Profile

Cover photo
The Linux Schools Project
401 followers|137,562 views
AboutPostsPhotosVideos

Stream

 
Multiple Proxy Servers

The proxy server module has had a bit of work done to it and with the next patch you will be able to apply the squid module to as many servers as you like. A new dns entry is created called proxy."domain" which has the A records of all of the TCPIP addresses of the proxy servers. With the latest version of samba4 in the Linux Schools backports repository dns records can be rotated which is what happens with the proxy dns entry. The proxy tools in the web management have been modified to replicate any settings made across all proxy servers.
1
Add a comment...
 
Karoshi Server 10.1.1

Karoshi server version 10.1.1 has now been released and is available for download from  http://sourceforge.net/projects/karoshi/files/karoshiv10/

Highlights

Built on Ubuntu14.04 LTS

This provides long term support and stability for updates for the operating system.

GlusterFS

Adding additional domain controllers now automatically configures critical shares as glusterfs volumes for server redundancy. Shares and home areas can now be converted to glusterfs shares in the web management.

 http://www.linuxschools.com/karoshi/documentation/wiki/index.php?title=Gluster_Volumes 

This feature is very useful for larger networks with more than one server where data can be stored seamlessly between servers. If a server is offline the data is still available via another server and the gluster volume will automatically re-sync when the server is brought back online.

DFS

All network shares are now mapped using DFS for redundancy. Shares that are converted to glusterfs in the web management are automatically reconfigured with multiple dfs share paths. Clients with DFS support will map the the first advertised DFS server for the network share and will use the next available server in the event of the first server being offline.

Owncloud

This module provides an automated install of Owncloud which is a storage solution for accessing your files on any device. This module has been updated to version 8 and allows users to syncronize their files with the home area on the network.

Radius Module

The radius module  has been updated to provide support for clients using a variety of authentication methods.

http://www.linuxschools.com/karoshi/documentation/wiki/index.php?title=Radius_Server radius module

Language Support

Language support is now added for installing Karoshi Server. The language picked on the initial install will be used as the default application for the Karoshi Server setup and the Web Management.

Custom Network Shares

Support has been added for adding in custom network shares via the web management and setting which groups are added to the network share. Net logon scripts are automatically updated to reflect network share additions.

http://www.linuxschools.com/karoshi/documentation/wiki/index.php?title=Network_Shares

New Modules - kanboard

Kanboard is a web based project management system based on the
kanban project management system.

http://en.wikipedia.org/wiki/Kanban

Distro platform

Thanks to http://www.ubuntu.com/

Bandwidth

Thanks to http://sourceforge.net/
1
Robin McCorkell's profile photoThe Linux Schools Project's profile photoRob Bosch's profile photo
3 comments
 
I think this was because of my request to have 2 extra features:
- live boot option to be able to configure a raid volume using mdadm during install
- 'simplifying' the LDAP provisioning script without all the yeargroups so Karoshi can also be used in SMB and small school environments.
Add a comment...
 
Me and +Paul Sharrad have been working on getting DGSB's SSL configuration to the highest security possible, while maintaining compatibility with older browsers and IE. Through this work, we now have an A+, the highest possible grade, in the Qualys SSL Test: https://www.ssllabs.com/ssltest/analyze.html?d=dovergramboys.kent.sch.uk

I've summarised the work we did in the reshared post.
 
I've been messing around with the HTTPS configuration on my home server, trying to improve my Qualys SSL Test score. Ignoring the self-signed CA certificate, I found the following things useful to get the top scores:

1. Use secure ECDSA keys. While 4096-bit RSA keys will still be very secure for quite some time, ECDSA keys are much smaller for comparable strength. A 256-bit ECDSA key (the kind used for Google's SSL cert) is approximately equivalent to a 3072-bit RSA key, but requires far less computational power to use. I suggest using 384-bit ECDSA keys (with the secp384r1 curve), as while 521-bit keys also exist (secp521r1), compatibility for them isn't quite as widespread as that for secp384r1.

2. Disable SSLv3 and below - SSL has been superseded by TLS, which isn't vulnerable to certain attacks such as the POODLE attack. All modern browsers support TLSv1.0. In nginx this can be done with 'ssl_protocols TLSv1 TLSv1.1 TLSv1.2'

3. Only use secure TLS cipher suites. I've been a bit paranoid on my site, only allowing AES256, but AES128 is better supported with older browsers. A good cipher string to use is AES256+EECDH:AES256+EDH:AES128+EECDH:AES128+EDH - this enables AES256 and AES128 ciphers with secure key exchange algorithms. In nginx, use 'ssl_ciphers ...'

4. Generate large Diffie-Helman parameters for the above ciphers, then feed those into your web server. 4096-bit will be sufficient to qualify for 100 in the Qualys SSL Test. In nginx, use 'ssl_dhparam'.

