Ndiyinjineli ngoqeqesho, kodwa ndinxibelelana ngakumbi noosomashishini kunye nabalawuli bemveliso. Ngaphambili, umnini wenkampani yemizi-mveliso wacela icebiso. Ngaphandle kwento yokuba ishishini likhulu kwaye ladalwa ngeminyaka yee-90s, ulawulo kunye ne-accounting zisebenza ngendlela yakudala kwinethiwekhi yendawo.
Esi sisiphumo soloyiko lweshishini labo kunye nolawulo olwandisiweyo ngurhulumente. Imithetho nemimiselo inokutolikwa ngokubanzi ngabasemagunyeni abahlolayo. Umzekelo zizilungiso kwiKhowudi yeRhafu, ngenxa yokwaphulwa kwerhafu, ukutshatyalaliswa kwangempela .
Ngenxa yoko, umnini-shishini waqala ukukhangela izisombululo zokugcinwa okuthembekileyo kolwazi kunye nokudluliselwa okukhuselekileyo kwamaxwebhu. Okubonakalayo "kukhuselekile".
Sisebenze kwingxaki kunye nomlawuli wenkqubo yexesha elizeleyo: sasidinga uhlalutyo olunzulu lwamaqonga akhoyo.
- inkonzo akufanele ibe yi-cloud-based, kwi-classical sense of the word, i.e. ngaphandle kokugcinwa kwiindawo zombutho wesithathu. Iseva yakho kuphela;
- uguqulelo oluluqilima lwedatha egqithisiweyo kunye negciniweyo iyafuneka;
- ukukwazi ukucima umxholo ngokukhawuleza kuso nasiphi na isixhobo ngokucofa iqhosha kunyanzelekile;
- isisombululo saphuhliswa ngaphandle.
Ndicebise ukuba ndisuse inqaku lesine, kuba... Izicelo zaseRashiya zinezatifikethi ezisemthethweni. Umlawuli uthe ngqo into emayenziwe ngezatifikethi ezinjalo.
Ukukhetha iinketho
Ndikhethe izisombululo ezintathu (ukhetho oluninzi, amathandabuzo amaninzi):
- Umthombo ovulekileyo - iprojekthi , egcinwe ngumakhi onomdla uJacob Borg.
- , elawulwa yi-American Resilio Inc. (ngaphambili le nkonzo ibibizwa ngokuba yiBitTorrent Sync).
- Le projekthi ukusuka izicelo zongqamaniso. Ukubhaliswa kweCyprus.
Umnini wenkampani unokuqonda okuncinci kobuchwephesha obuntsonkothileyo, ngoko ke ndifomethe ingxelo ngohlobo loluhlu lweenzuzo kunye neengozi zokhetho ngalunye.
Iziphumo zohlalutyo
Syncthing
Плюсы:
- Vula Umnikezi;
- Umsebenzi womphuhlisi ophambili;
- Le projekthi kudala ikhona;
- Mahala.
Umgcini:
- Akukho mxhasi weqokobhe le iOS;
- Iiseva ze-Slow Turn (zisimahla, ngoko ziyacotha). Kwabo, ngubani
ungazi, Ukujika kusetyenziswa xa kungenakwenzeka ukudibanisa ngokuthe ngqo; - Ukuseta ujongano oluntsonkothileyo (lufuna iminyaka emininzi yamava enkqubo);
- Ukunqongophala kwenkxaso yorhwebo olukhawulezayo.
I-Resilio
Iinkonzo: inkxaso yazo zonke izixhobo kunye neeseva zokuJika ngokukhawuleza.
Umgcini: Enye kwaye ibaluleke kakhulu kukungahoywa ngokupheleleyo kwazo naziphi na izicelo zenkonzo yenkxaso. Zero impendulo, nokuba ubhala kwiidilesi ezahlukeneyo.
Pvtbox
Iinkonzo:
- Ixhasa zonke izixhobo;
- Iiseva zokuJika ngokukhawuleza;
- Ukukwazi ukukhuphela ifayile ngaphandle kokufaka isicelo;
- Inkonzo yenkxaso eyaneleyo, kubandakanywa. ngefowuni.
Минусы:
- Iprojekthi encinci (uphononongo olumbalwa kunye nophononongo oluhle);
- I-interface yesayithi "i-techy" kakhulu kwaye ayisoloko icacile;
- Akukho maxwebhu aneenkcukacha ngokucokisekileyo;
Ukhethe ntoni umthengi?
Umbuzo wakhe wokuqala ngulo: yintoni inqaku lokuphuhlisa into mahala? I-Syncthing yayekwa ngoko nangoko. Iingxoxo azizange zisebenze.
Kwiintsuku ezimbalwa kamva, umthengi wala ngokusemthethweni iResilio Sync ngenxa yokungabikho kwenkxaso, kuba... Akukacaci ukuba kuyiwa phi na kwimeko yonxunguphalo. Plus ukungathembeki kubhaliso lwenkampani lwaseMelika.
Ukufumana uhlalutyo olongezelelweyo, iPvtbox Electronic ikhuselekile ihleli. Senze uphicotho olupheleleyo lobuchwephesha beli qonga, sigxininise ekungeneni kokungenelela, ukuchithwa kwedatha, kunye nokungeniswa okungagunyaziswanga kwindawo yokugcina ulwazi.
Inkqubo yoPhicotho-zincwadi
Sihlalutye unxibelelwano ekuqaleni kwenkqubo, ngexesha lokusebenza nakwimeko ezolileyo. Ngokwemigangatho yale mihla, i-traffic iqala ukufihlwa. Makhe sizame ukwenza uhlaselo lwe-MITM kwaye sibuyisele isatifikethi kubhabho usebenzisa Linux (Xubuntu Linux 18.04), iWireshark, Mitmproxy. Ukwenza oku, siya kwazisa umthetheli phakathi kwesicelo sePvtbox kunye neseva ye-pvtbox.net (kukho utshintshiselwano lwedatha kunye neseva ye-pvtbox.net ngokusebenzisa uxhumano lwe-https).
