Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
browser-on-lxc-vpn-xephyr
Advanced tools
Readme
Craig P Hicks copyright 2020 see LICENSE.md for license
Javascript module to create (from a virgin generic ubuntu lxc) an unprivileged linux container running firefox, vpn, and the X-server Xephyr. This setup allows
The resulting unprivileged linux container has no access to the host filesystem.
Avaliable on npm - https://www.npmjs.com/package/browser-on-lxc-vpn-xephyr
This software was tested on a host running Ubuntu 18.04. It should certainly work on Ubuntu 18.x, 19.x.
node
version v10.16.3
or higher
npm
version 6.14.4
or higher
A openvpn VPN should already be setup, and the openvpn client certificate
should already be placed on the host as a file named
/home/<username>/ffvpn-client.ovpn
See section Setting up VPN on a VPS for more information.
LXD version 4.0.0 or greater
lxdbr0
with the following information:% lxc network show lxdbr0
config:
ipv4.address: <a.b.c.d>/<n>
...
...
where <a.b.c.d>/<n>
is an ip4 network range in CIDR format, e.g.
10.64.64.1/24
node index.js init [-nufw] [-ntz]
Initialize container
-nufw
Don't automatically add ufw rule.
Use when ufw is not the host firewall, or when sudo requires a password.
-ntz
Don't use host /etc/timezone in container, the default is UTC.
node index.js browse [-nxephyr] [-screen <W>x<H>] [-xephyrargs <string of pass thru args>]
Launch Firefox browser
-nxephyr
screen <W>x<H>
-xephyrargs <string of pass thru args>
node index.js ufwRule
Print out what the ufw rule would be to allow container to 'phone home' on init completion.
node index.js clip-to-cont
Copy the content of the host clipboard to the container clipboard.
It is expected this call would be mapped to a shortcut key.
node index.js clip-from-cont
Copy the content of the container clipboard to the host clipboard.
It is expected this call would be mapped to a shortcut key.
init
ufw
is not installed on the system sudo
requires a password browse
browse
requires -xephyrargs <xephyr args string>
option the following values for <xephyr args string>
may be of interest:
-reset -terminate
as a pair will cause Xephyr to terminate when firefox is shutdown. However, that means a Firefox restart will cause Xephyr to shutdown.-fullscreen
will cause Xephyr to use the whole screen. However, that means the Xephyr close 'x' icon will not be visible.<ctrl>+<shift>+w
will close firefox, and the setting page can be accessed with about:preferences
.myip
with the browser- the VPN address should appear.Other parameters and some default values are hard coded at the top of index.js. Most likely there is no need to change these.
This is a quick and dirty way to set up a VPN server on a VPS.
authorized_keys
before creating the node.ufw allow 22
ufw allow 1194
ufw enable
wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh
1194
to 443
.ffvpn-client
scp root@<vps address>:/home/root/ffvpn-client.ovpn ~/
https://superuser.com/a/311830, https://askubuntu.com/a/857458, https://lists.linuxcontainers.org/pipermail/lxc-users/2016-January/010802.html, https://www.systutorials.com/docs/linux/man/5-pulse-daemon.conf/, https://askubuntu.com/questions/70556/how-do-i-forward-sound-from-one-computer-to-another-over-the-lan
In the end most if wasn't neccesary.
FAQs
js script to create lxc container with firefox, openvpn, and xephyr on Ubuntu
The npm package browser-on-lxc-vpn-xephyr receives a total of 5 weekly downloads. As such, browser-on-lxc-vpn-xephyr popularity was classified as not popular.
We found that browser-on-lxc-vpn-xephyr demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.