API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 26th, 2017
1,509
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 21.23 KB | None | 0 0
raw download clone embed print report
  1. {
  2. // Private key:
  3. // Your confidentiality and data integrity depend on this key, keep it secret!
  4. "privateKey": "f50751ecb1ffe7c39ff30603c6910c1c7bdc074587d7c9ee6e50ab4d4ffa54ea",
  5.  
  6. // This key corresponds to the public key and ipv6 address:
  7. "publicKey": "us0ct2kpfw1mbt7dj9p3cu31sfznxy1u9f4bhj34z3cqsjfx7370.k",
  8. "ipv6": "fca6:eda5:60e8:9140:f9da:e97a:8251:9256",
  9.  
  10. // Anyone connecting and offering these passwords on connection will be allowed.
  11. //
  12. // WARNING: If a "login" parameter is passed, someone sniffing on the wire can
  13. // sniff the packet and crack to find it. If the "login" is not passed
  14. // then the hash of the 'password' is effectively the login, therefore
  15. // that can be cracked.
  16. //
  17. "authorizedPasswords":
  18. [
  19. // A unique string which is known to the client and server.
  20. // Specify an optional user to identify the peer locally.
  21. // It is not used for authentication.
  22. {"password": "lgz5xqy8clf8hn36wsfblmph6248gl0", "user": "default-login"}
  23.  
  24. // More passwords should look like this.
  25. // {"password": "4w8fy3vlu8fzc0ywwyw3h55py3m1k25", "user": "my-second-peer"},
  26. // {"password": "slhp54mu2mrfqj6zz0ndw3dxt7gn7y2", "user": "my-third-peer"},
  27. // {"password": "jc4vgmnb05dyhkf2661bvdlsw7z2qlx", "user": "my-fourth-peer"},
  28.  
  29. // Below is an example of your connection credentials
  30. // that you can give to other people so they can connect
  31. // to you using your default password (from above).
  32. // The login field here yourself to your peer and the peerName field
  33. // is the name the peer which will be displayed in peerStats
  34. // Adding a unique password for each peer is advisable
  35. // so that leaks can be isolated.
  36. /*
  37. "your.external.ip.goes.here:17188": {
  38. "login": "default-login",
  39. "password":"lgz5xqy8clf8hn36wsfblmph6248gl0",
  40. "publicKey":"us0ct2kpfw1mbt7dj9p3cu31sfznxy1u9f4bhj34z3cqsjfx7370.k",
  41. "peerName":"your-name-goes-here"
  42. },
  43. */
  44. ],
  45.  
  46. // Settings for administering and extracting information from your router.
  47. // This interface provides functions which can be called through a UDP socket.
  48. // See admin/Readme.md for more information about the API and try:
  49. // ./tools/cexec
  50. // For a list of functions which can be called.
  51. // For example: ./tools/cexec 'memory()'
  52. // will call a function which gets the core's current memory consumption.
  53. // ./tools/cjdnslog
  54. // is a tool which uses this admin interface to get logs from cjdns.
  55. "admin":
  56. {
  57. // Port to bind the admin RPC server to.
  58. "bind": "127.0.0.1:11234",
  59.  
  60. // Password for admin RPC server.
  61. // This is a static password by default, so that tools like
  62. // ./tools/cexec can use the API without you creating a
  63. // config file at ~/.cjdnsadmin first. If you decide to
  64. // expose the admin API to the network, change the password!
  65. "password": "NONE"
  66. },
  67.  
  68. // Interfaces to connect to the switch core.
  69. "interfaces":
  70. {
  71. // The interface which connects over UDP/IP based VPN tunnel.
  72. "UDPInterface":
  73. [
  74. {
  75. // Bind to this port.
  76. "bind": "0.0.0.0:17188",
  77.  
  78. // Nodes to connect to (IPv4 only).
