Edited by daveraver, 16 February 2017 - 13:49.
disable root access openwebif
Started by daveraver, 16 Feb 2017 13:46
60 replies to this topic
#1
-
- Senior Member
- 412 posts
+5
Neutral
Posted 16 February 2017 - 13:46
it doesnt work, I have all packages updated, I dont know if its my openwebif version. Has anybody test it?? I have disabled root user on openwebif plugin configuration and it still works.
Re: disable root access openwebif #2
-
- PLi® Core member
- 68,544 posts
+1,737
Excellent
Posted 16 February 2017 - 13:47
OpenWebIf is third-party development. You can find their issue tracker here: https://github.com/E...penWebif/issues
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Pro (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
Re: disable root access openwebif #3
-
- Senior Member
- 412 posts
+5
Neutral
Re: disable root access openwebif #4
-
- PLi® Core member
- 46,951 posts
+541
Excellent
Posted 17 February 2017 - 11:02
Streaming and webif access are two completely separate things. I still don't understand what it is you're after.
* Wavefrontier T90 with 28E/23E/19E/13E via SCR switches 2 x 2 x 6 user bands
I don't read PM -> if you have something to ask or to report, do it in the forum so others can benefit. I don't take freelance jobs.
Ik lees geen PM -> als je iets te vragen of te melden hebt, doe het op het forum, zodat anderen er ook wat aan hebben.
Re: disable root access openwebif #5
-
- Senior Member
- 412 posts
+5
Neutral
Posted 17 February 2017 - 12:47
Ive created a new user on putty ssh.
adduser username
and after that I put on openwebif option disable root acces 'yes'
I can acces to streams with root and with new username from external network, openwebif dont block root user...or...what does the OWIF option do? disable root access...it is denny root user acces...I think so. but in the owif git they say it is handled by pli image...have you read the reply of my issue on owif git? the second and last reply says that pli images handled this feature of root access outside local network. that is what I have understood...havent you?
adduser username
and after that I put on openwebif option disable root acces 'yes'
I can acces to streams with root and with new username from external network, openwebif dont block root user...or...what does the OWIF option do? disable root access...it is denny root user acces...I think so. but in the owif git they say it is handled by pli image...have you read the reply of my issue on owif git? the second and last reply says that pli images handled this feature of root access outside local network. that is what I have understood...havent you?
Re: disable root access openwebif #6
-
- PLi® Core member
- 46,951 posts
+541
Excellent
Posted 17 February 2017 - 12:52
Streaming and webif access are two completely separate things. I still don't understand what it is you're after.
* Wavefrontier T90 with 28E/23E/19E/13E via SCR switches 2 x 2 x 6 user bands
I don't read PM -> if you have something to ask or to report, do it in the forum so others can benefit. I don't take freelance jobs.
Ik lees geen PM -> als je iets te vragen of te melden hebt, doe het op het forum, zodat anderen er ook wat aan hebben.
Re: disable root access openwebif #7
-
- Senior Member
- 412 posts
+5
Neutral
Posted 17 February 2017 - 14:54
I will not enter in code of enigma2, it is known openwebif configures options to streaming, and enigma has its own. I am an user, not coder as you. You will find where it fails if you want. I only change user interface menu parameters. my question is simple and clear. are you joking me?
Edited by daveraver, 17 February 2017 - 14:55.
Re: disable root access openwebif #8
-
- PLi® Core member
- 68,544 posts
+1,737
Excellent
Posted 17 February 2017 - 14:56
@Erik, in https://github.com/E...ebif/issues/577 Schimmel... blames you.
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Pro (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
Re: disable root access openwebif #9
-
- PLi® Core member
- 46,951 posts
+541
Excellent
Posted 17 February 2017 - 17:28
Yes I know. Just as usual. The thing is, "daveraver" has a gripe about streaming (apparently, I assume) and goes complaining to the OWIF guys, which don't have anything to do with it. Maybe you can explain it to him.
* Wavefrontier T90 with 28E/23E/19E/13E via SCR switches 2 x 2 x 6 user bands
I don't read PM -> if you have something to ask or to report, do it in the forum so others can benefit. I don't take freelance jobs.
Ik lees geen PM -> als je iets te vragen of te melden hebt, doe het op het forum, zodat anderen er ook wat aan hebben.
