4. How to install Protus password utility
Notice: Well, I have been using Protus connection filters for a long time now. At first, it was the version 3.1/1.2 for DosFBB515c and, later, version 3.3 for Dos/WinFBB700. I have found Protus as very useful utility because of its implementation of automated BBS-to-BBS forwarding protection, using MD2 algorithm. One of the reasons to cover Protus in this document is the fact that its author haven't made a manual in English yet. I keep trying to translate original manuals from Spanish into English, but it is a hard work. Any good 'Spanish-to-English' translator is welcomed to contact me: skoric at eunet dot rs
Protus offers several interesting features:
- It can send a presentation message to all users, informing about possibility to make users' access more safe,
- It can send messages to users who have usual, non-restricted access, informing about utility's existence,
- It can send messages to users who have no valid access (before disconnecting them),
- It can send messages to new users who have connected the BBS for the first time, informing them about the password utility.
- It can send messages to users who have entered wrong password (before disconnecting them),
- It can inform sysop about almost everything related to users' connections (new user on the system, unsuccessful connections etc),
- Messages mentioned above could be translated into various languages and used similarly as various language files that FBB system use,
- Messages mentioned above could be different for different BBS ports,
- Protus could be activated/deactivated at various intervals of time using CRON.SYS system file,
- Passwords could be managed remotely, using an external server, developed by Jose EB5IVB,
- ...
Well, let's see what should be done in order to implement secure access to the FBB packet radio BBS, using Protus type of, so called, c_filter:
- Users of Dos/WinFBB versions of Protus already know that it is needed to create a new directory \FBB\PROTUS where several *.PRT files should be placed. In addition, the main C_FILT*.DLL files should be copied into \FBB\BIN directory, as well as a couple of "system", (i.e. config) *.PRT files that are going to be within \FBB\SYSTEM directory.
- After the sysop has copied all files into
their proper locations, it is needed to make
some configuration. The most important files
are two "system" ones:
CONFIG.PRT
andUSERS.PRT
that should be carefully adopted to any particular situation. Other *.PRT files will work as they are in original, but they may be translated because they are originated in Spanish (those files are just the parts of information that are sent to users who connect to the BBS). For your information, I usually don't care much about, because my BBS's are so called "open systems". It means they work quite normal for all users in the same way as they worked before implementing Protus. Only a couple of callsigns have password installed and, when connecting, they know what they are doing, so, they don't need any additional info. Your mileage may vary. - So far - so good. After everything mentioned has
been done, you have to restart your FBB in order
for Protus utility to be activated. In all
connections to your BBS (including console),
you should see a line like this: {PROTUS-4.0}
just after the well known line [FBB-7.00-AB1FHMRX$]. It
only gives an information that Protus is active on the
system. Users of your BBS who don't have
their passwords, connect just normally as before.
Users who's callsigns have password implemented,
are prompted for password just after their connections.
- The author of Protus, Jesus EB5AGF, has made several working "modes" of its utility. It is possible for users to have various kinds of passwords: a fixed phrase (similar as those you are used to when connect to the Internet via telephone line, but this way the phrase can be masqueraded within the longer answer); a changeable answer to the 5 random numbers (just like usual FBB sysop's password); a mode that uses automatic answer from user's client packet programs; implementation of MD2 and MD5 algorithms; FBB-to-FBB automatic protection etc. FYI, my WinFBB is equipped with 16-bit Protus 4.0 (13 August 1999). There is also a 32-bit module of the same date that would be called from within 32-bit WinFBB (I haven't tested those 32-bit applications).
- Well, the situation regarding working location of Protus files under LinFBB is somewhat different. I have become familiar to the directory structure that DosFBB and WinFBB versions of Protus have been using, so I considered that it was enough to implement the same directory structure when I started the installation of Protus under LinFBB. It was wrong. After having pulled out the remaining hair, the things started to work, so, now I am going to tell you what to do.
- I have already told you that I have been running here both WinFBB under Windows NT and LinFBB under Linux (see also
Linux+WinNT mini-HOWTO
andLilo mini-HOWTO
). That means all Protus stuff has already been installed in a way WinFBB has required, except Linux executable of c_filter file. I put that one file into /fbb/bin directory and, after the next restart of LinFBB, I got the info mentioned above: {PROTUS-4.0}. But the password protection was not likely to work. I was told by the author to make a new directory /var/ax25/fbb/protus and put *.PRT files there. I didn't move files from \FBB\PROTUS but rather copied them into the new location, because I wanted Protus to continue working under WinFBB as before. The utility still didn't want to run, unless I also copied additional two *.PRT files from \FBB\SYSTEM to the same new location (/var/ax25/fbb/protus). After I did that, Protus became functional.- Well, I suppose, the above info would be useful for those of you who intend to run *both* Windows and Linux FBB's on the same machine. For the majority of LinFBB-only users, it is just important to make /var/ax25/fbb/protus where all *.prt files should be placed. Only c_filter executable should go to /fbb/bin and that's it.
- About FBB-to-FBB protection: *both* partners have to install Protus. Password for the forwarding partner's callsign must be the same at *both* sides of the link. The versions of Protus don't need to be the same (neither the versions of FBB, neither the operating systems, HI!). Anyway, MD5 algorithm will only work if both parties have Protus 4.x and above (I still don't use that, but it is not a problem, because my two boxes, DosFBB-Protus3.3 and WinFBB/LinFBB-Protus4.0, make all things OK with MD2).
- One of the interesting features of Protus is to log unsuccessful connections. Due to the different locations of *.prt files here, I have separate logs for WinFBB and LinFBB "c_filtering". Those of you who are going to run only one operating system and appropriate version of FBB, will have one complete log of connection errors, users make when try to connect your BBS.
- As it was told earlier, if you implemented password protection for only some of your users (but not for all of them who connect normally) - your system is considered as the "open" one. It means that will be logged only unsuccessful tries to enter the system by "protected" callsigns. But, if you decided that your BBS can be accessed by only those callsigns who have Protus password, that means your system is the "closed" one. Then, there is no way a user could enter your FBB unless its callsign has given a password within your Protus. Any unauthorized try to connect your BBS is also logged.
- In addition, you may decide to have a "guest" access or a "read-only" as default for some BBS's access ports and/or for users who enter the wrong password. Many combinations are possible. You could even password protect your own FBB console!
- To finish with this topic for now, just to inform you that my X11 LinFBB is equipped with Protus v4.1b7 (15 February 2000). It has some minor bugs, for example, it logs incoming connections with a SSID of -48 if a user doesn't have a SSID at all (of course, in such case a SSID of -0 would be expected).
Next Previous Contents