ME, as Mystic is safe - but I wouldn't wanna run any service th has users connecting to it from such a secure machine. If some user did get a NAS seems like the last thing I'd want them to have any access to. Sure, I know a smart sysOp can protect - but I'd much rather have my bbS on a Raspbe Pi, old computer that only runs it - or something less important. :P

|07p|15AULIE|1142|07o
|08.........

Yeah, I run Mystic on a Pi4, as well as hosting a website for the bbs.. That's all it does.

And for some reason, i can't configure ssh, or can't get it as a login to Mystic, despite everyting as far as I know is loaded correctly.
---
þ Synchronet þ Mutiny BBS - mutinybbs.com - telnet:2332 - ssh:2232
* Origin: fsxNet FTN<>QWK Gateway (21:4/10)

On 12 Nov 2022, Capt Kirk said the following...

Yeah, I run Mystic on a Pi4, as well as hosting a website for the bbs.. That's all it does.


And for some reason, i can't configure ssh, or can't get it as a login to Mystic, despite everyting as far as I know is loaded correctly.
---

Make sure you have the correct cryptlib installed, When I moved my BBS from Windows to Linux I lost SSH connections, AND lost email sending for password resets and access upgrades. I found a post on the Fido Mystic Echo where Alysha (can't remember her last name) came up with a fix to assembling it. I will look for it and post it here. 3.x.6 does not work and 3.x.4 does not work either. It must be the 3.x.5 I can't remember the version number thus the x in the numbers. I will post what I find here so fsxNet folk can use the fix..

This fix will give you SSH and fix the gmail send mail routines..

... Electricity is really just organized lightning.

--- Mystic BBS v1.12 A48 2022/07/15 (Linux/64)
* Origin: The Wrong Number Family Of BBS' - Wrong Number ][ (21:4/131)

Ok here is the fix from Alysha.. ------------------------------------------------------------------------------ sudo apt-get update
sudo apt-get install build-essential
sudo apt-get install gcc-9 g++-9
sudo apt-get install zip unzip
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-9 9
sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-9 9
wget http://www.mysticbbs.com/downloads/cl345.zip
mkdir cl345
cd cl345
unzip -ax ../cl345.zip
sudo make shared
sudo mv libcl.so.3.4.5 /usr/lib/libcl.so
sudo rm /mystic/data/ssl.cert
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-11 11
sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-11 11
reboot the system

Follow these instructions and cryptlib 3.4.5 will work perfect...

Al

... A Skydiver is taken by the gravity of his situation.

--- Mystic BBS v1.12 A48 2022/07/15 (Linux/64)
* Origin: The Wrong Number Family Of BBS' - Wrong Number ][ (21:4/131)

Yeah, I run Mystic on a Pi4, as well as hosting a website for the bbs.. That's all it does.

And for some reason, i can't configure ssh, or can't get it as a login to Mystic, despite everyting as far as I know is loaded correctly.

Did you install cryptlib, per the Mystic Wiki?

And, are you running Mystic as root or another user? non-root users can't bind to ports at times; one of the reasons my SSH is on port 1338.



|07p|15AULIE|1142|07o
|08.........

--- Mystic BBS v1.12 A48 2022/07/15 (Linux/64)
* Origin: 2o fOr beeRS bbs>>>20ForBeers.com:1337 (21:2/150)

sudo apt-get update
sudo apt-get install build-essential
sudo apt-get install gcc-9 g++-9
sudo apt-get install zip unzip
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-9 9
sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-9 9
wget http://www.mysticbbs.com/downloads/cl345.zip
mkdir cl345
cd cl345
unzip -ax ../cl345.zip
sudo make shared
sudo mv libcl.so.3.4.5 /usr/lib/libcl.so
sudo rm /mystic/data/ssl.cert
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-11 11 sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-11 11 reboot the system

Follow these instructions and cryptlib 3.4.5 will work perfect...

I'm getting errors regarding my instruction type x86-64. Does this not support 64bit?

... It said "insert disk #3", but only two will fit...

--- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
* Origin: Clutch BBS * telnet://bbs.clutchbbs.com (21:1/199)

Ok here is the fix from Alysha..

I'm not sure I would recommend this fix - there are ways to fix the cryptlib package itself without changing your entire build system.

I'll see if I can get access to the wiki and update with instructions for fixing the cryptlib source so that it compiles.

--- Mystic BBS v1.12 A48 2022/07/11 (Linux/64)
* Origin: m O N T E R E Y b B S . c O M (21:4/173)

I'm not sure I would recommend this fix - there are ways to fix the cryptlib package itself without changing your entire build system.

I found a precompiled version that appears to work for SSH... I'm still experimenting myself with it.

... Hard work never killed anyone but why take a risk?

--- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
* Origin: Clutch BBS * telnet://bbs.clutchbbs.com (21:1/199)

On 13 Nov 2022, niter3 said the following...

I'm getting errors regarding my instruction type x86-64. Does this not support 64bit?

Worked fine in Debian.. Not sure why it is giving you issues, it works on 64bit with no issues...

... If at first you don't succeed, blame your parents!

--- Mystic BBS v1.12 A48 2022/07/15 (Linux/64)
* Origin: The Wrong Number Family Of BBS' - Wrong Number ][ (21:4/131)

On 13 Nov 2022, esc said the following...

I'm not sure I would recommend this fix - there are ways to fix the cryptlib package itself without changing your entire build system.

I'll see if I can get access to the wiki and update with instructions for fixing the cryptlib source so that it compiles.

