Copyright: : MARX(R) CryptoTech LP File: : network_server.txt Date: : March 16, 2021 Description: : Smarx(R)OS Network Server for GNU\Linux ******************************************************************************* 1. Overview ******************************************************************************* This document contains description of Smarx(R)OS Network Server for Linux. Smarx(R)OS Network Server (or CBIOS Network Server) is a special utility, that manages remote connection to the locally attached CRYPTO-BOX(R) dongle. Network licensing is ideal for cost-effective software licensing in (corporate) networks. The software vendor determines how often the application is allowed to run in a network - with just one CRYPTO-BOX per network. Furthermore, it allows software licensing not only for PCs and laptops, but also for environments without the possibility to connect a CRYPTO-BOX(R) directly: - Mobile devices (Tablets, Smartphones) - IoT devices - Virtual machines (Windows/Citrix Terminal Server) See the "Network Licensing" White Paper for more details: https://www.marx.com/en/support/documents#whitepapers ******************************************************************************* 2. Supported platforms ******************************************************************************* This distribution contains software packages for: - Debian/Ubuntu i386/amd64 (tested with Ubuntu 16.04 and 18.04 64bit) - RHEL/CentOS i686/x86_64 (tested with CentOS 6.10 and Fedora 29 64bit) - ARMv7 32bit (tested with Raspian 10 on Raspberry Pi 3 and 4) - ARMv8 64bit (tested with Ubuntu Server 18.04.3 Pre-Release V12, on Raspberry Pi 4, see: https://github.com/TheRemote/Ubuntu-Server-raspi4-unofficial/releases This packages can be used with other distributions, that uses dpkg or rpm package management system. Please give us feedback in case of any problems under certain environment. ******************************************************************************* 3. Distributive content ******************************************************************************* This folder includes the following files: - network_server.txt - this file - netcbios-1.6.7-i386.deb - Debian package (Ubuntu 14+ i386) - netcbios-1.6.7-amd64.deb - Debian package (Ubuntu 14+ amd64) - netcbios-1.6.7-20190715.i386.rpm - RPM package (CentOS 6 i386) - netcbios-1.6.7-20190624.x86_64.rpm - RPM package (CentOS 6 x86_64) - netcbios-1.6.7-ARM64v8.deb - Debian package for ARM64v8 (Raspberry Pi 4) - netcbios-1.6.7-armhf.deb - Debian package for ARMv7 (Raspberry Pi 3/4) all theses packages contains: - CBIOSSrv.cfg - Smarx(R)OS Network Server configuration file - netcbios_server - Smarx(R)OS Network Server - CBIOSSrv.log - log file - udev rules file for CRYPTO-BOX(R) ******************************************************************************* 4. Installation ******************************************************************************* For the software packages use following instructions: $ sudo dpkg -i netcbios-1.6.7-amd64.deb (for Ubuntu OS) or $ sudo yum install netcbios-1.6.7-20190624.x86_64.rpm (for Fedora OS) or double click on .deb (.rpm) file in file manager and click "Install Package" ******************************************************************************* 5. Server Administration Instructions ******************************************************************************* 5.1. General issues. To start Smarx(R)OS Network Server open terminal and enter: $ netcbios_server Log file path can be set using -l parameter: $ netcbios_server -l /var/tmp/netcbios_server.log Special configuration file can be set using -c parameter: $ netcbios_server -c /etc/CBIOSSrv.cfg To start Smarx(R)OS Network Server in background: $ netcbios_server & You can obtain PID of server as the last background task: $ echo $! To stop server use kill command: $ ps -l $ kill %PID% where %PID% is result from ps -l command for netcbios_server ******************************************************************************* 6. Configuration Settings (CBIOSSrv.cfg) ******************************************************************************* Configuration settings are set in CBIOSSrv.cfg (resp. CBIOSSrv64.cfg) file. You can edit default settings (some options described below may not be available under Linux and macOS): 6.1 Server IP & Port -------------------- Default values: IP=* Port=8765 If having more than one active network configured for the Server computer (Ethernet, Wi-Fi, active VPN, virtual adapters of VMWare, etc.) it may be required to assign a dedicated IP address (& optionally port) to listen/response to UDP broadcasting of CBIOS network clients. It can be done with IP (and port) parameter of the CBIOSSrv.cfg configuration file. Examples: IP=10.10.10.32 (IPv4) or fe80::1ff:fe23:4567:890a (IPv6) Port=1234 Important Hints: a) If IP=* is set (default), CBIOS Server will listen on all network interfaces available on this computer (IPv4 and IPv6). If you specify an IP address here (IPv4 or IPv6), CBIOS Server will be available only via this particular address. b) If IP=::1 is set, then the server will be available on the local computer only. This is useful when server and client application are running on the same computer and server should not be exposed to other computers in the network. 