butter/likebutter.app
7
0
Fork 0
Code Issues 5 Pull requests Projects Releases Packages Wiki Activity Actions

i18n: update i18n files from po4a run
Some checks failed
ci / build_and_publish (push) Failing after 47s
Details

Browse source
This commit is contained in:
Chris Milne 2026-05-01 14:18:30 +01:00
parent d6d8be1eca
commit 1c2899a9d2
70 changed files with 3238 additions and 879 deletions
Download patch file Download diff file Expand all files Collapse all files

70
i18n/es/docusaurus-plugin-content-docs/current/security.mdx
View file

@ -1,17 +1,24 @@
---
description: How to Make a Butter Box Tamper Resistant
description: 'How to Make a Butter Box Tamper Resistant'
sidebar_position: 7
---
# Security
This guide was designed for deployments in hostile, semi-hostile, or low-trust environments, where devices may be inspected, confiscated, modified, or misused. It aims to provide practical recommendations to make the Butter Box more physically and digitally tamper-resistant.
This guide was designed for deployments in hostile, semi-hostile, or
low-trust environments, where devices may be inspected, confiscated,
modified, or misused. It aims to provide practical recommendations to make
the Butter Box more physically and digitally tamper-resistant.
Following the recommendations in this guide will help reduce risk, not guarantee absolute security. Butter Box is assumed to be a field-deployable, low-cost, offline system, so these recommendations prioritize realistic, maintainable protections.
Following the recommendations in this guide will help reduce risk, not
guarantee absolute security. Butter Box is assumed to be a field-deployable,
low-cost, offline system, so these recommendations prioritize realistic,
maintainable protections.
**Threat Model Assumptions**
Before applying controls, clearly define your deployment context. This guide assumes one or more of the following risks:
Before applying controls, clearly define your deployment context. This guide
assumes one or more of the following risks:
* Physical access by unauthorized users
* Device confiscation or inspection by authorities
@ -20,7 +27,8 @@ Before applying controls, clearly define your deployment context. This guide ass
* Network misuse or impersonation
* Credential reuse or default configuration abuse
Remember that controls should adapt to the local risk level, over-hardening can reduce usability and trust.
Remember that controls should adapt to the local risk level, over-hardening
can reduce usability and trust.
@ -28,7 +36,10 @@ Remember that controls should adapt to the local risk level, over-hardening can
#### Enclosure and Hardware Protection
Physical access to the Butter Box allows SD card cloning, firmware replacement, malware injection and broadcasting of malicious information. PCB are also delicate and should have additional protection to keep them safe from everyday handling and weather exposure.
Physical access to the Butter Box allows SD card cloning, firmware
replacement, malware injection and broadcasting of malicious
information. PCB are also delicate and should have additional protection to
keep them safe from everyday handling and weather exposure.
Recommendations:
@ -38,7 +49,7 @@ Recommendations:
| 1) Sealed enclosures | 2) Screws |
| --------------------------------- | --------------------------------------- |
| ![](/img/docs/unknown.jpeg) | ![](</img/docs/unknown (1).jpeg>) |
| ![](/img/docs/unknown.jpeg) | ![](</img/docs/unknown_1.jpeg>) |
#### ![](</img/docs/void-tamper-evident seal.png>)
@ -53,29 +64,40 @@ Recommendations:
Optional (higher risk contexts):
1. Epoxy Resin. Electronico potting solutions protect Printed Circuit Boards from extreme temperatures, moisture, vibration, and other environmental threats.
1. Epoxy Resin. Electronico potting solutions protect Printed Circuit
Boards from extreme temperatures, moisture, vibration, and other
environmental threats.
2. Physically block SD card removal
| Epoxy Resin | Epoxy Resin |
| --------------------------------------- | --------------------------------------- |
| ![](</img/docs/unknown (3).jpeg>) | ![](</img/docs/unknown (4).jpeg>) |
| ![](</img/docs/unknown_3.jpeg>) | ![](</img/docs/unknown_4<br/>.jpeg>) |
