Catégorie : Non classé

Setup your central rsyslog server

Rsyslog can be configured to receive logs from the network and can then store them in a structured way,
that’s what I suggest you see in this article. Here I am using LINUX DEBIAN machines.

Central server configuration

rsyslog.conf :

– Here we use the rsyslog modules imudp and imtcp which allow the server to listen for rsyslog client connections.
– We will use a template « remote-logs » to create a log file name and its path dynamically.
– We will use « remote-logs » template only if host IP is not the local server ( 127.0.0.1 ).

###################################
# RSYSLOG SERVER CONFIGURATION 
###################################
# /etc/rsyslog.conf configuration file for rsyslog
#
# For more information install rsyslog-doc and see
# /usr/share/doc/rsyslog-doc/html/configuration/index.html

#################
#### MODULES ####
#################

module(load="imuxsock") # provides support for local system logging
module(load="imklog")   # provides kernel logging support
#module(load="immark")  # provides --MARK-- message capability

# provides UDP syslog reception
module(load="imudp")
input(type="imudp" port="514")

# provides TCP syslog reception
module(load="imtcp")
input(type="imtcp" port="514")

# Remote logs directory : (/var/log/remoteservers/[CLIENT]/)
$template remote-logs,"/var/log/remoteservers/%HOSTNAME%/%PROGRAMNAME%.log"

if not($fromhost-ip == '127.0.0.1') then {
*.* ?remote-logs
& ~
}

###########################
#### GLOBAL DIRECTIVES ####
###########################

#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

#
# Set the default permissions for all log files.
#
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022

#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog

#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf


###############
#### RULES ####
###############

#
# First some standard log files.  Log by facility.
#
auth,authpriv.*			/var/log/auth.log
*.*;auth,authpriv.none		-/var/log/syslog
#cron.*				/var/log/cron.log
daemon.*			-/var/log/daemon.log
kern.*				-/var/log/kern.log
lpr.*				-/var/log/lpr.log
mail.*				-/var/log/mail.log
user.*				-/var/log/user.log

#
# Logging for the mail system.  Split it up so that
# it is easy to write scripts to parse these files.
#
mail.info			-/var/log/mail.info
mail.warn			-/var/log/mail.warn
mail.err			/var/log/mail.err

#
# Some "catch-all" log files.
#
*.=debug;\
	auth,authpriv.none;\
	mail.none		-/var/log/debug
*.=info;*.=notice;*.=warn;\
	auth,authpriv.none;\
	cron,daemon.none;\
	mail.none		-/var/log/messages

#
# Emergencies are sent to everybody logged in.
#
*.emerg				:omusrmsg:*

Client server configuration

rsyslog.conf :

###################################
# RSYSLOG CLIENT CONFIGURATION 
###################################
# /etc/rsyslog.conf configuration file for rsyslog
#
# For more information install rsyslog-doc and see
# /usr/share/doc/rsyslog-doc/html/configuration/index.html

#################
#### MODULES ####
#################

module(load="imuxsock") # provides support for local system logging
module(load="imklog")   # provides kernel logging support
#module(load="immark")  # provides --MARK-- message capability

###########################
#### GLOBAL DIRECTIVES ####
###########################

#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

#
# Set the default permissions for all log files.
#
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022

#
# Where to place spool and state files
#
#$WorkDirectory /var/spool/rsyslog

#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf

###############
#### RULES ####
###############

#
# First some standard log files.  Log by facility.
#
auth,authpriv.*			/var/log/auth.log
*.*;auth,authpriv.none		-/var/log/syslog
#cron.*				/var/log/cron.log
daemon.*			-/var/log/daemon.log
kern.*				-/var/log/kern.log
lpr.*				-/var/log/lpr.log
mail.*				-/var/log/mail.log
user.*				-/var/log/user.log

#
# Logging for the mail system.  Split it up so that
# it is easy to write scripts to parse these files.
#
mail.info			-/var/log/mail.info
mail.warn			-/var/log/mail.warn
mail.err			/var/log/mail.err

#
# Some "catch-all" log files.
#
*.=debug;\
	auth,authpriv.none;\
	mail.none		-/var/log/debug
*.=info;*.=notice;*.=warn;\
	auth,authpriv.none;\
	cron,daemon.none;\
	mail.none		-/var/log/messages