5. Set your web server to use the secp384r1 (or secp521r1) curve for ECDH and ECDHE ciphers. In nginx this is done with 'ssl_ecdh_curve secp384r1'. See point 1 for compatibility regarding prime256v1 (the default in nginx) vs secp384r1 vs secp521r1.

6. Enable HTTP Strict Transport Security, forcing all traffic to go through HTTPS with a redirect then adding an extra header in all responses: 'Strict-Transport-Security "max-age=31536000"'. This tells clients that HTTPS will always be used for this subdomain for the next year (= 31536000 seconds).

Hopefully this is of some use in getting the highest security for your web server.
Due to a recently discovered bug in Apple's code, your browser is exposed to MITM attacks. Click here for more information. Please wait... (Resolving domain names). SSL Report v1.12.8. Copyright © 2009-2015 Qualys, Inc. All Rights Reserved. Terms and Conditions.
View original post
1
Add a comment...
 
Karoshi Client 4.2.2

A major bug slipped through in 4.2 (and 4.2.1), resulting in /etc/resolv.conf being clobbered for all installations, meaning broken DNS. The bug was pointed out by Tom Tucker (http://linuxschools.com/forum/viewtopic.php?f=5&t=224), and I can now say the bug is fixed and a new version has been uploaded to Sourceforge.
1
Add a comment...
 
The Karoshi radius module was broken in Karoshi V10 - this is now in the process of being fixed and will be pushed out in the next patch.

Documentation for the module is now available and can be found at:

http://www.linuxschools.com/karoshi/documentation/wiki/index.php?title=Radius_Server
1
Add a comment...
 
Karoshi Client 4.2

The next version of Karoshi Client, 4.2, has now been released. Although the ISO was uploaded last week, some final testing went on before we could formally announce the release. We are now confident that the release is stable.

The client will not work correctly until the web management patch with new skel files is released later today. Patch has been released

Features:
 - Zotero citation utility installed
 - Omnibar Firefox extension installed
 - 'administrator' user is replaced with 'karoshi'
 - Updated software pulled from various PPAs
 - Localisation support
 - Custom Plymouth boot splash screen
 - DHCP network setup fixed

For more details, see the GitHub release page or view the v4.2 tag directly: https://github.com/the-linux-schools-project/karoshi-client/releases/tag/v4.2

The next milestone, 4.3, is scheduled for 4th March 2015, which is a few weeks after the release of updated graphics drivers and kernel through Ubuntu 14.04.1.
1
Add a comment...
Have them in circles
401 people
Milan Vágner's profile photo
Abdelrahman Mohamed's profile photo
滄海易(George Smith)'s profile photo
Lars Benders's profile photo
Russian Fedora's profile photo
mariyam lagrari's profile photo
石峰(峰小石)'s profile photo
Mostafa Tawheed's profile photo
Kari OP's profile photo
 
Karoshi Server 10.1.2

I decided to add in Welsh language support to the new version - it didn't work at all, and neither did any of the other language options. They say that you should test everything and how right they are since the one thing we neglected to test was language support since it had worked in earlier betas. As a result of this a patch has now been uploaded which fixes the language packs for installs of Karoshi V10.1.1 and 10.1.2 has now been released with full language support.
1
Add a comment...
 
Karoshi Client 4.3

Today we are pleased to announce the release of Karoshi Client 4.3! It has many new features, but is designed to work best with Karoshi Server 10.1.

Also please note that the netlogon folder for this version has been changed to karoshi4.3, due to incompatibility with older scripts. If you have any desktop icons in karoshi4, you will want to migrate them over.

Interface

XFCE has been updated to 4.12. While this is a new 'major' version since 4.10, not much has changed, but many bugs have been fixed and corner cases improved.

XScreensaver has been replaced with Light Locker. Light Locker uses LightDM as the lock screen, instead of a dedicated application. One known issue with this is that there is no indication that someone is logged into a machine once it is locked. Multiple users can log into a single machine, however.

Software controls

Full control of software installation and upgrading is now available. Both whole-domain and location-specific control is possible, controlled from the web management.

Firefox and Thunderbird profiles

The whole profile for Firefox and Thunderbird is now saved to the network, rather than just places.sqlite. This means that user preferences will be saved, allowing more flexibility for users that want to tweak their settings. Important preferences, like the homepage or cache size, have been locked down however.

Failover and redundancy

This release brings support for failover in case of server failure. The client can switch between domain controllers on the network in case one goes down, improving reliability.

Unbound is installed as a local caching DNS server, which will result in faster, more reliable DNS queries, less load on servers and provides DNS failover.

Network shares are mounted from any available domain controller, if the domain is running Karoshi Server 10.1 with DFS and GlusterFS. This means that even if the main server goes down, client machines can continue running (although access to user files is dependent on the infrastructure configuration).