  79. "connectTo":
  80. {
  81. // Add connection credentials here to join the network
  82. // If you have several, don't forget the separating commas
  83. // They should look like:
  84. // "ipv4 address:port": {
  85. // "login": "(optional) name your peer has for you"
  86. // "password": "password to connect with",
  87. // "publicKey": "remote node key.k",
  88. // "peerName": "(optional) human-readable name for peer"
  89. // },
  90. // Ask somebody who is already connected.
  91.  
  92. //Amsterdam public node cjdroute.net
  93. "95.85.46.74:47670":{
  94. "password": "freedomforallmlzb0mnd9kyz1rnall",
  95. "publicKey": "guqq5h8p9w6mtxfuh1k9hl1yqljpqqnvj2umcd1cuvx64vbuqhu0.k"},
  96.  
  97. // Ukrane public node
  98. "195.34.197.189:42998":{
  99. "password": "5cvyb5mvb1pktcqhqcwjq5ng82lhjdx",
  100. "publicKey":"sn6lbr223vznkv4hr1prgxzcs7gw8fmb222huprd8zyfv617du90.k"},
  101.  
  102. "83.137.52.57:31337":
  103. {
  104. "password": "cjdnsDotixDotgs",
  105. "publicKey": "pvtgk72f25urxqywxdzfk12t2b4kuhtrc2f1mx58rtpx0wzbll90.k"
  106. },
  107.  
  108. // Moscow public node 2
  109. "82.146.34.103:63336":
  110. { "password":"vmtgs8phs8w7t76q3zr8v7nxr4txwd1",
  111. "publicKey":"h8p5609d03yt1fzu3dlky3g1kt3bq8gffhnsbq2z1dg8j46rt4w0.k"},
  112.  
  113. // Piter
  114. "176.123.128.176:25257":
  115. {
  116. "password": "6xnc7khz7zzvmmstv2d2gp6wn1n9uhc",
  117. "publicKey": "n93123n4tv3fgfmz7c7zm6qwn6sh5mw4cvx9uxm3vm756vvmsu30.k"
  118. },
  119.  
  120. //Europe
  121. "51.254.68.187:31336":{
  122. "password": "public-54ee6081700f99ae9ea96e0ac4a7ef77",
  123. "publicKey": "uxhztss1zffdgyx69pxckz61thf8qhylqcvp2guful7qy7gwtdj0.k"
  124. },
  125. "93.170.96.119:19507":{
  126. "password": "public-e9154afd795f144fad4188d51e4aa290",
  127. "publicKey": "3us96st6mtncum7gqdc1byq2vvv71hz81287b6b1dkd389rjth00.k"
  128. },
  129. "212.83.157.66:10334":{
  130. "password":"Public",
  131. "publicKey":"ddhxthnv29ljx2n9618qs2udm2f8jnm85szbf5y79bh4gkfyt3y0.k",
  132. "contact":"elwisp@efnet or hypeirc",
  133. "location":"FR"
  134. },
  135. "51.254.25.16:1132":{
  136. "contact":"me@magik6k.net",
  137. "password":"thah9aePha1Vusha6ovhpublic",
  138. "peerName":"Magik6k-sbg1",
  139. "publicKey":"kw0vfw3tmb6u6p21z5jmmymdlumwknlg3x8muk5mcw66tdpqlw30.k"
  140. },
  141. "188.226.183.183:43328":{
  142. "password":"public_access",
  143. "publicKey":"1y1jmqrw4r31jlp6yqmq30067rcp0tsgsdm3cs4k8l33pyfhpwn0.k",
  144. "user":"weuxel",
  145. "contact": "hype@smash-net.org"
  146. },
  147. "92.241.12.189:22569":{
  148. "password": "6mDHySCSJYVgyJqphpgnokqKrCq045mF",
  149. "publicKey": "9qz459vnkb1v36ypq84m29g2q7dn8gndg9bh0w1499urnkx9nmt0.k",
  150. "hostname": "h.start-com.ru",
