From be856bc6e8d669a06b01d5d2e878e5c0773e45c9 Mon Sep 17 00:00:00 2001 From: Davide Marini Date: Thu, 28 May 2026 15:49:38 +0200 Subject: [PATCH 1/7] chore: multiple openvpn tunnels (#268) Added section on managing multiple OpenVPN tunnels for site-to-site connections, emphasizing the importance of separate configurations. --- openvpn_tunnels.rst | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/openvpn_tunnels.rst b/openvpn_tunnels.rst index a3851b7c..f663eb2d 100644 --- a/openvpn_tunnels.rst +++ b/openvpn_tunnels.rst @@ -70,6 +70,16 @@ The web interface allows the configuration of advanced features like: * ``Enforce a minimum TLS version``: Allows you to choose a minimum version of TLS, in which case connections will only be allowed from devices that use a version greater than or equal to the one selected +Multiple OpenVPN tunnels +------------------------ +If a NethSecurity must act as the VPN server for multiple remote firewalls, create a dedicated OpenVPN tunnel for each remote peer. +The UI-supported and recommended model is one server/client pair per site-to-site connection, for example, a central firewall connected to three remote firewalls should have three separate OpenVPN server tunnels, each with its own client configuration imported on the corresponding remote firewall. + +This approach allows each tunnel to be managed independently, with separate configuration, certificates, routes, status, monitoring, and troubleshooting. +It also prevents issues on one remote connection from affecting the operational management of the others. + +Do not use a single OpenVPN server tunnel shared by multiple remote clients for site-to-site configurations managed from the UI. + MTU Issue and Packet Fragmentation ---------------------------------- @@ -179,4 +189,4 @@ In this scenario, you've to proceed with the generation of a completely new PKI. These commands will generate a new CA certificate, as well as new server and client certificates signed by the new CA. In this scenario, it is **mandatory** to download and import the new client configuration on the client side to restore the connection, so make sure to do it as soon as possible to minimize downtime. -All considerations remain the same as for Road Warrior connections. If the expired certificate is the CA certificate, you have to generate a completely new PKI, while if the expired certificate is the server or client one, you can regenerate it using the dedicated action. \ No newline at end of file +All considerations remain the same as for Road Warrior connections. If the expired certificate is the CA certificate, you have to generate a completely new PKI, while if the expired certificate is the server or client one, you can regenerate it using the dedicated action. From 03ba2be3d65fc3eafd2ae321eac6566c4145e210 Mon Sep 17 00:00:00 2001 From: Tommaso Bailetti Date: Fri, 29 May 2026 14:41:57 +0200 Subject: [PATCH 2/7] feat: adjustments to netifyd bypasses documentation (#279) * feat(uci): added documentation on how to handle lists * feat(netifyd): added netifyd new bypass methods --- dpi_filter.rst | 35 ++++++++++------------------------- uci.rst | 27 +++++++++++++++++++++++++++ 2 files changed, 37 insertions(+), 25 deletions(-) diff --git a/dpi_filter.rst b/dpi_filter.rst index 2230a6f4..3428d45d 100644 --- a/dpi_filter.rst +++ b/dpi_filter.rst @@ -60,35 +60,20 @@ You can include a description explaining the reason for the exclusion. Each exception can be enabled or disabled as desired. -Netify interface exclusion --------------------------- +Netify traffic bypass +--------------------- -By default, Netifyd monitors all interfaces. To exclude specific interfaces, you can define an exclusion list. Below are commands to add, modify, or remove excluded interfaces. -The exclusion list is configured using the ``ns_exclude`` option that takes a list of patterns. Each entry is a shel glob pattern. +By default, Netifyd processes all traffic passing from, to and out of the firewall. In some cases it may be desiderable to completely ignore traffic analysis on some specific hosts or subnets. The exclusions is configured using the `bypassv4` and `bypassv6` options that take a list of IP addresses or CIDR subnets. Bypasses can have a description to explain the reason for the bypass, separated by a `|` pipe character after the IP. -- Add interfaces to exclusion list. The system will exclude the `eth1` interface and all OpenVPN and WireGuard interfaces: :: +To add a new bypass entry, use the following command: :: - uci add_list netifyd.@netifyd[0].ns_exclude='eth1' - uci add_list netifyd.@netifyd[0].ns_exclude='tun*' - uci add_list netifyd.@netifyd[0].ns_exclude='wg*' + uci add_list netifyd.config.bypassv4='10.45.23.0/24|Remote network' + uci add_list netifyd.config.bypassv4='192.168.5.164|Critical host' uci commit netifyd - echo '{"changes": {"network": {}}}' | /usr/libexec/rpcd/ns.commit call commit + reload_config -In this case the system will exclude interface ``eth1``, all WireGuard ``wgX`` interfaces and all OpenVPN routed interfaces. - -- Modify exclusion list: :: +To edit and manage uci entries, refer to the :ref:`UCI list management ` section. - uci delete netifyd.@netifyd[0].ns_exclude='eth1' - uci add_list netifyd.@netifyd[0].ns_exclude='eth2' - uci commit netifyd - echo '{"changes": {"network": {}}}' | /usr/libexec/rpcd/ns.commit call commit - -- Clear exclusion list: :: - - uci delete netifyd.@netifyd[0].ns_exclude - uci commit netifyd - echo '{"changes": {"network": {}}}' | /usr/libexec/rpcd/ns.commit call commit - -- Return the exclusion list: :: +You can visualize the applied bypass entries and netifyd capture configuration using the following command: :: - uci show netifyd.@netifyd[0].ns_exclude + nft list table inet netifyd diff --git a/uci.rst b/uci.rst index 04ea9306..32deca79 100644 --- a/uci.rst +++ b/uci.rst @@ -174,6 +174,33 @@ Delete operations # Delete an entire section uci delete .
+.. _uci-lists: + +LISTS - Editing List Options +============================ + +Lists are a special type of option that can contain multiple values. + +Add a value to a list +--------------------- + +Use the ``uci add_list`` command to add values to a list, the command creates the list if it does not already exist. + +.. code-block:: bash + + uci add_list .
.='' + +Remove a value from a list +-------------------------- + +To remove the last value from a list, use the ``uci del_list``, you must specify the value to be removed. + +.. code-block:: bash + + uci del_list .
.='' + +To remove all values from a list, use the ``uci delete`` command as explained in the previous section. + COMMIT - Saving Changes ======================= From 509eff537a06a8b9f766416cdfd86463f6be2573 Mon Sep 17 00:00:00 2001 From: Giacomo Sanchietti Date: Wed, 3 Jun 2026 15:29:58 +0200 Subject: [PATCH 3/7] docs: add DigitalOcean DDNS example and split DNS guidance (#267) --- ddns.rst | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/ddns.rst b/ddns.rst index 9807e179..377fc154 100644 --- a/ddns.rst +++ b/ddns.rst @@ -85,6 +85,41 @@ Additional notes: - Consider enabling logging for the DDNS service to monitor updates and troubleshoot any issues. - Some providers may offer advanced features like wildcards and subdomain updates. Explore these options based on your specific needs. +Example: DigitalOcean (DO) +^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The following example uses the fictional ``firewall.example.net`` setup on NethSecurity. +The DigitalOcean API token is intentionally redacted; replace it with your own token. :: + + uci set ddns.do=service + uci set ddns.do.service_name='digitalocean.com-v2' + uci set ddns.do.lookup_host='firewall.example.net' + uci set ddns.do.domain='example.net' + uci set ddns.do.username='firewall' + uci set ddns.do.password='REDACTED_DIGITALOCEAN_API_TOKEN' + uci set ddns.do.param_opt='21694203' + uci set ddns.do.enabled='1' + uci set ddns.do.interface='wan' + uci set ddns.do.ip_source='network' + uci set ddns.do.ip_network='wan' + uci commit ddns + /etc/init.d/ddns restart + +The relevant DigitalOcean fields are: + +- ``domain``: the domain managed in DigitalOcean +- ``username``: the hostname label to update +- ``password``: the personal access token +- ``param_opt``: the DNS record ID for that hostname + +To list the records and find the ID, run:: + + curl -X GET -H 'Content-Type: application/json' \ + -H "Authorization: Bearer TOKEN" \ + "https://api.digitalocean.com/v2/domains/DOMAIN/records" + +Replace ``TOKEN`` and ``DOMAIN`` with your own values. + Example: afraid.org (FreeDNS) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -135,6 +170,20 @@ The domain is named "nstest1.freeddns.it" and the username and password are "nst uci commit ddns /etc/init.d/ddns restart +Split DNS +--------- + +Some deployments publish the same hostname inside the LAN and on the public internet. +If ``lookup_host`` resolves to a private address on the firewall itself, DDNS can compare the public WAN IP against the internal answer and keep retrying even when the provider update succeeded. + +The recommended fix is to make DDNS query an external resolver for the lookup instead of the local split-DNS answer. For example:: + + uci set ddns.do.dns_server='1.1.1.1' + uci commit ddns + /etc/init.d/ddns restart + +This keeps split DNS for LAN clients while the DDNS client validates the public record. + Using Luci ---------- From 15f79ec5d12fc36cbc02356a0cf2956e02f2946b Mon Sep 17 00:00:00 2001 From: Davide Marini Date: Mon, 15 Jun 2026 14:25:39 +0200 Subject: [PATCH 4/7] chore: document interaction with port forward rules (#280) --- reverse_proxy.rst | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/reverse_proxy.rst b/reverse_proxy.rst index d5f43968..1a14ea93 100644 --- a/reverse_proxy.rst +++ b/reverse_proxy.rst @@ -41,6 +41,13 @@ Additional information: .. _reverse_proxy-http-section: +Interaction with port forward rules +----------------------------------- + +Reverse proxy uses only port 443, if a port forward rule is also configured on port 443, the port forward rule always takes precedence. +In this case, HTTPS traffic is forwarded according to the port forward rule and the reverse proxy rule is not applied because no traffic reaches the web server running on the firewall itself. +To use the reverse proxy, make sure that no port forward rule is configured on port 443 for the same WAN address. + Proxy on port 80 (HTTP) ----------------------- From ba58e33aa776f872077bedd18462eb1ee380810a Mon Sep 17 00:00:00 2001 From: Davide Marini Date: Thu, 18 Jun 2026 11:15:57 +0200 Subject: [PATCH 5/7] chore: refactor admin users and logs (#281) Admin users page added, log moved in a specific section instead of advanced to give more visibility. User database now contains a link to specific section for administrative users --- administrative_users.rst | 189 +++++++++++++++++++++++++++++++++++++++ index.rst | 8 +- logs.rst | 96 ++++++++++++++++---- remote_access.rst | 97 -------------------- users_databases.rst | 4 +- 5 files changed, 277 insertions(+), 117 deletions(-) create mode 100644 administrative_users.rst diff --git a/administrative_users.rst b/administrative_users.rst new file mode 100644 index 00000000..88b8c8a4 --- /dev/null +++ b/administrative_users.rst @@ -0,0 +1,189 @@ +.. _administrative_users-section: + +==================== +Administrative users +==================== + +NethSecurity allows local users to be granted administrative access to the web interface. Administrative users should be personal accounts assigned to individual operators, so that actions can be attributed to a specific user in the logs. + +This page explains how administrative users work, how MFA applies to administrators, how administrative actions are logged, and how to reconstruct administrator activity for troubleshooting and audit purposes. + +Administrative account types +============================ + +NethSecurity uses the following administrative account types: + +* ``root``: local system account. It should be reserved for emergency or recovery operations whenever possible. +* Administrative users: local users with the **Administrator user** option enabled. They can access the NethSecurity UI and perform administrative operations. +* Non-administrative users: local or remote users used for services such as VPN or authentication, without access to the NethSecurity UI. + +.. note:: + + Administrative access should be granted only to trusted operators. + +Creating administrative users +----------------------------- + +Administrative users are created from the local users database. + +To create an administrative user: + +1. Create a local user. +2. Set a password for the user. +3. Enable the **Administrator user** option. +4. Save the configuration. + +For general information about local and remote user databases, see :ref:`users_databases-section`. + +.. _2fa-section: + +NethSecurity UI 2FA +=================== + +Protecting your NethSecurity administrator account is crucial, and Two-Factor Authentication (2FA) adds an extra layer of security beyond just a password. +2FA requires two verification steps when logging in. Instead of just a password, you'll also need a temporary code generated by a separate app on +your smartphone or tablet. This significantly reduces the risk of unauthorized access even if your password is compromised. + +Enabling 2FA on NethSecurity UI: + +- Log in to your NethSecurity web interface +- Click on the user icon in the top right corner and select ``Account settings`` +- Find the Two-factor authentication option and click :guilabel:`Configure 2FA` + +Setting up your authenticator app: + +- Download an authenticator app on your smartphone or tablet. Popular options include FreeOTP, Google Authenticator, and Microsoft Authenticator. +- Open the app and scan the QR code displayed on the NethSecurity web interface. This will add your NethSecurity account to the authenticator app. +- Enter the 6-digit code displayed by your authenticator app in the One-Time Password (OTP) field on the NethSecurity web interface. + +The system will also provide you with a set of backup codes. These codes can be used to log in if you lose your smartphone or authenticator app. +Store these codes securely, preferably offline. + +Disable 2FA via the web interface +--------------------------------- + +If the administrator can still log in to the web interface: + +1. Click the user icon in the top-right corner and select ``Account settings``. +2. Scroll to the ``Two-factor authentication`` section. +3. Click ``Revoke 2FA``. +4. A confirmation dialog appears warning that the security level will be reduced. + Click ``Revoke 2FA`` to confirm. +5. If prompted, enter your current password to authorize the change. + +After the confirmation the status badge changes to disabled and the next login will no +longer require an OTP. + +Disable 2FA from the command line (emergency recovery) +------------------------------------------------------- + +If an administrator has lost both the OTP device and the recovery codes and can no +longer log in to the web interface, 2FA can be reset directly from the shell as ``root`` +over SSH. + +Run the following commands, replacing `` with the administrator account name +(use ``root`` for the default administrator): :: + + SECRETS_DIR=/etc/ns-api-server + USERNAME=root # change to the affected username + + rm -f "${SECRETS_DIR}/${USERNAME}/secret" + rm -f "${SECRETS_DIR}/${USERNAME}/codes" + printf '0' > "${SECRETS_DIR}/${USERNAME}/status" + +After these commands the user can log in with just their password. 