4. How to install Protus password utility

Notice: Well, I have been using Protus connection filters for a long time now. At first, it was version 3.1/1.2 for DosFBB515c and, later, version 3.3 for Dos/WinFBB700. I have found Protus as very useful utility because of its implementation of BBS-to-BBS forwarding protection using MD2 algorythm. One of the reasons I am going to cover Protus in this document is a fact that its author haven't made a manual in english yet. I keep trying to translate the original manuals from spanish into english, but it is a hard process. Any good 'spanish-to-english' translator is welcomed to contact me: m.skoric@eunet.yu.

Protus offers several interesting features:

• It can send a presentation message to all users, informing about possibility to make users' access more safe,

• It can send messages to users who have normal access, informing about utility's existence,

• It can send messages to users who have no valid access (before disconnecting them),

• It can send messages to new users who have connected the BBS for the first time, informing them about the password utility.

• It can send messages to users who have entered wrong password (before disconnecting them),

• It can inform sysop about almost everything related to users' connections (new user on the system, unsuccessful connections etc),

• Messages mentioned above could be translated into various languages and used similarly as various language files that FBB uses,

• Messages mentioned above could be different for different BBS ports,

• Protus could be activated/deactivated at various intervals of time using CRON.SYS system file,

• Passwords could be managed remotely, using an external server, developed by Jose EB5IVB,

• ...

Well, let's see what should be done in order to implement secure access to the FBB packet radio BBS, using Protus type of, so called, c_filter:

• Users of Dos/WinFBB versions of Protus already know that it is needed to create a new directory \FBB\PROTUS where several *.PRT files should be placed. In addition, the main C_FILT*.DLL files should be copied into \FBB\BIN as well as a couple of "system", (i.e. config) *.PRT files that are going to be within \FBB\SYSTEM directory.

• After the sysop has copied all files into the proper locations, it is needed to make some configuration. The most important files are two "system" ones: CONFIG.PRT and USERS.PRT that should be carefully adopted to any particular situation. Other *.PRT files will work as they are in original, but they might be translated because they are originated in spanish (those files are just textual information that are sent to users who connect to the BBS). For your information, I usualy don't care much about, because my BBS's are so called "open systems". It means they work quite normal for all users in the same way as they worked before implementing Protus. Only a couple of callsigns have password installed and, when connecting, they know what they are doing, so, they don't need any additional info. Your mileage may vary.

• So far - so good. When everything mentioned is done, you have to restart your FBB in order for Protus utility to be activated. In all connections to your BBS (including console), you should see a line like this: {PROTUS-4.0} just after a line [FBB-7.00-AB1FHMRX$]. It only gives an information that Protus is active on the system. Users of your system who don't have their passwords, connect just normally as before. Users who's callsigns have password implemented, are prompted for password just after their connections.

• The author of Protus, Jesus EB5AGF, has made several working "modes" of its utility. It is possible for users to get various kinds of security: a fixed phrase as a password (similar when you connect to the Internet via telephone line, but this way the phrase can be masqueraded within the longer answer); a changeable answer to the 5 numbers (just like usual FBB sysop's password); a mode that uses automatic answer from user's client packet programs; implementation of MD2 and MD5 algorythms; FBB-to-FBB automatic forward protection etc. FYI, my WinFBB is equipped with 16-bit Protus 4.0 (13. August 1999). There is also a 32-bit module of the same date that would be called from within 32-bit WinFBB (I haven't tested those two).
• Well, the situation regarding working location of Protus files under LinFBB is somewhat different. I have become familiar to the directory structure that DosFBB and WinFBB versions of Protus have been using, so I considered that it was enough just to copy the same directory structure when I started the installation of Protus under LinFBB. It was wrong. After having pulled out the remaining hair, the things started to work, so, now I am going to tell you what to do.
• I have already told you that I have been running here both WinFBB under Windows NT and LinFBB under Linux (see also Linux+WinNT mini-HOWTO and Lilo mini-HOWTO). That means all Protus stuff has already been installed in a way WinFBB has required, except Linux executable of c_filter file. I put that file into /fbb/bin directory and, after the next restart of LinFBB, I got the info mentioned above: {PROTUS-4.0}. But the password protection was not likely to work. I was told to make a new directory /var/ax25/fbb/protus and put *.prt files there. I didn't move *.PRT files from \FBB\PROTUS but copied them into the new location, because I wanted Protus to run further under WinFBB as before. The utility still didn't want to run, unless I copied also *.PRT files from \FBB\SYSTEM to the new location (/var/ax25/fbb/protus). After I did that, Protus became fully functional.
• Well, I suppose, the above info would be useful for those of you who intend to run *both* Windows and Linux FBB's on the same machine. For the majority of LinFBB-only users, it is just important to make /var/ax25/fbb/protus where all *.prt files should be placed. Only c_filter executable should go to /fbb/bin and that's it.
• About FBB-to-FBB protection: *both* partners have to install Protus. Password for the forwarding partner's callsign must be the same at *both* sides of the link. The versions of Protus don't need to be the same (neither the versions of FBB, neither the operating systems, HI!). Anyway, MD5 algorythm will only work if both parties have Protus 4.x and above (I still don't use that, but it is not a problem, because my two boxes, DosFBB/Protus3.3 and WinFBB/LinFBB/Protus4.0, make all things ok with MD2).
• One of the interesting features of Protus is to log unsuccessful connections. Due to the different locations of *.prt files here, I have separate logs for WinFBB and LinFBB c_filtering. Those of you who are going to run only one version of FBB, will have one complete log of connection errors, your users make when they try connecting your BBS.
• As it was told earlier, if you implemented password protection for only some of your users (but not for all of them who connect normally) - your system is considered as an "open" one. It means that will be logged only unsuccessful tries to enter the system by "protected" callsigns. But, if you decided that your BBS can be accessed by only those callsigns who are protected with Protus, it means that your system is the "closed" one. Then, there is no way a user could enter your FBB unless its callsign has given a password within your Protus. Any unauthorized try to connect your BBS is logged.
• In addition, you may decide to have a "guest" access or a "read-only" as default for some ports and/or for users who enter the wrong password. Many combinations are possible. You could even password protect your own FBB console!
• To finish with this topic for now, just to inform you that my X11 LinFBB is equipped with Protus v4.1b7 (15. February 2000). It has some minor bugs, for example, it logs incoming connections with a SSID of -48 if a user doesn't have a SSID at all (of course, a SSID of -0 would be expectible in such case).