MaxoYour tax dollars at work. Premium Member join:2002-11-04 Tallahassee, FL |
Maxo
Premium Member
2014-Jan-30 4:16 pm
OwnCloudsaid by »owncloud.org/ :ownCloud provides universal access to your files via the web, your computer or your mobile devices wherever you are. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing right on the web. I just installed OwnCloud on my Ubuntu 12.04 server and put the client on my work machine and Android phone. I was never super-comfortable with using Dropbox or Ubuntu One for my file sync for two reasons. 1) Syncing the amount of files I would like to sync is cost prohibitive. 2) NSA With OwnCloud I can now sync everything to MY server, which I control. Setup was pretty straight forward once I found the guide at » www.davelachapelle.ca/gu ··· p-guide/The only thing I have left is to mount my large storage drive to the proper location and migrate my synced files from other providers to this. |
|
OZO Premium Member join:2003-01-17 |
OZO
Premium Member
2014-Jan-30 4:42 pm
Thank you. Looks interesting |
|
|
Salty_Peaks to Maxo
Anon
2014-Jan-30 7:20 pm
to Maxo
pWNCloud -- they don't have a good security history, just saying. |
|
|
Salty_Peaks |
Salty_Peaks
Anon
2014-Jan-30 9:51 pm
Edit to previous post -- reference - » owncloud.org/about/secur ··· isories/ |
|
MaxoYour tax dollars at work. Premium Member join:2002-11-04 Tallahassee, FL |
Maxo
Premium Member
2014-Jan-30 10:46 pm
Interesting. I wonder how up to date they keep this. "Admin can decrypt user files" was opened 02/10/2012, and references enhancements to the upcoming 5.0 version, but 6.0 is the current stable version. This is also the only reported vulnerability in the current version, which isn't that big a deal if you are the owner of those files, but still not good. |
|
yaplej Premium Member join:2001-02-10 White City, OR
1 recommendation |
to Salty_Peaks
80 some vulnerabilities in the project entire life does not seem so bad. Have you looked at the list for anything else? Cisco IOS, Microsoft Windows, Linux?
I'm not sure I would put them into the "poor security" group yet.
They seems to be fixing those as they are found. Its like saying don't use WordPress because version 1.0 is full of security issues.
Its typically the admins fault for not monitoring and updating the system. To expect any software to be free of security vulnerabilities is well not practical. |
|
1 recommendation |
Salty_Peaks
Anon
2014-Jan-31 2:51 pm
Based on the volume and amount of compromised Wordpress servers I encounter on nearly an hourly basis, the fact that more often than not they're used to leverage large scale DDoS attacks or profilterate malware through various "gates" such as » www.kahusecurity.com/201 ··· aud-kit/ indeed I am also saying "Don't use Wordpress" |
|
1 edit |
to Maxo
I'm also starting to use OwnCloud too as I have it in my subdomain of my server using a self-signed certificate and my subdomain. (Only I can access OwnCloud.) |
|
Bill_MIBill In Michigan MVM join:2001-01-03 Royal Oak, MI TP-Link Archer C7 Linksys WRT54GS Linksys WRT54G v4
|
I'd love to hear how others setup self-signed certs. I have a dyndns for outside and thinking of bind handling that zone inside the network to point to the private IP. Is that what most do? A penny for your thoughts, anyone?
Maxo, I may change over to nginx - OwnCloud on apache with Ubuntu Server 12.04 runs a little sluggish on a P4. Thanks for the link. |
|
Ubiquiti EdgeRouter PoE Ubiquiti UniFi AP-AC
1 edit |
I once created a script for creating a self-signed certificate: #!/bin/sh
DOMAIN="subdomain.maindomain" # Edit the domain name.
printf "Checking to see if ca.crt exists... "
if [ ! -f ca.crt ]; then
echo "Creating..."
openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 3650 -config req.conf -key ca.key -out ca.crt
echo "Done."
else
echo "File exist."