There is currently one issue with true failover: due to a limitation in the implementation of CIFS within the Linux kernel, only the first referral in a DFS link will be checked. This means that at the moment, failover will be hit and miss, but in the event of a server failure most clients will continue running fine.

Downloads: https://sourceforge.net/projects/karoshi/files/karoshi_client/

Release notes: https://github.com/the-linux-schools-project/karoshi-client/releases/tag/v4.3
4
Add a comment...
 
ownCloud 8.0 brings some nice new features, making home access and file synchronisation even better. Look out for web management patches in the coming weeks!
 
#ownCloud 8 is coming soon. Help out by promoting the release!
ownCloud provides universal access to your files via the web, your computer or your mobile devices — wherever you are. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing right on the web. Through apps, you can extend ownCloud and make it your own!
4 comments on original post
1
Add a comment...
 
I added glusterfs to karoshi at least a year ago and have done nothing with it due to time constraints.  This has now been sorted out and glusterfs is used when adding additional domain controllers.  The web management now has the ability to create new gluster volumes and to add folders to them.

Glusterfs is one of those projects that when you test it and see what it can do you just think wow!
1
1
Den Zuk's profile photo
Add a comment...
 
Karoshi Client 4.2.1

This point release has one change: a fix for the installation of GRUB on multi-disk machines. There was an outstanding bug from a few years ago that GRUB would always try to install to /dev/sda, even if you set the install disk to be /dev/sdb. That bug has been fixed and a new ISO has been uploaded for anyone experiencing the bug.
1
1
Den Zuk's profile photo
Add a comment...
 
Karoshi Client 4.2rc1 by +Robin McCorkell 

This release contains the new localisation code, giving Karoshi Client support for many languages and locales, however the translations are likely to be incorrect (Google Translate isn't perfect). In addition, Zotero has been integrated, thanks to +Kyle Withers .

Please note that it is unfinished software, and there are some known bugs in it - in particular the DHCP network setup bug (#52). Please report any bugs you find on GitHub.
2
Robin McCorkell's profile photo
 
Please excuse the invalid ISO image - there seems to have been some issue copying the ISO to the web server. A fix is being worked on. Should be fixed now.
Add a comment...
People
Have them in circles
401 people
Milan Vágner's profile photo
Abdelrahman Mohamed's profile photo
滄海易(George Smith)'s profile photo
Lars Benders's profile photo
Russian Fedora's profile photo
mariyam lagrari's profile photo
石峰(峰小石)'s profile photo
Mostafa Tawheed's profile photo
Kari OP's profile photo
Contact Information
Contact info
Email
Story
Tagline
Linux for schools, both servers and clients
Introduction
The Linux Schools Project provides an operating system that installs a server or set of servers based on your school needs, some of the roles available are: PDC, File, Print, Web and Proxy.

Once the server role has been chosen, the services required are automatically configured for a school setting, some of the services pre-configured are Samba, LDAP, Apache, Moodle, Cups, MySQL and Joomla.

The servers are maintained via a web interface that allows easy to use and remote administration of your network and provides access to the functions of day to day jobs like creating users or changing user passwords.

Release Timeline

8th August 2013 The Linux Schools Project Version 9.0.0

9th June 2012
The Linux Schools Project Version 8.0.0

19th June 2011 The Linux Schools Project Version 7.0.3

27th February 2011 Karoshi Version 7.0.2

13th September 2010 Karoshi Version 7.0.1

2nd August 2010 Karoshi Version 7.0

22nd February 2010 Karoshi Version 7.0 Beta

17th November 2009 Karoshi Version 6.0.2

20th June 2009 Karoshi Version 6.0

11th June 2007 Karoshi Version 5.1.3 

1th June 2007 Karoshi Version 5.1.2

24th December 2006 Karoshi Version 5.1.1

7th May 2006 Karoshi Version 5.0.1

21st Febuary 2006 Karoshi Version 5.0

24th August 2005 Karoshi Version 4.2.3

21st August 2005 Karoshi Version 4.2.2

18th June 2005 Karoshi Version 4.1.1

20th Febuary 2005 Karoshi Version 4.0rc3

18th Febuary 2005 Karoshi Version 4.0rc2

13th Febuary 2005 Karoshi Version 4.0

15th January 2005 Karoshi Version 3.0.1

10th January 2005 Karoshi Version 3.0

27th December 2004 Karoshi Version 2.5.2

5th November 2004 Karoshi Version 2.5.1 

28th October 2004 Karoshi Version 2.5

26th September 2004 Karoshi Version 2.3

31st August 2004 Karoshi Version 2.2.1

15th August 2004 Karoshi Version 2.1

12th August 2004 Karoshi Version 2.0

8th August 2004 Karoshi Version 1.1