  151. "contact": "vvk@start-com.ru"
  152. },
  153. "185.90.62.45:18192":{
  154. "password": "public-acb42fc410d96c92f4219ffd23c1c6a8",
  155. "publicKey": "03ubz7nvss8134wrt5xxtpjf6kyvru72upbbh5gkdb3p07d0jlg0.k"
  156. },
  157. //North America
  158. "172.81.176.146:15399":{
  159. "password": "public-e36871c2857eae433528407bfb831806",
  160. "publicKey": "sjr7lm3n400cdn7jmf2289clwnx2jmz5dm22r3pnwr2937k58s00.k"
  161. },
  162. "149.56.19.79:55159":{
  163. "contact": "infrastructure@stashcrypto.com",
  164. "login": "default-login",
  165. "password": "dgv86ktpblc2h4y93fsqpshcg2lbp5d",
  166. "peerName": "git.stashcrypto.net",
  167. "publicKey": "zbfurpx9n6whzwu6vrlfgmw8g56rmchfmhxxtpg0hwhl84vqf1y0.k"
  168. },
  169. "158.69.119.35:9218":{
  170. "contact": "infrastructure@stashcrypto.com",
  171. "login": "default-login",
  172. "password": "w5huch4mn6tkgfp3j9sr8p8r13j3j33",
  173. "peerName": "seed.stashcrypto.net",
  174. "publicKey": "rzg61b3fsb675732g5rn8g1x61ypm1z7402n072qmrbbhgzm93f0.k"
  175. },
  176. "149.56.98.167:3703":{
  177. "contact": "code@ventricle.us",
  178. "gpg": "7FE895160E3314027CD3B5D37392CF088BB4345C",
  179. "location": "ovh beauharnois",
  180. "login": "public-peer",
  181. "password": "ppm6j89mgvss7uvtntcd9scy6166mwb",
  182. "peerName": "larynx.ventricle.us",
  183. "publicKey": "jg035j9hup776kwz1k4n0bwpggxp1qmts6t715x53g8vutxktzz0.k"
  184. },
  185. "192.169.7.142:14400":{
  186. "contact": "Igel@hyperboria.ca",
  187. "gpg": "A84DFFE62B451511",
  188. "password": "alfa-charlie-alfa-bravo",
  189. "peerName": "igel-losangeles",
  190. "publicKey": "mh9m0411cfcg7xhdc8n6ckls1tjgnvvbdfzdgqf5196tfkw96rr0.k"
  191. },
  192. "138.197.204.54:29963":{
  193. "contact": "kylerschin@gmail.com",
  194. "ipv6": "fc2b:2beb:99be:a006:cd56:7ae2:8093:8be0",
  195. "location": "digitalocean sfo2",
  196. "login": "default-login",
  197. "password": "7jzsdnl642vm17tn3pjmh9sxc2ms40w",
  198. "peerName": "kylers-awesome-website",
  199. "publicKey": "ppj4n90uw68nvtmz7hz4g1ksubsxylgbhqg9p9x6f37vp4s599c0.k"
  200. },
  201. "138.68.245.159:50505":{
  202. "contact": "chapman.shoop@riseup.net",
  203. "login": "public-peer",
  204. "password": "7ztkh2m3p97z0fcyn50wmtx863n6b3j",
  205. "peerName": "salesforce-tower",
  206. "publicKey": "6d2kt2hbcp7v0pw9q6f1u2s039kfnt4m4123rjxg26hsgrc12v80.k"
  207. },
  208. "192.34.85.155:2359":{
  209. "contact": "Igel@hyperboria.ca",
  210. "gpg": "A84DFFE62B451511",
  211. "password": "alfa-charlie-alfa-bravo",
  212. "peerName": "igel-boston",
  213. "publicKey": "rdxg1nzvmjdj4fyguqydmnl659p7m3x26r6un4ql966q4xt988j0.k"
  214. },
  215. "104.200.29.163:53053":{
  216. "contact": "ansuz@transitiontech.ca",
  217. "gpg": "024A7C03E67ED8CF",
