Unmenusecure - A way to limit exposure

[kanth]

Well here is my grand experiment.

Test away:

 

UnMenuSecure Version 0.1a

Pre-requisites: Unmenu, perl, lighttpd and php (All from unmenu).

 

This is a php script built on top of the lighttpd server. It uses the current server but renames all the pid's, ports, file structure, configs, etc. So that it should be possible to install this alongside an existing lighttpd installation. (I have not tested this). As always back up your config before starting. This program includes an uninstaller. If you run that and reboot, you should be back where you started before running the installer. This is not as secure as unmenu-web, I admit that, but as it runs unmenu natively it also works more closely to the native install of unmenu.

 

Unmenusecure's intent is only to "stop someone messing with" your server (Ie, family members stumbling upon the page). It does not secure the unraid server. While unmenu is up, anyone can hit it. The attempt is to limit the exposure by limiting uptime of unmenu.

 

It attempts to achive this in multiple ways:

 

-It's use implies that Unmenu will be set up to not run all the time.

-It takes you to a user/password (htauth) page to start unmenu, and stop it.

-Once unmenu is started via this, a killtimer is spawned that shuts down unmenu after a predetermined time.

 

The script supports the start, stop, functions. It allows removing the killtimer and reconnections to a running unmenu.

 

Notes:

There is a lot of configuration you have to do here. I have limited it, but this is a webserver, and a script, and an installer. Quite a few things need changed with an editor. It is easy to set up but probably isn't newbie level.

 

Install Instructions:

Gather or think about the following:

 

Session Timeout in Minutes: (default is 30) -- How long should unmenu last when I open it if I "forget" to close it?

Port I want to use this program on (default is 9000) -- Can be anywhere you want. This script is going to redirect you

into unmenu (which by default runs on 8080)

Is root's password set in emHttp? It should be or doing this whole thing is POINTLESS, as you are completely exposed.

Username/Password to authenticate with in your htpasswd file. Normally I just use the same username and password

I set on the server through emHttp.

 

----

Install instructions (Things in quotes, you type in):

(If using windows, cd is the same as open the directory; you also are going to need see hidden files on)

 

CONFIGURATION: (You only will need to do this ONCE to set up all your files)

 

Copy the install file to the base of the flash drive  (/boot in linux.)

"cd /boot" (base level of flash in windows)

"unzip unmenusecure.zip"

"cd unmenusecure"

"ls -al" and then edit the file .unmenusecurepassword with a good editor. (vi or something)

By default it says: root:password

That complies with htauth's <username>:<password> fields.

I would suggest, leaving root be, and setting the word "password" to the same thing root is set to on your unraid server.

Save the file

 

If you want to change the session timeout (30 minutes might be too long or too short).

"cd htdocs"

Edit the file index.php

At the top of the file you should see a variable called $SESSIONTIMEOUT set to 30.

Edit 30 to however minutes you wish a session to last. (By default unmenu is killed 30 minutes after being started)

Save the file.

If unmenu is NOT running on 8080 because you changed it for your server.

In the same file (index.php)

Edit the $UNMENUPORT variable and put in the PORT number your unmenu runs on.

If for some strange reason the uu file you execute to run unmenu is NOT installed at the location /boot/unmenu/uu

In the same file (index.php)

Edit the $UNMENUEXE variable and put in the correct location that you call to execute unmenu.

If your server is not named the default of "tower"

This should discover it automatically. If redirects do not work, I'll add a var to use for it.

If you want the unmenusecure webserver to use a different port than 9000

In /boot/unmenusecure/unmenusecure.conf search for the number 9000

It should look like this:

server.port                = 9000

Modify it to what port you want this to run on.

 

At this point you should have all your variables set.

"cd /boot/unmenusecure"

"./installer"

 

It should install completely cleanly and start right up. It's quick, takes about a second.

(Replace tower with your servername in the following if it is changed)

Open a browser and go to //yourserver:9000 (Assuming you left this webserver on 9000)

It should prompt you for your credentials (Whatever user and password you set in the .unmenusecurepassword file).

 

You should get a pretty simple web screen. With a button or buttons to Operate on Unmenu.

 

If unmenu is not running the only button that will be shown is this one:

START This will START unmenu, and start a killtimer that will STOP unmenu in the number of minutes specified by $SESSIONTIMEOUT

 

If unmenu IS RUNNING, you have a few options:

STOP This will STOP unmenu, REMOVE the killtimer, and redirect you to emHttp.

GOTO RUNNING UNMENU SESSION This redirects you into the running unmenu. It will still die when the killtimer runs out.

REMOVE KILLTIMER This removes the killtimer; meaning unmenu will NOT STOP unless you use the STOP button.

(Redirects you into unmenu)

 

When you want to stop unmenu just go to //yourserver:9000 (Assuming you left this webserver on 9000)

 

Have fun!

 

To uninstall:

Just run the uninstaller in the /boot/unmenusecure directory, and then reboot.

 

All your configuration should be done, so to have this auto-reinstall with your configuration, just put /boot/unmenusecure/installer into your go script and remove /boot/unmenu/uu

 

 

unmenusecure.zip