Re: disable root access openwebif #10
-
- PLi® Core member
- 68,544 posts
+1,737
Excellent
Posted 17 February 2017 - 17:31
I referred him to the OWIF guys, didn't have a clue what he was trying to do. So this is about streamproxy not honouring the OWIF config regarding streaming auth?
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Pro (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
Re: disable root access openwebif #11
-
- Senior Member
- 412 posts
+5
Neutral
Posted 17 February 2017 - 20:16
trying to block user root to login on streaming, and use other custom username. machines exposed to the internet used to disable root user access from external network as you know, it is the usual user to try hack, ddos attack, on machines as vps...and in this case machine exposed to the internet to give streaming service would be an enimga2 box. I think it is very common configuration, disable root user acces from external network, I have wrote this several times in this thread. I think it is understood now. I think so. Well, the login disable of root user is permament, local and external network, in all cases, I think so, but owif git discusion 577 says that on local network it is not disabled by owif the root user acces. I think the issue is simple.
Edited by daveraver, 17 February 2017 - 20:21.
Re: disable root access openwebif #12
-
- PLi® Core member
- 68,544 posts
+1,737
Excellent
Posted 17 February 2017 - 20:29
Without a complete redesign of the entire system, this is quite pointless, as everything runs as root, there is no security present in the box. It is not a server Linux OS.
It is the main reason the box should NEVER be connected to the internet, it is not secure. The user you use to login is irrelevant in this discussion.
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Pro (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
Re: disable root access openwebif #13
-
- Senior Member
- 1,030 posts
+65
Good
Posted 17 February 2017 - 21:59
Sadly I have to agree with WanWizard, at least partly.
The preferred way to access the OWIF and streaming/transcoding from outside would be a VPN.
Disabling root access has very limited effect (but this effect is to what extent i have to disagree with WanWizard): Attackers can not abuse the Webif to probe/brute-force the root password.
The part where I have to agree: If there any holes in OWIF an attacker can exploit them, no matter which user account he used to login. As the OWIF runs inside E2, which runs as root, any exploit against OWIF would result in root rights.
And btw: OWIF has a package manager inside, there isn't even an exploit needed. Once you have OWIF access, you can install any ipk, for example a special VPN.
Gesendet von meinem Siemens C25 mit Tapatalk
The preferred way to access the OWIF and streaming/transcoding from outside would be a VPN.
Disabling root access has very limited effect (but this effect is to what extent i have to disagree with WanWizard): Attackers can not abuse the Webif to probe/brute-force the root password.
The part where I have to agree: If there any holes in OWIF an attacker can exploit them, no matter which user account he used to login. As the OWIF runs inside E2, which runs as root, any exploit against OWIF would result in root rights.
And btw: OWIF has a package manager inside, there isn't even an exploit needed. Once you have OWIF access, you can install any ipk, for example a special VPN.
Gesendet von meinem Siemens C25 mit Tapatalk
1st box: Vu+ Ultimo 4k 4xDVB-S2 FBC / 2xDVB-C / 1.8 TB HDD / OpenATV 6.2
2nd box: Gigablue Quad 4k 2xDVB-S2 FBC / 2xDVB-C / 1.8 TB HDD / OpenATV 6.2
testing boxes: Vu+ Duo² + AX Quadbox HD2400 + 2x Vu+ Solo² + Octagon SF4008
Sats & Pay-TV: Astra 19.2°E + Hotbird 13°E with Redlight / SCT HD / SES Astra HD- / Sky V14 / 4th empire propaganda TV
Card-Server: Raspberry Pi + IPv6-capable oscam
Router: Linksys WRT1900ACS w/ LEDE + Fritz!Box 7390
2nd box: Gigablue Quad 4k 2xDVB-S2 FBC / 2xDVB-C / 1.8 TB HDD / OpenATV 6.2
testing boxes: Vu+ Duo² + AX Quadbox HD2400 + 2x Vu+ Solo² + Octagon SF4008
Sats & Pay-TV: Astra 19.2°E + Hotbird 13°E with Redlight / SCT HD / SES Astra HD- / Sky V14 / 4th empire propaganda TV
Card-Server: Raspberry Pi + IPv6-capable oscam
Router: Linksys WRT1900ACS w/ LEDE + Fritz!Box 7390
Re: disable root access openwebif #14
-
- Senior Member
- 412 posts
+5
Neutral
Posted 17 February 2017 - 22:07
ok, ritght. but look at this owif option I am sure you know it...so there is the possibility to denny remote access to root user. well, now its not possible...perhaps in the future. thank you.
