The DroneBL small deployment and development VM

The DroneBL small deployment and development VM is a great way to jump into the maintenance and development process of DroneBL. It is also a great way to learn how the DroneBL system works in general.

The VM is a VMware instance, which can be used with various programs, including the free-as-in-beer VMware Server. It runs Debian Etch, and is configured in a similar way to the actual running configuration of the DroneBL web interface.

The VM contains a fully functional setup of DroneBL's software, including a DNSBL instance running rbldnsd.

You can use the VMware image to:

Download

Important

This VM is not secure out of the box. Several steps must be manually taken in order to secure it. See the documentation later in this page or embedded into the notes in the VM for instructions on how to deploy the VM securely!

Tour

vmware overview
ifconfig output

dronebl mainpage
dronebl rpckey manager

After downloading the VM tarball and extracting it (bzcat dronebl_vm_2007-10-10.tbz2 | tar xvf), open it in VMWare Workstation, Server, or Player. The screenshots for this tour will use VMware Server for Linux. Here you can see the VM's notes, and you can edit it's networking configuration.

The default setting is to use NAT, which gives the machine a private subnet that your computer is also on. This is useful for if you are developing on a laptop or other mobile device, which does not always have network access. If you are going to be deploying this in production, you most certaintly want bridged networking instead.

Start the VM up and let it boot. You should see a typical Linux console login prompt. Log in as dronebl with password changeme. If the VM was able to acquire an IP address, you should be able to see it with /sbin/ifconfig. In this example, the VM has been assigned the IP address of 192.168.134.128. Sure enough, if I visit http://192.168.134.128/ in a web browser, I am greeted with a blank DroneBL front page.

So, what works at this point?

Securing the VM

If you are going to use the DroneBL instance in production, you absolutely must secure it. To secure the machine, please follow the following instructions:

  1. Generate a new sshd public/private keypair: rm /etc/ssh/sshd_*key*; dpkg-reconfigure openssh-server. This step is important, as the SSH key is already generated in the DroneBL instance.

  2. Change the MySQL root password: The MySQL root password is dronebl. You should change this to a more secure password. To do so, use mysqladmin -p password <your password here>. You will be prompted for your old password -- enter it. Once you hit return, the password will be changed.

  3. Revoke all of the default RPC keys: Go to the DroneBL RPCKey Manager (/admin/rpckey), and revoke any keys listed. You can then grant new keys which can be trusted.

  4. Drop the DroneBL default admin user: As there is no User Manager yet, you will need to go into the mysql console (mysql -p dronebl -u root) and run the following query:

    DELETE FROM `users` WHERE username=admin;
    
  5. Change the root and dronebl user passwords: su -c 'passwd root && passwd dronebl'. You will be asked to enter the root password (changeme) and set new ones.

  6. Move the rbldnsd node to a secure location: Because rbldnsd is a DDoS risk, you should move it to another location to ensure that the web interface is not attacked.

Other things to consider changing

  1. Choose a different logo (/images/dronebl-logo.png).

  2. Consider editing some of the documentation.

Help with the VM

If you have problems or questions about the VM, you might consider asking in the official DroneBL IRC channel (irc.atheme.org #dronebl). Good luck with your use of the DroneBL software and small deployment VM!

View Markdown Source