[arm-allstar] Allmon2/Supermon and Security
wa3dsp at gmail.com
Mon Mar 20 01:11:59 EST 2017
I have updated the Allmon2 and Supermon howto's to reflect the recommended
security for htpasswd when using Allmon2 or Supermon.
Security when offering a page over the web is very important. Most of you
only use these packages locally and do not forward out to the Internet but
if you do and even locally it is important to be as secure as possible.
First make sure you have the latest hamvoip updates - item 1 on the ADMIN
Both Allmon2 and Supermon have now been updated to allow Blowfish
encryption for the password. We recommend that you recreate your passwords
using Blowfish encryption. To accomplish this do the following:
Open a Linux shell - option 9 on the ADMIN menu.
If setting up Allmon2 change to the base directory - cd /srv/http/allmon2
if setting up Supermon change to its base directory - cd /srv/http/supermon
First remove any existing .htpasswd file - rm .htpasswd
Create a new .htpasswd file - htpasswd -cB .htpasswd <username>
Username can be anything but don't include the <>
It will then ask you for a password twice and then if they match create the
Passwords should not be simple or common names/words. Use a combination of
upper/lower alpha, numeric, and special characters and at least 8-10
characters or longer. Blowfish encryption is considered very secure but
only if you use random and mixed characters.
Do this in both directories if you use both Allmon2 and Supermon.
Once the file(s) are created you should be able to login on the Allmon2
and/or Supermon pages.
More information about the arm-allstar