2FA can be +re-enabled at any time from the web interface. + +.. note:: + + Only the ``root`` account has SSH access by default. Non-root administrators + cannot be recovered from SSH by the affected user themselves; an existing ``root`` + session is required to run the commands above on their behalf. + + +Root and emergency access +========================= + +The ``root`` account is the main local system account, it should be treated as an emergency or recovery account and should not be used for ordinary administrative activity when personal administrative users are available. +Use personal administrative accounts for daily operations, so that actions can be attributed to individual users in the logs. + +Administrative activity logging +=============================== + +NethSecurity logs administrative activity performed through the web interface in ``/var/log/messages``. +Administrative logs can support troubleshooting, incident analysis, and audit reconstruction. + +Where to find administrative logs +--------------------------------- + +Logs are written in ``/var/log/messages`` and rotated on a weekly base, they are visible from the UI in their dedicated section. +To see administrative UI events use the filter ``nethsecurity-api``. + +For long-term retention and centralized audit, configure persistent log storage, remote syslog forwarding, Controller log forwarding, or Cloud Log Manager. For details, see :ref:`logs-section`. + +Reconstructing administrator actions +------------------------------------ + +To reconstruct administrator activity, start from the login event and then review the following UI/API authorization and commit events for the same user, the logs allow to answer questions such as: + +* who logged in; +* when the administrator accessed the firewall; +* which UI pages or API functions were used; +* which configuration areas were changed; +* which values were submitted; +* whether a change was committed; +* whether the action was followed by service errors or security events. + +Every time an administrator logs in to the NethSecurity UI, the system logs the event, inside the `/var/log/messages` file. +Example of login event for user `goofy`: :: + + Jun 21 09:43:19 NethSec nethsecurity-api[5376]: nethsecurity_api 2024/06/21 09:43:19 middleware.go:78: [INFO][AUTH] authentication success for user goofy + Jun 21 09:43:19 NethSec nethsecurity-api[5376]: nethsecurity_api 2024/06/21 09:43:19 middleware.go:186: [INFO][AUTH] login response success for user o + +Example of logout event for user `goofy`: :: + + Jun 21 09:46:13 NethSec nethsecurity-api[5376]: nethsecurity_api 2024/06/21 09:46:13 middleware.go:214: [INFO][AUTH] logout response success for user goofy + + +Also every action performed by an administrator inside the NethSecurity UI is logged inside the `/var/log/messages` file. +Example of action performed by user `goofy`: :: + + Jun 21 09:43:19 NethSec nethsecurity-api[5376]: nethsecurity_api 2024/06/21 09:43:19 middleware.go:170: [INFO][AUTH] authorization success for user goofy. POST /api/ubus/call {"path":"ns.dashboard","method":"service-status","payload":{"service":"internet"}} + +Audit and compliance recommendations +------------------------------------ + +For audit-oriented deployments: + +* create a personal administrative account for each operator; +* avoid shared administrative accounts; +* enable MFA for all administrative users; +* reserve ``root`` for emergency or recovery operations whenever possible; +* use strong passwords and protect recovery codes; +* configure persistent log storage or remote log forwarding; +* forward logs to a remote syslog server, SIEM, Controller, or Cloud Log Manager; +* verify that log forwarding is working correctly; +* ensure that date, time, and timezone are correct, preferably using NTP; +* define log retention according to the organization security policy; +* protect remote logs from unauthorized access or deletion; +* periodically review administrative access and configuration change logs. + +NethSecurity logs can support audit reconstruction and incident analysis. +Organizational processes such as change approval, periodic review, incident classification, and evidence preservation remain the responsibility of the organization operating the firewall. + +Current limitations +------------------- + +Administrative activity logs are technical logs intended to support troubleshooting and audit reconstruction. + +Administrators should be aware of the following limitations: + +* NethSecurity does not currently provide a full local RBAC model for web administrators; +* a dedicated local read-only administrator role is not currently available; +* administrative users should therefore be assigned only to trusted operators; +* some log entries may require correlation with configuration commit logs or related service logs; +* an authorization event means that the API request was allowed, but related logs should be checked to confirm the final effect of the operation; +* not every log entry necessarily contains the same fields; +* local in-memory logs may be lost after reboot or rotation unless persistent storage or remote forwarding is configured. + +For long-term audit requirements, use remote log forwarding or Cloud Log Manager in addition to local logs. diff --git a/index.rst b/index.rst index b4f38f57..bc85f71b 100644 --- a/index.rst +++ b/index.rst @@ -65,6 +65,7 @@ NethSecurity administrator manual :caption: Users and objects users_databases + administrative_users objects .. toctree:: @@ -97,6 +98,12 @@ NethSecurity administrator manual ipsec_tunnels wireguard +.. toctree:: + :maxdepth: 2 + :caption: Logs + + logs + .. toctree:: :maxdepth: 2 :caption: High Availability @@ -115,7 +122,6 @@ NethSecurity administrator manual smtp snmp custom_openvpn_tunnel - logs speedtest ups wol diff --git a/logs.rst b/logs.rst index cd54dede..20d601db 100644 --- a/logs.rst +++ b/logs.rst @@ -4,21 +4,56 @@ Logs ==== -Logs are initially written to a temporary in-memory directory to prevent potential errors on the root file system in case of a failure. +Logs are used for troubleshooting, operational monitoring, incident analysis, and audit reconstruction. +Depending on the installation type and available services, logs can be **stored on persistent local storage** and/or **forwarded to external systems** for centralized collection, retention, and analysis, such as: -1. **Local Storage**: Logs can be written directly to storage. This can be configured from the UI, see the :ref:`storage-section`. +* remote syslog server +* NethSecurity Controller +* Nethesis Cloud Log Manager + -2. **Remote Controller**: Logs can be automatically forwarded to a :ref:`remote controller `. +For audit, troubleshooting, and long-term retention, persistent storage or remote log forwarding is recommended. -3. **Custom Syslog Forwarder**: Logs can be sent to a remote syslog server. +Log storage +=========== -4. **Cloud Log Manager**: Logs can be forwarded to the Nethesis Cloud Log Manager (CLM) service. +NethSecurity can store logs in different ways depending on the installation type and the available storage. + +Physical appliances +------------------- + +On NethSecurity physical appliances, **persistent storage is configured automatically** and used to store logs. +When persistent storage is available, logs are saved on disk and managed by log rotation. + +Virtual machines +---------------- + +On virtual machines, persistent storage must be configured explicitly. +For audit, troubleshooting, and long-term retention, it is recommended to attach and configure a dedicated virtual disk for logs. + +For details about how to set and verify storage configuration see the storage section :ref:`storage-section`. + +In-memory logs +-------------- + +If persistent storage is not configured, logs are written to a temporary in-memory directory. +This prevents potential errors on the root file system in case of failure, but it is not suitable for long-term retention. +In-memory logs are useful for short-term troubleshooting only. For audit-oriented deployments, configure persistent storage or remote log forwarding. + +OpenVPN connection history +========================== + +OpenVPN connection history is permanently saved on all systems equipped with persistent storage. +This allows administrators to review historical OpenVPN connection activity on systems with storage. +OpenVPN connection logs can be useful to reconstruct VPN access history, support troubleshooting, and provide evidence during audit or incident analysis. -The next paragraphs will explain how to configure these latter options. Forwarding to a remote server ============================= +NethSecurity can forward logs to a remote syslog server. +Remote log forwarding is recommended when logs must be centralized, retained for a longer period, protected from local deletion, or integrated with a SIEM or external monitoring system. + It is sufficient to configure the UCI database with the desired options, then commit the changes, and finally restart the service. Temporary logs will continue to be visible in ``/var/log/messages`` and will also be sent to the remote server. @@ -119,15 +154,24 @@ To stop and disable the forwarder: :: .. _log-rotation-section: -Log rotation -============ + + +Log rotation and retention +========================== Logs are rotated to manage disk space and ensure that log files do not grow indefinitely. +Storage log rotation +-------------------- + +When using persistent storage, log rotation is managed by the ``logrotate`` utility, which is configured to rotate logs weekly and keep a maximum of 52 weeks (1 year) of logs. +After rotation, the logs are compressed using gzip and stored in the same directory with a naming convention that includes the date of rotation (e.g., ``/mnt/data/log/messages-20260315.gz``). + + In-memory log rotation ---------------------- -The ``/var/log/messages`` log file is stored in RAM and it's rotated based on size. +If a storage is not present the ``/var/log/messages`` log file is stored in RAM and it's rotated based on size. Once it reaches a predefined size limit, the log is rotated and compressed to conserve space. The rotated log is saved as ``/var/log/messages.1.gz`` in gzip format. The system retains only two versions of the log: the active log file and the latest rotated, compressed file. From version 1.4.0, by default, the log rotation threshold is set to 10% of the tmpfs filesystem mounted at ``/tmp``. @@ -171,13 +215,31 @@ All changes to the log rotation size are directly written in the Rsyslog configu .. _storage-log-rotation-section: -Storage log rotation --------------------- -When using persistent storage, log rotation is managed by the ``logrotate`` utility, which is configured to rotate logs weekly and keep a maximum of -52 weeks (1 year) of logs. -After rotation, the logs are compressed using gzip and stored in the same directory with a naming convention that includes the date of rotation -(e.g., ``/mnt/data/log/messages-20260315.gz``). -The configuration file for logrotate is located at ``/etc/logrotate.d/data.conf`` and can be modified to change the rotation frequency and retention period as needed. -The configuration file is automatically added to the backup and preserved during upgrades, so any custom settings persist. \ No newline at end of file +Audit and compliance recommendations +==================================== + +For audit and compliance-oriented deployments, use persistent storage or remote log forwarding. + +Recommended setup: + +* on physical appliances, use the automatically configured storage; +* on virtual machines, configure a dedicated virtual disk for log storage; +* configure remote syslog forwarding, Controller forwarding, or Cloud Log Manager when centralized retention is required; +* verify that system time is synchronized with NTP; +* define a retention policy aligned with the organization security requirements; +* protect remote logs from unauthorized access or deletion; +* periodically verify that logs are correctly collected and forwarded; +* periodically review administrative access, configuration changes, VPN access, and relevant security events. + +Local persistent storage provides useful historical information, but for stronger audit requirements it is recommended to forward logs to an external system such as a syslog server, SIEM, Controller, or Cloud Log Manager. + +Related information +------------------- + +Administrative actions performed through the NethSecurity UI are logged in `/var/log/messages`. +For details about administrative users, administrative audit logs, and how to reconstruct administrator activity, see the Administrative users section :ref:`administrative_users-section`. + + + diff --git a/remote_access.rst b/remote_access.rst index a94dee3b..58da5340 100644 --- a/remote_access.rst +++ b/remote_access.rst @@ -181,103 +181,6 @@ To disable the nginx version from being displayed in the NethSecurity UI HTTP he This configuration only affects the NethSecurity UI. The reverse proxy has its own separate configuration. -.. _2fa-section: - -NethSecurity UI 2FA -=================== - -Protecting your NethSecurity administrator account is crucial, and Two-Factor Authentication (2FA) adds an extra layer of security beyond just a password. -2FA requires two verification steps when logging in. Instead of just a password, you'll also need a temporary code generated by a separate app on -your smartphone or tablet. This significantly reduces the risk of unauthorized access even if your password is compromised. - -Enabling 2FA on NethSecurity UI: - -- Log in to your NethSecurity web interface -- Click on the user icon in the top right corner and select ``Account settings`` -- Find the Two-factor authentication option and click :guilabel:`Configure 2FA` - -Setting up your authenticator app: - -- Download an authenticator app on your smartphone or tablet. Popular options include FreeOTP, Google Authenticator, and Microsoft Authenticator. -- Open the app and scan the QR code displayed on the NethSecurity web interface. This will add your NethSecurity account to the authenticator app. -- Enter the 6-digit code displayed by your authenticator app in the One-Time Password (OTP) field on the NethSecurity web interface. - -The system will also provide you with a set of backup codes. These codes can be used to log in if you lose your smartphone or authenticator app. -Store these codes securely, preferably offline. - -Disable 2FA via the web interface ---------------------------------- - -If the administrator can still log in to the web interface: - -1. Click the user icon in the top-right corner and select ``Account settings``. -2. Scroll to the ``Two-factor authentication`` section. -3. Click ``Revoke 2FA``. -4. A confirmation dialog appears warning that the security level will be reduced. - Click ``Revoke 2FA`` to confirm. -5. If prompted, enter your current password to authorize the change. - -After the confirmation the status badge changes to disabled and the next login will no -longer require an OTP. - -Disable 2FA from the command line (emergency recovery) -------------------------------------------------------- - -If an administrator has lost both the OTP device and the recovery codes and can no -longer log in to the web interface, 2FA can be reset directly from the shell as ``root`` -over SSH. - -Run the following commands, replacing `` with the administrator account name -(use ``root`` for the default administrator): :: - - SECRETS_DIR=/etc/ns-api-server - USERNAME=root # change to the affected username - - rm -f "${SECRETS_DIR}/${USERNAME}/secret" - rm -f "${SECRETS_DIR}/${USERNAME}/codes" - printf '0' > "${SECRETS_DIR}/${USERNAME}/status" - -After these commands the user can log in with just their password. 2FA can be -re-enabled at any time from the web interface. - -.. note:: - - Only the ``root`` account has SSH access by default. Non-root administrators - cannot be recovered from SSH by the affected user themselves; an existing ``root`` - session is required to run the commands above on their behalf. - -.. _admin_users-section: - -NethSecurity UI administrators -============================== - -The default user for accessing the user web interface is root, but it is possible to create other administrator users with access only to the web interface. - -To create a user in the local database, enter the `Username` and `Display name`. -Ensure to set a password for the user; this is mandatory for administrator users. -If the user needs administrative access to the web interface, enable the `Administrator user` option. - -It is possible to grant or remove administrative access only to users residing in the local database. - -Auditing user actions ---------------------- - -Every time an administrator logs in to the NethSecurity UI, the system logs the event, inside the `/var/log/messages` file. -Example of login event for user `goofy`: :: - - Jun 21 09:43:19 NethSec nethsecurity-api[5376]: nethsecurity_api 2024/06/21 09:43:19 middleware.go:78: [INFO][AUTH] authentication success for user goofy - Jun 21 09:43:19 NethSec nethsecurity-api[5376]: nethsecurity_api 2024/06/21 09:43:19 middleware.go:186: [INFO][AUTH] login response success for user o - -Example of logout event for user `goofy`: :: - - Jun 21 09:46:13 NethSec nethsecurity-api[5376]: nethsecurity_api 2024/06/21 09:46:13 middleware.go:214: [INFO][AUTH] logout response success for user goofy - - -Also every action performed by an administrator inside the NethSecurity UI is logged inside the `/var/log/messages` file. -Example of action performed by user `goofy`: :: - - Jun 21 09:43:19 NethSec nethsecurity-api[5376]: nethsecurity_api 2024/06/21 09:43:19 middleware.go:170: [INFO][AUTH] authorization success for user goofy. POST /api/ubus/call {"path":"ns.dashboard","method":"service-status","payload":{"service":"internet"}} - SSH === diff --git a/users_databases.rst b/users_databases.rst index bf01d2e8..6f3ecab6 100644 --- a/users_databases.rst +++ b/users_databases.rst @@ -28,8 +28,8 @@ When configuring a local user, you should fill all the following fields: The local user database is implemented as UCI configuration file. Passwords of local users are stored in the Unix passwd format, ensuring compatibility and security in the local user database. -Users inside the local database can be granted :ref:`administrative privileges ` on the web user interface by enabling the ``Administrator user`` option. -The user must have a password set. +Users inside the local database can be granted administrative privileges on the web user interface by enabling the ``Administrator user`` option, the user must have a password set. +Please refer to to section :ref:`administrative_users-section`. .. _remote_user_databases-section: From 68248bb501168982f9cbf07ecf24532e05bfb600 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 18 Jun 2026 13:57:02 +0200 Subject: [PATCH 6/7] chore(i18n): update Italian translation (#271) Co-authored-by: gsanchietti <804596+gsanchietti@users.noreply.github.com> --- locale/it/LC_MESSAGES/administrative_users.po | 578 ++++++++++++++++++ locale/it/LC_MESSAGES/ddns.po | 176 ++++-- locale/it/LC_MESSAGES/dpi_filter.po | 132 ++-- locale/it/LC_MESSAGES/index.po | 26 +- locale/it/LC_MESSAGES/logs.po | 448 +++++++++----- locale/it/LC_MESSAGES/openvpn_tunnels.po | 183 +++--- locale/it/LC_MESSAGES/reverse_proxy.po | 148 +++-- locale/it/LC_MESSAGES/uci.po | 169 +++-- locale/it/LC_MESSAGES/users_databases.po | 171 +++--- 9 files changed, 1463 insertions(+), 568 deletions(-) create mode 100644 locale/it/LC_MESSAGES/administrative_users.po diff --git a/locale/it/LC_MESSAGES/administrative_users.po b/locale/it/LC_MESSAGES/administrative_users.po new file mode 100644 index 00000000..be6f687c --- /dev/null +++ b/locale/it/LC_MESSAGES/administrative_users.po @@ -0,0 +1,578 @@ +# +msgid "" +msgstr "" + +#: ../../administrative_users.rst:5 c1fb230a99e54e4aa413f6635dd5b16a +msgid "Administrative users" +msgstr "Utenti amministrativi" + +#: ../../administrative_users.rst:7 4bd9dca96f444e289d94d59ecc436769 +msgid "" +"NethSecurity allows local users