Archives
/
algo
mirror of https://github.com/trailofbits/algo
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

clarifications

Browse Source
pull/200/head
Dan Guido 8 years ago
parent 208e20ed8e
commit 4dc476572b
2 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File

6
README.md
Unescape Escape View File

@ -52,7 +52,7 @@ Find the corresponding mobileconfig (Apple Profile) for each user and send it to
### Android Devices
You need to install the [StrongSwan VPN Client for Android 4 and newer](https://play.google.com/store/apps/details?id=org.strongswan.android). Import the corresponding user.p12 certificate to your device. It's very simple to configure the StrongSwan VPN Client, just make a new profile with the IP address of your VPN server and choose which certificate to use.
You need to install the [StrongSwan VPN Client for Android 4 and newer](https://play.google.com/store/apps/details?id=org.strongswan.android) because no version of Android supports IKEv2. Import the corresponding user.p12 certificate to your device. It's very simple to configure the StrongSwan VPN Client, just make a new profile with the IP address of your VPN server and choose which certificate to use.
### Windows
@ -82,9 +82,9 @@ Depending on the platform, you may need one or multiple of the following files.
## Setup an SSH Tunnel
If you turned on the optional SSH tunneling role, then local user accounts will be created for each user in `config.cfg` and an SSH authorized_key files for them will be in the `configs` directory (user.ssh.pem). SSH user accounts do not have shell access and their tunneling options are limited (`ssh -N` is required). This is done to ensure that users have the least access required to tunnel through the server.
If you turned on the optional SSH tunneling role, then local user accounts will be created for each user in `config.cfg` and an SSH authorized_key files for them will be in the `configs` directory (user.ssh.pem). SSH user accounts do not have shell access, cannot authenticate with a password, and have limited tunneling options (e.g., `ssh -N` is required). This is done to ensure that users have the least access required to tunnel through the server and can perform no other actions.
Use the command below to start an SSH tunnel, replacing `ip` and `user` with your own. Once the tunnel is setup, you can configure a browser or other application to use 127.0.0.1:1080 as a SOCKS proxy to route traffic through Algo.
Use the example command below to start an SSH tunnel by replacing `user` and `ip` with your own. Once the tunnel is setup, you can configure a browser or other application to use 127.0.0.1:1080 as a SOCKS proxy to route traffic through the Algo server.
`ssh -D 127.0.0.1:1080 -f -q -C -N user@ip -i configs/ip_user.ssh.pem`

6
docs/ROLES.md
Unescape Escape View File

@ -16,12 +16,12 @@
* **Security Enhancements**
* Enables [unattended-upgrades](https://help.ubuntu.com/community/AutomaticSecurityUpdates) to ensure available patches are always applied
* Modify features like core dumps, kernel parameters, and SUID binaries to limit possible attacks
* Enhances SSH with modern ciphers and seccomp, and restricts access to older, unwanted features like X11 forwarding and SFTP
* **Ad Blocking and Compression HTTP Proxy**
* Enhances SSH with modern ciphers and seccomp, and restricts access to old or unwanted features like X11 forwarding and SFTP
* **Proxy-based Adblocking and Compression**
* Installs [Privoxy](https://www.privoxy.org/) with an ad blocking ruleset
* Installs Apache with [mod_pagespeed](http://modpagespeed.com/) as an HTTP proxy
* Constrains Privoxy and Apache with AppArmor and cgroups CPU and memory limitations
* **DNS Ad Blocking**
* **DNS-based Adblocking**
* Install the [dnsmasq](http://www.thekelleys.org.uk/dnsmasq/doc.html) local resolver with a blacklist for advertising domains
* Constrains dnsmasq with AppArmor and cgroups CPU and memory limitations
* **Security Monitoring and Logging**

Write Preview
Loading…
Cancel
Save