  218. "password": "cLjDBorhsYJUmJrESGueHsRY4HXcFyj",
  219. "peerName": "transitiontech",
  220. "publicKey": "1941p5k8qqvj17vjrkb9z97wscvtgc1vp8pv1huk5120cu42ytt0.k"
  221. },
  222. "107.170.57.34:63472":{
  223. "contact": "code@ventricle.us",
  224. "gpg": "7FE895160E3314027CD3B5D37392CF088BB4345C",
  225. "location": "digitalocean nyc2",
  226. "login": "public-peer",
  227. "password": "ppm6j89mgvss7uvtntcd9scy6166mwb",
  228. "peerName": "cord.ventricle.us",
  229. "publicKey": "1xkf13m9r9h502yuffsq1cg13s5648bpxrtf2c3xcq1mlj893s90.k"
  230. },
  231. "192.241.171.154:62718":{
  232. "contact": "hype@smash-net.org",
  233. "password": "public_access",
  234. "publicKey": "q5nhj9kg6ddmk571jb259mct2ljd10z9xvyf05y3hu66wk4qnk20.k",
  235. "user": "weuxel"
  236. },
  237. "192.198.82.242:27823":{
  238. "contact": "Igel@hyperboria.ca",
  239. "gpg": "A84DFFE62B451511",
  240. "password": "alfa-charlie-alfa-bravo",
  241. "peerName": "igel-northcarolina",
  242. "publicKey": "1nctdb89gtfrlnu71zyq97n14frl1r4z0ylwzc8vn7kpvrzu4yl0.k"
  243. },
  244. "173.62.245.186:55249":{
  245. "contact": "natebrune@gmail.com",
  246. "country": "us",
  247. "gpg": "C95CE6BC6735BAD7",
  248. "ipv6": "fcda:9958:9093:49f2:2677:6df6:2a5a:b01d",
  249. "password": "Public",
  250. "peerName": "NAT",
  251. "publicKey": "vgxqyputh4ldhxktg9msmr61pw938l0ymhkmryljsyzvmr0dtwy0.k",
  252. "website": "https://github.com/NateBrune"
  253. },
  254. "198.58.100.240:22237":{
  255. "contact": "jhj@trnsz.com",
  256. "login": "default-login",
  257. "password": "pqr5brz16vzzu6vhjuj7tv3n078kr5f",
  258. "peerName": "trnsz",
  259. "publicKey": "ubbtkp0txwjh44v8kkznvhjqqwr1hd2jzv5ms9zlkfk25svxvtg0.k"
  260. },
  261.  
  262.  
  263.  
  264. //Global IPv6 Peers
  265. "[2604:a880:0:1010::f:4001]:63472":{
  266. "contact": "code@ventricle.us",
  267. "gpg": "7FE895160E3314027CD3B5D37392CF088BB4345C",
  268. "location": "digitalocean nyc2",
  269. "login": "public-peer",
  270. "password": "ppm6j89mgvss7uvtntcd9scy6166mwb",
  271. "peerName": "cord.ventricle.us",
  272. "publicKey": "1xkf13m9r9h502yuffsq1cg13s5648bpxrtf2c3xcq1mlj893s90.k"
  273. },
  274. "[2604:a880:2:d0:0:0:35ee:d001]:29963":{
  275. "contact": "kylerschin@gmail.com",
  276. "ipv6": "fc2b:2beb:99be:a006:cd56:7ae2:8093:8be0",
  277. "location": "digitalocean sfo2",
  278. "login": "default-login",
  279. "password": "7jzsdnl642vm17tn3pjmh9sxc2ms40w",
  280. "peerName": "kylers-awesome-website",
  281. "publicKey": "ppj4n90uw68nvtmz7hz4g1ksubsxylgbhqg9p9x6f37vp4s599c0.k"
  282. },
  283. "[2602:ff65:0:1::fc00]:2359":{
  284. "contact": "Igel@hyperboria.ca",
  285. "gpg": "A84DFFE62B451511",
  286. "password": "alfa-charlie-alfa-bravo",