#
# Emergencies are sent to everybody logged in.
#
*.emerg				:omusrmsg:*

#CLI configuration : 
#Enable sending system logs over UDP to rsyslog server
*.* @[rsyslog_server]:514
#Enable sending system logs over TCP to rsyslog server
*.* @@[rsyslog_server]:514

It is possible to create a dedicated configuration, for example to change the spool folder, which allows not to modify the main configuration file rsyslog.conf,
To do this we add this file:  /etc/rsyslog.d/01-client.conf

– The client sends its logs to the IP [rsyslog_server].
– The spool folder used (apache log for example) is: /var/log/rsyslogspools
– A quota of 1G is set on it.

#/etc/rsyslog.d/01-client.conf
$WorkDirectory /var/log/rsyslogspools
$ActionQueueFileName fwdRule1
$ActionQueueMaxDiskSpace 1g
$ActionQueueSaveOnShutdown on
$ActionQueueType LinkedList
$ActionResumeRetryCount -1

In the case of an APACHE service, you will have to tell rsyslog where to fetch the data and then send it to the remote rsyslog server : [rsyslog_server]

#/etc/rsyslog.d/02-apache-defaultlog.conf.j2

$ModLoad imfile

# Default Apache Error Log
$InputFileName /var/log/apache2/error.log
$InputFileTag apache-error-default:
$InputFileStateFile apache-error-default
$InputRunFileMonitor

# Default Apache Access Log
$InputFileName /var/log/apache2/access.log
$InputFileTag apache-access-default:
$InputFileStateFile apache-access-default
$InputRunFileMonitor
$InputFilePollInterval 30

if $programname == "apache-error-default" then @@[rsyslog_server]:514
if $programname == "apache-error-default" then ~

if $programname == "apache-access-default" then @@[rsyslog_server]:514
if $programname == "apache-access-default" then ~

And There you go !

 

Update Debian PHP distribution ( 8.2 ).

PHP8.2 is now available, i describe here how to update the debian server with this version.

First i need a list of php install package ( here 8.0 ) :

dpkg -l | grep php8.0 | cut -d ' ' -f 3 > list.txt

I create this script using to convert the list of packages to list of packages to install on the target server :

<?php
#create list of package to upgrade version
#ex:    php up.php --currentversion="php8.0" --newversion="php8.2"
$short_options = "cur:new:";
$long_options = ["currentversion:", "newversion:"];
$options = getopt($short_options, $long_options);

if(empty($options) || !isset($options['currentversion']) || !isset($options['newversion']) ){
        echo "Params:\n";
        print_r($long_options);
        echo "\n";
        return;
}

$fh = fopen('list.txt','r');
while ($line = fgets($fh)) {
  $line=str_replace("\n","",$line);
  $line=str_replace($options['currentversion'],$options['newversion'],$line);

  echo $line." ";


}
fclose($fh);


?>
up.php

Now i create a list of php packages for the target :

# php up.php --currentversion="php8.0" --newversion="php8.2"
libapache2-mod-php8.2 php8.2 php8.2-bcmath php8.2-bz2 php8.2-cli php8.2-common php8.2-curl php8.2-dev php8.2-fpm php8.2-gd php8.2-igbinary php8.2-imagick php8.2-imap php8.2-intl php8.2-ldap php8.2-mbstring php8.2-memcache php8.2-memcached php8.2-msgpack php8.2-mysql php8.2-opcache php8.2-readline php8.2-soap php8.2-sqlite3 php8.2-tidy php8.2-xml php8.2-xmlrpc php8.2-zip

I remove all of old php packages :

