README_SECURITY

We assume that you have configured two networks as recommended.

The backup network (in the example here 192.168.50.0/24).

And the "inner" network. This network is only required for the control/setup and for sending mail from the system.
(in the example here 192.168.100.0/24).


1) Do NOT boot up the inner network at system start!

Run nmtui and disable autostart on the inner adapter.
If you are still using the classic network config edit /etc/network/interfaces

Settings in /etc/network/interfaces:
#auto eth1

2) DO NOT run NFS server for the inner network

Settings in /etc/exports:
#/mnt/bufferdisk 192.168.100.0/255.255.255.0(rw,async,no_subtree_check)
#/mnt/ddumbfs 192.168.100.0/255.255.255.0(rw,async,no_subtree_check,fsid=20)
/mnt/bufferdisk 192.168.50.0/255.255.255.0(rw,async,no_subtree_check)
/mnt/ddumbfs 192.168.50.0/255.255.255.0(rw,async,no_subtree_check,fsid=20)

3) Run /opt/AmutaQ!/tools/samba_disable.
Depreciated: This disables the SMB server from starting.



PERMANENT SHUTDOWN INTERNAL NETWORK (Control Netz)
AmutaQ! actually only needs connectivity via the control network for sending mail.
This can be controlled via the following file:

/opt/AmutaQ!/etc/cif.conf
CIFACTIVE=1 # the mechanism to on/off control interface is active=1
CIFINTERNALNET=eth1 # this is the ethernet adapter connecting to internal network

At least version V 0.0.5.of the mail.lib is required (/opt/AmutaQ!/lib/mail.lib)
This starts up the control network if necessary and shuts it down again after the mail has been sent.