From 4dc476572b71477a770d20e9714eb57d542e4100 Mon Sep 17 00:00:00 2001 From: Dan Guido Date: Fri, 30 Dec 2016 19:20:09 +0100 Subject: [PATCH] clarifications --- README.md | 6 +++--- docs/ROLES.md | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index f47849e..a0f6210 100644 --- a/README.md +++ b/README.md @@ -52,7 +52,7 @@ Find the corresponding mobileconfig (Apple Profile) for each user and send it to ### Android Devices -You need to install the [StrongSwan VPN Client for Android 4 and newer](https://play.google.com/store/apps/details?id=org.strongswan.android). Import the corresponding user.p12 certificate to your device. It's very simple to configure the StrongSwan VPN Client, just make a new profile with the IP address of your VPN server and choose which certificate to use. +You need to install the [StrongSwan VPN Client for Android 4 and newer](https://play.google.com/store/apps/details?id=org.strongswan.android) because no version of Android supports IKEv2. Import the corresponding user.p12 certificate to your device. It's very simple to configure the StrongSwan VPN Client, just make a new profile with the IP address of your VPN server and choose which certificate to use. ### Windows @@ -82,9 +82,9 @@ Depending on the platform, you may need one or multiple of the following files. ## Setup an SSH Tunnel -If you turned on the optional SSH tunneling role, then local user accounts will be created for each user in `config.cfg` and an SSH authorized_key files for them will be in the `configs` directory (user.ssh.pem). SSH user accounts do not have shell access and their tunneling options are limited (`ssh -N` is required). This is done to ensure that users have the least access required to tunnel through the server. +If you turned on the optional SSH tunneling role, then local user accounts will be created for each user in `config.cfg` and an SSH authorized_key files for them will be in the `configs` directory (user.ssh.pem). SSH user accounts do not have shell access, cannot authenticate with a password, and have limited tunneling options (e.g., `ssh -N` is required). This is done to ensure that users have the least access required to tunnel through the server and can perform no other actions. -Use the command below to start an SSH tunnel, replacing `ip` and `user` with your own. Once the tunnel is setup, you can configure a browser or other application to use 127.0.0.1:1080 as a SOCKS proxy to route traffic through Algo. +Use the example command below to start an SSH tunnel by replacing `user` and `ip` with your own. Once the tunnel is setup, you can configure a browser or other application to use 127.0.0.1:1080 as a SOCKS proxy to route traffic through the Algo server. `ssh -D 127.0.0.1:1080 -f -q -C -N user@ip -i configs/ip_user.ssh.pem` diff --git a/docs/ROLES.md b/docs/ROLES.md index fac4a32..1f438c3 100644 --- a/docs/ROLES.md +++ b/docs/ROLES.md @@ -16,12 +16,12 @@ * **Security Enhancements** * Enables [unattended-upgrades](https://help.ubuntu.com/community/AutomaticSecurityUpdates) to ensure available patches are always applied * Modify features like core dumps, kernel parameters, and SUID binaries to limit possible attacks - * Enhances SSH with modern ciphers and seccomp, and restricts access to older, unwanted features like X11 forwarding and SFTP -* **Ad Blocking and Compression HTTP Proxy** + * Enhances SSH with modern ciphers and seccomp, and restricts access to old or unwanted features like X11 forwarding and SFTP +* **Proxy-based Adblocking and Compression** * Installs [Privoxy](https://www.privoxy.org/) with an ad blocking ruleset * Installs Apache with [mod_pagespeed](http://modpagespeed.com/) as an HTTP proxy * Constrains Privoxy and Apache with AppArmor and cgroups CPU and memory limitations -* **DNS Ad Blocking** +* **DNS-based Adblocking** * Install the [dnsmasq](http://www.thekelleys.org.uk/dnsmasq/doc.html) local resolver with a blacklist for advertising domains * Constrains dnsmasq with AppArmor and cgroups CPU and memory limitations * **Security Monitoring and Logging**