# apt-get purge `dpkg -l | grep php| awk '{print $2}' |tr "\n" " "`
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages were automatically installed and are no longer required:
  apache2 apache2-bin apache2-data apache2-utils debhelper dh-autoreconf dh-strip-nondeterminism dwz fonts-droid-fallback fonts-noto-mono ghostscript gsfonts imagemagick-6-common
  intltool-debian libaom0 libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libarchive-cpio-perl libarchive-zip-perl libc-client2007e libdav1d4 libde265-0 libdebhelper-perl
  libfftw3-double3 libfile-stripnondeterminism-perl libgs9 libgs9-common libheif1 libijs-0.35 libjbig2dec0 liblqr-1-0 liblua5.3-0 libmagickcore-6.q16-6 libmagickwand-6.q16-6
  libmail-sendmail-perl libmemcached11 libmemcachedutil2 libnuma1 libonig5 libopenjp2-7 libpaper-utils libpaper1 libpcre2-16-0 libpcre2-32-0 libpcre2-dev libpcre2-posix2 libsodium23
  libssl-dev libsub-override-perl libsys-hostname-long-perl libtidy5deb1 libwebpdemux2 libwebpmux3 libx265-192 libxmlrpc-epi0 libxslt1.1 libzip4 mlock pkg-config po-debconf poppler-data
  shtool ttf-dejavu-core
Use 'sudo apt autoremove' to remove them.
The following packages will be REMOVED:
  libapache2-mod-php7.4* libapache2-mod-php8.0* libapache2-mod-php8.1* php-common* php-imagick* php-memcache* php-memcached* php-msgpack* php-pear* php5.6-memcache* php7.0-memcache*
  php7.1-memcache* php7.2-memcache* php7.3-memcache* php7.4* php7.4-bcmath* php7.4-bz2* php7.4-cli* php7.4-common* php7.4-curl* php7.4-dev* php7.4-fpm* php7.4-gd* php7.4-igbinary*
  php7.4-imap* php7.4-intl* php7.4-json* php7.4-mbstring* php7.4-memcache* php7.4-mysql* php7.4-opcache* php7.4-readline* php7.4-soap* php7.4-tidy* php7.4-xml* php7.4-xmlrpc* php7.4-zip*
  php8.0* php8.0-bcmath* php8.0-bz2* php8.0-cli* php8.0-common* php8.0-curl* php8.0-dev* php8.0-fpm* php8.0-gd* php8.0-igbinary* php8.0-imagick* php8.0-imap* php8.0-intl* php8.0-ldap*
  php8.0-mbstring* php8.0-memcache* php8.0-memcached* php8.0-msgpack* php8.0-mysql* php8.0-opcache* php8.0-readline* php8.0-soap* php8.0-tidy* php8.0-xml* php8.0-xmlrpc* php8.0-zip*
  php8.1-cli* php8.1-common* php8.1-memcache* php8.1-opcache* php8.1-phpdbg* php8.1-readline* php8.1-sqlite3* pkg-php-tools*
0 upgraded, 0 newly installed, 71 to remove and 21 not upgraded.
After this operation, 95.1 MB disk space will be freed.
Do you want to continue? [Y/n]

I can now install the new version, via the list of packages ( return by up.php ) :

# apt-get install libapache2-mod-php8.2 php8.2 php8.2-bcmath php8.2-bz2 php8.2-cli php8.2-common php8.2-curl php8.2-dev php8.2-fpm php8.2-gd php8.2-igbinary php8.2-imagick php8.2-imap php8.2-intl php8.2-ldap php8.2-mbstring php8.2-memcache php8.2-memcached php8.2-msgpack php8.2-mysql php8.2-opcache php8.2-readline php8.2-soap php8.2-sqlite3 php8.2-tidy php8.2-xml php8.2-xmlrpc php8.2-zip
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following package was automatically installed and is no longer required:
  ttf-dejavu-core
Use 'sudo apt autoremove' to remove it.
The following additional packages will be installed:
  php-common php-pear pkg-php-tools
Suggested packages:
  dh-php dh-make
The following NEW packages will be installed:
  libapache2-mod-php8.2 php-common php-pear php8.2 php8.2-bcmath php8.2-bz2 php8.2-cli php8.2-common php8.2-curl php8.2-dev php8.2-fpm php8.2-gd php8.2-igbinary php8.2-imagick php8.2-imap
  php8.2-intl php8.2-ldap php8.2-mbstring php8.2-memcache php8.2-memcached php8.2-msgpack php8.2-mysql php8.2-opcache php8.2-readline php8.2-soap php8.2-sqlite3 php8.2-tidy php8.2-xml
  php8.2-xmlrpc php8.2-zip pkg-php-tools
0 upgraded, 31 newly installed, 0 to remove and 21 not upgraded.
Need to get 8343 kB/8377 kB of archives.
After this operation, 39.9 MB of additional disk space will be used.
Do you want to continue? [Y/n] Y

That all !