to be granted administrative access to the " +"web interface. Administrative users should be personal accounts assigned to " +"individual operators, so that actions can be attributed to a specific user " +"in the logs." +msgstr "" +"NethSecurity consente agli utenti locali di ottenere l’accesso " +"amministrativo all’interfaccia web. Gli utenti amministrativi dovrebbero " +"essere account personali assegnati ai singoli operatori, in modo che le " +"azioni possano essere attribuite a uno specifico utente nei log." + +#: ../../administrative_users.rst:9 0bac3272a1814c6eaadae13a117aa5a5 +msgid "" +"This page explains how administrative users work, how MFA applies to " +"administrators, how administrative actions are logged, and how to " +"reconstruct administrator activity for troubleshooting and audit purposes." +msgstr "" +"Questa pagina spiega come funzionano gli utenti amministrativi, come l'MFA " +"si applica agli amministratori, come vengono registrate le azioni " +"amministrative e come ricostruire l'attività degli amministratori per scopi " +"di troubleshooting e audit." + +#: ../../administrative_users.rst:12 d1babf12ba2c4727931ea9d245794bbf +msgid "Administrative account types" +msgstr "Tipi di account amministrativi" + +#: ../../administrative_users.rst:14 600c2bc22b6e4ec1a9521394f61b94bc +msgid "NethSecurity uses the following administrative account types:" +msgstr "NethSecurity utilizza i seguenti tipi di account amministrativi:" + +#: ../../administrative_users.rst:16 8e5747b37f294aebb3960eb87630e81d +msgid "" +"``root``: local system account. It should be reserved for emergency or " +"recovery operations whenever possible." +msgstr "" +"``root``: account di sistema locale. Dovrebbe essere riservato, ove " +"possibile, alle operazioni di emergenza o di ripristino." + +#: ../../administrative_users.rst:17 c1d4862b0af0400ba0348dac89b46dc0 +msgid "" +"Administrative users: local users with the **Administrator user** option " +"enabled. They can access the NethSecurity UI and perform administrative " +"operations." +msgstr "" +"Utenti amministrativi: utenti locali con l'opzione **Utente amministratore**" +" abilitata. Possono accedere all'interfaccia utente di NethSecurity ed " +"eseguire operazioni amministrative." + +#: ../../administrative_users.rst:18 5b8a4f24d60348eeb0dfe84f726467ae +msgid "" +"Non-administrative users: local or remote users used for services such as " +"VPN or authentication, without access to the NethSecurity UI." +msgstr "" +"Utenti non amministrativi: utenti locali o remoti utilizzati per servizi " +"come VPN o autenticazione, senza accesso all'interfaccia utente di " +"NethSecurity." + +#: ../../administrative_users.rst:22 e69403b2c07d41ba899bc8121357b21f +msgid "Administrative access should be granted only to trusted operators." +msgstr "" +"L'accesso amministrativo dovrebbe essere concesso solo a operatori " +"affidabili." + +#: ../../administrative_users.rst:25 62693977245f4e64949867a0fb8a9ee8 +msgid "Creating administrative users" +msgstr "Creazione di utenti amministrativi" + +#: ../../administrative_users.rst:27 70844a26dfa84ebf9039c4abf6c2ee0e +msgid "Administrative users are created from the local users database." +msgstr "Gli utenti amministrativi vengono creati dal database utenti locale." + +#: ../../administrative_users.rst:29 d73a1bd35a2448b7ad0899f1a46a9473 +msgid "To create an administrative user:" +msgstr "Per creare un utente amministrativo:" + +#: ../../administrative_users.rst:31 60900b7adb374dd4936d8b2445a2d5b3 +msgid "Create a local user." +msgstr "Creare un utente locale." + +#: ../../administrative_users.rst:32 b6da1e565ee1497fa6621a5e46667e0c +msgid "Set a password for the user." +msgstr "Impostare una password per l'utente." + +#: ../../administrative_users.rst:33 7fe4a6a9bd0341e28a8c8cefe4446204 +msgid "Enable the **Administrator user** option." +msgstr "Abilitare l'opzione **Utente amministratore**." + +#: ../../administrative_users.rst:34 9d698aa5cb51455a84e57f1787ac6c59 +msgid "Save the configuration." +msgstr "Salvare la configurazione." + +#: ../../administrative_users.rst:36 a3e757365c9a439fb1335b8ea5dc187b +msgid "" +"For general information about local and remote user databases, see " +":ref:`users_databases-section`." +msgstr "" +"Per informazioni generali sui database utenti locali e remoti, consultare " +":ref:`users_databases-section`." + +#: ../../administrative_users.rst:41 8a34a72f283f44eda926d2ef1fcf7ca4 +msgid "NethSecurity UI 2FA" +msgstr "Interfaccia utente NethSecurity 2FA" + +#: ../../administrative_users.rst:43 56c3608defef4d7a874fcbcbb9176840 +msgid "" +"Protecting your NethSecurity administrator account is crucial, and Two-" +"Factor Authentication (2FA) adds an extra layer of security beyond just a " +"password. 2FA requires two verification steps when logging in. Instead of " +"just a password, you'll also need a temporary code generated by a separate " +"app on your smartphone or tablet. This significantly reduces the risk of " +"unauthorized access even if your password is compromised." +msgstr "" +"Proteggere l'account amministratore di NethSecurity è fondamentale, e " +"l'Autenticazione a Due Fattori (2FA) aggiunge un ulteriore livello di " +"sicurezza oltre alla sola password. La 2FA richiede due passaggi di verifica" +" durante l'accesso. Oltre alla password, sarà necessario inserire anche un " +"codice temporaneo generato da un'app separata sul proprio smartphone o " +"tablet. Questo riduce significativamente il rischio di accessi non " +"autorizzati anche nel caso in cui la password venga compromessa." + +#: ../../administrative_users.rst:47 53c9a6095d854d369c1168d3408430b0 +msgid "Enabling 2FA on NethSecurity UI:" +msgstr "" +"Abilitazione dell'autenticazione a due fattori (2FA) nell'interfaccia utente" +" di NethSecurity:" + +#: ../../administrative_users.rst:49 9912061063e24d89bdcce134d042cc55 +msgid "Log in to your NethSecurity web interface" +msgstr "Accedere all'interfaccia web di NethSecurity" + +#: ../../administrative_users.rst:50 bcf1e12e0af44b638a15e3b6bc5d0ab2 +msgid "" +"Click on the user icon in the top right corner and select ``Account " +"settings``" +msgstr "" +"Fare clic sull'icona utente nell'angolo in alto a destra e selezionare " +"``Impostazioni account``" + +#: ../../administrative_users.rst:51 d16628e63545480482c160a9492d6eab +msgid "" +"Find the Two-factor authentication option and click :guilabel:`Configure " +"2FA`" +msgstr "" +"Individuare l'opzione Autenticazione a due fattori e fare clic su " +":guilabel:`Configura 2FA`" + +#: ../../administrative_users.rst:53 a6d043159b6746ca9df52df1837bbb6f +msgid "Setting up your authenticator app:" +msgstr "Configurazione dell'app di autenticazione:" + +#: ../../administrative_users.rst:55 ff2551d395664702b123925f52ff0f29 +msgid "" +"Download an authenticator app on your smartphone or tablet. Popular options " +"include FreeOTP, Google Authenticator, and Microsoft Authenticator." +msgstr "" +"Scaricare un'app di autenticazione sul proprio smartphone o tablet. Opzioni " +"popolari includono FreeOTP, Google Authenticator e Microsoft Authenticator." + +#: ../../administrative_users.rst:56 54ce810d9ebf4fd9a3af0321899784b5 +msgid "" +"Open the app and scan the QR code displayed on the NethSecurity web " +"interface. This will add your NethSecurity account to the authenticator app." +msgstr "" +"Aprire l'app e scansionare il codice QR visualizzato sull'interfaccia web di" +" NethSecurity. Questo aggiungerà l'account NethSecurity all'app di " +"autenticazione." + +#: ../../administrative_users.rst:57 d5090e5c921941cabc37951bca250fd5 +msgid "" +"Enter the 6-digit code displayed by your authenticator app in the One-Time " +"Password (OTP) field on the NethSecurity web interface." +msgstr "" +"Inserire il codice a 6 cifre visualizzato dall'app di autenticazione nel " +"campo One-Time Password (OTP) dell'interfaccia web di NethSecurity." + +#: ../../administrative_users.rst:59 ea1eb556f42f409d9d5a7fe9be64ce10 +msgid "" +"The system will also provide you with a set of backup codes. These codes can" +" be used to log in if you lose your smartphone or authenticator app. Store " +"these codes securely, preferably offline." +msgstr "" +"Il sistema fornirà anche un set di codici di backup. Questi codici possono " +"essere utilizzati per accedere nel caso in cui si perda lo smartphone o " +"l'app di autenticazione. Conservare questi codici in modo sicuro, " +"preferibilmente offline." + +#: ../../administrative_users.rst:63 26cc2dcfb0864e66960f792e6ade8960 +msgid "Disable 2FA via the web interface" +msgstr "" +"Disabilitare l'autenticazione a due fattori (2FA) tramite l'interfaccia web" + +#: ../../administrative_users.rst:65 eb82e825cd97438daada2ef13dc70c9b +msgid "If the administrator can still log in to the web interface:" +msgstr "Se l'amministratore può ancora accedere all'interfaccia web:" + +#: ../../administrative_users.rst:67 eed9b4e7d5c044b4bfa638b5b03952eb +msgid "" +"Click the user icon in the top-right corner and select ``Account settings``." +msgstr "" +"Fare clic sull'icona utente nell'angolo in alto a destra e selezionare " +"``Impostazioni account``." + +#: ../../administrative_users.rst:68 f02b182adab644bf8e5d2f7cf5f67da9 +msgid "Scroll to the ``Two-factor authentication`` section." +msgstr "Scorrere fino alla sezione ``Autenticazione a due fattori``." + +#: ../../administrative_users.rst:69 c88bf454aea343359c634296d1c7531e +msgid "Click ``Revoke 2FA``." +msgstr "Fare clic su ``Revoca 2FA``." + +#: ../../administrative_users.rst:70 1dbfc49ae47940ceb065b5cc59d7e42d +msgid "" +"A confirmation dialog appears warning that the security level will be " +"reduced. Click ``Revoke 2FA`` to confirm." +msgstr "" +"Viene visualizzata una finestra di conferma che avverte che il livello di " +"sicurezza sarà ridotto. Fare clic su ``Revoca 2FA`` per confermare." + +#: ../../administrative_users.rst:72 100471f2f54b4d2890055c32f5dae87f +msgid "If prompted, enter your current password to authorize the change." +msgstr "" +"Se richiesto, inserire la password attuale per autorizzare la modifica." + +#: ../../administrative_users.rst:74 871b9a5759bb427a871cb71b841ccb5f +msgid "" +"After the confirmation the status badge changes to disabled and the next " +"login will no longer require an OTP." +msgstr "" +"Dopo la conferma, il badge di stato cambia in disabilitato e al prossimo " +"accesso non sarà più richiesto un OTP." + +#: ../../administrative_users.rst:78 a1f65ca475984dbfb9a87151d9550cee +msgid "Disable 2FA from the command line (emergency recovery)" +msgstr "" +"Disabilitare l'autenticazione a due fattori (2FA) dalla riga di comando " +"(recupero d'emergenza)" + +#: ../../administrative_users.rst:80 e2b2a4a771a24605bee2650883c3bbb3 +msgid "" +"If an administrator has lost both the OTP device and the recovery codes and " +"can no longer log in to the web interface, 2FA can be reset directly from " +"the shell as ``root`` over SSH." +msgstr "" +"Se un amministratore ha perso sia il dispositivo OTP che i codici di " +"recupero e non può più accedere all'interfaccia web, l'autenticazione a due " +"fattori (2FA) può essere reimpostata direttamente dalla shell come ``root`` " +"tramite SSH." + +#: ../../administrative_users.rst:84 f344c1a6a91547a9868e1c6907ce0e51 +msgid "" +"Run the following commands, replacing `` with the administrator " +"account name (use ``root`` for the default administrator): ::" +msgstr "" +"Eseguire i seguenti comandi, sostituendo `` con il nome " +"dell'account amministratore (utilizzare ``root`` per l'amministratore " +"predefinito): ::" + +#: ../../administrative_users.rst:94 398819e47c4b478485932c54a10d6993 +msgid "" +"After these commands the user can log in with just their password. 2FA can " +"be re-enabled at any time from the web interface." +msgstr "" +"Dopo questi comandi, l'utente può accedere solo con la propria password. " +"L'autenticazione a due fattori (2FA) può essere riattivata in qualsiasi " +"momento dall'interfaccia web." + +#: ../../administrative_users.rst:99 799acffd9a954ab2837730fc13b785e0 +msgid "" +"Only the ``root`` account has SSH access by default. Non-root " +"administrators cannot be recovered from SSH by the affected user themselves;" +" an existing ``root`` session is required to run the commands above on their" +" behalf." +msgstr "" +"Solo l'account ``root`` ha accesso SSH per impostazione predefinita. Gli " +"amministratori non-root non possono essere recuperati tramite SSH " +"dall'utente interessato stesso; è necessaria una sessione ``root`` esistente" +" per eseguire i comandi sopra indicati per loro conto." + +#: ../../administrative_users.rst:105 c88afd4387d242dd972438d618fee99a +msgid "Root and emergency access" +msgstr "Accesso root e di emergenza" + +#: ../../administrative_users.rst:107 4d96f77e0fe847b79dc33d6df7f9681e +msgid "" +"The ``root`` account is the main local system account, it should be treated " +"as an emergency or recovery account and should not be used for ordinary " +"administrative activity when personal administrative users are available. " +"Use personal administrative accounts for daily operations, so that actions " +"can be attributed to individual users in the logs." +msgstr "" +"L'account ``root`` è l'account principale del sistema locale; dovrebbe " +"essere utilizzato solo come account di emergenza o per il recupero e non " +"dovrebbe essere impiegato per le normali attività amministrative quando sono" +" disponibili utenti amministrativi personali. Utilizzare account " +"amministrativi personali per le operazioni quotidiane, in modo che le azioni" +" possano essere attribuite ai singoli utenti nei log." + +#: ../../administrative_users.rst:111 9f5e806a27da452585637d4299b1bfd1 +msgid "Administrative activity logging" +msgstr "Registrazione delle attività amministrative" + +#: ../../administrative_users.rst:113 404daca42cc745ba82e5b15ad46233e0 +msgid "" +"NethSecurity logs administrative activity performed through the web " +"interface in ``/var/log/messages``. Administrative logs can support " +"troubleshooting, incident analysis, and audit reconstruction." +msgstr "" +"NethSecurity registra l'attività amministrativa eseguita tramite " +"l'interfaccia web in ``/var/log/messages``. I log amministrativi possono " +"supportare la risoluzione dei problemi, l'analisi degli incidenti e la " +"ricostruzione degli audit." + +#: ../../administrative_users.rst:117 d859d4d652ad42a79bfd4523fe560e36 +msgid "Where to find administrative logs" +msgstr "Dove trovare i log amministrativi" + +#: ../../administrative_users.rst:119 d0b9a8999dd94b5db755265394082783 +msgid "" +"Logs are written in ``/var/log/messages`` and rotated on a weekly base, they" +" are visible from the UI in their dedicated section. To see administrative " +"UI events use the filter ``nethsecurity-api``." +msgstr "" +"I log vengono scritti in ``/var/log/messages`` e ruotati su base " +"settimanale; sono visibili dall'interfaccia utente nella sezione dedicata. " +"Per visualizzare gli eventi dell'interfaccia amministrativa, utilizzare il " +"filtro ``nethsecurity-api``." + +#: ../../administrative_users.rst:122 b44bc3a377694a479e3ed7155c0e20a1 +msgid "" +"For long-term retention and centralized audit, configure persistent log " +"storage, remote syslog forwarding, Controller log forwarding, or Cloud Log " +"Manager. For details, see :ref:`logs-section`." +msgstr "" +"Per la conservazione a lungo termine e l'audit centralizzato, configurare " +"l'archiviazione persistente dei log, l'inoltro remoto tramite syslog, " +"l'inoltro dei log del Controller o Cloud Log Manager. Per dettagli, vedere " +":ref:`logs-section`." + +#: ../../administrative_users.rst:125 6fedcb1478854513890fc805a71e2382 +msgid "Reconstructing administrator actions" +msgstr "Ricostruzione delle azioni dell'amministratore" + +#: ../../administrative_users.rst:127 344e9513940141cd952bff2ecd8eca3a +msgid "" +"To reconstruct administrator activity, start from the login event and then " +"review the following UI/API authorization and commit events for the same " +"user, the logs allow to answer questions such as:" +msgstr "" +"Per ricostruire l'attività dell'amministratore, iniziare dall'evento di " +"accesso e poi esaminare i successivi eventi di autorizzazione e commit " +"tramite UI/API per lo stesso utente; i log permettono di rispondere a " +"domande come:" + +#: ../../administrative_users.rst:129 5a013e4cfa15471e92364cc2bd4c1f37 +msgid "who logged in;" +msgstr "chi ha effettuato l'accesso;" + +#: ../../administrative_users.rst:130 d6ceec820f0247a388dd28f92d95b07a +msgid "when the administrator accessed the firewall;" +msgstr "quando l'amministratore ha effettuato l'accesso al firewall;" + +#: ../../administrative_users.rst:131 e1aa42490a934e79acddc0343a4b3ebb +msgid "which UI pages or API functions were used;" +msgstr "" +"quali pagine dell'interfaccia utente o funzioni API sono state utilizzate;" + +#: ../../administrative_users.rst:132 f9159fe8361348d8b828b73d24865829 +msgid "which configuration areas were changed;" +msgstr "quali aree di configurazione sono state modificate;" + +#: ../../administrative_users.rst:133 fa2e4fe6d8024d3385706273fe1c222b +msgid "which values were submitted;" +msgstr "quali valori sono stati inviati;" + +#: ../../administrative_users.rst:134 793f8a0920a04ac9a3cafe2c1967d9c1 +msgid "whether a change was committed;" +msgstr "se una modifica è stata confermata;" + +#: ../../administrative_users.rst:135 d51241993d894c29a8b963671dca4896 +msgid "whether the action was followed by service errors or security events." +msgstr "" +"se l'azione è stata seguita da errori di servizio o eventi di sicurezza." + +#: ../../administrative_users.rst:137 6431fc98c4044403af2b4e3d4191c458 +msgid "" +"Every time an administrator logs in to the NethSecurity UI, the system logs " +"the event, inside the `/var/log/messages` file. Example of login event