6.2 Server UDP Port (broadcasting) ---------------------------------- UDPPort=8766 // default value 6.3 Server Passwords -------------------- Administrative Password: AdminPassword=admin // default value Optional Client Password: OptionalClientPassword= // ignored - default value The Administrative Password is used for server administration (AdminApp or customer specific program). Starting with version 2.14, the Server supports hardware based encryption calls not requiring UPW/APW Login in local mode (CryptFixed, InternalRSA, all CBU SC specific calls) before UPW/APW Logon. The Optional Client Password is supposed to prevent potential DDoS attacks if the Server is exposed online(accessible via global network). In this case specifying value for Optional Client Password in the CBIIOSSRv.cfg configuration file will require clients to start with the CBIOS_ClientLogin (OptionalClientPassword) call for their requests on hardware based encryption to be processed by the Server prior to UPW/APW login. If no value is set to OptionalClientPassword (by default), then clients' requests for hardware based encryption coming prior to UPW/APW login will be always processed by the Server. 6.4 Connection Settings ----------------------- ConnectionTimeoutSec=30 // default value in seconds KeepAliveScanRateMSec=3000 // default value in milliseconds KeepAliveTimeoutSec=180 // default value in seconds ClientKeepAliveDelayMSec=3000 // default value in milliseconds 6.5 Debug Settings ------------------ "DebugLevel" parameter in CBIOSSrv.cfg file controls the level of the debug information that will be added to log file (see 3.6). It is specified as DebugLevel= where Level 0 - quiet, nothing is written to log file Level 1 - critical errors Level 2 - warnings Level 3 - general information (default) Level 4 - debug information 6.6 SetUPW/SetAPW Options ------------------------- Allows to execute CBIOS_SetUPW/CBIOS_SetAPW via network SetUPW=1 - allow CBIOS_SetUPW requests SetUPW=0 - do not allow CBIOS_SetUPW requests (default value) 6.7 Protection against Denial-of Service (DDoS) attacks ------------------------------------------------------ Allows to limit the number of requests per client (IP address) to the server during a defined time interval to prevent server overload, for instance by an attack or a malfunctioning application. FilterPacketsLimit=200 // Number of requests that are allowed to receive during FilterPacketsInterval, 0 - disable protection (default value) FilterPacketsInterval=5000 // Restriction interval (ms) In case the limit has reached, further requests will lead to CBIOS:ERR_CONN_REFUSED3. Configuration Settings (CBIOSSrv.cfg) NOTE: Refer to our White Paper "Network Licensing" for more detailed description of the configuration settings and the usage of AdminApp: https://www.marx.com/en/support/documents#whitepapers ******************************************************************************* VERSION HISTORY ******************************************************************************* 1.12 01JUL2004 Initial version 1.20.4.1223 23DEC2004 CBIOS 64K bug fixed 1.30.5.0203 03FEB2005 Firmware 2.0 support 1.30.5.0520 20MAY2005 Code revision 1.30.5.0627 27JUN2005 debug output settings added 1.50.6.0224 24FEB2006 rebuild with new CBIOS functions 2.0.6.626 26JUN2006 rebuild with universal CBIOS.Lib, license fixes 2.0.7.0112 12JAN2007 rebuild with new CBIOS (notification implemented) 2.0.8.0411 11APR2008 rebuild with new CBIOS (udp broadcasting) 2.7.8.0908 10SEP2008 Network CBIOS library speed improvements 2.7.8.0908 10SEP2008 Network CBIOS library speed improvements 2.10.11.105 05JAN2011 RSA & AES DO support (CBU2) 2.10.11.0531 31MAY2011 rebuild with new fixed CBIOS 2.20.12.1120 20NOV2012 network binding support added 2.30.15.0421 21APR2015 rebuild with new CBIOS library 2.40.16.0301 01MAR2016 CBIOS core revised, notification improvements 2.50.17.0814 14AUG2017 SmarxAPI support added; extended networking improvements 2.60.19.0207 07FEB2019 Fix delay in CBIOS network requests 2.70.19.0429 29APR2019 Fixed bug when server sometimes hangs when accepting a new connection 2.19.19.0624 24JUN2019 Fix: server sometimes crashes during public key generation, ARMv7 32bit and ARMv8 64bit builds added 2.20.20.0824 24AUG2020 IPv6 support 2.21.21.0316 16MAR2021 Added IP option to configuration Fixed UDP search bugs Added DDoS protection *********** Copyright(c) 2003, 2021 MARX(R) CryptoTech LP ********************* *****************************************************************************/