 

 

 

 

 

Recherche de vulnérabilités sous DEBIAN.

Si vous utilisez l’OS DEBIAN, il existe un outil très pratique pour cela, il s’agit de Debsecan.

Voyons voir comment l’utiliser, on commence par installer l’outil :

root@crx-sec01 / # apt-get install debsecan
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
  debsecan
0 upgraded, 1 newly installed, 0 to remove and 25 not upgraded.
Need to get 33.2 kB of archives.
After this operation, 112 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian bullseye/main amd64 debsecan all 0.4.20.1 [33.2 kB]
Fetched 33.2 kB in 0s (688 kB/s)
Preconfiguring packages ...
Selecting previously unselected package debsecan.
(Reading database ... 63992 files and directories currently installed.)
Preparing to unpack .../debsecan_0.4.20.1_all.deb ...
Unpacking debsecan (0.4.20.1) ...
Setting up debsecan (0.4.20.1) ...
setup debsecan

Suivant la distribution on va adapter le nom de la suite :

Debian 11 (Bullseye)
Debian 10 (buster)
Debian 9 (stretch)
Debian 8 (jessie)
Debian 7 (wheezy)
Debian 6.0 (squeeze)

Ensuite on lance un scan :

root@crx-sec01 / # debsecan --suite bullseye
CVE-2021-3447 ansible
CVE-2022-2795 bind9
CVE-2022-2881 bind9
CVE-2022-3080 bind9
CVE-2022-38177 bind9
CVE-2022-38178 bind9
CVE-2022-2795 bind9-dnsutils
CVE-2022-2881 bind9-dnsutils
CVE-2022-3080 bind9-dnsutils
CVE-2022-38177 bind9-dnsutils
CVE-2022-38178 bind9-dnsutils
CVE-2022-2795 bind9-host
CVE-2022-2881 bind9-host
CVE-2022-3080 bind9-host
CVE-2022-38177 bind9-host
CVE-2022-38178 bind9-host
CVE-2022-2795 bind9-libs
CVE-2022-2881 bind9-libs
CVE-2022-3080 bind9-libs
CVE-2022-38177 bind9-libs
CVE-2022-38178 bind9-libs
CVE-2022-2795 bind9-utils
CVE-2022-2881 bind9-utils
CVE-2022-3080 bind9-utils
CVE-2022-38177 bind9-utils
CVE-2022-38178 bind9-utils
CVE-2016-2781 coreutils (low urgency)
CVE-2021-38185 cpio
CVE-2022-35252 curl (fixed)
CVE-2022-2795 dnsutils
CVE-2022-2881 dnsutils
CVE-2022-3080 dnsutils
CVE-2022-38177 dnsutils
CVE-2022-38178 dnsutils
CVE-2022-1664 dpkg (fixed)
CVE-2022-1304 e2fsprogs
CVE-2018-12886 gcc-8-base
CVE-2019-15847 gcc-8-base
CVE-2016-1585 libapparmor1 (low urgency)
.....

Et voilà !   on obtient la liste des vulnérabilités du système, truc pratique on peut obtenir un affichage détaillé :

root@crx-sec01 / # debsecan --suite bullseye --format detail
...
CVE-2022-24919
  An authenticated user can create a link with reflected Javascript code ...
  installed: zabbix-agent 1:5.0.8+dfsg-1
             (built from zabbix 1:5.0.8+dfsg-1)
  fixed in unstable: zabbix 1:6.0.7+dfsg-2 (source package)
  fixed on branch:   zabbix 1:3.0.32+dfsg-0+deb9u3 (source package)
...

Ensuite on peut récupérer une liste des paquets disponibles pour corriger toutes ces failles :

root@crx-sec01 / # debsecan --suite buster --only-fixed --format packages
dpkg
libdns-export1104
libdpkg-perl
libisc-export1100
python3-paramiko
zlib1g

