Edited by daveraver, 16 February 2017 - 13:49.
disable root access openwebif
Re: disable root access openwebif #2
Posted 16 February 2017 - 13:47
OpenWebIf is third-party development. You can find their issue tracker here: https://github.com/E...penWebif/issues
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Pro (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
Re: disable root access openwebif #3
Re: disable root access openwebif #4
Posted 17 February 2017 - 11:02
Streaming and webif access are two completely separate things. I still don't understand what it is you're after.
* Wavefrontier T90 with 28E/23E/19E/13E via SCR switches 2 x 2 x 6 user bands
I don't read PM -> if you have something to ask or to report, do it in the forum so others can benefit. I don't take freelance jobs.
Ik lees geen PM -> als je iets te vragen of te melden hebt, doe het op het forum, zodat anderen er ook wat aan hebben.
Re: disable root access openwebif #5
Posted 17 February 2017 - 12:47
adduser username
and after that I put on openwebif option disable root acces 'yes'
I can acces to streams with root and with new username from external network, openwebif dont block root user...or...what does the OWIF option do? disable root access...it is denny root user acces...I think so. but in the owif git they say it is handled by pli image...have you read the reply of my issue on owif git? the second and last reply says that pli images handled this feature of root access outside local network. that is what I have understood...havent you?
Re: disable root access openwebif #6
Posted 17 February 2017 - 12:52
Streaming and webif access are two completely separate things. I still don't understand what it is you're after.
* Wavefrontier T90 with 28E/23E/19E/13E via SCR switches 2 x 2 x 6 user bands
I don't read PM -> if you have something to ask or to report, do it in the forum so others can benefit. I don't take freelance jobs.
Ik lees geen PM -> als je iets te vragen of te melden hebt, doe het op het forum, zodat anderen er ook wat aan hebben.
Re: disable root access openwebif #7
Posted 17 February 2017 - 14:54
Edited by daveraver, 17 February 2017 - 14:55.
Re: disable root access openwebif #8
Posted 17 February 2017 - 14:56
@Erik, in https://github.com/E...ebif/issues/577 Schimmel... blames you.
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Pro (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
Re: disable root access openwebif #9
Posted 17 February 2017 - 17:28
Yes I know. Just as usual. The thing is, "daveraver" has a gripe about streaming (apparently, I assume) and goes complaining to the OWIF guys, which don't have anything to do with it. Maybe you can explain it to him.
* Wavefrontier T90 with 28E/23E/19E/13E via SCR switches 2 x 2 x 6 user bands
I don't read PM -> if you have something to ask or to report, do it in the forum so others can benefit. I don't take freelance jobs.
Ik lees geen PM -> als je iets te vragen of te melden hebt, doe het op het forum, zodat anderen er ook wat aan hebben.
Re: disable root access openwebif #10
Posted 17 February 2017 - 17:31
I referred him to the OWIF guys, didn't have a clue what he was trying to do. So this is about streamproxy not honouring the OWIF config regarding streaming auth?
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Pro (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
Re: disable root access openwebif #11
Posted 17 February 2017 - 20:16
Edited by daveraver, 17 February 2017 - 20:21.
Re: disable root access openwebif #12
Posted 17 February 2017 - 20:29
Without a complete redesign of the entire system, this is quite pointless, as everything runs as root, there is no security present in the box. It is not a server Linux OS.
It is the main reason the box should NEVER be connected to the internet, it is not secure. The user you use to login is irrelevant in this discussion.
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Pro (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
Re: disable root access openwebif #13
Posted 17 February 2017 - 21:59
The preferred way to access the OWIF and streaming/transcoding from outside would be a VPN.
Disabling root access has very limited effect (but this effect is to what extent i have to disagree with WanWizard): Attackers can not abuse the Webif to probe/brute-force the root password.
The part where I have to agree: If there any holes in OWIF an attacker can exploit them, no matter which user account he used to login. As the OWIF runs inside E2, which runs as root, any exploit against OWIF would result in root rights.
And btw: OWIF has a package manager inside, there isn't even an exploit needed. Once you have OWIF access, you can install any ipk, for example a special VPN.
Gesendet von meinem Siemens C25 mit Tapatalk
2nd box: Gigablue Quad 4k 2xDVB-S2 FBC / 2xDVB-C / 1.8 TB HDD / OpenATV 6.2
testing boxes: Vu+ Duo² + AX Quadbox HD2400 + 2x Vu+ Solo² + Octagon SF4008
Sats & Pay-TV: Astra 19.2°E + Hotbird 13°E with Redlight / SCT HD / SES Astra HD- / Sky V14 / 4th empire propaganda TV
Card-Server: Raspberry Pi + IPv6-capable oscam
Router: Linksys WRT1900ACS w/ LEDE + Fritz!Box 7390
Re: disable root access openwebif #14
Re: disable root access openwebif #15
Re: disable root access openwebif #16
Posted 17 February 2017 - 22:33
Gesendet von meinem Siemens C25 mit Tapatalk
2nd box: Gigablue Quad 4k 2xDVB-S2 FBC / 2xDVB-C / 1.8 TB HDD / OpenATV 6.2
testing boxes: Vu+ Duo² + AX Quadbox HD2400 + 2x Vu+ Solo² + Octagon SF4008
Sats & Pay-TV: Astra 19.2°E + Hotbird 13°E with Redlight / SCT HD / SES Astra HD- / Sky V14 / 4th empire propaganda TV
Card-Server: Raspberry Pi + IPv6-capable oscam
Router: Linksys WRT1900ACS w/ LEDE + Fritz!Box 7390
Re: disable root access openwebif #17
Posted 18 February 2017 - 08:30
Disabling root access has very limited effect (but this effect is to what extent i have to disagree with WanWizard): Attackers can not abuse the Webif to probe/brute-force the root password.
True, I overlooked this point.
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Pro (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
Re: disable root access openwebif #18
Re: disable root access openwebif #19
Posted 20 February 2017 - 20:34
BTW if you stream through the streamproxy (yes that is possible), it WILL check this option. Just make sure you make the "right" request to the streamproxy...
* Wavefrontier T90 with 28E/23E/19E/13E via SCR switches 2 x 2 x 6 user bands
I don't read PM -> if you have something to ask or to report, do it in the forum so others can benefit. I don't take freelance jobs.
Ik lees geen PM -> als je iets te vragen of te melden hebt, doe het op het forum, zodat anderen er ook wat aan hebben.
Re: disable root access openwebif #20
Posted 20 February 2017 - 21:35
ok thank you, streamproxy let to create streams with other parameters than owif. I hope transcode will be activated if possible with f1 on pli, new drivers let it, I just want it to test, not to make intensive use. thanks.BTW if you stream through the streamproxy (yes that is possible), it WILL check this option. Just make sure you make the "right" request to the streamproxy...
Edited by daveraver, 20 February 2017 - 21:37.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users