  287. "peerName": "igel-boston",
  288. "publicKey": "rdxg1nzvmjdj4fyguqydmnl659p7m3x26r6un4ql966q4xt988j0.k"
  289. },
  290. "[2a00:e10:1000:10:4386:102:61:80]:20431":{
  291. "password": "public",
  292. "publicKey": "p16btvp45j021u8yy0x25zznyhdpq5wx0djulplxf2xp2vgxjq90.k"
  293. "hostname": "network.luggs.co",
  294. "contact": "im@luggs.co"
  295. },
  296. "fc3f:bc82:a104:8933:ba0f:2d2c:de82:966:64137":{
  297. "login": "default-login",
  298. "password":"34pq18yfsc40yy360hz191u807gk6fk",
  299. "publicKey":"tfxxckg18zfxrb3xs3p4f7d9xgxscg13v2zwtjh6ndn704n816l0.k"
  300. },
  301. "fc0b:74f6:2b77:e24f:c360:cd63:542:adfd:38760":{
  302. "login": "default-login",
  303. "password":"3t0vmv241g4v6wlt01gjk5fc621z702",
  304. "publicKey":"67nhsv30npgd2ux36mg7qyby0zg5kdv6wz7bgxbl0vlb3tkh5mh0.k"
  305. },
  306. "[2607:5300:61:44f::]:55159":{
  307. "contact": "infrastructure@stashcrypto.com",
  308. "login": "default-login",
  309. "password": "dgv86ktpblc2h4y93fsqpshcg2lbp5d",
  310. "peerName": "git.stashcrypto.net",
  311. "publicKey": "zbfurpx9n6whzwu6vrlfgmw8g56rmchfmhxxtpg0hwhl84vqf1y0.k"
  312. },
  313. "[2001:470:1f15:156::31]:64512":{
  314. "contact": "post@0x21.biz",
  315. "gpg": "F32A45637FA25E31",
  316. "login": "public",
  317. "password": "OGMlsucXQ4G2VkFUGLgpaUcG7XJcF6PMoX",
  318. "peerName": "ancha.lurk.space",
  319. "publicKey": "c5bu0npp8by4jym96mh0vyy81sn9lhbc01f445nvz64dvdjt98j0.k"
  320. },
  321. "[2001:67c:2990:f00::9ef0:3eaf]:31545":{
  322. "contact": "hostmaster@cwningen.cymru",
  323. "gpg": "2FCD 352C E105 73B5 E7536B98 36C9 9B69 B60E 86E6",
  324. "gpg-public-key": "https://cwningen.cymru/gpg.pub",
  325. "login": "public-peer",
  326. "password": "hsfmhcphy3dpfy6f15hgyz30206dmry",
  327. "peerName": "pen.cwningen.cymru",
  328. "publicKey": "hp3mrxspcg2p2nzt9885gmb9wcgm4t1huc2dydk6hqh63u44nrg0.k"
  329. },
  330. "[2001:67c:2990:a00::2eeb:e1b0]:31545":{
  331. "contact": "hostmaster@cwningen.cymru",
  332. "gpg": "3403E29147E665531103E4AE364C86CBCB4A4395",
  333. "login": "public-peer",
  334. "password": "p0w2yzku3lj126fs2z1wrlt1w684dzw",
  335. "peerName": "llygaid.cwningen.cymru",
  336. "publicKey": "8268mn1bvz66nbb74tqw7ynjkcjrtruv8pgjf9kr34zv5d60p3r0.k"
  337. },
  338. "[2001:67c:2990:b00::5d5d:812b]:31545":{
  339. "contact": "hostmaster@cwningen.cymru",
  340. "gpg": "3403E29147E665531103E4AE364C86CBCB4A4395",
  341. "login": "public-peer",
  342. "password": "p0zk85ff2lk3zbvgypzr1tvbu1gnlkc",
  343. "peerName": "penfar.cwningen.cymru",
  344. "publicKey": "7ktfb2n336bguhfx81ts15qgjb8mjj4rz3vrnvj2dw89wsmmtpg0.k"
  345. },
  346. }
  347. },
  348. {
  349. // Bind to this port.
  350. "bind": "[::]:17188",
  351.  
  352. // Nodes to connect to (IPv6 only).