for " +"user `goofy`: ::" +msgstr "" +"Ogni volta che un amministratore accede all'interfaccia utente di " +"NethSecurity, il sistema registra l'evento all'interno del file " +"`/var/log/messages`. Esempio di evento di accesso per l'utente `goofy`: ::" + +#: ../../administrative_users.rst:143 f3e9e677581045f3a2c08f3304cb389e +msgid "Example of logout event for user `goofy`: ::" +msgstr "Esempio di evento di logout per l'utente `goofy`: ::" + +#: ../../administrative_users.rst:148 c5f88b5eb9604b6182806b877cb22af1 +msgid "" +"Also every action performed by an administrator inside the NethSecurity UI " +"is logged inside the `/var/log/messages` file. Example of action performed " +"by user `goofy`: ::" +msgstr "" +"Inoltre, ogni azione eseguita da un amministratore all'interno " +"dell'interfaccia NethSecurity viene registrata nel file `/var/log/messages`." +" Esempio di azione eseguita dall'utente `goofy`: ::" + +#: ../../administrative_users.rst:154 37b5a414bc844216b2125d5cc8ba8cb6 +msgid "Audit and compliance recommendations" +msgstr "Raccomandazioni per audit e conformità" + +#: ../../administrative_users.rst:156 3908dbac771c44c3a5fe2287a885b8c7 +msgid "For audit-oriented deployments:" +msgstr "Per le distribuzioni orientate all'audit:" + +#: ../../administrative_users.rst:158 5a55b938dd724ec4a4e9d0710be7fd91 +msgid "create a personal administrative account for each operator;" +msgstr "creare un account amministrativo personale per ciascun operatore;" + +#: ../../administrative_users.rst:159 42ce16d207da4f50ac730ff79af209e5 +msgid "avoid shared administrative accounts;" +msgstr "evitare account amministrativi condivisi;" + +#: ../../administrative_users.rst:160 fadaf11c79fe4d1080ec30c5309ae553 +msgid "enable MFA for all administrative users;" +msgstr "abilitare l'MFA per tutti gli utenti amministrativi;" + +#: ../../administrative_users.rst:161 ea184b9a44f04b17b2919d016d397f16 +msgid "" +"reserve ``root`` for emergency or recovery operations whenever possible;" +msgstr "" +"riservare ``root`` per operazioni di emergenza o di ripristino, ove " +"possibile;" + +#: ../../administrative_users.rst:162 4502dd3191614ca5918baffbfaf923dc +msgid "use strong passwords and protect recovery codes;" +msgstr "utilizzare password robuste e proteggere i codici di recupero;" + +#: ../../administrative_users.rst:163 25d7d4a0a5694c398ed7ed8be279549a +msgid "configure persistent log storage or remote log forwarding;" +msgstr "" +"configurare l'archiviazione persistente dei log o l'inoltro remoto dei log;" + +#: ../../administrative_users.rst:164 61ca08fbde2249e6aff4d46358a20a0a +msgid "" +"forward logs to a remote syslog server, SIEM, Controller, or Cloud Log " +"Manager;" +msgstr "" +"inoltrare i log a un server syslog remoto, SIEM, Controller o Cloud Log " +"Manager;" + +#: ../../administrative_users.rst:165 1a5c79507b1b4e809ad1ea67419e3a05 +msgid "verify that log forwarding is working correctly;" +msgstr "verificare che l'inoltro dei log funzioni correttamente;" + +#: ../../administrative_users.rst:166 ee65d5808d4c4844a0c2f191f2be87e8 +msgid "" +"ensure that date, time, and timezone are correct, preferably using NTP;" +msgstr "" +"assicurarsi che data, ora e fuso orario siano corretti, preferibilmente " +"utilizzando NTP;" + +#: ../../administrative_users.rst:167 6bdbbe98d605407a8ebe3f38d64eac54 +msgid "define log retention according to the organization security policy;" +msgstr "" +"definire la conservazione dei log secondo la policy di sicurezza " +"dell'organizzazione;" + +#: ../../administrative_users.rst:168 0d5ecffbe3314f7597586b405190351a +msgid "protect remote logs from unauthorized access or deletion;" +msgstr "" +"proteggere i log remoti da accessi non autorizzati o dalla cancellazione;" + +#: ../../administrative_users.rst:169 cebb7274d461451f80ba34a5e4aba76f +msgid "" +"periodically review administrative access and configuration change logs." +msgstr "" +"esaminare periodicamente i log di accesso amministrativo e delle modifiche " +"alla configurazione." + +#: ../../administrative_users.rst:171 0f63fd9bb20b465cb7962fa3966d2ee4 +msgid "" +"NethSecurity logs can support audit reconstruction and incident analysis. " +"Organizational processes such as change approval, periodic review, incident " +"classification, and evidence preservation remain the responsibility of the " +"organization operating the firewall." +msgstr "" +"I log di NethSecurity possono supportare la ricostruzione degli audit e " +"l'analisi degli incidenti. I processi organizzativi come l'approvazione " +"delle modifiche, la revisione periodica, la classificazione degli incidenti " +"e la conservazione delle evidenze rimangono di responsabilità " +"dell'organizzazione che gestisce il firewall." + +#: ../../administrative_users.rst:175 c6d2085e5e464081a6e581343ae3ae68 +msgid "Current limitations" +msgstr "Limitazioni attuali" + +#: ../../administrative_users.rst:177 95accbe9fdd847ffbdfa6b354eeb09c7 +msgid "" +"Administrative activity logs are technical logs intended to support " +"troubleshooting and audit reconstruction." +msgstr "" +"I log delle attività amministrative sono log tecnici destinati a supportare " +"la risoluzione dei problemi e la ricostruzione degli audit." + +#: ../../administrative_users.rst:179 4ab3b5b2d89d45ef8b56db8fd35d4805 +msgid "Administrators should be aware of the following limitations:" +msgstr "" +"Gli amministratori devono essere a conoscenza delle seguenti limitazioni:" + +#: ../../administrative_users.rst:181 289962dcb41d4abd8134e5f82614586e +msgid "" +"NethSecurity does not currently provide a full local RBAC model for web " +"administrators;" +msgstr "" +"NethSecurity attualmente non fornisce un modello RBAC locale completo per " +"gli amministratori web;" + +#: ../../administrative_users.rst:182 2b944ae06c844f0bb6d83447920235a1 +msgid "" +"a dedicated local read-only administrator role is not currently available;" +msgstr "" +"un ruolo amministratore locale dedicato in sola lettura non è attualmente " +"disponibile;" + +#: ../../administrative_users.rst:183 3af188904bc24542a220a88896a9fbce +msgid "" +"administrative users should therefore be assigned only to trusted operators;" +msgstr "" +"gli utenti amministrativi dovrebbero quindi essere assegnati solo a " +"operatori affidabili;" + +#: ../../administrative_users.rst:184 9c3a9a6cc1654d10b00ffbdbdf315bf4 +msgid "" +"some log entries may require correlation with configuration commit logs or " +"related service logs;" +msgstr "" +"alcune voci di log potrebbero richiedere una correlazione con i log di " +"commit della configurazione o con i log dei servizi correlati;" + +#: ../../administrative_users.rst:185 19a1f2642fb64e0b8c3f96be0ec90dca +msgid "" +"an authorization event means that the API request was allowed, but related " +"logs should be checked to confirm the final effect of the operation;" +msgstr "" +"un evento di autorizzazione significa che la richiesta API è stata " +"consentita, ma è necessario controllare i log correlati per confermare " +"l'effetto finale dell'operazione;" + +#: ../../administrative_users.rst:186 a784942072c0499cbe10cd5c842fe233 +msgid "not every log entry necessarily contains the same fields;" +msgstr "non tutte le voci di log necessariamente contengono gli stessi campi;" + +#: ../../administrative_users.rst:187 2007c67ad7074771935ff13aed2e462b +msgid "" +"local in-memory logs may be lost after reboot or rotation unless persistent " +"storage or remote forwarding is configured." +msgstr "" +"i log locali in memoria potrebbero andare persi dopo un riavvio o una " +"rotazione, a meno che non sia configurato uno storage persistente o " +"l'inoltro remoto." + +#: ../../administrative_users.rst:189 d99e8fa8e2714f16b1bb1ba5f94e164f +msgid "" +"For long-term audit requirements, use remote log forwarding or Cloud Log " +"Manager in addition to local logs." +msgstr "" +"Per requisiti di audit a lungo termine, utilizzare l'inoltro remoto dei log " +"o Cloud Log Manager oltre ai log locali." diff --git a/locale/it/LC_MESSAGES/ddns.po b/locale/it/LC_MESSAGES/ddns.po index ea62f1a0..802967af 100644 --- a/locale/it/LC_MESSAGES/ddns.po +++ b/locale/it/LC_MESSAGES/ddns.po @@ -2,11 +2,11 @@ msgid "" msgstr "" -#: ../../ddns.rst:4 9c59760130744e7d88aa23d26e43685c +#: ../../ddns.rst:4 8cd0bb248e98452497bd699fdadf207f msgid "Dynamic DNS" msgstr "DNS dinamico" -#: ../../ddns.rst:6 64999e35046b40419ed586d4b2f171fa +#: ../../ddns.rst:6 5b80a6f9aeb440c0acf15df50277c583 msgid "" "Dynamic DNS (DDNS) automatically updates your domain name's DNS record with " "your current IP address, even if it changes dynamically. This allows you to " @@ -19,95 +19,95 @@ msgstr "" " un nome di dominio costante invece di dover ricordare un indirizzo IP che " "potrebbe cambiare." -#: ../../ddns.rst:10 43aaade328824443b583fcb675cd412d +#: ../../ddns.rst:10 ac180e3d82254d50ac32a0ee6a890fea msgid "Supported Providers" msgstr "Provider supportati" -#: ../../ddns.rst:12 b32395a257b54ef0877ca3dd616eb627 +#: ../../ddns.rst:12 7b737515d4c04797a9335eb4aba0063d msgid "NethSecurity supports the following DDNS providers:" msgstr "NethSecurity supporta i seguenti provider DDNS:" -#: ../../ddns.rst:14 149a612b279f4d81813b6b5ce6ff94e6 +#: ../../ddns.rst:14 08e76427a3a84791ac5c51bad724dd63 msgid "`Cloudflare `_" msgstr "`Cloudflare `_" -#: ../../ddns.rst:15 7526d7e249fd4369902b575bee0731d3 +#: ../../ddns.rst:15 ca5602acb46c4f17a84211b7b28186fd msgid "`DigitalOcean `_" msgstr "`DigitalOcean `_" -#: ../../ddns.rst:16 6d8a3ac137d24db18e6763e226e75766 +#: ../../ddns.rst:16 af5997b765674d39bc615491815408e3 msgid "`DNSpod `_" msgstr "`DNSpod `_" -#: ../../ddns.rst:17 32a63452687049e29ac6ef846999de19 +#: ../../ddns.rst:17 346e3ae1e84048bbbc6bfc9e6e270a15 msgid "`Freedns `_" msgstr "`Freedns `_" -#: ../../ddns.rst:18 1727f5a059cb4d19ac9ea0793897b965 +#: ../../ddns.rst:18 7fbfbe7e628441c5bffa2356f9aaac7f msgid "`Gandi `_" msgstr "`Gandi `_" -#: ../../ddns.rst:19 10e45bd58fc3468d98935e11de574ef2 +#: ../../ddns.rst:19 352699e5a6d0469f9752752eaeb968f4 msgid "`GCP (Google Cloud Platform) `_" msgstr "`GCP (Google Cloud Platform) `_" -#: ../../ddns.rst:20 b1c1710575ad4fc4a93e79d3221da8f7 +#: ../../ddns.rst:20 d0193b92b12f41a2be1eac699e1bdde3 msgid "`GoDaddy `_" msgstr "`GoDaddy `_" -#: ../../ddns.rst:21 749ecf90857d494da15e7e9bff12c727 +#: ../../ddns.rst:21 c7a07eb853224841965bfdc136173b3e msgid "`Luadns `_" msgstr "`Luadns `_" -#: ../../ddns.rst:22 12e8f4cc82c8448f8dcad57fcdce4623 +#: ../../ddns.rst:22 2774b3e29d084fd6917c137e2906c541 msgid "`No-IP `_" msgstr "`No-IP `_" -#: ../../ddns.rst:23 42014b536b7d4ab39342e29d5520640e +#: ../../ddns.rst:23 42fff4ff01b84bf39fd9cc81598065c0 msgid "`NS1 `_" msgstr "`NS1 `_" -#: ../../ddns.rst:24 f9e530fc634641aea35f18dbfa53a59d +#: ../../ddns.rst:24 3a6a7cd6a5c0400480f08482f1fbbc5d msgid "`One.com `_" msgstr "`One.com `_" -#: ../../ddns.rst:25 027b928072494a128465d811c270e4c5 +#: ../../ddns.rst:25 af464688bf2644fe9350c9c7b79399bf msgid "`Pdns `_" msgstr "`Pdns `_" -#: ../../ddns.rst:26 3f989b22322b4d0e94be6840009ca500 +#: ../../ddns.rst:26 20be4a578c984806b8849a637607cb5e msgid "`Route53 `_" msgstr "`Route53 `_" -#: ../../ddns.rst:27 9b287a938dec43b8ba5873e385e5653e +#: ../../ddns.rst:27 616713ed422a43a897082abd06596ba4 msgid "`TransIP `_" msgstr "`TransIP `_" -#: ../../ddns.rst:29 430d4057e37349999ef813726be41842 +#: ../../ddns.rst:29 2397258212324581b9c4cb542c38e477 msgid "Prerequisites:" msgstr "Prerequisiti:" -#: ../../ddns.rst:31 5576ed54541441d1aebb9d36efb4f886 +#: ../../ddns.rst:31 73409b3e221f47148992037132697837 msgid "A NethSecurity firewall with internet access." msgstr "Un firewall NethSecurity con accesso a Internet." -#: ../../ddns.rst:32 83f4fc6a80244a78853cbd5cc164ffa9 +#: ../../ddns.rst:32 96847c6c278a4744ade9b3b8c20cd790 msgid "An account with your chosen DDNS provider." msgstr "Un account presso il provider DDNS scelto." -#: ../../ddns.rst:33 427013b73f014f85abc733191c25861f +#: ../../ddns.rst:33 7bed5b6a941b4569a49ea19704dbc52d msgid "A registered domain name with your DDNS provider." msgstr "Un nome di dominio registrato presso il proprio provider DDNS." -#: ../../ddns.rst:36 54b2eef921664508abd44d88a9fe123c +#: ../../ddns.rst:36 20227d6b43a14d96b8d68911c80bd2d8 msgid "General configuration steps" msgstr "Passaggi generali di configurazione" -#: ../../ddns.rst:38 ffa08b7af8d94dd19da40c96c294c8fe +#: ../../ddns.rst:38 94cb104f73df4aeaa81d9dac357f7622 msgid "Open a terminal window on your firewall." msgstr "Aprire una finestra del terminale sul firewall." -#: ../../ddns.rst:39 e52233496b0642b4ae87cc7fd9c4f6df +#: ../../ddns.rst:39 9afd5faaf0e94e99b4cf00dd3616e09b msgid "" "Select your chosen DDNS provider from the list of supported providers. To " "obtain the list of supported providers, run the following command: ::" @@ -116,7 +116,7 @@ msgstr "" " Per ottenere l'elenco dei provider supportati, eseguire il seguente " "comando: ::" -#: ../../ddns.rst:44 5c9d8bbb95ba41a592f032d466307ebb +#: ../../ddns.rst:44 ce24c45a51aa40fa9bd4fceea2a11104 msgid "" "Enter your DDNS configuration details, including your provider credentials " "in the designated fields. These may include:" @@ -124,7 +124,7 @@ msgstr "" "Inserire i dettagli di configurazione DDNS, inclusi le credenziali del " "provider nei campi designati. Questi possono includere:" -#: ../../ddns.rst:46 329efabf01d14d27b58783d943a13fea +#: ../../ddns.rst:46 dc6f0edc34cc4a1bb52c5d5e01e37386 msgid "" "The DDNS provider's service name, from the above list: use the " "``service_name`` field." @@ -132,15 +132,15 @@ msgstr "" "Il nome del servizio del provider DDNS, dall'elenco sopra: utilizzare il " "campo ``service_name``." -#: ../../ddns.rst:47 18ad7099a8eb42d0b16d5794de906cc3 +#: ../../ddns.rst:47 d01649a7654947e78e3e19911d177481 msgid "Username or client ID: use the ``username`` field." msgstr "Nome utente o ID client: utilizzare il campo ``username``." -#: ../../ddns.rst:48 d82a9ed7994248b6ae1d949a2e605a78 +#: ../../ddns.rst:48 8a3c3e31c096458783d96acf93080f90 msgid "Password or API key: use the ``password`` field." msgstr "Password o chiave API: utilizzare il campo ``password``." -#: ../../ddns.rst:49 c4b1192108dd4d279bd574038087a4a6 +#: ../../ddns.rst:49 6a32f9bba9af4731b08a72c9bcfca680 msgid "" "Domain name to be associated with your dynamic IP address: use the " "``domain`` field, you can also use the ``lookup_host`` field." @@ -148,7 +148,7 @@ msgstr "" "Nome di dominio da associare al proprio indirizzo IP dinamico: utilizzare il" " campo ``domain``, è anche possibile utilizzare il campo ``lookup_host``." -#: ../../ddns.rst:50 aaf595b67501487ead3467b22fc2b8a8 +#: ../../ddns.rst:50 aa7750b4afe24a4daef603a74740fdd2 msgid "" "Interface to monitor for IP address changes (e.g., \"wan\"): use the " "``interface`` field." @@ -156,7 +156,7 @@ msgstr "" "Interfaccia da monitorare per le modifiche dell'indirizzo IP (ad esempio, " "\"wan\"): utilizzare il campo ``interface``." -#: ../../ddns.rst:52 d4ea82c9315341edb7b9d0730218c188 +#: ../../ddns.rst:52 74ade966d24347e690d611e0fc61dfcd msgid "" "While the general steps remain consistent, specific configuration details " "may vary slightly depending on your chosen provider. It's recommended to " @@ -168,7 +168,7 @@ msgstr "" " consiglia di consultare la documentazione del provider per istruzioni " "dettagliate e per eventuali impostazioni aggiuntive richieste." -#: ../../ddns.rst:55 c631bc39ba734c2c84ee25f4245775a8 +#: ../../ddns.rst:55 8c78d867ce7e4ae8bffbff6bb15f9d1c msgid "" "Due to the variety of supported providers, including their unique interfaces" " and authentication methods, it's not possible to provide specific " @@ -178,7 +178,7 @@ msgstr "" "uniche e i metodi di autenticazione specifici, non è possibile fornire in " "questa guida istruzioni di configurazione dettagliate per ciascun provider." -#: ../../ddns.rst:58 93032312ddcd4d5f873c2d7bdeca322b +#: ../../ddns.rst:58 0ca9ff3a1ceb49d2aeb40023b6e875b6 msgid "" "If your provider is not listed, you may still be able to configure it using " "a :ref:`custom configuration `." @@ -186,25 +186,25 @@ msgstr "" "Se il proprio provider non è elencato, è comunque possibile configurarlo " "utilizzando una :ref:`configurazione personalizzata `." -#: ../../ddns.rst:61 d25cc3a6eaea405cb94d9902a2bc108d +#: ../../ddns.rst:61 1fb452f1e1e4404d825d833dbfd1742e msgid "Using the UCI command line" msgstr "Utilizzo della riga di comando UCI" -#: ../../ddns.rst:63 9aaa1e6385ea48a39e5afe50d1ff3753 +#: ../../ddns.rst:63 d3af85f924a14ed280bb428982590ded msgid "Use uci commands to set and commit configuration options: ::" msgstr "" "Utilizzare i comandi uci per impostare e confermare le opzioni di " "configurazione: ::" -#: ../../ddns.rst:73 9e0fe3fc20f444e8b7bc18af3eb48041 +#: ../../ddns.rst:73 ca48119644a54965b8d12b06e8963894 msgid "Remember to replace placeholders with your values." msgstr "Ricordarsi di sostituire i segnaposto con i propri valori." -#: ../../ddns.rst:75 418ca574cfdc42429cfe3711690c1d35 +#: ../../ddns.rst:75 0eacea259695491da28f0eae84e6569d msgid "Then, restart the DDNS service: ::" msgstr "Quindi, riavviare il servizio DDNS: ::" -#: ../../ddns.rst:79 f2a4d7d3dee14090bb7671c285722de5 +#: ../../ddns.rst:79 6e57fe8dddd64a579256552f72dd3092 msgid "" "See the `UCI documentation `_ for a full list of supported settings." @@ -212,11 +212,11 @@ msgstr "" "Consultare la `documentazione UCI `_ per un elenco completo delle impostazioni supportate." -#: ../../ddns.rst:81 b41a94b2c35e4cf78a76ed62a515e306 +#: ../../ddns.rst:81 38a127fe772f43e98e2c849c1adac577 msgid "Additional notes:" msgstr "Note aggiuntive:" -#: ../../ddns.rst:83 ce2b909e01ab4dd8b400173a75bcdb55 +#: ../../ddns.rst:83 3c84cfdac4b34b3ab4f11b8529d3a976 msgid "" "Ensure your chosen DDNS provider plan supports API access and dynamic " "updates." @@ -224,14 +224,14 @@ msgstr "" "Assicurarsi che il piano del provider DDNS scelto supporti l'accesso API e " "gli