#### ![](</img/docs/unknown (5).jpeg>)
#### ![](</img/docs/unknown_5.jpeg>)
#### Power & Port Management
Recommendations:
1. Disable or physically block unused ports (USB, HDMI). Inexpensive physical port blockers can be used to reduce the risk of tampering with the Butter Box by preventing unauthorized access to exposed interfaces. These blockers limit the ability of bad actors to inject malicious code, connect unauthorized peripherals, or broadcast unwanted content. Ports are sealed with plastic blockers that can only be removed using a dedicated key included in the deployment kit.
2. Avoid exposing Ethernet ports unless required. Ethernet ports should remain disabled or physically blocked unless they are explicitly required for the deployment. When Ethernet access is necessary, its use should be clearly documented and limited to trusted operators.
1. Disable or physically block unused ports (USB, HDMI). Inexpensive
physical port blockers can be used to reduce the risk of tampering with
the Butter Box by preventing unauthorized access to exposed
interfaces. These blockers limit the ability of bad actors to inject
malicious code, connect unauthorized peripherals, or broadcast unwanted
content. Ports are sealed with plastic blockers that can only be removed
using a dedicated key included in the deployment kit.
2. Avoid exposing Ethernet ports unless required. Ethernet ports should
remain disabled or physically blocked unless they are explicitly required
for the deployment. When Ethernet access is necessary, its use should be
clearly documented and limited to trusted operators.
3. Use short internal cables to reduce easy probing
4. Label power banks generically (avoid project names)
| USB & HDMI | Ethernet Ports |
| --------------------------------------- | --------------------------------------- |
| ![](</img/docs/unknown (6).jpeg>) | ![](</img/docs/unknown (7).jpeg>) |
| ![](</img/docs/unknown_6.jpeg>) | ![](</img/docs/unknown_7.jpeg>) |
#### Environmental & Operational Practices
@ -84,7 +106,8 @@ Recommendations:
* Store boxes in controlled locations when not in use
* Rotate devices periodically in long deployments
* Assume devices may be copied or lost
* Treat Butter Boxes as semi-disposable infrastructure, not personal devices.<br/>
* Treat Butter Boxes as semi-disposable infrastructure, not personal
devices.
### Section 2: Digital Tamper Resistance
@ -96,18 +119,27 @@ SSH
* By default, the pi user has the password butterbox-admin.
* Change this password by sshing into the pi and running passwd.
* If you'd prefer to use an SSH key, be sure to disable password access once you enable key-based access.
* If you'd prefer to use an SSH key, be sure to disable password access once
you enable key-based access.
RaspAP
* The access point has an administrative interface that can be used to change its settings.
* The access point has an administrative interface that can be used to
change its settings.
* Defaults: user: admin, password: secret (ironically, this is not secret).
* Change this by logging in at[ http://butterbox.lan/admin](http://butterbox.lan/admin) (or[ http://comolamantequilla.lan/admin](http://comolamantequilla.lan/admin) for a Spanish language box) and using the Web UI.
* Change this by logging in at
[http://butterbox.lan/admin](http://butterbox.lan/admin) (or
[http://comolamantequilla.lan/admin](http://comolamantequilla.lan/admin)
for a Spanish language box) and using the Web UI.
Chat
* The local chat was created by an administrative user called butterbox-admin. The password for this user is also butterbox-admin.
* Change this password by logging into the Butter Box, going to the public chatroom, then visiting your user profile and updating the password. At your discretion, you may also wish to change the name from butterbox-admin so that other users will recognize you.
* The local chat was created by an administrative user called
butterbox-admin. The password for this user is also butterbox-admin.
* Change this password by logging into the Butter Box, going to the public
chatroom, then visiting your user profile and updating the password. At
your discretion, you may also wish to change the name from butterbox-admin
so that other users will recognize you.
Best practices: