Not logged in — Log In DroneBL 
## The DroneBL small deployment and development VM

The DroneBL small deployment and development VM is a great way to jump
into the maintenance and development process of DroneBL. It is also a
great way to learn how the DroneBL system works in general.

The VM is a VMware instance, which can be used with various programs,
including the free-as-in-beer [VMware Server](http://www.vmware.com/products/server).
It runs Debian Etch, and is configured in a similar way to the actual
running configuration of the DroneBL web interface.

The VM contains a fully functional setup of DroneBL's software, including a DNSBL
instance running rbldnsd.

You can use the VMware image to:

 * Learn more about DroneBL's internals,
 * Experiment with the DroneBL software,
 * Write patches for DroneBL,
 * Run your own blacklist.

## Download

 * [Download the DroneBL small deployment and development VM, 2007-10-10 release](/~nenolod/dronebl_vm_2007-10-10.tbz2).
   (338 MB)

### Important

**This VM is not secure out of the box.** Several steps must be manually taken
in order to secure it. See the documentation later in this page or embedded into
the notes in the VM for instructions on how to deploy the VM securely!

## Tour

<div style="margin: 0em 0em 1em 1em; float: right; clear: right; border: 1px #999 solid; padding: 0.5em; background-color: #eee;">
<a href="/~nenolod/vmss/step1.png"><img src="/~nenolod/vmss/step1-thumb.png" alt="vmware overview"></a><br/>
<a href="/~nenolod/vmss/step2.png"><img src="/~nenolod/vmss/step2-thumb.png" alt="ifconfig output"></a><br/><br/>
<a href="/~nenolod/vmss/step4.png"><img src="/~nenolod/vmss/step4-thumb.png" alt="dronebl mainpage"></a><br/>
<a href="/~nenolod/vmss/step3.png"><img src="/~nenolod/vmss/step3-thumb.png" alt="dronebl rpckey manager"></a>
</div>

After downloading the VM tarball and extracting it (`bzcat dronebl_vm_2007-10-10.tbz2 | tar xvf`),
open it in VMWare Workstation, Server, or Player. The screenshots for this tour will use
VMware Server for Linux. Here you can see the VM's notes, and you can edit it's networking
configuration.

The default setting is to use *NAT*, which gives the machine a private subnet that your
computer is also on. This is useful for if you are developing on a laptop or other mobile
device, which does not always have network access. If you are going to be deploying this
in production, you most certaintly want *bridged* networking instead.

Start the VM up and let it boot. You should see a typical Linux console login prompt.
Log in as *dronebl* with password *changeme*. If the VM was able to acquire an IP address,
you should be able to see it with */sbin/ifconfig*. In this example, the VM has been
assigned the IP address of *192.168.134.128*. Sure enough, if I visit *http://192.168.134.128/*
in a web browser, I am greeted with a blank DroneBL front page.

So, what works at this point?

 * You can send new hosts to the DroneBL server using an RPC key.
   * To find out the RPC key, click on *Administrate* in the DroneBL web interface, and
     login using *admin* and *changeme*. Then go to *RPCKey Manager* and make a note of
     the one registered there.
   * Then you can submit new hosts to DroneBL by sending a POST request which is compliant
     with the [RPC documentation](rpc). If you do not include a valid RPC key, the RPC call
     will be dropped.
 * You can add new posts and remove posts to the DroneBL blogging module.
 * You can generate and revoke RPC keys.
 * You can generate graphs.
 * You can generate an activity log.
 * You can search for and remove hosts.
 * If you configure the mail server, you can set up BOPM reporting.

## Securing the VM

If you are going to use the DroneBL instance in production, you absolutely must secure it. To
secure the machine, please follow the following instructions:

 1. **Generate a new sshd public/private keypair**: `rm /etc/ssh/sshd_*key*; dpkg-reconfigure openssh-server`.
    This step is important, as the SSH key is already generated in the DroneBL instance.

 2. **Change the MySQL root password**: The MySQL root password is `dronebl`. You should change this to a
    more secure password. To do so, use `mysqladmin -p password <your password here>`. You will be prompted
    for your old password -- enter it. Once you hit return, the password will be changed.

 3. **Revoke all of the default RPC keys**: Go to the DroneBL RPCKey Manager (*/admin/rpckey*), and revoke any
    keys listed. You can then grant new keys which can be trusted.

 4. **Drop the DroneBL default admin user**: As there is no User Manager yet, you will need to go into the
    mysql console (`mysql -p dronebl -u root`) and run the following query:
    
        DELETE FROM `users` WHERE username=admin;

 5. **Change the root and dronebl user passwords**: `su -c 'passwd root && passwd dronebl'`. You will be asked
    to enter the root password (`changeme`) and set new ones.

 6. **Move the rbldnsd node to a secure location**: Because rbldnsd is a DDoS risk, you should move it to another
    location to ensure that the web interface is not attacked.

## Other things to consider changing

 1. Choose a different logo (/images/dronebl-logo.png).

 2. Consider editing some of the documentation.

## Help with the VM

If you have problems or questions about the VM, you might consider asking in the official
DroneBL IRC channel (`irc.atheme.org #dronebl`). Good luck with your use of the DroneBL software
and small deployment VM!
View Document