aggiornamenti dinamici." -#: ../../ddns.rst:84 beab6f9bd3e84974b22492c6fa99e254 +#: ../../ddns.rst:84 166a061238e840da85c2f0a157944da8 msgid "" "Double-check all entered credentials for accuracy to avoid update failures." msgstr "" "Verificare attentamente tutte le credenziali inserite per garantirne " "l'accuratezza ed evitare errori durante l'aggiornamento." -#: ../../ddns.rst:85 245de9a33b4441579852fb779ba1297f +#: ../../ddns.rst:85 71ada67604b341d58f74a2c4b5f4d61f msgid "" "Consider enabling logging for the DDNS service to monitor updates and " "troubleshoot any issues." @@ -239,7 +239,7 @@ msgstr "" "Considerare l'abilitazione della registrazione (logging) per il servizio " "DDNS per monitorare gli aggiornamenti e risolvere eventuali problemi." -#: ../../ddns.rst:86 5577f17cd3c04c1c93ed386056bd5001 +#: ../../ddns.rst:86 75ed3e3279a545dc86f2b467b8d6c5ea msgid "" "Some providers may offer advanced features like wildcards and subdomain " "updates. Explore these options based on your specific needs." @@ -248,11 +248,11 @@ msgstr "" " e l'aggiornamento dei sottodomini. Esplorare queste opzioni in base alle " "proprie esigenze specifiche." -#: ../../ddns.rst:89 09f7599d850844999f63e72a06a6e957 +#: ../../ddns.rst:124 0990b17246044d27923b09f8d1f79848 msgid "Example: afraid.org (FreeDNS)" msgstr "Esempio: afraid.org (FreeDNS)" -#: ../../ddns.rst:91 85d668d72dd048b6914efe96bda698ec +#: ../../ddns.rst:126 cfad2dcd573c4cbcaf19c44ad6cc08a5 msgid "" "Configure a domain with FreeDNS (afraid.org) using the UCI command line. The" " domain is named \"sanchio.crabdance.com\" and the username and password are" @@ -262,11 +262,11 @@ msgstr "" "comando UCI. Il dominio si chiama \"sanchio.crabdance.com\" e il nome utente" " e la password sono \"myuser\" e \"mypass\", rispettivamente. ::" -#: ../../ddns.rst:115 33b3a5c14a3543d6ad13c9b6eb7a530e +#: ../../ddns.rst:150 f819b287a15d437ebfa2fc9e2bca039e msgid "Custom example: dyndns.it (DynDNS)" msgstr "Esempio personalizzato: dyndns.it (DynDNS)" -#: ../../ddns.rst:117 94048cfad8784b578c0a46df57954001 +#: ../../ddns.rst:152 4470d2d9d5834b16bfa4aae8624e6040 msgid "" "You can also configure some custom DDNS providers using the UCI command " "line. Configure a domain with DynDNS using the UCI command line. The domain " @@ -279,11 +279,11 @@ msgstr "" "\"nstest1.freeddns.it\" e il nome utente e la password sono rispettivamente " "\"nstest1\" e \"nstest\". ::" -#: ../../ddns.rst:139 e67845359b42403eb5eabb507d4f04de +#: ../../ddns.rst:188 fa13f34cdde74bfd9b41e3df2cd33d26 msgid "Using Luci" msgstr "Utilizzo di Luci" -#: ../../ddns.rst:141 62a28b3818bb407e9253bdffb21df12d +#: ../../ddns.rst:190 c0dfc9ca2180482b92fb6603a4fb0a5f msgid "" "The :ref:`Luci ` web interface offers a simplified way to " "configure DDNS on NethSecurity. Refer to the `official documentation " @@ -296,3 +296,79 @@ msgstr "" "`_ per istruzioni " "dettagliate sull'utilizzo di Luci per configurare DDNS." + +#: ../../ddns.rst:89 565e96908b6b4c27a2714534d52e4c47 +msgid "Example: DigitalOcean (DO)" +msgstr "Esempio: DigitalOcean (DO)" + +#: ../../ddns.rst:91 703f76adb1204c06bb496a78135219cf +msgid "" +"The following example uses the fictional ``firewall.example.net`` setup on " +"NethSecurity. The DigitalOcean API token is intentionally redacted; replace " +"it with your own token. ::" +msgstr "" +"Il seguente esempio utilizza la configurazione fittizia di " +"``firewall.example.net`` su NethSecurity. Il token API di DigitalOcean è " +"stato intenzionalmente oscurato; sostituirlo con il proprio token. ::" + +#: ../../ddns.rst:108 bebc2b1db3f54c7aae97656603229d06 +msgid "The relevant DigitalOcean fields are:" +msgstr "I campi rilevanti di DigitalOcean sono:" + +#: ../../ddns.rst:110 2b2612faee1343e28057e92cb833ed7a +msgid "``domain``: the domain managed in DigitalOcean" +msgstr "``domain``: il dominio gestito in DigitalOcean" + +#: ../../ddns.rst:111 991e2f3440694fa390917d0999d2ef28 +msgid "``username``: the hostname label to update" +msgstr "``username``: l'etichetta dell'hostname da aggiornare" + +#: ../../ddns.rst:112 9d8aab0e433b441a8ea6b922f5e434a1 +msgid "``password``: the personal access token" +msgstr "``password``: il personal access token" + +#: ../../ddns.rst:113 d6113e75266442a590cadb4b9aff74d3 +msgid "``param_opt``: the DNS record ID for that hostname" +msgstr "``param_opt``: l'ID del record DNS per quel nome host" + +#: ../../ddns.rst:115 da5933be4e7241c5842adae5a4b2e445 +msgid "To list the records and find the ID, run::" +msgstr "Per elencare i record e trovare l'ID, eseguire::" + +#: ../../ddns.rst:121 dd8b1a5c5b364835a3ea47a3c9d872f7 +msgid "Replace ``TOKEN`` and ``DOMAIN`` with your own values." +msgstr "Sostituire ``TOKEN`` e ``DOMAIN`` con i propri valori." + +#: ../../ddns.rst:174 9c84b78a9ff544329ec4fd2df5f850fb +msgid "Split DNS" +msgstr "DNS diviso" + +#: ../../ddns.rst:176 95b37e23aee34f1dbb6a093021c23895 +msgid "" +"Some deployments publish the same hostname inside the LAN and on the public " +"internet. If ``lookup_host`` resolves to a private address on the firewall " +"itself, DDNS can compare the public WAN IP against the internal answer and " +"keep retrying even when the provider update succeeded." +msgstr "" +"Alcuni deployment pubblicano lo stesso hostname sia all'interno della LAN " +"che su Internet pubblica. Se ``lookup_host`` si risolve in un indirizzo " +"privato sul firewall stesso, DDNS può confrontare l'IP WAN pubblico con la " +"risposta interna e continuare a riprovare anche quando l'aggiornamento del " +"provider è andato a buon fine." + +#: ../../ddns.rst:179 419f741c49494647b7be8663c68ec15e +msgid "" +"The recommended fix is to make DDNS query an external resolver for the " +"lookup instead of the local split-DNS answer. For example::" +msgstr "" +"La correzione consigliata è quella di fare in modo che la query DDNS " +"interroghi un resolver esterno per la ricerca invece della risposta locale " +"split-DNS. Ad esempio::" + +#: ../../ddns.rst:185 252c0d3e160b4d4bbccc390d741b5d9a +msgid "" +"This keeps split DNS for LAN clients while the DDNS client validates the " +"public record." +msgstr "" +"Questo mantiene il DNS split per i client LAN mentre il client DDNS " +"convalida il record pubblico." diff --git a/locale/it/LC_MESSAGES/dpi_filter.po b/locale/it/LC_MESSAGES/dpi_filter.po index 3abea3a8..10b15031 100644 --- a/locale/it/LC_MESSAGES/dpi_filter.po +++ b/locale/it/LC_MESSAGES/dpi_filter.po @@ -2,11 +2,11 @@ msgid "" msgstr "" -#: ../../dpi_filter.rst:5 17d2e81a2eac47bda9747528250d501a +#: ../../dpi_filter.rst:5 8da9b37b99434387859c2ddff71b20c0 msgid "Deep Packet Inspection (DPI) filter" msgstr "Filtro Deep Packet Inspection (DPI)" -#: ../../dpi_filter.rst:7 50c428e219d743fda99e7d11b933aad4 +#: ../../dpi_filter.rst:7 b33553f152e74d37ad7a2d07692da925 msgid "" "NethSecurity uses the `Netify Agent `_ to " "employ Deep Packet Inspection (DPI) techniques for filtering network " @@ -16,7 +16,7 @@ msgstr "" "impiegare tecniche di Deep Packet Inspection (DPI) per il filtraggio del " "traffico di rete." -#: ../../dpi_filter.rst:9 98524f7da59a416299301b5ca3ccaaf0 +#: ../../dpi_filter.rst:9 53a461ed2af54fcc837e6a939fc7e48f msgid "" "The Netify Agent functions as a deep-packet inspection server, leveraging " "nDPI (formerly OpenDPI) to identify network protocols and applications. " @@ -33,17 +33,17 @@ msgstr "" "flussi, le statistiche di rete e le classificazioni di rilevamento possono " "essere utilizzati per prendere decisioni sul flusso." -#: ../../dpi_filter.rst:13 9c86db2c3a6d4e7caba1c20fef0f3c4e +#: ../../dpi_filter.rst:13 107cc784d948478190fdb3cf79701454 msgid "Here's how it operates:" msgstr "Ecco come funziona:" -#: ../../dpi_filter.rst:15 ae9aad862dba4cbebb440a282b934f51 +#: ../../dpi_filter.rst:15 2d07a905447144e085417f78c839312f msgid "the Netify flow actions plugin assigns labels to matching connections" msgstr "" "il plugin delle azioni di flusso Netify assegna etichette alle connessioni " "corrispondenti" -#: ../../dpi_filter.rst:16 c5eaade646ce438bbcda36e469e190de +#: ../../dpi_filter.rst:16 67082f3e01a74318bae1d9ce9ceddcb1 msgid "" "nft rules can then either block or adjust priority (DSCP) for connections " "based on these labels" @@ -51,7 +51,7 @@ msgstr "" "Le regole nft possono quindi bloccare o regolare la priorità (DSCP) delle " "connessioni in base a queste etichette." -#: ../../dpi_filter.rst:18 e1ac2b5412bf4a13a2a2abe686768409 +#: ../../dpi_filter.rst:18 5cea9375afe94edabe8838569f77fd63 msgid "" "The administrator can create Deep Packet Inspection (DPI) rules for each " "interface." @@ -59,11 +59,11 @@ msgstr "" "L'amministratore può creare regole di Deep Packet Inspection (DPI) per " "ciascuna interfaccia." -#: ../../dpi_filter.rst:21 d5c18d51be0249fcb0d7d9749aefc17a +#: ../../dpi_filter.rst:21 ce0501620b0048858f531f38f265ec37 msgid "Configuration" msgstr "Configurazione" -#: ../../dpi_filter.rst:23 e55ccbf2a9d54aa18c718c5d7b555b10 +#: ../../dpi_filter.rst:23 05f296fbc2274cd4861ffc5bc90ac9f1 msgid "" "To configure these rules, the administrator initiates the process by " "selecting the particular network interface on which the rule is intended to " @@ -77,7 +77,7 @@ msgstr "" "precisione al segmento di rete designato, consentendo una gestione mirata ed" " efficace del traffico di rete." -#: ../../dpi_filter.rst:26 fc9ef2be1e3c4a9eb09e93fc4c24dd2c +#: ../../dpi_filter.rst:26 9eb4c8cac17142d7a33741f420ec12b8 msgid "" "Following the selection of the interface, the administrator is prompted to " "specify the applications that are to be blocked or regulated. This essential" @@ -89,7 +89,7 @@ msgstr "" "passaggio essenziale prevede la scelta da un elenco completo di applicazioni" " accessibile tramite l'interfaccia del sistema." -#: ../../dpi_filter.rst:29 95004df83b57453994329eeb70240ef8 +#: ../../dpi_filter.rst:29 7eefc91f3b854916921e75e599b4b9ff msgid "" "The interface, as a default feature, presents a catalog of commonly used " "applications. However, it provides an advanced search functionality enabling" @@ -102,15 +102,15 @@ msgstr "" "applicazioni specifiche e categorie di applicazioni che richiedono " "particolare attenzione." -#: ../../dpi_filter.rst:33 9228521c33de4cff9580c8a2d8e71fb9 +#: ../../dpi_filter.rst:33 5c3cb13ca7f44f68bf1afe6e6fb919b0 msgid "Premium application signatures" msgstr "Firme delle applicazioni Premium" -#: ../../dpi_filter.rst:35 3040be4725cf49e0a2474c7bd210c7d2 +#: ../../dpi_filter.rst:35 ea91d3595d8f44d6931d674f514569dc msgid "Subscription required" msgstr "Subscription richiesta" -#: ../../dpi_filter.rst:37 5865990b37f74561bc9aac7483f9df9a +#: ../../dpi_filter.rst:37 b762a16293c74e63bd46eaf03da07bdc msgid "" "This feature is available only if the firewall has a valid :ref:`Community " "or Enterprise subscription `." @@ -118,7 +118,7 @@ msgstr "" "Questa funzionalità è disponibile solo se il firewall dispone di una " "subscription :ref:`Community o Enterprise ` valida." -#: ../../dpi_filter.rst:40 1d57a29f5eb44395adff3f117a8e74ad +#: ../../dpi_filter.rst:40 a6acf292d5dc48b99e5f73c72c37fa5d msgid "" "In the absence of a subscription, the system inherently recognizes a " "baseline of approximately 400 applications. However, with an active " @@ -135,11 +135,11 @@ msgstr "" " con il panorama in continua evoluzione delle applicazioni e dei servizi " "digitali." -#: ../../dpi_filter.rst:45 796d40addeee44f18a47bf9250f6a9c5 +#: ../../dpi_filter.rst:45 2c5eb6a0149448ada4377eb3354ae8bd msgid "Applications and protocols list" msgstr "Elenco di applicazioni e protocolli" -#: ../../dpi_filter.rst:47 26d758871a2e4ebcab82ca3706f31a84 +#: ../../dpi_filter.rst:47 1423f3fd300e4e6f8b8c668da1bc5e54 msgid "" "The full list of all applications and protocols supported by the Enterprise " "version is available here:" @@ -147,21 +147,21 @@ msgstr "" "L'elenco completo di tutte le applicazioni e i protocolli supportati dalla " "versione Enterprise è disponibile qui:" -#: ../../dpi_filter.rst:49 c8be586673ea4037b96b1567cdb65be1 +#: ../../dpi_filter.rst:49 8e9623d54e234ca3b667bcfa6a188307 msgid "" "`Applications `_" msgstr "" "`Applicazioni `_" -#: ../../dpi_filter.rst:50 a45969b64fa44521acac766b5acb02a5 +#: ../../dpi_filter.rst:50 aaa5ebc521024256a35749fd5433ae76 msgid "`Protocols `_" msgstr "`Protocolli `_" -#: ../../dpi_filter.rst:53 950de0faa2d7427bb3a22fc84e09a7ed +#: ../../dpi_filter.rst:53 45ca620a75044e31ad1932bad4e16094 msgid "Exceptions" msgstr "Eccezioni" -#: ../../dpi_filter.rst:55 9a3ab4cd344d4d3b986efde415b16fb6 +#: ../../dpi_filter.rst:55 018f152c4f7a4639b81fc28cec3d4f66 msgid "" "DPI exclusion allows for the exclusion of specific network addresses, such " "as the gateway or other critical infrastructure, preventing them from being " @@ -170,64 +170,60 @@ msgstr "" "L'esclusione DPI consente di escludere indirizzi di rete specifici, come il " "gateway o altre infrastrutture critiche, impedendo che vengano bloccati." -#: ../../dpi_filter.rst:61 553b4a450ee341c9ab4c1942e6771230 +#: ../../dpi_filter.rst:61 76bcc92de68043c9a51818c931bbad42 msgid "Each exception can be enabled or disabled as desired." msgstr "Ogni eccezione può essere abilitata o disabilitata secondo necessità." -#: ../../dpi_filter.rst:64 0558f7adc0f846afb0fb28078ae708ed -msgid "Netify interface exclusion" -msgstr "Esclusione dell'interfaccia Netify" - -#: ../../dpi_filter.rst:66 e870859bf456472eb34159688cb88d11 +#: ../../dpi_filter.rst:57 dfd74f42d163464e9b89e5fb49b6d487 msgid "" -"By default, Netifyd monitors all interfaces. To exclude specific interfaces," -" you can define an exclusion list. Below are commands to add, modify, or " -"remove excluded interfaces. The exclusion list is configured using the " -"``ns_exclude`` option that takes a list of patterns. Each entry is a shel " -"glob pattern." +"To add a new exception, click the ``Add exception`` button. Enter the ``IP " +"address or CIDR`` that should be exempted from the filter. You can include a" +" description explaining the reason for the exclusion." msgstr "" -"Per impostazione predefinita, Netifyd monitora tutte le interfacce. Per " -"escludere interfacce specifiche, è possibile definire una lista di " -"esclusione. Di seguito sono riportati i comandi per aggiungere, modificare o" -" rimuovere le interfacce escluse. La lista di esclusione viene configurata " -"utilizzando l'opzione ``ns_exclude``, che accetta una lista di pattern. Ogni" -" voce è un pattern shell glob." +"Per aggiungere una nuova eccezione, fare clic sul pulsante ``Aggiungi " +"eccezione``. Inserire l'``Indirizzo IP address o CIDR`` che deve essere " +"escluso dal filtro. È possibile includere una descrizione che spieghi il " +"motivo dell'esclusione." -#: ../../dpi_filter.rst:69 1b9bedfabbd14400b2ee8999dea0cc8c -msgid "" -"Add interfaces to exclusion list. The system will exclude the `eth1` " -"interface and all OpenVPN and WireGuard interfaces: ::" -msgstr "" -"Aggiungere le interfacce all'elenco di esclusione. Il sistema escluderà " -"l'interfaccia ``eth1`` e tutte le interfacce OpenVPN e WireGuard: ::" +#: ../../dpi_filter.rst:64 332601b782a14faa82f2b18dca90a153 +msgid "Netify traffic bypass" +msgstr "Bypass del traffico Netify" -#: ../../dpi_filter.rst:77 7dbb8087ee7748ddb45c5097a881ee26 +#: ../../dpi_filter.rst:66 3e2f87bdf0c64559a8499aeac640fc51 msgid "" -"In this case the system will exclude interface ``eth1``, all WireGuard " -"``wgX`` interfaces and all OpenVPN routed interfaces." +"By default, Netifyd processes all traffic passing from, to and out of the " +"firewall. In some cases it may be desiderable to completely ignore traffic " +"analysis on some specific hosts or subnets. The exclusions is configured " +"using the `bypassv4` and `bypassv6` options that take a list of IP addresses" +" or CIDR subnets. Bypasses can have a description to explain the reason for " +"the bypass, separated by a `|` pipe character after the IP." msgstr "" -"In questo caso il sistema escluderà l'interfaccia ``eth1``, tutte le " -"interfacce WireGuard ``wgX`` e tutte le interfacce OpenVPN instradate." - -#: ../../dpi_filter.rst:79 c25be8cac5c245658565aacaf73ddf06 -msgid "Modify exclusion list: ::" -msgstr "Modifica elenco di esclusione: ::" +"Per impostazione predefinita, Netifyd elabora tutto il traffico che passa " +"da, verso e fuori dal firewall. In alcuni casi può essere desiderabile " +"ignorare completamente l'analisi del traffico su alcuni host o subnet " +"specifici. Le esclusioni vengono configurate utilizzando le opzioni " +"`bypassv4` e `bypassv6`, che accettano un elenco di indirizzi IP o subnet in" +" formato CIDR. I bypass possono avere una descrizione per spiegare il motivo" +" dell'esclusione, separata dall'indirizzo IP tramite il carattere `|` " +"(pipe)." -#: ../../dpi_filter.rst:86 69c339bc20d744318907488a96a0d857 -msgid "Clear exclusion list: ::" -msgstr "Eliminazione elenco di esclusione: ::" +#: ../../dpi_filter.rst:68 5bccb5dccb9b4a408080e5b4b63d1860 +msgid "To add a new bypass entry, use the following command: ::" +msgstr "" +"Per aggiungere una nuova voce di bypass, utilizzare il seguente comando: ::" -#: ../../dpi_filter.rst:92 c03937ef200f43aca8a60aa6b001799e -msgid "Return the exclusion list: ::" -msgstr "Restituire l'elenco di esclusione: ::" +#: ../../dpi_filter.rst:75 2e25c6db919142f787773c8b426dd300 +msgid "" +"To edit and manage uci entries, refer to the :ref:`UCI list management ` section." +msgstr "" +"Per modificare e gestire le voci uci, fare riferimento alla sezione " +":ref:`Gestione delle liste UCI `." -#: ../../dpi_filter.rst:57 dfb5aa43cd0d411a9a99c53dc0c765a7 +#: ../../dpi_filter.rst:77 d75473fba81e4c2496c638d3ec4f6d41 msgid "" -"To add a new exception, click the ``Add exception`` button. Enter the ``IP " -"address or CIDR`` that should be exempted from the filter. You can include a" -" description explaining the reason for the exclusion." +"You can visualize the applied bypass entries and netifyd capture " +"configuration