fi
echo "Now creating a certificate for $DOMAIN...\n"
openssl genrsa -des3 -out $DOMAIN.key 4096
openssl req -new -config req.conf -days 3650 -key $DOMAIN.key -out $DOMAIN.csr
openssl x509 -req -days 3650 -in $DOMAIN.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out $DOMAIN.crt
echo "Enter the password for creating an unsecure key. Keep it private."
openssl rsa -in $DOMAIN.key -out $DOMAIN.key.insecure
mv $DOMAIN.key $DOMAIN.key.secure
mv $DOMAIN.key.insecure $DOMAIN.key
printf "Marking as read-only for root... "
chmod -R go-rw *
echo "Done."
exit 0
Here's the req.conf: [ req ]
default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
prompt = no
[ req_distinguished_name ]
countryName = Your Country
stateOrProvinceName = Your State (if applicable)
localityName = Your City
organizationName = First Name, Last Name
organizationalUnitName = .
commonName = example.com
emailAddress = user@example.com
Note that you have to enter the passphrase like 5 or 6 times. Just take it slow when entering the passphrase. |
|
DannyZGentoo Fanboy Premium Member join:2003-01-29 united state |
to Maxo
I'll have to look into this, thanks for sharing. I've been thinking of rolling my own personal cloud solution, but this just may be the way to go |
|
MaxoYour tax dollars at work. Premium Member join:2002-11-04 Tallahassee, FL |
to Bill_MI
said by Bill_MI:Maxo, I may change over to nginx - OwnCloud on apache with Ubuntu Server 12.04 runs a little sluggish on a P4. To thanks for the link. OwnCloud is a perfect use-case for Nginx. That is how I am running it as my server also does not have much power and has no need for the features of Apache2. To do the install, including the self-signed certificate I use the istructions at » www.davelachapelle.ca/gu ··· p-guide/ |
|
|
Salty_Peaks
Anon
2014-Feb-2 9:30 pm
Have you considered using OwnCloud and mitigating exposure by issuing and requiring client certificates from a CA you've setup? |
|
MaxoYour tax dollars at work. Premium Member join:2002-11-04 Tallahassee, FL |
Maxo
Premium Member
2014-Feb-3 10:51 am
I am not sure how to do that. Right now my setup requires me to just blindly accept the certificate from any new machine I log in with, which is very undesirable |
|
Ubiquiti EdgeRouter PoE Ubiquiti UniFi AP-AC
|
I am having trouble importing my CA and client certificate (both are .crt) into Google Chrome in Linux, but it seems Google Chrome does not seem to accept it... I don't know why, though. I've done this before with Zarafa, but the use of "history" can only let me see 1,000 lines and I couldn't remember what I've done. (Ugh!)
If only StartSSL could support 2 or 3 subdomains as one subdomain isn't enough, but can't afford $60 for Class 2 cert. |
|
|
Salty_Mobile to Maxo
Anon
2014-Feb-6 8:05 am
to Maxo
said by Maxo:Interesting. I wonder how up to date they keep this. "Admin can decrypt user files" was opened 02/10/2012, and references enhancements to the upcoming 5.0 version, but 6.0 is the current stable version. Evidently not very up to date, found this reading my RSS feeds. » www.exploit-db.com/explo ··· s/31427/# Exploit Title: ownCloud 6.0.0a File Deletion XSS and CSRF Protection Bypass # Vendor Homepage: www.ownCloud.org # OwnCloud Version: 6.0.0a # Browsers tested: Iceweasel 22.0; Internet Explorer 11; # Server: Debian. Default LAMP set-up. # Exploit Author: James Sibley (absane) # Blog: » blog.noobroot.com# Discovery date: December 12th, 2013 # Vendor notified: December 12th, 2013 # Vendor fixed: January 22th, 2014 # CVE assignment: CVE-2014-1665 |
|
|
to Maxo
I have tried Owncloud, and liked it, but development seemed slow.
Interesting thread. Thanks. |
|
|
to Maxo
I've been using it for a while for non-sensitive material and it has been very good! I host it on an OS X server however and that is unsupported at present - though it hasn't caused any problems for me yet. |
|