Re: disable root access openwebif #15
-
- Senior Member
- 412 posts
+5
Neutral
Posted 17 February 2017 - 22:12
ok Spacerat, I didnt know not to use root user dont take effect to protect and owif plugin by itself has security holes and the user to login doesnt matter...thank you
Re: disable root access openwebif #16
-
- Senior Member
- 1,030 posts
+65
Good
Posted 17 February 2017 - 22:33
The option DOES work, but PLi streaming does not auth through OWIF, so this option does not influence streaming/transcoding on OpenPLi and also not on other images when they are forced to use PLi-like streaming because there is no separate transcoding.
Gesendet von meinem Siemens C25 mit Tapatalk
Gesendet von meinem Siemens C25 mit Tapatalk
1st box: Vu+ Ultimo 4k 4xDVB-S2 FBC / 2xDVB-C / 1.8 TB HDD / OpenATV 6.2
2nd box: Gigablue Quad 4k 2xDVB-S2 FBC / 2xDVB-C / 1.8 TB HDD / OpenATV 6.2
testing boxes: Vu+ Duo² + AX Quadbox HD2400 + 2x Vu+ Solo² + Octagon SF4008
Sats & Pay-TV: Astra 19.2°E + Hotbird 13°E with Redlight / SCT HD / SES Astra HD- / Sky V14 / 4th empire propaganda TV
Card-Server: Raspberry Pi + IPv6-capable oscam
Router: Linksys WRT1900ACS w/ LEDE + Fritz!Box 7390
2nd box: Gigablue Quad 4k 2xDVB-S2 FBC / 2xDVB-C / 1.8 TB HDD / OpenATV 6.2
testing boxes: Vu+ Duo² + AX Quadbox HD2400 + 2x Vu+ Solo² + Octagon SF4008
Sats & Pay-TV: Astra 19.2°E + Hotbird 13°E with Redlight / SCT HD / SES Astra HD- / Sky V14 / 4th empire propaganda TV
Card-Server: Raspberry Pi + IPv6-capable oscam
Router: Linksys WRT1900ACS w/ LEDE + Fritz!Box 7390
Re: disable root access openwebif #17
-
- PLi® Core member
- 68,544 posts
+1,737
Excellent
Posted 18 February 2017 - 08:30
Disabling root access has very limited effect (but this effect is to what extent i have to disagree with WanWizard): Attackers can not abuse the Webif to probe/brute-force the root password.
True, I overlooked this point.
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Pro (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
Re: disable root access openwebif #18
-
- PLi® Core member
- 56,258 posts
+691
Excellent
Posted 18 February 2017 - 08:41
And still add the end.... You should use vpn and never open a streaming or owif port to the www!
WaveFrontier 28.2E | 23.5E | 19.2E | 16E | 13E | 10/9E | 7E | 5E | 1W | 4/5W | 15W
Re: disable root access openwebif #19
-
- PLi® Core member
- 46,951 posts
+541
Excellent
Posted 20 February 2017 - 20:34
BTW if you stream through the streamproxy (yes that is possible), it WILL check this option. Just make sure you make the "right" request to the streamproxy...
* Wavefrontier T90 with 28E/23E/19E/13E via SCR switches 2 x 2 x 6 user bands
I don't read PM -> if you have something to ask or to report, do it in the forum so others can benefit. I don't take freelance jobs.
Ik lees geen PM -> als je iets te vragen of te melden hebt, doe het op het forum, zodat anderen er ook wat aan hebben.
Re: disable root access openwebif #20
-
- Senior Member
- 412 posts
+5
Neutral
Posted 20 February 2017 - 21:35
ok thank you, streamproxy let to create streams with other parameters than owif. I hope transcode will be activated if possible with f1 on pli, new drivers let it, I just want it to test, not to make intensive use. thanks.BTW if you stream through the streamproxy (yes that is possible), it WILL check this option. Just make sure you make the "right" request to the streamproxy...
Edited by daveraver, 20 February 2017 - 21:37.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