using the following command: ::" msgstr "" -"Per aggiungere una nuova eccezione, fare clic sul pulsante ``Aggiungi " -"eccezione``. Inserire l'``Indirizzo IP address o CIDR`` che deve essere escluso dal " -"filtro. È possibile includere una descrizione che spieghi il motivo " -"dell'esclusione." +"È possibile visualizzare le voci di bypass applicate e la configurazione di " +"acquisizione di netifyd utilizzando il seguente comando: ::" diff --git a/locale/it/LC_MESSAGES/index.po b/locale/it/LC_MESSAGES/index.po index 388e1ad5..2c0010d8 100644 --- a/locale/it/LC_MESSAGES/index.po +++ b/locale/it/LC_MESSAGES/index.po @@ -22,50 +22,54 @@ msgstr "Rete" msgid "Users and objects" msgstr "Utenti e oggetti" -#: ../../index.rst:70 +#: ../../index.rst:71 msgid "Firewall" msgstr "Firewall" -#: ../../index.rst:80 +#: ../../index.rst:81 msgid "Security" msgstr "Sicurezza" -#: ../../index.rst:91 +#: ../../index.rst:92 msgid "VPN" msgstr "VPN" -#: ../../index.rst:109 +#: ../../index.rst:116 msgid "Advanced (CLI)" msgstr "Avanzate (CLI)" -#: ../../index.rst:123 +#: ../../index.rst:131 msgid "Best practices" msgstr "Best practice" -#: ../../index.rst:5 627dea8e69c14601ac6a647f77602ab2 +#: ../../index.rst:5 db6dc929b53a4e7ea8cb2a82f94381af msgid "NethSecurity administrator manual" msgstr "Manuale dell'amministratore di NethSecurity" -#: ../../index.rst:9 7c19ab95885f4ec4861dd16ce2ea9dda +#: ../../index.rst:9 669b5531437c4b049ee07c9f8a921787 msgid "`Official site `_" msgstr "`Sito ufficiale `_" -#: ../../index.rst:11 f623df53255b40ffa90f6b0564a4ff6b +#: ../../index.rst:11 3a8b2d68203346e7a1d87623b04223a3 msgid "`Developer manual `_" msgstr "`Manuale sviluppatori `_" -#: ../../index.rst:13 faf71a70ec3a44a88b68d958fdde029a +#: ../../index.rst:13 b0e301c67f3e4842bfbb7e1d78cacd3c msgid "Help on `Community `_" msgstr "Aiuto su `Community `_" -#: ../../index.rst:5 4cb8837b91ba43a598c6426e7dc32e40 +#: ../../index.rst:5 f441dde6b1074ee0b55364f380887b83 msgid "External links" msgstr "Collegamenti esterni" -#: ../../index.rst:100 +#: ../../index.rst:107 msgid "High Availability" msgstr "Alta disponibilità" #: ../../index.rst:32 msgid "Monitoring" msgstr "Monitoraggio" + +#: ../../index.rst:101 +msgid "Logs" +msgstr "Log" diff --git a/locale/it/LC_MESSAGES/logs.po b/locale/it/LC_MESSAGES/logs.po index 1d4f078b..d9e4142e 100644 --- a/locale/it/LC_MESSAGES/logs.po +++ b/locale/it/LC_MESSAGES/logs.po @@ -2,47 +2,15 @@ msgid "" msgstr "" -#: ../../logs.rst:5 9671a18c12ca48ac88dacee7d0a32d7a +#: ../../logs.rst:5 3a28eb2e1bab4cd1bce42fac40f48383 msgid "Logs" msgstr "Log" -#: ../../logs.rst:7 ddf5745528bd43099690c08740db10a3 -msgid "" -"Logs are initially written to a temporary in-memory directory to prevent " -"potential errors on the root file system in case of a failure." -msgstr "" -"I log vengono inizialmente scritti in una directory temporanea in memoria " -"per prevenire potenziali errori sul file system root in caso di un guasto." - -#: ../../logs.rst:9 02b3c0a9ed6444f3a6c41fb7c32593f0 -msgid "" -"**Local Storage**: Logs can be written directly to storage. This can be " -"configured from the UI, see the :ref:`storage-section`." -msgstr "" -"**Archiviazione locale**: I log possono essere scritti direttamente " -"nell'archiviazione. Questa opzione può essere configurata dall'interfaccia " -"utente, vedere la sezione :ref:`storage-section`." - -#: ../../logs.rst:11 9f8fb992c6734917a9a767ca1592d973 -msgid "" -"**Remote Controller**: Logs can be automatically forwarded to a :ref:`remote" -" controller `." -msgstr "" -"**Controller remoto**: I log possono essere inoltrati automaticamente a un " -":ref:`controller remoto `." - -#: ../../logs.rst:13 07f41cf3b613455498196a757b352dd7 -msgid "" -"**Custom Syslog Forwarder**: Logs can be sent to a remote syslog server." -msgstr "" -"**Syslog Forwarder personalizzato**: I log possono essere inviati a un " -"server syslog remoto." - -#: ../../logs.rst:20 a822381241134ad78703280b7a77a0bf +#: ../../logs.rst:52 36910296b32c4f62b8a9414ed06d374d msgid "Forwarding to a remote server" msgstr "Inoltro a un server remoto" -#: ../../logs.rst:22 75703b79e6cb4097af965add6a7d9cde +#: ../../logs.rst:57 daef5b6086b0406db53069068ef6d48b msgid "" "It is sufficient to configure the UCI database with the desired options, " "then commit the changes, and finally restart the service. Temporary logs " @@ -54,14 +22,14 @@ msgstr "" "continueranno a essere visibili in ``/var/log/messages`` e saranno anche " "inviati al server remoto." -#: ../../logs.rst:25 f5c05a3264184c67ba6289662cb0454b +#: ../../logs.rst:60 91c43adfca23494da7ea1845958801d8 msgid "" "Most syslog servers are configured to listen on UDP port 514 by default." msgstr "" "La maggior parte dei server syslog sono configurati per ascoltare sulla " "porta UDP 514 per impostazione predefinita." -#: ../../logs.rst:27 94549e31071f402eb42d906aaf295d25 +#: ../../logs.rst:62 b789ef2de6ea4b37ac207899deadb1b1 msgid "" "Example configuration for sending logs to the syslog server with IP " "192.168.1.88 on UDP port 514. The configuration is named ``clm`` (custom log" @@ -71,17 +39,17 @@ msgstr "" "192.168.1.88 sulla porta UDP 514. La configurazione è denominata ``clm`` " "(custom log manager):" -#: ../../logs.rst:38 d2bfca9240d344d98860719865e19807 +#: ../../logs.rst:73 d85c57de75514bae9c1ff6cc102bf073 msgid "Once configured, simply commit the changes with the command: ::" msgstr "" "Una volta configurato, è sufficiente confermare le modifiche con il comando:" " ::" -#: ../../logs.rst:42 9a472f9828ca4e03b4a8409f0055c06e +#: ../../logs.rst:77 2d57559f12744c93a9c599362b05c96d msgid "And finally, restart the service: ::" msgstr "E infine, riavviare il servizio: ::" -#: ../../logs.rst:46 857d28096f46463aaff83271725a47ae +#: ../../logs.rst:81 0208942243574371aaefb0ad5b9488a4 msgid "" "By default the forwarder uses the TraditionalFileFormat (RFC 3164) for the " "logs. It is possible also to configure RFC 5424 using the same syntax: ::" @@ -90,7 +58,7 @@ msgstr "" " (RFC 3164) per i log. È anche possibile configurare RFC 5424 utilizzando la" " stessa sintassi: ::" -#: ../../logs.rst:51 befca3d218c747dbaa7071d8ec432329 +#: ../../logs.rst:86 b16c11e9bb884b8ca893800dc278c3ce msgid "" "It is possible to configure multiple forwarders by repeating the operation " "using a different configuration name like ``clm2``." @@ -98,13 +66,13 @@ msgstr "" "È possibile configurare più forwarder ripetendo l'operazione utilizzando un " "nome di configurazione diverso come ``clm2``." -#: ../../logs.rst:137 d58e1be284b54a19b358c889e945b42e +#: ../../logs.rst:181 8ba5320327cc4f009c9405a343b6cab5 msgid "**Get current size**: Retrieve the current log rotation size in bytes." msgstr "" "**Ottieni dimensione attuale**: Recupera la dimensione attuale della " "rotazione del log in byte." -#: ../../logs.rst:138 28cfbfce8d224a1987bb6bd76069f0f5 +#: ../../logs.rst:182 ed51d7645ec24fffb5d2fccef6dfb175 msgid "" "**Set new size**: Change the log rotation size to a specified value, " "ensuring that the new size is a positive integer and not less than 52428800 " @@ -114,7 +82,7 @@ msgstr "" "a un valore specificato, assicurandosi che la nuova dimensione sia un intero" " positivo e non inferiore a 52428800 byte (50 MB)." -#: ../../logs.rst:139 90832cb309f047dc8222535d03a4eeb0 +#: ../../logs.rst:183 4c76f6c0cc0c438ca319d9ecd3066e4a msgid "" "**Configuration safety**: If the specified size is below the minimum " "threshold, the script warns the user and does not make any changes to the " @@ -124,20 +92,20 @@ msgstr "" " alla soglia minima, lo script avvisa l'utente e non apporta alcuna modifica" " alla configurazione." -#: ../../logs.rst:142 973ed98d98c549e8be7910dfe9e21953 +#: ../../logs.rst:186 228d55cfa68446829e582d3fe2a0b71c msgid "Usage" msgstr "Utilizzo" -#: ../../logs.rst:144 c8eff0f143f842a9bce79496d01e4dce +#: ../../logs.rst:188 0a6d6424993144f4a04de128287d512a msgid "To use the script, run it with the following syntax:" msgstr "Per utilizzare lo script, eseguirlo con la seguente sintassi:" -#: ../../logs.rst:150 c69314d6df084dbd9022d59f80643384 +#: ../../logs.rst:194 c506af2dd42b475ba3a71bd7aa75d8f9 msgid "**get**: Outputs the current log rotation size in bytes." msgstr "" "**get**: Restituisce la dimensione attuale della rotazione dei log in byte." -#: ../../logs.rst:151 4b8f656816574f15a9006d95dd9eb3cb +#: ../../logs.rst:195 cc29fd0aba9f41c48ba3238517d1cc61 msgid "" "**set **: Sets the log rotation size to the specified value (in " "bytes)." @@ -145,27 +113,27 @@ msgstr "" "**set **: Imposta la dimensione di rotazione del log al valore " "specificato (in byte)." -#: ../../logs.rst:154 6c2e1d7feee448d08cb5d3d7f920150e +#: ../../logs.rst:198 230bb617ce5247b39eb8f7d607d61348 msgid "Example" msgstr "Esempio" -#: ../../logs.rst:156 1bb2852e56de49368549f4ad0b576f92 +#: ../../logs.rst:200 a3a01c2e3ab745e895454fb28cc5722d msgid "To get the current log rotation size:" msgstr "Per ottenere la dimensione attuale della rotazione dei log:" -#: ../../logs.rst:162 f6e2ec6ac53246e882f4107983932616 +#: ../../logs.rst:206 dcb654e2100c455f89ba9bb3d903d1f3 msgid "To set a new log rotation size to 104857600 bytes (100 MB):" msgstr "" "Per impostare una nuova dimensione di rotazione dei log a 104857600 byte " "(100 MB):" -#: ../../logs.rst:168 fab78bc783044355b46ce93836e2bbb7 +#: ../../logs.rst:212 0a05af9aafb54a95897dd355bad2d97c msgid "The service rsyslog is restarted automatically after the size is set." msgstr "" "Il servizio rsyslog viene riavviato automaticamente dopo che la dimensione è" " stata impostata." -#: ../../logs.rst:170 fd98cc4c318b4028a57a05a230281ca3 +#: ../../logs.rst:214 0cbd7b3c234842a0bf44e26248bb97fe msgid "" "All changes to the log rotation size are directly written in the Rsyslog " "configuration file ``/etc/rsyslog.conf``." @@ -173,7 +141,7 @@ msgstr "" "Tutte le modifiche alla dimensione della rotazione dei log vengono scritte " "direttamente nel file di configurazione di Rsyslog ``/etc/rsyslog.conf``." -#: ../../logs.rst:135 8ac0dcb86ce54d9d988f57756f363f8e +#: ../../logs.rst:179 26c6bb25be6e43d79f557741229b6548 msgid "" "The ``ns-log-size`` script manages the log rotation size for the Rsyslog " "service. It allows to **get** and **set** the log rotation size defined in " @@ -184,11 +152,7 @@ msgstr "" " rotazione dei log, definita in byte, per il file di log situato in " "``/var/log/messages``." -#: ../../logs.rst:123 cfc8dd37c1134b25a84c29afc1092612 -msgid "Log rotation" -msgstr "Rotazione dei log" - -#: ../../logs.rst:125 5610deabf0cc4828b4881db4b656a3b9 +#: ../../logs.rst:162 6bf1c046ee304484805d780195c39225 msgid "" "Logs are rotated to manage disk space and ensure that log files do not grow " "indefinitely." @@ -196,34 +160,15 @@ msgstr "" "I log vengono ruotati per gestire lo spazio su disco e garantire che i file " "di log non crescano indefinitamente." -#: ../../logs.rst:128 3d870b433644473e958012f252c22647 +#: ../../logs.rst:172 6b985fa9b5c14ce08e052119c75a10a9 msgid "In-memory log rotation" msgstr "Rotazione dei log in memoria" -#: ../../logs.rst:130 6a32d6a6dc0549069ae9a1c3cedadec2 -msgid "" -"The ``/var/log/messages`` log file is stored in RAM and it's rotated based " -"on size. Once it reaches a predefined size limit, the log is rotated and " -"compressed to conserve space. The rotated log is saved as " -"``/var/log/messages.1.gz`` in gzip format. The system retains only two " -"versions of the log: the active log file and the latest rotated, compressed " -"file. From version 1.4.0, by default, the log rotation threshold is set to " -"10% of the tmpfs filesystem mounted at ``/tmp``." -msgstr "" -"Il file di log ``/var/log/messages`` è memorizzato in RAM e viene ruotato in" -" base alle dimensioni. Una volta raggiunto un limite di dimensione " -"predefinito, il log viene ruotato e compresso per risparmiare spazio. Il log" -" ruotato viene salvato come ``/var/log/messages.1.gz`` in formato gzip. Il " -"sistema mantiene solo due versioni del log: il file di log attivo e l'ultimo" -" file ruotato e compresso. A partire dalla versione 1.4.0, per impostazione " -"predefinita, la soglia di rotazione del log è impostata al 10% del " -"filesystem tmpfs montato su ``/tmp``." - -#: ../../logs.rst:175 065001f410c84f4e94034b7b3aee20cd +#: ../../logs.rst:165 bab33d6a261e4fe3a59197aeca64431b msgid "Storage log rotation" msgstr "Rotazione dei log di storage" -#: ../../logs.rst:177 086b787692d94cb0a2011b2b25e17e21 +#: ../../logs.rst:167 967221f6f888497ab66b8f106136293a msgid "" "When using persistent storage, log rotation is managed by the ``logrotate`` " "utility, which is configured to rotate logs weekly and keep a maximum of 52 " @@ -238,44 +183,15 @@ msgstr "" "nella stessa directory con una convenzione di denominazione che include la " "data della rotazione (ad esempio, ``/mnt/data/log/messages-20260315.gz``)." -#: ../../logs.rst:182 74317642f5a540b2bdb064bb01d01ab6 -msgid "" -"The configuration file for logrotate is located at " -"``/etc/logrotate.d/data.conf`` and can be modified to change the rotation " -"frequency and retention period as needed. The configuration file is " -"automatically added to the backup and preserved during upgrades, so any " -"custom settings persist." -msgstr "" -"Il file di configurazione per logrotate si trova in " -"``/etc/logrotate.d/data.conf`` e può essere modificato per cambiare la " -"frequenza di rotazione e il periodo di conservazione secondo necessità. Il " -"file di configurazione viene aggiunto automaticamente al backup e mantenuto " -"durante gli aggiornamenti, quindi tutte le impostazioni personalizzate " -"vengono preservate." - -#: ../../logs.rst:15 186a2a45d8334dc2917e007ffeb6e55d -msgid "" -"**Cloud Log Manager**: Logs can be forwarded to the Nethesis Cloud Log " -"Manager (CLM) service." -msgstr "" -"**Cloud Log Manager**: I log possono essere inoltrati al servizio Nethesis " -"Cloud Log Manager (CLM)." - -#: ../../logs.rst:17 4e0432656aa642b693746e6eb4af357d -msgid "" -"The next paragraphs will explain how to configure these latter options." -msgstr "" -"I prossimi paragrafi spiegheranno come configurare queste ultime opzioni." - -#: ../../logs.rst:54 25c942397cd24aa98760ce5cceeef563 +#: ../../logs.rst:89 ffe1bca74e354953b8813647003210a1 msgid "Forwarding to Nethesis Cloud Log Manager" msgstr "Inoltro a Nethesis Cloud Log Manager" -#: ../../logs.rst:56 cc6d2a522d2242b497c62b997fe547b8 +#: ../../logs.rst:91 e2ce348df5484cb2ba2c3a250fb74dae msgid "Service entitlement required" msgstr "Autorizzazione al servizio richiesta" -#: ../../logs.rst:58 c3780529e9594540b88ab971af909cc9 +#: ../../logs.rst:93 ada707b955bc4f679edb1474991f0c40 msgid "" "You need to purchase a subscription for the CLM service from Nethesis and " "obtain the tenant identifier. The service is currenlty reserved to " @@ -286,7 +202,7 @@ msgstr "" " clienti Enterprise. Per ulteriori informazioni, contattare il reparto " "vendite di Nethesis." -#: ../../logs.rst:61 82d2f91052754965a8aeeb7bd5ec6826 +#: ../../logs.rst:96 61685b169f5640c4a41b76fb0419535b msgid "" "The ``ns-clm`` package forwards syslog messages to the Nethesis Cloud Log " "Manager (CLM) service. It provides the ``ns-clm-forwarder`` daemon, which " @@ -305,7 +221,7 @@ msgstr "" "automaticamente la rotazione dei log e salva la posizione raggiunta allo " "spegnimento, in modo da poter riprendere dopo un riavvio." -#: ../../logs.rst:66 63bbc874ad3c480aaeb1db1d284b5fb6 +#: ../../logs.rst:101 9fa8fbd114904b57b1564eaee1c2c044 msgid "" "The package is not included by default on NethSecurity 8.7.2 or earlier, but" " it is available in the package repository and can be manually installed. " @@ -315,17 +231,17 @@ msgstr "" "precedenti, ma è disponibile nel repository dei pacchetti e può essere " "installato manualmente. Installarlo con: ::" -#: ../../logs.rst:73 1adb97a91a194886814c1a8d6a1d6588 +#: ../../logs.rst:108 c31995bd1187420694fb6f56b6c26cf7 msgid "The UCI configuration is stored in ``/etc/config/ns-clm``:" msgstr "La configurazione UCI è memorizzata in ``/etc/config/ns-clm``:" -#: ../../logs.rst:102 77f9a077117c472a839999f81129a625 +#: ../../logs.rst:137 a90ff9ab916b4e44b7b207c9312fa6bf msgid "To enable the forwarder and set the tenant identifier, run: ::" msgstr "" "Per abilitare il forwarder e impostare l'identificatore del tenant, " "eseguire: ::" -#: ../../logs.rst:110 538af8dfe90145ee9cf3f3a75a890d19 +#: ../../logs.rst:145 111ba20917644d908074e24853e7d749 msgid "" "You can find the tenant identifier in the CLM portal, under ``Users and " "Companies`` -> ``Companies``." @@ -333,49 +249,49 @@ msgstr "" "È possibile trovare l'identificatore del tenant nel portale CLM, sotto " "``Utenti e Aziende`` -> ``Aziende``." -#: ../../logs.rst:112 9604f557ee154f9fa9a59d5fae01a13a +#: ../../logs.rst:147 9390cb23248c4affa3d18c18da48c028 msgid "To also enable the service at boot: ::" msgstr "Per abilitare anche il servizio all'avvio: ::" -#: ../../logs.rst:116 bb426d13f6a242db8a488f6daafd4e1e +#: ../../logs.rst:151 5228d0d1e51044f88fb435559b0ff907 msgid "To stop and disable the forwarder: ::" msgstr "Per arrestare e disabilitare il forwarder: ::" -#: ../../logs.rst:79 d03dd421a1b34c51b0e6dc8f1e29aa25 +#: ../../logs.rst:114 96f8fae3013d470da8f0ef3c5bf1334d msgid "Option" msgstr "Opzione" -#: ../../logs.rst:80 91b2a5dbf9264e10bd7ec3fc40643037 +#: ../../logs.rst:115 478616da443b40edaba46bb86e06496b msgid "Default" msgstr "Predefinito" -#: ../../logs.rst:81 46528795a4304c9f805bf8feab61a521 +#: ../../logs.rst:116 37f95b352e744aa58d1abe19f5ccc498 msgid "Description" msgstr "Descrizione" -#: ../../logs.rst:82 616a7f757d5d40adb45e56a46a47eb31 +#: ../../logs.rst:117 c5112f887980472cb958a75c01abef5d msgid "``enabled``" msgstr "``abilitato``" -#: ../../logs.rst:83 ../../logs.rst:99 33713abaa911431e81f4dbf052428517 -#: 6c2ce5a44f4244adbf0ec872738749d1 +#: ../../logs.rst:118 ../../logs.rst:134 633332f9234f4ca69e230399dd356da9 +#: 417da54ed7b54e07aba4534143c2a25a