LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-19-2012, 04:50 PM   #1
BuckNekkid
Member
 
Registered: Jun 2007
Location: Bayou, Louisiana
Posts: 121
Blog Entries: 1

Rep: Reputation: Disabled
Question What do YOU think?


Hi,

Sitting down this morning in front of the computer I got an "idea" <light bulb> that lit up inside. Now, since I've been here before and gotten expert advise, I thought I'd come ask again to see if what I have is possible. I'm not even sure it's in the right forum, but please bear with me.

I'm going to change-over to Xbuntu Linux 12.4. I just hope it's not to hard to learn about it. I'm nearly 66 and sometimes my brain does not work as it should and I have trouble comprehennding what I've read or heard.

Here's the deal, I'm a ham radio operator, yes, Morse code, and I have worked with a group of Storm trackers (Skywarn) for over 30 years. I took it upon myself to go to the F.C.C. ULS. database and copy down all the information on Part 90, Public Safety agencies (Fire & Police) units within a 300 mile radius of my, now home. I know there is no way I'm going to 'hear' all of those units, so I've enlisted the help of others in various city's.

I'd like to take this database and put it on the I-net, but restrict it so no unauthorized folks could see the information or change the data. That becomes my duty as the DB Admin.

Question: Would it be possible to develop software that has a secret, built-in code for a password and also give me the number on the DNS of their computer, all the while, having them type in a "given" password that they would type on the screen? This way, should anyone make a copy, the DNS would not match and it could not be used by anyone else, LOL!

I want to use a great firewall. Would Bastille Linux be a good one or should I go with IPChains?

Maybe this could be done, maybe not with the encoded software, but I would hope that it were possible.

Thanks for LQ^QKing (See the Q's as lensframe and ram pieces, LOL!)

Respectfully submitted,

"Buck"/KA5LQJ

Last edited by BuckNekkid; 06-19-2012 at 04:52 PM.
 
Old 06-19-2012, 05:05 PM   #2
sag47
Senior Member
 
Registered: Sep 2009
Location: Orange County, CA
Distribution: Kubuntu x64, Raspbian, CentOS
Posts: 1,845
Blog Entries: 36

Rep: Reputation: 453Reputation: 453Reputation: 453Reputation: 453Reputation: 453
I think I'm a little confused but then maybe not since I've read it a couple of times. Basically, you want to offer software to people (authorized people/computers only) and allow them to access your database of "Public Safety agencies (Fire & Police) units within a 300 mile radius" of your home.

So essentially, you want to offer a licensed software which only works when communicating with the server and the server verifies the computer deserves access; is that correct?

This is totally do-able though might I make a recommendation. Static IP addresses are not common among house hold internet users (likely the majority of your target audience) so it would be better to create a hash based on the hardware of the current system. This means that the user's license key world work on that single computer no matter where that computer is located (for example a laptop traveling). The user can't very well easily copy the program and you get to ensure that the licensed user can only access one copy of the software at a time.

Also, this has nothing to do with a firewall. You need a front-end application written (server) which communicates with the database back-end. The client communicates with the server and the two negotiate the terms for obtaining that database data. It is not wise to let your database be open to the public because there's too many security issues to be worried about with that method. Instead, you can use the front-end server to verify client information before access to said resources is even granted.

Technologies you might want to look into is REST API for communication though there's still more details which need to be worked out for authentication and desired protocols.

But in a nutshell, yes, what you ask is possible with some work. Just maybe do it in a different way.

You should always have a firewall running on your server and I always recommend iptables if you're using Linux.

SAM

Last edited by sag47; 06-19-2012 at 05:13 PM.
 
1 members found this post helpful.
Old 06-19-2012, 05:49 PM   #3
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,329

Rep: Reputation: 2364Reputation: 2364Reputation: 2364Reputation: 2364Reputation: 2364Reputation: 2364Reputation: 2364Reputation: 2364Reputation: 2364Reputation: 2364Reputation: 2364
As sag47 said
Quote:
Static IP addresses are not common among house hold internet users (likely the majority of your target audience)
so I would go with Apache using eg MySQL as backend DB, a very common combination & use htaccess directives, but in the main httpd.conf file as per https://httpd.apache.org/docs/2.2/howto/htaccess.html. See here for securing the user/passwd file https://httpd.apache.org/docs/2.2/mo...l#authuserfile.
I'd also recommend forcing https cxn if you are paranoid...

sag47 said
Quote:
so it would be better to create a hash based on the hardware of the current system.
but that would mean access to the client system, which I wouldn't be keen on as a client.