Enfin pour mettre à jour le tout avec cette liste :

root@crx-sec01 / # apt-get install $(debsecan --suite buster --only-fixed --format packages)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
python3-paramiko is already the newest version (2.7.2-1).
python3-paramiko set to manually installed.
libdns-export1104 is already the newest version (1:9.11.5.P4+dfsg-5.1+deb10u5).
libisc-export1100 is already the newest version (1:9.11.5.P4+dfsg-5.1+deb10u5).
Suggested packages:
  debsig-verify debian-keyring gcc | c-compiler binutils patch git bzr
The following packages will be upgraded:
  dpkg libdpkg-perl zlib1g
3 upgraded, 0 newly installed, 0 to remove and 22 not upgraded.
Need to get 0 B/4178 kB of archives.
After this operation, 11.3 kB of additional disk space will be used.
Do you want to continue? [Y/n]

 

Debscan marche aussi sur Ubuntu, pour cela suivez ce guide : https://korben.info/debsecan-cve.html

 

ANSIBET project is launch !

Hello everybody,

I developed a new concept to control the Ansible layer, my project is called « ANSIBET », phylosophy is make my ansible system experience better

The objective of this one is to bring a fast piloting of Ansible by freeing itself from the modification of files and by making more « user friendly » the interface of Ansible.

For the moment it is a « beta » version, the idea being progressively to build an advanced Ansible management system.

https://bastien.barbe.pw/ansibet/

 

Goodbye !

Configuration du NAT pour une machine hyper-v avec Windows 10/11.

Bonjour à tous,

Dans cet article je vais vous parler de configuration NAT pour une VM sous HYPERV avec Windows 10.
L’idée de cette configuration est de permettre le surf Internet d’une machine virtuelle ici DEBIAN LINUX.

hyper_vm_nat_net

1 Contrôle de la navigation Internet de la couche « virtualisation » :

Cette étape bien que facultative vous permet de vous s’assurez que votre machine WSL sort sur Internet,
Notez que ici ma machine WSL est de type « 1 ».

PS C:\Windows\System32\WindowsPowerShell\v1.0> wsl --list --running -v
NAME STATE VERSION
* Debian Running 1

N’utilisant que peu WSL, je commence par changer le mot de passe ROOT :

#Reset root pasword 
#run WINOWS cli 
wsl -u root 
passwd

Un simple ping en root fait l’affaire ensuite :

bba@CT-6SYSFC2:~$ su -
Password:
root@CT-6SYSFC2:~# ping www.google.fr
PING www.google.fr(par21s20-in-x03.1e100.net (2a00:1450:4007:818::2003)) 56 data bytes
64 bytes from par21s20-in-x03.1e100.net (2a00:1450:4007:818::2003): icmp_seq=1 ttl=114 time=16.2 ms
64 bytes from par21s20-in-x03.1e100.net (2a00:1450:4007:818::2003): icmp_seq=2 ttl=114 time=17.8 ms
..

2. Création d’un « v-switch » : 

Je créé ici un switch virtuel que j’appel « NATLINUX » :

New-VMSwitch –SwitchName "NATLINUX" –SwitchType Internal –Verbose

#pour enlever celui ci 
#Remove-VMSwitch -Name "NATLINUX"

Je récupère ensuite l’ID de l’interface de ce SW ici « 14 » :

PS C:\WINDOWS\system32> Get-NetAdapter

Name                      InterfaceDescription                    ifIndex Status       MacAddress             LinkSpeed
----                      --------------------                    ------- ------       ----------             ---------
vEthernet (NATLINUX)      Hyper-V Virtual Ethernet Adapter #3          14 Up           00-15-5D-B0-01-08        10 Gbps

PS C:\WINDOWS\system32>

3. Création de la passerelle NAT et rattachement à la machine virtuelle : 

Je peux ensuite créer la passerelle de NAT via cette commande POWERSHELL :

New-NetIPAddress -IPAddress 172.16.229.10 -PrefixLength 24 -InterfaceIndex 14 -Verbose

Maintenant je « map » ma machine virtuelle LINUX pour utiliser cette passerelle :

Get-VM | Get-VMNetworkAdapter | Connect-VMNetworkAdapter –SwitchName "NATLINUX"

Je précise alors que ma machine virtuelle va sortir par l’adresse IP de cette passerelle NAT pour ceci je créé une règle de NAT :

New-NetNat -Name NATOutsideDebian -InternalIPInterfaceAddressPrefix 172.16.229.0/24

#Pour effacer cette règle : Remove-NetNat

Ensuite je peux lister la règle via cette commande :