msgid "``0``" msgstr "``0``" -#: ../../logs.rst:84 406ad39945df4cfb84511dcc607e8c90 +#: ../../logs.rst:119 865588484328402192079f3abf7ef562 msgid "Enable (``1``) or disable (``0``) the forwarder" msgstr "Abilitare (``1``) o disabilitare (``0``) il forwarder" -#: ../../logs.rst:85 3626238bc18d46ee8e1408666e39d29b +#: ../../logs.rst:120 18ff9ebd9bb44991bf6bc2cb4657e2de msgid "``uuid``" msgstr "``uuid``" -#: ../../logs.rst:86 ../../logs.rst:96 a94b533133e9480797f2cb04c65e7419 -#: 9effcd8a9e464235bdc3023f891d67cc +#: ../../logs.rst:121 ../../logs.rst:131 5fee0d77c4564838927cf100d98c0ce3 +#: 9c5e1664724d4d378c4671f5020d0440 msgid "(empty)" msgstr "Nessun testo da tradurre." -#: ../../logs.rst:87 302f9510781041ba9b6d3c4b9bb094f4 +#: ../../logs.rst:122 4b0cf4c359a84c528a90925aaa71ad3b msgid "" "Unique identifier for the device, generated with ``uuidgen`` and prefixed " "with \"L\" to ensure it starts with a letter." @@ -383,34 +299,34 @@ msgstr "" "Identificatore univoco per il dispositivo, generato con ``uuidgen`` e " "preceduto da \"L\" per garantire che inizi con una lettera." -#: ../../logs.rst:89 d57efb9947d0490cbaf30d785262ec4c +#: ../../logs.rst:124 e978d84b5a3241848192360c6ec6dc95 msgid "" "This is required for the CLM service to identify the source of the logs." msgstr "" "Questo è necessario affinché il servizio CLM possa identificare la fonte dei" " log." -#: ../../logs.rst:91 68e0cb9b395849208adb2047786d5a79 +#: ../../logs.rst:126 38f7590f52734fc3b56c92ad7410e9e0 msgid "Example: ``L3d50ca11-4415-4e46-9ee9-b1da0f62c337``" msgstr "Esempio: ``L3d50ca11-4415-4e46-9ee9-b1da0f62c337``" -#: ../../logs.rst:92 e509e490482048d2906454eca332483b +#: ../../logs.rst:127 87f0a03c3e9f4557939bc7286478b3a6 msgid "``address``" msgstr "``indirizzo``" -#: ../../logs.rst:93 5669700293564e91aba4faba2d9b02fa +#: ../../logs.rst:128 3ac5930531564c459b5b5cf52d62db32 msgid "``https://nar.nethesis.it``" msgstr "``https://nar.nethesis.it``" -#: ../../logs.rst:94 5a3e82025a3c4965ae953e4d8b8838f8 +#: ../../logs.rst:129 88b7fe40610e46459f4abeec67834e87 msgid "CLM server address" msgstr "Indirizzo server CLM" -#: ../../logs.rst:95 5128ad79e7bd4ae08e1df5d5d7057454 +#: ../../logs.rst:130 0eedf58258c943188cffd52777bdf904 msgid "``tenant``" msgstr "``tenant``" -#: ../../logs.rst:97 d0298bc730a7450f9c54222b0936b6e7 +#: ../../logs.rst:132 52bd76d2832240cc906cad3b6037bee5 msgid "" "CLM tenant identifier, available inside the CLM portal, under ``Users and " "Companies`` -> ``Companies``" @@ -418,10 +334,262 @@ msgstr "" "Identificatore tenant CLM, disponibile all'interno del portale CLM, sotto " "``Utenti e Aziende`` -> ``Aziende``" -#: ../../logs.rst:98 f2247c230afa4fd3ad0c60037d504836 +#: ../../logs.rst:133 9783130e240149768449c93bb7edeebc msgid "``debug``" msgstr "``debug``" -#: ../../logs.rst:100 d17a20528f714d2d849e4b0112815ab3 +#: ../../logs.rst:135 1bfa1f94108d45d79e1c0082a27778db msgid "Enable debug output to stderr (``1``)" msgstr "Abilita l'output di debug su stderr (``1``)" + +#: ../../logs.rst:7 1ee045c418d94556955315e7281741db +msgid "" +"Logs are used for troubleshooting, operational monitoring, incident " +"analysis, and audit reconstruction. Depending on the installation type and " +"available services, logs can be **stored on persistent local storage** " +"and/or **forwarded to external systems** for centralized collection, " +"retention, and analysis, such as:" +msgstr "" +"I log vengono utilizzati per la risoluzione dei problemi, il monitoraggio " +"operativo, l'analisi degli incidenti e la ricostruzione degli audit. A " +"seconda del tipo di installazione e dei servizi disponibili, i log possono " +"essere **memorizzati su storage locale persistente** e/o **inoltrati a " +"sistemi esterni** per la raccolta, la conservazione e l'analisi " +"centralizzate, come ad esempio:" + +#: ../../logs.rst:10 7bbbd251c92342ea904aa5e6b359a7f8 +msgid "remote syslog server" +msgstr "server syslog remoto" + +#: ../../logs.rst:11 0d577735f6584ca4b7a6d58b9f24d2c2 +msgid "NethSecurity Controller" +msgstr "Controller NethSecurity" + +#: ../../logs.rst:12 d0fa4acc6975400ca037ec8c422f30be +msgid "Nethesis Cloud Log Manager" +msgstr "Nethesis Cloud Log Manager" + +#: ../../logs.rst:15 9d7666fade8a4017a928e80ad1034590 +msgid "" +"For audit, troubleshooting, and long-term retention, persistent storage or " +"remote log forwarding is recommended." +msgstr "" +"Per audit, risoluzione dei problemi e conservazione a lungo termine, si " +"consiglia l'utilizzo di storage persistente o l'inoltro remoto dei log." + +#: ../../logs.rst:18 2a6efa5387554f9a91c697f44bf3ea57 +msgid "Log storage" +msgstr "Archiviazione dei log" + +#: ../../logs.rst:20 ec864264a62a4584a577bfb22ce0a121 +msgid "" +"NethSecurity can store logs in different ways depending on the installation " +"type and the available storage." +msgstr "" +"NethSecurity può memorizzare i log in modi diversi a seconda del tipo di " +"installazione e dello spazio di archiviazione disponibile." + +#: ../../logs.rst:23 17c301e55fe04421b263be4cf4c762fc +msgid "Physical appliances" +msgstr "Appliance fisici" + +#: ../../logs.rst:25 c391d860c7cf431fb57ef5314dc31c5d +msgid "" +"On NethSecurity physical appliances, **persistent storage is configured " +"automatically** and used to store logs. When persistent storage is " +"available, logs are saved on disk and managed by log rotation." +msgstr "" +"Sui dispositivi fisici NethSecurity, **lo storage persistente viene " +"configurato automaticamente** e utilizzato per memorizzare i log. Quando lo " +"storage persistente è disponibile, i log vengono salvati su disco e gestiti " +"tramite rotazione dei log." + +#: ../../logs.rst:29 8d863e9acfb84e3a885bad1b79ba1a13 +msgid "Virtual machines" +msgstr "Macchine virtuali" + +#: ../../logs.rst:31 c4f3be29406d46b890f35b6d0d92f15e +msgid "" +"On virtual machines, persistent storage must be configured explicitly. For " +"audit, troubleshooting, and long-term retention, it is recommended to attach" +" and configure a dedicated virtual disk for logs." +msgstr "" +"Sulle macchine virtuali, lo storage persistente deve essere configurato " +"esplicitamente. Per audit, troubleshooting e conservazione a lungo termine, " +"si consiglia di collegare e configurare un disco virtuale dedicato per i " +"log." + +#: ../../logs.rst:34 7890ef9a0f614a6199b4c47de2be8f46 +msgid "" +"For details about how to set and verify storage configuration see the " +"storage section :ref:`storage-section`." +msgstr "" +"Per dettagli su come impostare e verificare la configurazione dello storage," +" consultare la sezione storage :ref:`storage-section`." + +#: ../../logs.rst:37 9bcdd54af9c54e908e2f366f6e9c4eea +msgid "In-memory logs" +msgstr "Log in memoria" + +#: ../../logs.rst:39 9883550fe5a247b4a89693651ed46d56 +msgid "" +"If persistent storage is not configured, logs are written to a temporary in-" +"memory directory. This prevents potential errors on the root file system in " +"case of failure, but it is not suitable for long-term retention. In-memory " +"logs are useful for short-term troubleshooting only. For audit-oriented " +"deployments, configure persistent storage or remote log forwarding." +msgstr "" +"Se lo storage persistente non è configurato, i log vengono scritti in una " +"directory temporanea in memoria. Questo previene potenziali errori sul file " +"system root in caso di guasto, ma non è adatto per la conservazione a lungo " +"termine. I log in memoria sono utili solo per la risoluzione dei problemi a " +"breve termine. Per deployment orientati all’audit, configurare uno storage " +"persistente o l’inoltro remoto dei log." + +#: ../../logs.rst:44 dcf3f3bd979d4328a7b0f23f2f0949c0 +msgid "OpenVPN connection history" +msgstr "Cronologia delle connessioni OpenVPN" + +#: ../../logs.rst:46 acf64668cc9e4bea9f297b7c17fbb59a +msgid "" +"OpenVPN connection history is permanently saved on all systems equipped with" +" persistent storage. This allows administrators to review historical OpenVPN" +" connection activity on systems with storage. OpenVPN connection logs can be" +" useful to reconstruct VPN access history, support troubleshooting, and " +"provide evidence during audit or incident analysis." +msgstr "" +"La cronologia delle connessioni OpenVPN viene salvata in modo permanente su " +"tutti i sistemi dotati di storage persistente. Questo consente agli " +"amministratori di esaminare l'attività storica delle connessioni OpenVPN sui" +" sistemi con storage. I log delle connessioni OpenVPN possono essere utili " +"per ricostruire la cronologia degli accessi VPN, supportare la risoluzione " +"dei problemi e fornire prove durante audit o analisi di incidenti." + +#: ../../logs.rst:54 373112f8434d4b9980777f4b5de14e8c +msgid "" +"NethSecurity can forward logs to a remote syslog server. Remote log " +"forwarding is recommended when logs must be centralized, retained for a " +"longer period, protected from local deletion, or integrated with a SIEM or " +"external monitoring system." +msgstr "" +"NethSecurity può inoltrare i log a un server syslog remoto. L'inoltro remoto" +" dei log è consigliato quando è necessario centralizzare i log, conservarli " +"per un periodo più lungo, proteggerli dalla cancellazione locale o " +"integrarli con un SIEM o un sistema di monitoraggio esterno." + +#: ../../logs.rst:160 aa54dbf0f9694d17b95ebdc0a1f0e367 +msgid "Log rotation and retention" +msgstr "Rotazione e conservazione dei log" + +#: ../../logs.rst:174 deff15cc63bd4d0c8b8ea192d28d0080 +msgid "" +"If a storage is not present the ``/var/log/messages`` log file is stored in " +"RAM and it's rotated based on size. Once it reaches a predefined size limit," +" the log is rotated and compressed to conserve space. The rotated log is " +"saved as ``/var/log/messages.1.gz`` in gzip format. The system retains only " +"two versions of the log: the active log file and the latest rotated, " +"compressed file. From version 1.4.0, by default, the log rotation threshold " +"is set to 10% of the tmpfs filesystem mounted at ``/tmp``." +msgstr "" +"Se uno storage non è presente, il file di log ``/var/log/messages`` viene " +"memorizzato in RAM e ruotato in base alla dimensione. Una volta raggiunto un" +" limite di dimensione predefinito, il log viene ruotato e compresso per " +"risparmiare spazio. Il log ruotato viene salvato come " +"``/var/log/messages.1.gz`` in formato gzip. Il sistema mantiene solo due " +"versioni del log: il file di log attivo e l'ultimo file ruotato e compresso." +" Dalla versione 1.4.0, per impostazione predefinita, la soglia di rotazione " +"del log è impostata al 10% del filesystem tmpfs montato su ``/tmp``." + +#: ../../logs.rst:221 4df49aeb860a42e0b3ed35f4aef38f48 +msgid "Audit and compliance recommendations" +msgstr "Raccomandazioni per audit e conformità" + +#: ../../logs.rst:223 c8224c97a9044a6b88c1c2efbe6d49bd +msgid "" +"For audit and compliance-oriented deployments, use persistent storage or " +"remote log forwarding." +msgstr "" +"Per le distribuzioni orientate all'audit e alla conformità, utilizzare uno " +"storage persistente o l'inoltro remoto dei log." + +#: ../../logs.rst:225 296b4f4b4c2b4da9a15b9849a9a8135d +msgid "Recommended setup:" +msgstr "Configurazione consigliata:" + +#: ../../logs.rst:227 77f853aa4dda4bd58858bca443943723 +msgid "on physical appliances, use the automatically configured storage;" +msgstr "" +"sui dispositivi fisici, utilizzare lo storage configurato automaticamente;" + +#: ../../logs.rst:228 0676996d80544b63bfe205020320af4a +msgid "" +"on virtual machines, configure a dedicated virtual disk for log storage;" +msgstr "" +"sulle macchine virtuali, configurare un disco virtuale dedicato per " +"l'archiviazione dei log;" + +#: ../../logs.rst:229 522f17d4cd7645a18d62203c69cf3152 +msgid "" +"configure remote syslog forwarding, Controller forwarding, or Cloud Log " +"Manager when centralized retention is required;" +msgstr "" +"configurare l'inoltro syslog remoto, l'inoltro Controller o Cloud Log " +"Manager quando è richiesta la conservazione centralizzata;" + +#: ../../logs.rst:230 241247d9a6e04c2db4dfe4c263cc50d0 +msgid "verify that system time is synchronized with NTP;" +msgstr "verificare che l'ora di sistema sia sincronizzata con NTP;" + +#: ../../logs.rst:231 089e6c4ac1e548b2a23f2a55bef2f79b +msgid "" +"define a retention policy aligned with the organization security " +"requirements;" +msgstr "" +"definire una policy di conservazione dei dati allineata ai requisiti di " +"sicurezza dell'organizzazione;" + +#: ../../logs.rst:232 3af6775c92e0409b891986ea1653f127 +msgid "protect remote logs from unauthorized access or deletion;" +msgstr "" +"proteggere i log remoti da accessi non autorizzati o dalla cancellazione;" + +#: ../../logs.rst:233 31ce229900c744fc925b57b6b9e65c28 +msgid "periodically verify that logs are correctly collected and forwarded;" +msgstr "" +"verificare periodicamente che i log vengano raccolti e inoltrati " +"correttamente;" + +#: ../../logs.rst:234 9e6aafb4dc564742b8c25380e5b091f5 +msgid "" +"periodically review administrative access, configuration changes, VPN " +"access, and relevant security events." +msgstr "" +"Revisionare periodicamente l'accesso amministrativo, le modifiche alla " +"configurazione, l'accesso VPN e gli eventi di sicurezza rilevanti." + +#: ../../logs.rst:236 3868f4c5fa49431a8ecb4c0ef6f529e7 +msgid "" +"Local persistent storage provides useful historical information, but for " +"stronger audit requirements it is recommended to forward logs to an external" +" system such as a syslog server, SIEM, Controller, or Cloud Log Manager." +msgstr "" +"L'archiviazione locale persistente fornisce informazioni storiche utili, ma " +"per requisiti di audit più rigorosi si consiglia di inoltrare i log a un " +"sistema esterno come un server syslog, SIEM, Controller o Cloud Log Manager." + +#: ../../logs.rst:239 5733cbaed55a444bb3a30cece79980d0 +msgid "Related information" +msgstr "Informazioni correlate" + +#: ../../logs.rst:241 4cf650dbe03447aaa6c9a32290c209eb +msgid "" +"Administrative actions performed through the NethSecurity UI are logged in " +"`/var/log/messages`. For details about administrative users, administrative " +"audit logs, and how to reconstruct administrator activity, see the " +"Administrative users section :ref:`administrative_users-section`." +msgstr "" +"Le azioni amministrative eseguite tramite l'interfaccia utente di " +"NethSecurity vengono registrate in `/var/log/messages`. Per dettagli sugli " +"utenti amministrativi, sui log di audit amministrativi e su come ricostruire" +" l'attività degli amministratori, consultare la sezione Utenti " +"amministrativi :ref:`administrative_users-section`." diff --git a/locale/it/LC_MESSAGES/openvpn_tunnels.po b/locale/it/LC_MESSAGES/openvpn_tunnels.po index 7a4df67e..56a4775f 100644 --- a/locale/it/LC_MESSAGES/openvpn_tunnels.po +++ b/locale/it/LC_MESSAGES/openvpn_tunnels.po @@ -2,11 +2,11 @@ msgid "" msgstr "" -#: ../../openvpn_tunnels.rst:5 43346fe2604a440b93bb916fb78667d1 +#: ../../openvpn_tunnels.rst:5 e51bba84f00e468f93e12076ab2c5ee4 msgid "OpenVPN tunnels" msgstr "Tunnel OpenVPN" -#: ../../openvpn_tunnels.rst:7 11abc3df7183439985f969b7701c6d78 +#: ../../openvpn_tunnels.rst:7 17a3453abcf34bf38ba50660812675f1 msgid "" "OpenVPN net-to-net tunnels establish secure connections between two separate" " networks, such as branch offices of a company, over the internet. These " @@ -18,7 +18,7 @@ msgstr "" " connessioni utilizzano i protocolli SSL/TLS per la cifratura e " "l'autenticazione, garantendo la riservatezza e l'integrità dei dati." -#: ../../openvpn_tunnels.rst:10 5c8e7fe643194e23a0ca6fd47b7cea90 +#: ../../openvpn_tunnels.rst:10 f1e639fb70c54fe2b2209f627adc74be msgid "" "The connection is handled by 2 NethSecurity firewalls, each one has a " "specific role. When creating an OpenVPN net2net connection a firewall will " @@ -32,7 +32,7 @@ msgstr "" " NethSecurity può essere contemporaneamente server e client per tunnel " "differenti; tutti i tunnel utilizzano la modalità routed di OpenVPN." -#: ../../openvpn_tunnels.rst:15 1980fd471888441cb431ae4f988281bf +#: ../../openvpn_tunnels.rst:15 d8cca8477f6f466388707d6f51c35622 msgid "" "The OpenVPN tunnels interface has been crafted for straightforward " "connection between two NethSecuirty devices. For this reason, it is " @@ -46,11 +46,11 @@ msgstr "" "OpenVPN per collegarsi a un dispositivo di terze parti. Per connettersi a un" " dispositivo di terze parti, si consiglia di utilizzare il protocollo IPsec." -#: ../../openvpn_tunnels.rst:19 0bdc6de666be4b16af6ab0b56c6dd297 +#: ../../openvpn_tunnels.rst:19 11271c2e95d34d2e929dd50cede13e59 msgid "Configuration" msgstr "Configurazione" -#: ../../openvpn_tunnels.rst:20 24a67f88cde6470a8fa0bd443f0c1412 +#: ../../openvpn_tunnels.rst:20 154c1f95fb114efb8996fe9150c324b2 msgid "" "To connect two firewalls via an OpenVPN tunnel, first configure the server " "firewall, then configure the client one. The server needs at least one " @@ -71,11 +71,11 @@ msgstr "" "sarà possibile scaricare la configurazione client da importare sull’altro " "firewall." -#: ../../openvpn_tunnels.rst:26 c9fc6808e5624c46889139bfb9912318 +#: ../../openvpn_tunnels.rst:26 0cde8124905c465eb9cc82e9e99c6a8f msgid "Proceed as follows:" msgstr "Procedere come segue:" -#: ../../openvpn_tunnels.rst:27 b4652bad16904cc9be79540951a5e53b +#: ../../openvpn_tunnels.rst:27 221c634afd3b4acabe1ddc22c215ed68 msgid "" "Access the OpenVPN tunnels page, move to ``Server tunnel`` tab and click on " ":guilabel:`Add server tunnel`." @@ -83,11 +83,11 @@ msgstr "" "Accedere alla pagina dei tunnel OpenVPN, spostarsi sulla scheda ``Tunnel " "server`` e fare clic su :guilabel:`Aggiungi tunnel server`." -#: ../../openvpn_tunnels.rst:29 cc3dbbf8cb6a4664b4750805c01e75a6 +#: ../../openvpn_tunnels.rst:29 7eef2b3c3f034d74bcfadc982321a510 msgid "Insert all required fields, but please note:" msgstr "Inserire