If you really want to lock it down geographically you could lookup the IP ranges assigned to ISPs in your area & restrict access to those.
Not sure how that would work for a national/large area ISP.
 
1 members found this post helpful.
Old 06-19-2012, 05:54 PM   #4
NyteOwl
Member
 
Registered: Aug 2008
Location: Nova Scotia, Canada
Distribution: Slackware, OpenBSD, others periodically
Posts: 512

Rep: Reputation: 139Reputation: 139
Also before you go to all that trouble re the database, you might check the radioreference.com website. they have a rather extensive one already available that's kept updated regularly.

That said I keep a small database of local frequencies I've collected here as well.
 
Old 06-19-2012, 09:23 PM   #5
jefro
Moderator
 
Registered: Mar 2008
Posts: 16,047

Rep: Reputation: 2333Reputation: 2333Reputation: 2333Reputation: 2333Reputation: 2333Reputation: 2333Reputation: 2333Reputation: 2333Reputation: 2333Reputation: 2333Reputation: 2333
Generally there are secure ways to allow access. One good method might be to use a certificate based authentication to allow access to some resource. Second on the list is file permissions after authentication. Authentication by certificate would relieve the person from typing and could be verified by your server and logged.

You can mail a usb or cd with a certificate on it that allows them to access resources.

I doubt this is any sort of confidential stuff so you could simply make a resource that is not commonly accessed via a domain name too with http access or such.


As others stated, we are kind of guessing what you want.

Last edited by jefro; 06-19-2012 at 09:27 PM.
 
1 members found this post helpful.
Old 06-27-2012, 05:22 PM   #6
sag47
Senior Member
 
Registered: Sep 2009
Location: Orange County, CA
Distribution: Kubuntu x64, Raspbian, CentOS
Posts: 1,845
Blog Entries: 36

Rep: Reputation: 453Reputation: 453Reputation: 453Reputation: 453Reputation: 453
For the benefit of the community, and so that Buck can get a wider response from other members I'm posting relevant portions of an email to me on the subject. Buck, I also replied this to you in an email; I'm just copy and pasting from the mail that I sent back to you. I cut out some portions of the email for personal information purposes and just left what is relevant for my response

Quote:
Originally Posted by BuckNekkid
Good Morning Sam,

"Thanks" for the great suggestions on what I want to do. It's like you were in my head, LOL! The last programming I did was in binaary, assembly, and Commodore Basic back in the 80's, probably older than you are.

....*snip*

How hard would it be to write a program to do all of this in say, Debian? DO you know anyone who could help me?

....*snip*

You were spot on in my thinking. I want the "program" to only work with my "customers". I don't charge anything for the data, as it's being used by ham radio operators in the NOAA SkyWarn weather alert program. The whole purpose is to give those groups information about their local Emergency Responders they can program into their radio scanners and hear what the fire and police units are doing or reporting as of bad weather. Without the "software" the website would not let them in, in any way to see the data that is there. The "customers" could not add or change the data, that would be to me. They would just have to e-mail me with the correction or addition.

....*snip*
And here is my response ----------------------------------

Hi Buck,
I'm going to go out on a limb here and make some recommendations based on personal experience. How the server presents the data to the client and how the client does the authentication I'll leave up to you. Here's some stuff to get you started though.