  353. "connectTo":
  354. {
  355. // Add connection credentials here to join the network
  356. // Ask somebody who is already connected.
  357. }
  358. }
  359. ]
  360. ,
  361. "ETHInterface":
  362. [
  363. // Alternatively bind to just one device and either beacon and/or
  364. // connect to a specified MAC address
  365. {
  366. // Bind to this device (interface name, not MAC)
  367. // "all" is a pseudo-name which will try to connect to all devices.
  368. "bind": "all",
  369.  
  370. // Auto-connect to other cjdns nodes on the same network.
  371. // Options:
  372. //
  373. // 0 -- Disabled.
  374. //
  375. // 1 -- Accept beacons, this will cause cjdns to accept incoming
  376. // beacon messages and try connecting to the sender.
  377. //
  378. // 2 -- Accept and send beacons, this will cause cjdns to broadcast
  379. // messages on the local network which contain a randomly
  380. // generated per-session password, other nodes which have this
  381. // set to 1 or 2 will hear the beacon messages and connect
  382. // automatically.
  383. //
  384. "beacon": 2,
  385.  
  386. // Node(s) to connect to manually
  387. // Note: does not work with "all" pseudo-device-name
  388. "connectTo":
  389. {
  390. // Credentials for connecting look similar to UDP credentials
  391. // except they begin with the mac address, for example:
  392. // "01:02:03:04:05:06":{"password":"a","publicKey":"b"}
  393. }
  394. }
  395. ]
  396.  
  397. },
  398.  
  399. // Configuration for the router.
  400. "router":
  401. {
  402. // supernodes, if none are specified they'll be taken from your peers
  403. "supernodes": [
  404. //"6743gf5tw80ExampleExampleExampleExamplevlyb23zfnuzv0.k",
  405. ]
  406.  
  407. // The interface which is used for connecting to the cjdns network.
  408. "interface":
  409. {
  410. // The type of interface (only TUNInterface is supported for now)
  411. "type": "TUNInterface"
  412. // The type of tunfd (only "android" for now)
  413. // If "android" here, the tunDevice should be used as the pipe path
  414. // to transfer the tun file description.
  415. // "tunfd" : "android"
  416.  
  417. // The name of a persistent TUN device to use.
  418. // This for starting cjdroute as its own user.
  419. // *MOST USERS DON'T NEED THIS*
  420. //"tunDevice": "tun0"
  421. },
  422.  
  423. // System for tunneling IPv4 and ICANN IPv6 through cjdns.
  424. // This is using the cjdns switch layer as a VPN carrier.
  425. "ipTunnel":
  426. {
  427. // Nodes allowed to connect to us.
  428. // When a node with the given public key connects, give them the
  429. // ip4 and/or ip6 addresses listed.
  430. "allowedConnections":
  431. [
  432. // Give the client an address on 192.168.1.0/24, and an address
  433. // it thinks has all of IPv6 behind it.
  434. // ip4Prefix is the set of addresses which are routable from the tun
  435. // for example, if you're advertizing a VPN into a company network
  436. // which exists in 10.123.45.0/24 space, ip4Prefix should be 24
  437. // default is 32 for ipv4 and 128 for ipv6
  438. // so by default it will not install a route
  439. // ip4Alloc is the block of addresses which are allocated to the
  440. // for example if you want to issue 4 addresses to the client, those
  441. // being 192.168.123.0 to 192.168.123.3, you would set this to 30
  442. // default is 32 for ipv4 and 128 for ipv6 (1 address)
  443. // {
  444. // "publicKey": "f64hfl7c4uxt6krmhPutTheRealAddressOfANodeHere7kfm5m0.k",
  445. // "ip4Address": "192.168.1.24",
  446. // "ip4Prefix": 0,
  447. // "ip4Alloc": 32,
  448. // "ip6Address": "2001:123:ab::10",
  449. // "ip6Prefix": 0
  450. // "ip6Alloc": 64,
  451. // },
  452.  
  453. // It's ok to only specify one address and prefix/alloc are optional.
