User Guide - 2langnic/GlobaLeaks GitHub Wiki

User Guide

This User Guide describes the added features/modified functionality to this fork of the GlobaLeaks project. The full documentation of GlobaLeaks can be found under https://github.com/globaleaks/GlobaLeaks/wiki#setup-guide

Added features / modified functionality for Administrators

Symmetric Encryption

The symmetric encryption feature makes GlobaLeaks usable only with username and password for the Receivers. The AES-Encryption with 256-Bit is used to encrypt the files and all relevant information in the database. The key is just stored in a python variable, which makes it hard for an attacker to read it out.

Installation

In the installation phase it is now possible to chose the symmetric encryption as encryption method. If selected, a 32 character long key has to be entered. This key is now used as master key. After the installation phase it is not possible to change the encryption method.

Rekeying

From time to time - best practice every 1 to 3 years - all information should be rekeyed. This can be done via the "Advanced Settings -> Tab "Symmetric Encryption Rekeying". You need to enter the old key to change the key.

Maintenance

When the system is restarted e. g. due to an OS patch, the key has to be entered once again. The system has a fall back mechanism that, if it is started again without a key entered, it starts in a Maintenance modus. In this modus you can not login nor do anything else. To enter the key, go to the url /#/symmcryptenterkey. This is the only available site in the Maintenance mode. After the correct key has been entered, the system goes back to normal operation mode.

Hide access stats for whistleblower

This option is accessible under "Advanced Settings -> Tab "Main Configuration". If activated the Whistleblower will not be able to see which Receiver are currently referenced to this tip and how many times the have accessed this tip.

Add / Remove Receiver from a tip

If a tip is by mistake added to the wrong context, this option gives a Receiver, who has activated this function, the possibility to add or remove Receiver from a tip. This option can be set for every Receiver in the "Receivers Configuration" menu.

Globally forcefully

There are sometimes some Receivers which should participate in all Tips entered in the system. If the "Global forcefully selected" option is activated, the Receiver will be shown in the submission above the context select and the Receiver is selected and not deselectable. All Receivers who have activated this option should not be added to a context. If they are added to context they will be shown under the context but not selected and are not selectable. This option can be set in for every Receiver in the "Receivers Configuration" in the select list "Configuration".

Modify footer links

The footer links e. g. "Contacts" or "Imprint" are modifiable in the "Advanced Settings -> Tab "Theme Customization". For every link a html file can be uploaded which could contain any valid html code. Automatically a close Button and a close symbol are added to the modal window which shows the content of the html. For modifying the size and color of the whole modal window please use the "Custom Stylesheet" functionality and modify the elements which represent these modal windows. The following example shows the names of the elements and sets the color of the text and the size of the modal window.

.mainFooter-dialog-Contacts .modal-dialog {
    width : 200px;
	height : 200px;
	color : yellow;
}

.mainFooter-dialog-Imprint .modal-dialog {
    width : 200px;
	height : 200px;
	color : blue;
}

.mainFooter-dialog-DataProtectionNotice .modal-dialog {
    width : 200px;
	height : 200px;
	color : purple;
}

.mainFooter-dialog-LegalNotice .modal-dialog {
    width : 200px;
	height : 200px;
	color : green;
}

Guidance for Administrators

Compromise of Password Storage

If an attacker was able to read out the database he also gets all the hash-values of the passwords of the users / administrators and the hash-value of the receipt ID. In this case the administrator should at first fix the leakage and then reset his own password. After that he should reset all passwords of the Receiver via the "Receiver Configuration" window and activate the option "Force Password Change". The safest way is to delete also all tips directly, because the receipt ID is also saved in the database. But sometimes the communication with the Whistleblower is very important, so the Receivers should balance the risk of exposing the Whistleblower and the information in this Tip with the risk of losing the contact to the Whistleblower. The Receivers should definitely delete all Tips on which they do not need any further informations from the Whistleblower.

If the used password hash-function "scrypt" was implemented badly or the alogrithm itself contains some bugs the administrator should also use the above mentioned way to reset all passwords after fixing or replacing the password hash-function.

Rekeying

A rekeying of all relevant information stored in the database / files should be done at least every 1 to 3 years. For this purpose the administrator can use the rekeying function mentioned above.

Added features for Receiver

Add / Remove Receiver from a Tip

This option has to be activated for a Receiver by the administrator. If activated the table "Receiver List" is shown in the Tip Overview. Every Receiver on the system is listed and could be added or deleted by the buttons "Add to Tip" and "Remove from Tip". If the Receiver with this option activated deletes all Receivers and at last himself the Tip will be permanently deleted.

Strengthen Password complexity

The password complexity rules are now:

  • At least one uppercase character (A-Z)
  • At least one number (0-9)
  • At least 10 characters long
  • At least one special character (e.g. #&%$)

Ⓚ 2011-2015, Hermes Center for Transparency and Digital Human Rights. All rights reversed.

⚠️ **GitHub.com Fallback** ⚠️