Siqalisa usetyenziso ukuqinisekisa ukuba inkqubo kunye nokuvumelanisa iifayile kuyo kuyasebenza. Linux Ungayibona ngoko nangoko i-logging ukuba usebenzisa inkqubo ukusuka kwisiphelo sendlela.
Cima usetyenziso kwaye ubeke endaweni ye-pvtbox.net idilesi yomamkeli kwifayile / njl / imikhosi ngamalungelo omsebenzisi ophezulu. Sibuyisela idilesi ngedilesi yeseva yethu engummeli.
Ngoku makhe silungiselele iseva yethu yommeleli kuhlaselo lwe-MITM kwikhompyuter enedilesi 192.168.1.64 kwinethiwekhi yethu yendawo. Ukwenza oku, faka i-mitmproxy package version 4.0.4.
Siqala iseva yommeleli kwizibuko 443:
$ sudo mitmproxy -p 443
Siphehlelela inkqubo yePvtbox kwikhompyuter yokuqala, jonga kwimveliso yemitmproxy kunye nelogi yesicelo.
Mitmproxy unika ingxelo yokuba umxhasi akasithembi isatifikethi se-spoof esivela kumncedisi ongomnye. Kwiilogi zesicelo sibona kwakhona ukuba isatifikethi somncedisi we-proxy asidluli ukuqinisekiswa kwaye inkqubo iyala ukusebenza.
Ukuhlohla isatifikethi somncedisi wommeli i-mitmproxy kwikhompyuter ngesicelo sePvtbox ukwenza isatifikethi "sithenjiwe". Faka iphakheji yezatifikethi zeca- kwikhompyuter yakho. Emva koko khuphela isatifikethi se-mitmproxy-ca-cert.pem kuluhlu lwe-.mitmproxy lweseva engummeli kwikhompyuter ngesicelo sePvtbox kwi/usr/local/share/ca-certificates directory.
Senza imiyalelo:
$ sudo openssl x509 -in mitmproxy-ca-cert.pem -yazisa iPEM -ngaphandle mitmproxy-ca-cert.crt
$ sudo uhlaziyo-ca-zatifikethi
Qalisa isicelo sePvtbox. Isatifikethi asiphumelelanga ukuqinisekiswa kwakhona kwaye inkqubo iyala ukusebenza. Isicelo mhlawumbi sisebenzisa indlela yokhuseleko Ukuphina isatifikethi.
Uhlaselo olufanayo lwenziwa kumninimzi umncedisi wesignali.pvtbox.net, kunye nonxibelelwano lontanga-2 ngokwalo phakathi kweenodi. Umphuhlisi ubonisa ukuba isicelo sokuseka unxibelelwano lwe-peer-2-peer isebenzisa i-webrtc protocol evulekileyo, esebenzisa i-end-to-end protocol encryption. DTLSv1.2.
Izitshixo zenziwa kulungiselelo ngalunye loqhagamshelwano kwaye lugqithiselwe kwitshaneli efihliweyo nge umncedisi wesignali.pvtbox.net.
Ngokwethiyori, kuyakwenzeka ukuba uthintele unikezelo lwe-webrtc kwaye uphendule imiyalezo, endaweni yezitshixo zoguqulelo oluntsonkothileyo kwaye ukwazi ukucofa yonke imiyalezo efika nge-webrtc. Kodwa akwenzekanga ukwenza uhlaselo lwe-mitm kwi-signalserver.pvtbox.net, ngoko ke akukho ndlela yokuthintela kunye nokubuyisela imiyalezo ethunyelwe nge-signalserver.pvtbox.net.
Ngokufanelekileyo, akunakwenzeka ukwenza olu hlaselo kwi-peer-2-peer connection.
Ifayile enezatifikethi ezibonelelwe ngenkqubo nayo yafunyanwa. Ifayile ikwi/opt/pvtbox/certifi/cacert.pem. Le fayile endaweni yayo ifakwe ifayile equlathe isatifikethi esithembekileyo esisuka kummeli wethu wemitmproxy. Isiphumo asizange sitshintshe - inkqubo yalile ukudibanisa kwinkqubo, impazamo efanayo yabonwa kwilogi,
ukuba isatifikethi asiphumeleli ukuqinisekiswa.
Iziphumo zophicotho
Andikwazanga ukunqanda okanye ukuqhatha itrafikhi. Amagama eefayile, nangaphezulu imixholo yazo, ikhutshelwa ngendlela entsonkothileyo ukusuka ekupheleni ukuya ekupheleni.
Ngenxa yoko, inkampani ithenge iiseva ezimbini ezinikezelweyo (ngokomzimba kwiindawo ezahlukeneyo) ukufikelela ngokusisigxina kulwazi. Iseva yokuqala isetyenziselwa ukufumana, inkqubo kunye nokugcina ulwazi, okwesibini isetyenziselwa ukugcina.
I-terminal yomsebenzi yomlawuli kunye nefowuni ephathwayo kwi-iOS yayiqhagamshelwe kwisiphumo selifu lomntu ngamnye. Abanye abasebenzi baqhagamshelwe ngumlawuli wenkqubo yexesha elizeleyo kunye nenkxaso yobugcisa yePvtbox.
Kwixesha elidlulileyo lexesha, akuzange kubekho zikhalazo ezivela kumhlobo. Ndiyathemba ukuba uphononongo lwam luya kunceda abafundi bakaHabr kwimeko efanayo.
umthombo: www.habr.com