PS C:\WINDOWS\system32> Get-NetNat


Name                             : NATNetwork
ExternalIPInterfaceAddressPrefix :
InternalIPInterfaceAddressPrefix : 192.168.1.33/32
IcmpQueryTimeout                 : 30
TcpEstablishedConnectionTimeout  : 1800
TcpTransientConnectionTimeout    : 120
TcpFilteringBehavior             : AddressDependentFiltering
UdpFilteringBehavior             : AddressDependentFiltering
UdpIdleSessionTimeout            : 120
UdpInboundRefresh                : False
Store                            : Local
Active                           : True

Et voilà  :

bba@debian:~$ ping www.google.fr
PING www.google.fr (216.58.214.67) 56(84) bytes of data.
64 bytes from fra15s10-in-f3.1e100.net (216.58.214.67): icmp_seq=1 ttl=119 time=16.5 ms
64 bytes from fra15s10-in-f67.1e100.net (216.58.214.67): icmp_seq=2 ttl=119 time=17.0 ms
64 bytes from fra15s10-in-f67.1e100.net (216.58.214.67): icmp_seq=3 ttl=119 time=16.0 ms
^C
--- www.google.fr ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2004ms
rtt min/avg/max/mdev = 16.034/16.493/16.964/0.379 ms
bba@debian:~$

Il est possible maintenant d’utiliser différents outils comme un serveur X windows pour pouvoir utiliser la GUI de ma machine virtuelle depuis WINDOWS,
Ou encore y accéder et disposer d’une multitude d’outils.

A très bientôt !

 

 

 

Nouvelle interface WEB CRX CLOUD

Bonjour à tous,

Après un peu plus de 4 mois de boulot, la nouvelle interface WEB de CRX est en ligne,
pour le 7ème anniversaire de la version HAM ( et les 16 de la version 11M )  :



Un grand merci aux personnes qui ont participées à cette nouvelle version.
73 à tous et bon dimanche,

https://dxham.crx.cloud/

HAM remote station on mobile phone.

Hello everyone,

Today I implemented the remote station on the CRX phone application (https://m.crx.cloud).

It works well i made few QSO’s in UHF with the remote station, with control in a browser and sound via MUMBLE.

73 to all,

PS: I am using a CHROME WEB browser, and a RASPBERRY PI.
For people who want to test, you have to configure first your remote station on PC website (https://ham.crx.cloud). 

 

 

Take notes in the cloud !

Hello to all,

« My notes » app is a new feature available into CRX-LOGBOOK :

-> For the moment, a note is limited to ~ 6000 caracters (limitation is only the WEB call here).
-> All the notes are protected by encryption (with your PIN code from 4 to 127 caracters).
-> Remember to write down this code or memorize it, because it is not possible to recover it and therefore to read your notes without this code !
-> Pin code is store into your webrowser via a COOKIE (encrypted by security) and for 1 year.
-> So if you change your browser, you will have to re-enter your pin code.
-> When you clic on « Exit » link, COOKIE will be erased.
-> If you enter the wrong code, the notes are visible but simply empty.

From a technical point of view :

-> Encryption is done on server side, not client side.

-> The cookie containing the pin code and the note are encrypted via AEAD (authenticated encryption with additional data),
with the PHP « SODIUM » library : crypto_aead_xchacha20poly1305_ietf  ( https://datatracker.ietf.org/doc/html/rfc8103 )

as input :
-> the message encrypted here the content of your note (in plain text).
-> the pin code (number or letter of 4 minimum, you can put a lot more).
-> the nounce (Number used only once) generated via: random_bytes SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NPUBBYTES
-> a unique encryption key linked to the CRX site, here generated via: random_bytes : SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_KEYBYTES

Of course I use a base 64 envelope via php base64_encode to store the global key in configuration.

Good weekend, 73!



 

Connect CQRLOG logbook to CRX-LOGBOOK.

Hello everyone,

The LINUX CQRLOG Logbook is now compatible with the « CRXLOGBOOK » (online Logbook cloud instance).

=> It allows new QSOs from CQRLOG to be forwarded in the online log, the system operates in « offline » mode (portable/dx operation)
and can be launched manually or automatically via a LINUX CRON.

=> It works with all versions of CQRLOG and is independent.

=> It’s available here :

https://project.crx.cloud/cqrlog_online_crxlogbook

73