TinyERP + Gentoo 2007.0 Hardened

This virtual machine runs hardened Gentoo 2007.0 and the current stable TinyERP and eTiny web client

Description

Please stay connected to the bittorrent server for at least a few hours after completing the download. This will greatly reduce stress on my server and allow me to keep this torrent running my bandwidth bill up. Remember, although this VM is available to you for free, it costs me money to provide it to you. A few extra hours seeding your completed torrent helps my bandwidth bills greatly.

The Gentoo 2007.0 hardened appliance is barebones Gentoo. The server itself is no-frills and should probably have more security features added (iptables). Ethernet is not configured, which reverts to dhcp when eth0 is started.

The TinyERP implementation on this server follows closely the recommended installation method described on tinyerp.com. This installation has been patched with Thayne Harbaugh's certificate/key location patch to allow easier ssl configuration. Stunnel was added to allow secure connections to the web client. Daemontools is used to launch eTiny as a controlled service.

TinyERP and eTiny start automatically with no ssl, beginning on step5 below, you will find the information to make them run in ssl

I FORGOT TO REMOVE THE WRITELOCK FILE BEFORE UPLOADING! Delete the Gentoo_2007.0_hardened.vmx.WRITELOCK file from the extracted virtual machine. VMWare will refuse to execute while the writelock is in place.

Steps to use this VM:
1. prepare the virtual machine for your environment, make any change necessary to the VM such as memory allocation or cdrom assignment.
2. Power it on.
3. Change network/hostname configurations, start net.eth0
4. start sshd (optional, but convenient)
5. SSL: If you're interested in SSL connections to the server and web client, enter the /etc/tinyerp folder and run 'sh makecerts.sh'. You will be asked a series of questions and for a passphrase. You will only need to enter this passphrase 3 times. If you're interested in a cert that is valid for less than 10 years, edit makecerts.sh and change 3650 to 365 which will make it valid for 1 year.
6. SSL: enter the /root/eTiny-0.0.1/tinyerp/config directory and rename app.cfg to app.cfg.non-ssl, copy app.cfg.ssl to app.cfg.
7. SSL: enter the /etc/conf.d/ directory and edit tinyerp.conf, uncommenting the last line to enable SSL.
8. SSL: stop tinyerp by '/etc/init.d/tinyerp stop', then kill all eTiny instances 'pkill python' (svscan/daemontools will restart it), restart tinyerp by '/etc/init.d/tinyerp start'
9. SSL: start stunnel by '/etc/init.d/stunnel start', add stunnel to the default runlevel 'rc-update add stunnel default'
10: SSL: etiny can now be accessed by https://your.server.tld

Installation notes:

eTiny is not fully functional without modification of tinyerp access controls. It seems that admin has no menu access in a default installation.

Everything seems to work but the main menu. I have placed a message in the tinyerp forums about this issue, but it is yet unresolved. The interface seems to function until one attempts to access the main menu.

This installation will need additional disk space if it is to be used for anything but a demo. Think about configuring log rotation. Webmin configures the root password internally, changing the system password will not affect webmin. Be sure to log in and change your password.

TinyERP admin password for terp is 'password'

Last updated: 07/22/2007

Operating system: Gentoo 2007.0 Hardened

Applications installed:
TinyERP - 4.0.3 eTiny - 0.0.1 postgresql - 8.0.13 stunnel - 4.09-r1 daemontools - 0.76-r5 webmin - 1.350

VMware Tools installed: Yes

Size: 406 MB
Torrent available: Yes
(What is BitTorrent?)

Primary account
Username: root
Password: password

Memory allocated: 256M MB

License: GPL

Submitted by: stutteringp0et

Download link provided by the submitter, not VMware. Report broken downloads here.

« BACK...