Learn Programming
I'm not sure I can help you to the degree you require however I can give you a point in the right direction. If you have never done programming before then you'll need to learn that. One language I recommend which is relatively easy is Python and a great language for beginners. Here's an MIT opencourseware course on how to learn Python which has Video Lectures.
http://ocw.mit.edu/courses/electrica...2008/index.htm

There's also a good course on Python from Udacity which teaches python and the process for building a search engine. This will help to introduce some web concepts to you and allow you to offer your data as a service using Python.
http://www.udacity.com/view#Course/c.../Nugget/675002

You can obtain python in a couple of ways. If you're on Linux you can simply install it from a software repository. If you're on Windows you can use the official Python website.
http://www.python.org

There's also good Python documentation.
http://www.python.org/doc/

MySQL with Python
In addition to that, I would recommend a MySQL database as your backend. You can google around and find MySQL support for Python. I googled for "python mysql" and found the following package. Additionally, you can look up "MySQL tutorial" or "how do I create a database in MySQL", etc.
http://mysql-python.sourceforge.net/

I googled "mysql-python tutorial" and found the following article on how to use it.
http://zetcode.com/databases/mysqlpythontutorial/

Python as a secure service
You'll want to utilize secure connections with the server (i.e. https) so I googled "python https" and found a decent write up in just using a few short lines of code.
http://www.noah.org/wiki/Python_HTTPS_and_SSL

Since you are creating a secure connection between just the client software and the server (i.e. you're not serving the data publicly with a web browser) I recommend you create your own certificate authority and digitally sign your own certificates. This way communication is secure and you don't have to waste money on buying a certificate. For that purpose there is a great article listed here.
http://www.g-loaded.eu/2005/11/10/be-your-own-ca/

Just remember that you need to install your certificate authority public cert in /etc/ssl/ on the server and the client needs to have the public certificate itself to communicate.

Client side options
Linux
If you're developing the client software for Ubuntu or Debian (or any Gnome based Linux) I recommend you develop the application using "quickly" assuming you need to use a GUI for your clients.
http://developer.ubuntu.com/get-started/

Windows and other platforms
If your clients are Windows machines, I would say that you should develop using something like Qt because you can develop the application for all 3 major platforms (Windows Mac and Linux). Though you would need to learn some C++ for this which there are good tutorials and books on the subject. Just google around for them. You're required to open source the application unless you pay for a commercial license though. Which can be a draw back given a limited budget and assuming you don't want this to be open source.
http://qt.nokia.com/products/

Though, an easy to learn cross platform language is Pascal (no, it's not dead yet) which you can develop a http client app for Windows. Lazarus is an open source IDE for freepascal and if you already learned Python it's not that big of a step to also learn Pascal.
http://www.lazarus.freepascal.org/

Windows Automated Installer
If you wish to create an installer for your application then I recommend NSIS (Nullsoft Scriptable Install System).
http://nsis.sourceforge.net/Main_Page

There's a great IDE for NSIS called HM NIS Edit. You can see the page here. It comes with a wizard to initially generate an install script.
http://hmne.sourceforge.net/

If you don't need a GUI
You could simply write a python script (and only distribute the pyd which is compiled python binary) that when opened by the user the first time they need to enter some information (which is emailed to you by the Python script) so that you can set up the server keys. And then when the user opens subsequent times it will automatically download the latest data based on arguments using optargs or some other Python argument library. This way you don't need to care what platform is being used you can just communicate using Python. This would require Python to be installed on the client machine.

Other client side information
I just briefly touched software and languages you could use. For creating a hash you could take some RAM information and processor information and create a hash from it. On a Linux system, for example, you could create a hash on /proc/cpuinfo and use that as part of the authentication. Or you could just take certain parts of that file and hash it and use it as a code. Basically, the hash can be anything you want. If you're using python as a client side language you could google "hardware info python" or the same with any language.

Conclusion
Basically I made some assumptions and created a scenario for which you could launch the development of your software. This doesn't mean you have to take my advice. There are other ways of doing it. But handling the details and particulars could take me hours to explain what you *could* do or what *I would* do. This entails gathering specifications on the technologies used, the goals of the project, etc. etc. That I'll leave up to you since it's your project. I have limited time on my hands so if you're stuck somewhere ask in the LQ forums rather than messaging me directly. There's plenty of people on LQ like me who would be able to answer your questions even better than I can.

And here is the end of my response ----------------------------------

I forgot to add on to Python as a secure service. Here's an example of a server in Python actually serving arbitrary secure content.
http://code.activestate.com/recipes/...ure-communica/

Last edited by sag47; 06-27-2012 at 10:41 PM.
 
2 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off




All times are GMT -5. The time now is 12:40 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration