## The DroneBL small deployment and development VM The DroneBL small deployment and development VM is a great way to jump into the maintenance and development process of DroneBL. It is also a great way to learn how the DroneBL system works in general. The VM is a VMware instance, which can be used with various programs, including the free-as-in-beer [VMware Server](http://www.vmware.com/products/server). It runs Debian Etch, and is configured in a similar way to the actual running configuration of the DroneBL web interface. The VM contains a fully functional setup of DroneBL's software, including a DNSBL instance running rbldnsd. You can use the VMware image to: * Learn more about DroneBL's internals, * Experiment with the DroneBL software, * Write patches for DroneBL, * Run your own blacklist. ## Download * [Download the DroneBL small deployment and development VM, 2007-10-10 release](/~nenolod/dronebl_vm_2007-10-10.tbz2). (338 MB) ### Important **This VM is not secure out of the box.** Several steps must be manually taken in order to secure it. See the documentation later in this page or embedded into the notes in the VM for instructions on how to deploy the VM securely! ## Tour <div style="margin: 0em 0em 1em 1em; float: right; clear: right; border: 1px #999 solid; padding: 0.5em; background-color: #eee;"> <a href="/~nenolod/vmss/step1.png"><img src="/~nenolod/vmss/step1-thumb.png" alt="vmware overview"></a><br/> <a href="/~nenolod/vmss/step2.png"><img src="/~nenolod/vmss/step2-thumb.png" alt="ifconfig output"></a><br/><br/> <a href="/~nenolod/vmss/step4.png"><img src="/~nenolod/vmss/step4-thumb.png" alt="dronebl mainpage"></a><br/> <a href="/~nenolod/vmss/step3.png"><img src="/~nenolod/vmss/step3-thumb.png" alt="dronebl rpckey manager"></a> </div> After downloading the VM tarball and extracting it (`bzcat dronebl_vm_2007-10-10.tbz2 | tar xvf`), open it in VMWare Workstation, Server, or Player. The screenshots for this tour will use VMware Server for Linux. Here you can see the VM's notes, and you can edit it's networking configuration. The default setting is to use *NAT*, which gives the machine a private subnet that your computer is also on. This is useful for if you are developing on a laptop or other mobile device, which does not always have network access. If you are going to be deploying this in production, you most certaintly want *bridged* networking instead. Start the VM up and let it boot. You should see a typical Linux console login prompt. Log in as *dronebl* with password *changeme*. If the VM was able to acquire an IP address, you should be able to see it with */sbin/ifconfig*. In this example, the VM has been assigned the IP address of *192.168.134.128*. Sure enough, if I visit *http://192.168.134.128/* in a web browser, I am greeted with a blank DroneBL front page. So, what works at this point? * You can send new hosts to the DroneBL server using an RPC key. * To find out the RPC key, click on *Administrate* in the DroneBL web interface, and login using *admin* and *changeme*. Then go to *RPCKey Manager* and make a note of the one registered there. * Then you can submit new hosts to DroneBL by sending a POST request which is compliant with the [RPC documentation](rpc). If you do not include a valid RPC key, the RPC call will be dropped. * You can add new posts and remove posts to the DroneBL blogging module. * You can generate and revoke RPC keys. * You can generate graphs. * You can generate an activity log. * You can search for and remove hosts. * If you configure the mail server, you can set up BOPM reporting. ## Securing the VM If you are going to use the DroneBL instance in production, you absolutely must secure it. To secure the machine, please follow the following instructions: 1. **Generate a new sshd public/private keypair**: `rm /etc/ssh/sshd_*key*; dpkg-reconfigure openssh-server`. This step is important, as the SSH key is already generated in the DroneBL instance. 2. **Change the MySQL root password**: The MySQL root password is `dronebl`. You should change this to a more secure password. To do so, use `mysqladmin -p password <your password here>`. You will be prompted for your old password -- enter it. Once you hit return, the password will be changed. 3. **Revoke all of the default RPC keys**: Go to the DroneBL RPCKey Manager (*/admin/rpckey*), and revoke any keys listed. You can then grant new keys which can be trusted. 4. **Drop the DroneBL default admin user**: As there is no User Manager yet, you will need to go into the mysql console (`mysql -p dronebl -u root`) and run the following query: DELETE FROM `users` WHERE username=admin; 5. **Change the root and dronebl user passwords**: `su -c 'passwd root && passwd dronebl'`. You will be asked to enter the root password (`changeme`) and set new ones. 6. **Move the rbldnsd node to a secure location**: Because rbldnsd is a DDoS risk, you should move it to another location to ensure that the web interface is not attacked. ## Other things to consider changing 1. Choose a different logo (/images/dronebl-logo.png). 2. Consider editing some of the documentation. ## Help with the VM If you have problems or questions about the VM, you might consider asking in the official DroneBL IRC channel (`irc.atheme.org #dronebl`). Good luck with your use of the DroneBL software and small deployment VM!