  454. // {
  455. // "publicKey": "ydq8csdk8p8ThisIsJustAnExampleAddresstxuyqdf27hvn2z0.k",
  456. // "ip4Address": "192.168.1.25",
  457. // "ip4Prefix": 0,
  458. // }
  459. ],
  460.  
  461. "outgoingConnections":
  462. [
  463. // Connect to one or more machines and ask them for IP addresses.
  464. // "6743gf5tw80ExampleExampleExampleExamplevlyb23zfnuzv0.k",
  465. // "pw9tfmr8pcrExampleExampleExampleExample8rhg1pgwpwf80.k",
  466. // "g91lxyxhq0kExampleExampleExampleExample6t0mknuhw75l0.k"
  467. ]
  468. }
  469. },
  470.  
  471. // Dropping permissions.
  472. // In the event of a serious security exploit in cjdns, leak of confidential
  473. // network traffic and/or keys is highly likely but the following rules are
  474. // designed to prevent the attack from spreading to the system on which cjdns
  475. // is running.
  476. // Counter-intuitively, cjdns is *more* secure if it is started as root because
  477. // non-root users do not have permission to use chroot or change usernames,
  478. // limiting the effectiveness of the mitigations herein.
  479. "security":
  480. [
  481. // Change the user id to sandbox the cjdns process after it starts.
  482. // If keepNetAdmin is set to 0, IPTunnel will be unable to set IP addresses
  483. // and ETHInterface will be unable to hot-add new interfaces
  484. // Use { "setuser": 0 } to disable.
  485. // Default: enabled with keepNetAdmin
  486. { "setuser": "nobody", "keepNetAdmin": 1 },
  487.  
  488. // Chroot changes the filesystem root directory which cjdns sees, blocking it
  489. // from accessing files outside of the chroot sandbox, if the user does not
  490. // have permission to use chroot(), this will fail quietly.
  491. // Use { "chroot": 0 } to disable.
  492. // Default: enabled (using "/var/run")
  493. { "chroot": "/var/run/" },
  494.  
  495. // Nofiles is a deprecated security feature which prevents cjdns from opening
  496. // any files at all, using this will block setting of IP addresses and
  497. // hot-adding ETHInterface devices but for users who do not need this, it
  498. // provides a formidable sandbox.
  499. // Default: disabled
  500. { "nofiles": 0 },
  501.  
  502. // Noforks will prevent cjdns from spawning any new processes or threads,
  503. // this prevents many types of exploits from attacking the wider system.
  504. // Default: enabled
  505. { "noforks": 1 },
  506.  
  507. // Seccomp is the most advanced sandboxing feature in cjdns, it uses
  508. // SECCOMP_BPF to filter the system calls which cjdns is able to make on a
  509. // linux system, strictly limiting it's access to the outside world
  510. // This will fail quietly on any non-linux system
  511. // Default: enabled
  512. { "seccomp": 1 },
  513.  
  514. // The client sets up the core using a sequence of RPC calls, the responses
  515. // to these calls are verified but in the event that the client crashes
  516. // setup of the core completes, it could leave the core in an insecure state
  517. // This call constitutes the client telling the core that the security rules
  518. // have been fully applied and the core may run. Without it, the core will
  519. // exit within a few seconds with return code 232.
  520. // Default: enabled
  521. { "setupComplete": 1 }
  522. ],
  523.  
  524. // Logging
  525. "logging":
  526. {
  527. // Uncomment to have cjdns log to stdout rather than making logs available
  528. // via the admin socket.
  529. // "logTo":"stdout"
  530. },
  531.  
  532. // If set to non-zero, cjdns will not fork to the background.
  533. // Recommended for use in conjunction with "logTo":"stdout".
  534. "noBackground":0
  535.  
  536. // Pipe file will store in this path, recommended value: /tmp (for unix),
  537. // \\.\pipe (for windows)
  538. // /data/local/tmp (for rooted android)
  539. // /data/data/AppName (for non-root android)
  540. // This only needs to be specified if cjdroute's guess is incorrect
  541. // "pipe":"/tmp"
  542. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!