Agree with ya, but I posted it since it worked for me and others were having issues.. If you have a better way I am all for it.. :)

... Message encrypted: Press ALT-F4 to read encoded message

--- Mystic BBS v1.12 A48 2022/07/15 (Linux/64)
* Origin: The Wrong Number Family Of BBS' - Wrong Number ][ (21:4/131)

I'm getting errors regarding my instruction type x86-64. Does this no support 64bit?

I had to modify the config/make file in regards to it checking for x86-64 somehow. It had to do with the AMD-64 bit debian linux I use. Once I lookup and post what I modified for it to compile I will try to reply and post it here.


Insomnia City BBS SysOp
Kalamazoo, MI USA
bbs.farcasternet.org Telnet 23, SSH 2222

... APPLE: It may be slow, but at least it's expensive.

--- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
* Origin: Insomnia City BBS - Kalamazoo, MI (21:1/156)

On 13 Nov 2022 at 05:05p, esc pondered and said...

I'll see if I can get access to the wiki and update with instructions for fixing the cryptlib source so that it compiles.

Let me know what you want added and I can help with that.

Prob best to email it to me thanks :)

Kerr Avon [Blake's 7] 'I'm not expendable, I'm not stupid and I'm not going' avon[at]bbs.nz | bbs.nz | fsxnet.nz

--- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

Re: Re: MysticBBS on NAS (NFS or iSCSI)
By: Bucko to Capt Kirk on Sun Nov 13 2022 07:49:29

On 12 Nov 2022, Capt Kirk said the following...

Yeah, I run Mystic on a Pi4, as well as hosting a website for the bbs.. That's all it does.

And for some reason, i can't configure ssh, or can't get it as a login Mystic, despite everyting as far as I know is loaded correctly.
---

Make sure you have the correct cryptlib installed, When I moved my BBS from Windows to Linux I lost SSH connections, AND lost email sending for password resets and access upgrades. I found a post on the Fido Mystic Echo where Aly (can't remember her last name) came up with a fix to assembling it. I will l for it and post it here. 3.x.6 does not work and 3.x.4 does not work either. must be the 3.x.5 I can't remember the version number thus the x in the numbers. I will post what I find here so fsxNet folk can use the fix..

This fix will give you SSH and fix the gmail send mail routines..

... Electricity is really just organized lightning.

I never had Mystic on Windows, as I can't stand Windows.. anyway, Cryptlib is the problem I am having with Mystic, I tried doing the compiled one and
tting it in /usr/lib. When I say compiled one, i mean the already compiled one available, libcl.so that doesn't work, tried comipling it with "make
... sorry, "sudo make shared" anapparently can't get buildall.sh.. I do have the compiler installed..
---
þ Synchronet þ Mutiny BBS - mutinybbs.com - telnet:2332 - ssh:2232
* Origin: fsxNet FTN<>QWK Gateway (21:4/10)

Re: Re: MysticBBS on NAS (NFS or iSCSI)
By: Bucko to Capt Kirk on Sun Nov 13 2022 07:54:33

Ok here is the fix from Alysha.. ---------------------------------------------------------------------------- sudo apt-get update
sudo apt-get install build-essential
sudo apt-get install gcc-9 g++-9
sudo apt-get install zip unzip
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-9 9
sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-9 9
wget http://www.mysticbbs.com/downloads/cl345.zip
mkdir cl345
cd cl345
unzip -ax ../cl345.zip
sudo make shared
sudo mv libcl.so.3.4.5 /usr/lib/libcl.so
sudo rm /mystic/data/ssl.cert
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-11 11
sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-11 11 reboot the system

Follow these instructions and cryptlib 3.4.5 will work perfect...

Al

... A Skydiver is taken by the gravity of his situation.

I posted an answer before I saw this, I will give it a shot when I log out of here.
---
þ Synchronet þ Mutiny BBS - mutinybbs.com - telnet:2332 - ssh:2232
* Origin: fsxNet FTN<>QWK Gateway (21:4/10)

On 14 Nov 2022, Capt Kirk said the following...

I posted an answer before I saw this, I will give it a shot when I log out of here.

It's a lot of extra work to get it to compile like someone else said changing the builder is not the way to go about it but for me it worked. 3.4.6 compiles perfectly with the latest build tools, 3.4.5 doesn't, there was another post around which changed a couple of lines to something else and it built, but SSL support was no good as the sending a password reset email via gmail did not work. Good luck and let us know how it goes...

Al

... The dog ate my .REP packet

--- Mystic BBS v1.12 A48 2022/07/15 (Linux/64)
* Origin: The Wrong Number Family Of BBS' - Wrong Number ][ (21:4/131)

Re: Re: crypo redux
By: Bucko to Capt Kirk on Mon Nov 14 2022 18:48:55

On 14 Nov 2022, Capt Kirk said the following...

I posted an answer before I saw this, I will give it a shot when I lo out of here.

It's a lot of extra work to get it to compile like someone else said changin the builder is not the way to go about it but for me it worked. 3.4.6 compil perfectly with the latest build tools, 3.4.5 doesn't, there was another post around which changed a couple of lines to something else and it built, but S support was no good as the sending a password reset email via gmail did not work. Good luck and let us know how it goes...

Al

... The dog ate my .REP packet

Ok, I got it running.... SSH, here was my problem all along.. I would download the cryptlib zip file, and unzip it with the graphical interface, when I should have been using Terminal and "unzip -a "... Compiled with Sudo make shared and it ran fine. Go figure...
---
þ Synchronet þ Mutiny BBS - mutinybbs.com - telnet:2332 - ssh:2232
* Origin: fsxNet FTN<>QWK Gateway (21:4/10)