tutti i campi obbligatori, ma si noti:" -#: ../../openvpn_tunnels.rst:31 ec39b3cf560b4995b69c32a62eff9644 +#: ../../openvpn_tunnels.rst:31 198b66b1db4a4ea38fec657387e8bfc6 msgid "" "``Public endpoints`` it's a list of IP addresses or hostnames that clients " "can use to reach the OpenVPN tunnel server" @@ -95,7 +95,7 @@ msgstr "" "``Endpoint pubblici`` è un elenco di indirizzi IP o nomi host che i client " "possono utilizzare per raggiungere il server tunnel OpenVPN" -#: ../../openvpn_tunnels.rst:32 0b997d06554f4e9c84ef9eb0a9d78b45 +#: ../../openvpn_tunnels.rst:32 7e3f4fb90cb44156bd6b6d59ae370045 msgid "" "``Local networks`` it's a list of local networks that will be accessible " "from the remote server. If topology is set to p2p, the same list will be " @@ -105,7 +105,7 @@ msgstr "" "server remoto. Se la topologia è impostata su p2p, lo stesso elenco verrà " "riportato nel campo ``Reti remote`` del client." -#: ../../openvpn_tunnels.rst:33 085cf593aa79477d9e24bda08287723c +#: ../../openvpn_tunnels.rst:33 f8a31d2c834c47fb8d601e7d923f0ae0 msgid "" "``Remote networks``, it’s a list of networks behind the remote server which " "will be accessible from hosts in the local network" @@ -113,7 +113,7 @@ msgstr "" "``Reti remote``, è un elenco di reti dietro il server remoto che saranno " "accessibili dagli host nella rete locale" -#: ../../openvpn_tunnels.rst:34 1c942eee986749779e6ebdc65a47b3e1 +#: ../../openvpn_tunnels.rst:34 21ba9f33c6644242bda3ef471055f579 msgid "" "After the configuration is saved, click on the :guilabel:`Download` action " "and select ``Client configuration``" @@ -121,7 +121,7 @@ msgstr "" "Dopo che la configurazione è stata salvata, fare clic sull'azione " ":guilabel:`Scarica` e selezionare ``Client configuration``" -#: ../../openvpn_tunnels.rst:35 1967e925d2ab45d3b01997a21fa3a75f +#: ../../openvpn_tunnels.rst:35 12034b1922a94a3a9169c22521ae9e71 msgid "" "Access the client firewall, OpenVPN tunnel, move to ``Client tunnel`` tab, " "click on :guilabel:`Import configuration`" @@ -129,11 +129,11 @@ msgstr "" "Accedere al firewall client, al tunnel OpenVPN, spostarsi nella scheda " "``Tunnel client``, fare clic su :guilabel:`Importa configurazione`" -#: ../../openvpn_tunnels.rst:38 44bde8f7648e46f5945fb0dd775a46d8 +#: ../../openvpn_tunnels.rst:38 5fe5995381fa443494b371a7d1dfb5ba msgid "Topology" msgstr "Topologia" -#: ../../openvpn_tunnels.rst:39 5f705ec323db4148ac79ab7dd2c860d4 +#: ../../openvpn_tunnels.rst:39 23e2b07c4ed246a4bb3dbc5943ec709d msgid "" "Tunnels can have two kinds of topologies: ``subnet`` and ``p2p`` (Point to " "Point)." @@ -141,11 +141,11 @@ msgstr "" "I tunnel possono avere due tipi di topologie: ``subnet`` e ``p2p`` (Point to" " Point)." -#: ../../openvpn_tunnels.rst:42 1d7c7ae0dfc949018d26222f783c704d +#: ../../openvpn_tunnels.rst:42 196e839712eb468788de7318ce7d2030 msgid "Subnet" msgstr "Subnet" -#: ../../openvpn_tunnels.rst:43 ca2b755bdeff43089a04bd3e8e1f1119 +#: ../../openvpn_tunnels.rst:43 d0dd4d4ae790426e9ccb6e434722ef28 msgid "" "``Subnet`` is the default topology and the recommended one: in ``subnet`` " "topology, the server will accept connections and will act as a DHCP server " @@ -155,7 +155,7 @@ msgstr "" "``subnet``, il server accetterà le connessioni e agirà come server DHCP per " "ogni client connesso." -#: ../../openvpn_tunnels.rst:45 6b1f27d1faf44539be39464bd5f96f51 +#: ../../openvpn_tunnels.rst:45 b72d577c2cad4dc2b4fd37ff5d142c90 msgid "" "In this scenario the server will authenticate clients using TLS certificates" " and will push local routes to remote client." @@ -163,11 +163,11 @@ msgstr "" "In questo scenario il server autenticherà i client utilizzando certificati " "TLS e invierà le route locali al client remoto." -#: ../../openvpn_tunnels.rst:48 e4f6e06372be4cffa4cad5b0a53feb51 +#: ../../openvpn_tunnels.rst:48 cc0deec38f574e89bf2faafa5217df22 msgid "P2P" msgstr "P2P" -#: ../../openvpn_tunnels.rst:50 5c975eb4bba746a0ba6cc920a38f55c2 +#: ../../openvpn_tunnels.rst:50 754ab6307565473691a819c985284afd msgid "" "In a ``p2p`` topology, the administrator must configure one server for each " "client, in this scenario the only supported authentication method is the PSK" @@ -177,32 +177,32 @@ msgstr "" "ciascun client; in questo scenario, l'unico metodo di autenticazione " "supportato è il PSK (Pre-Shared Key)." -#: ../../openvpn_tunnels.rst:52 39be34929a3c4c15a6d5f1148a7da8a9 +#: ../../openvpn_tunnels.rst:52 f089a7e63e724622b801273722493ccc msgid "" "make sure to exchange the PSK using a secure channel (like SSH or HTTPS)" msgstr "" "assicurarsi di scambiare il PSK utilizzando un canale sicuro (come SSH o " "HTTPS)" -#: ../../openvpn_tunnels.rst:53 f6f3268c0be249f7bc84b6a99588b003 +#: ../../openvpn_tunnels.rst:53 67864fb8ceee4645866d08f7d17a8580 msgid "the administrator must select an IP for both endpoints" msgstr "l'amministratore deve selezionare un IP per entrambi gli endpoint" -#: ../../openvpn_tunnels.rst:54 3d0127b720124023956cd4e27c248a72 +#: ../../openvpn_tunnels.rst:54 51c0c6e50ac844da99c7cc6c5d446ea8 msgid "routes to remote networks must be configured on each endpoint" msgstr "" "le route verso le reti remote devono essere configurate su ciascun endpoint" -#: ../../openvpn_tunnels.rst:58 574a4bc5463c4a52b353db125c709cab +#: ../../openvpn_tunnels.rst:58 117a73d472364f85bba8c462ec4bd635 msgid "Advanced features" msgstr "Funzionalità avanzate" -#: ../../openvpn_tunnels.rst:59 7f8c12f0a3a942d38f29eeafdf044284 +#: ../../openvpn_tunnels.rst:59 6fa3368be6f146ec828ac0056d89301c msgid "The web interface allows the configuration of advanced features like:" msgstr "" "L'interfaccia web consente la configurazione di funzionalità avanzate come:" -#: ../../openvpn_tunnels.rst:61 5c5e22e58b3a4d5e8241f6b9cf75c7ad +#: ../../openvpn_tunnels.rst:61 a9dbee2fa9c7448593a4f5baaf8e9c4d msgid "" "``Multiple remote host``: multiple remote server addresses can be specified " "for redundancy; the OpenVPN client will try to connect to each host in the " @@ -212,7 +212,7 @@ msgstr "" "remoti per la ridondanza; il client OpenVPN tenterà di connettersi a ciascun" " host nell'ordine indicato" -#: ../../openvpn_tunnels.rst:63 1fb1bfe9b8834bfdb9b53473323ef0c9 +#: ../../openvpn_tunnels.rst:63 9a2d3694480f4b9ba4c7d08606e7a53a msgid "" "``Protocol``: OpenVPN is designed to operate optimally over UDP, but TCP " "capability is provided for situations where UDP cannot be used" @@ -221,7 +221,7 @@ msgstr "" " ma la compatibilità con TCP è prevista per situazioni in cui UDP non può " "essere utilizzato." -#: ../../openvpn_tunnels.rst:65 e6eeb93179c64e7eb7226a0b73f94129 +#: ../../openvpn_tunnels.rst:65 9d42e5ae40734bc78c00e2f2faf7c4b4 msgid "" "``Compression``: if enabled, data to be sent through the VPN tunnel will be " "compressed. This option is disabled by default both for security reasons. " @@ -234,7 +234,7 @@ msgstr "" "essenziale al giorno d'oggi, poiché il traffico internet è generalmente già " "altamente compresso e ottimizzato." -#: ../../openvpn_tunnels.rst:67 3eddb54ea04c4cad9d16556a4b975f9e +#: ../../openvpn_tunnels.rst:67 f0a371c25d504798b49e906e3f128c87 msgid "" "``Digest``: the digest algorithm used to transform an arbitrarily large " "block of data into a fixed-size output. If not explicitly selected, the " @@ -246,7 +246,7 @@ msgstr "" " selezionato esplicitamente, il server e il client tenteranno di negoziare " "il miglior digest disponibile su entrambi i lati." -#: ../../openvpn_tunnels.rst:69 d920ee2074de4abbb7c7d18bdbc82852 +#: ../../openvpn_tunnels.rst:69 e63dbd0cf22046c785bd4259450a66d7 msgid "" "``Cipher``: the cryptographic algorithm used to encrypt all the traffic. If " "not explicitly selected, the server and client will try to negotiate the " @@ -256,7 +256,7 @@ msgstr "" "traffico. Se non viene selezionato esplicitamente, il server e il client " "tenteranno di negoziare il miglior cipher disponibile su entrambi i lati." -#: ../../openvpn_tunnels.rst:71 cef768df1c484f11b97e5dbc6c06a420 +#: ../../openvpn_tunnels.rst:71 dc5284a6904c41bc8ebee68f3a4baec6 msgid "" "``Enforce a minimum TLS version``: Allows you to choose a minimum version of" " TLS, in which case connections will only be allowed from devices that use a" @@ -267,15 +267,15 @@ msgstr "" "provenienti da dispositivi che utilizzano una versione uguale o superiore a " "quella selezionata." -#: ../../openvpn_tunnels.rst:74 19c03b74c845492887fe1779c69f0644 +#: ../../openvpn_tunnels.rst:84 bfd97308e25145acbe393a9a1af5ec62 msgid "MTU Issue and Packet Fragmentation" msgstr "Problema MTU e Frammentazione dei Pacchetti" -#: ../../openvpn_tunnels.rst:99 7d5eab70cf5b4e6ba80ddc07f61cd064 +#: ../../openvpn_tunnels.rst:109 cf17c5df34b848e188a181751b3d29bd msgid "Managing certificate expiration" msgstr "Gestione della scadenza dei certificati" -#: ../../openvpn_tunnels.rst:101 8896343bacd54158839f61873ab269e9 +#: ../../openvpn_tunnels.rst:111 bcbf2678b7c24607b8840a71050a23a3 msgid "" "As mentioned in the :ref:`managing-openvpn-certificate-expiration` section, " "OpenVPN tunnels are also based on certificates, and it is crucial to monitor" @@ -286,7 +286,7 @@ msgstr "" "fondamentale monitorare le loro date di scadenza per evitare problemi di " "connettività." -#: ../../openvpn_tunnels.rst:103 2301b72f92944fb6b92c19228f4bc2da +#: ../../openvpn_tunnels.rst:113 a936e730b31a467abe2df2c1df756b7e msgid "" "When a new OpenVPN tunnel is created, the system generates a new ``PKI " "(Public Key Infrastructure)``, which is composed of the **CA**, **server**, " @@ -298,7 +298,7 @@ msgstr "" " da un **singolo certificato client** (a differenza delle connessioni Road " "Warrior, che prevedono un certificato per ogni utente)." -#: ../../openvpn_tunnels.rst:105 1a15d6ea59c8495eb00f0a68226ec8d9 +#: ../../openvpn_tunnels.rst:115 d23bb86b2e3642079396052cc038101f msgid "" "All information about certificate expiration dates can be found in the " "**OpenVPN Tunnels** table, where a magnifying-glass icon is shown for each " @@ -311,7 +311,7 @@ msgstr "" "si apre una finestra modale con tutti i dettagli sulla configurazione del " "tunnel, inclusi i certificati e le rispettive date di scadenza." -#: ../../openvpn_tunnels.rst:107 22987eb7665c42b38d05431cf4266c1d +#: ../../openvpn_tunnels.rst:117 e586b24dfc634e57b7028d33ca435f89 msgid "" "On the **server side**, the modal shows certificate information for the CA, " "server, and client certificates. On the **client side**, it shows only the " @@ -321,7 +321,7 @@ msgstr "" "certificati per la CA, il server e i certificati client. Sul **lato " "client**, mostra solo i certificati CA e client." -#: ../../openvpn_tunnels.rst:110 a60fd8d9f6994e29b8a9f73c14b8e4a7 +#: ../../openvpn_tunnels.rst:120 fdf3e81e714647338f168154ab83bb0f msgid "" "In the tunnel table, an alert icon is shown when at least one of these " "certificates will expire in less than 30 days or has already expired. By " @@ -333,7 +333,7 @@ msgstr "" " finestra modale dei dettagli del tunnel, è possibile vedere quale " "certificato sta per scadere e la sua data di scadenza." -#: ../../openvpn_tunnels.rst:112 7c9d1c39329344e984952f6cc2c4328f +#: ../../openvpn_tunnels.rst:122 54b095f585a144149c1bf1fdce4be81d msgid "" "By default, all certificates are generated with a validity of 3650 days (10 " "years)." @@ -341,7 +341,7 @@ msgstr "" "Per impostazione predefinita, tutti i certificati vengono generati con una " "validità di 3650 giorni (10 anni)." -#: ../../openvpn_tunnels.rst:114 5ec86564fa7d42bd8762b1e5ed6eb189 +#: ../../openvpn_tunnels.rst:124 e0c3a3272eed477eb458b92dd2cbd5cb msgid "" "A connection between the two firewalls will be interrupted when at least one" " certificate expires, according to the three possible scenarios described in" @@ -351,7 +351,7 @@ msgstr "" "certificato scade, secondo i tre possibili scenari descritti nella sezione " "OpenVPN Road Warrior." -#: ../../openvpn_tunnels.rst:116 f4d9178253e44c6cb858427206ca6a01 +#: ../../openvpn_tunnels.rst:126 1fcae73c0cb04da19eba93974e34ba48 msgid "" "To check whether your OpenVPN tunnel is disconnected due to certificate " "expiration, you can inspect the **firewall logs** and search for OpenVPN-" @@ -361,15 +361,15 @@ msgstr "" " certificato, è possibile ispezionare i **log del firewall** e cercare " "messaggi relativi a OpenVPN, situati nel file ``/var/log/messages``." -#: ../../openvpn_tunnels.rst:118 c082efb0996e4f74afe403e6f9e8a3ee +#: ../../openvpn_tunnels.rst:128 8410856b83a44505bb8a2bc60dd91c1a msgid "Example:" msgstr "Esempio:" -#: ../../openvpn_tunnels.rst:124 623b62a2718b449896f1a3f951c1cdd6 +#: ../../openvpn_tunnels.rst:134 d4d47e67eb8d41a58d1d21ca1b5f4a6e msgid "The search returns messages like the following:" msgstr "La ricerca restituisce messaggi come il seguente:" -#: ../../openvpn_tunnels.rst:131 be6fee078f5d4442b67433cbe48c3b35 +#: ../../openvpn_tunnels.rst:141 2fe37e663b48497d9bdd63a43af3be59 msgid "" "Those lines mean that the connection is not working due to certificate " "expiration. The issue may be related to the CA certificate (``depth=1``), " @@ -379,7 +379,7 @@ msgstr "" " del certificato. Il problema può essere relativo al certificato CA " "(``depth=1``), al certificato del server (``depth=0``), o a entrambi." -#: ../../openvpn_tunnels.rst:133 af1004f12c3747f3a7fd6bd0e8fdcd7f +#: ../../openvpn_tunnels.rst:143 eb21e7772acf45eaa138b6fc03ae1990 msgid "" "To check the validity of the certificates, you can use the following " "``openssl`` commands." @@ -387,7 +387,7 @@ msgstr "" "Per verificare la validità dei certificati, è possibile utilizzare i " "seguenti comandi ``openssl``." -#: ../../openvpn_tunnels.rst:144 772138c7ab9e44889ad83c92ded90935 +#: ../../openvpn_tunnels.rst:154 f7c589a22287457f9f15cd9af1cc6043 msgid "" "The ``{vpn-instance}`` placeholder must be replaced with the name of your " "OpenVPN instance (e.g. ``ns_roadwarrior1``)." @@ -395,7 +395,7 @@ msgstr "" "Il segnaposto ``{vpn-instance}`` deve essere sostituito con il nome della " "propria istanza OpenVPN (ad esempio ``ns_roadwarrior1``)." -#: ../../openvpn_tunnels.rst:146 cba4eb7e83674d5b91c39ff3987b0215 +#: ../../openvpn_tunnels.rst:156 8ecf18c978414261a0eeeaef03231fe6 msgid "" "Below are the steps to renew certificates in each scenario and restore the " "connection." @@ -403,11 +403,11 @@ msgstr "" "Di seguito sono riportati i passaggi per rinnovare i certificati in ciascuno" " scenario e ripristinare la connessione." -#: ../../openvpn_tunnels.rst:149 eac32277ffae4154831c1394aaefba0b +#: ../../openvpn_tunnels.rst:159 568fbc0752904983b7f4559c205f3ee1 msgid "Client certificate expired" msgstr "Certificato client scaduto" -#: ../../openvpn_tunnels.rst:150 9a1c17c4a79e4a4cb17a119e738d5509 +#: ../../openvpn_tunnels.rst:160 c3308a013373477f8f1ad62d815582b1 msgid "" "In this scenario, the client certificate must be renewed on the server side " "and then downloaded and imported again on the client side." @@ -415,13 +415,13 @@ msgstr "" "In questo scenario, il certificato client deve essere rinnovato lato server " "e poi scaricato e importato nuovamente lato client." -#: ../../openvpn_tunnels.rst:152 bb18793c24f54778a672b2248df21687 +#: ../../openvpn_tunnels.rst:162 f079edfeb0d0475cbf8656fe6db045a8 msgid "" "Access the server firewall and navigate to the **OpenVPN tunnels** section." msgstr "" "Accedere al firewall del server e navigare alla sezione **Tunnel OpenVPN**." -#: ../../openvpn_tunnels.rst:153 1ece02ee109045bf9707bb509828d3e8 +#: ../../openvpn_tunnels.rst:163 39ac9d2477bc4dc980f154fd4e8a9cfd msgid "" "Click the :guilabel:`︙` menu on the right of the tunnel and select " ":guilabel:`Regenerate certificates`." @@ -429,11 +429,11 @@ msgstr "" "Fare clic sul menu :guilabel:`︙` a destra del tunnel e selezionare " ":guilabel:`Rigenera certificati`." -#: ../../openvpn_tunnels.rst:154 68e256dab4334dfa8016a01e6133e9e5 +#: ../../openvpn_tunnels.rst:164 9c47438bc6ca4ebaa1962d59bb50e961 msgid "Download the new client certificate and import it on the client side." msgstr "Scaricare il nuovo certificato client e importarlo sul lato client." -#: ../../openvpn_tunnels.rst:156 0a61bbce5530413fb39c92c0596f6002 +#: ../../openvpn_tunnels.rst:166 c78fc93561f94d18b89914c53f35e030 msgid "" "These operations will create new server and client certificates without " "affecting the CA certificate (which is assumed to be still valid in this " @@ -449,11 +449,11 @@ msgstr "" "scaricarlo e importarlo sul lato client il prima possibile per ridurre al " "minimo i tempi di inattività." -#: ../../openvpn_tunnels.rst:161 d75780e902c7486e8a8ba525e531290f +#: ../../openvpn_tunnels.rst:171 3e9832744a5345e2a254378fe6dcb4a7 msgid "Server certificate expired" msgstr "Certificato del server scaduto" -#: ../../openvpn_tunnels.rst:162 6174973fa1cd42caab19945e1311ff09 +#: ../../openvpn_tunnels.rst:172 8f208c5dd48f417696a3b9198532215a msgid "" "In this scenario, the server certificate must be renewed on the server side." " Use the same :guilabel:`Regenerate certificates` action described in the " @@ -469,7 +469,7 @@ msgstr "" " appena generato in un secondo momento. Il nuovo certificato client scadrà " "lo stesso giorno del nuovo certificato server." -#: ../../openvpn_tunnels.rst:165 235778eab85a4d42bbbc2f25b0274675 +#: ../../openvpn_tunnels.rst:175 21131792e88d498da06c8c0e424ed22c msgid "" "As for the Road Warrior server certificate renewal, the consideration about " "the client behavior is the same: if the certificate renewal is done while " @@ -487,11 +487,11 @@ msgstr "" "**i client sono disconnessi (modalità consigliata)**, la connessione verrà " "automaticamente ripristinata quando tenteranno nuovamente di connettersi." -#: ../../openvpn_tunnels.rst:168 081e0f53ec8f4ee189d7fd7b3994e0f5 +#: ../../openvpn_tunnels.rst:178 e7bb2f289ce74138b5afbe8dc0707e75 msgid "CA certificate expired" msgstr "Certificato CA scaduto" -#: ../../openvpn_tunnels.rst:169 4a10fff56eba40c1a18614f0582ae3b3 +#: ../../openvpn_tunnels.rst:179 de28c9c7263940e687ce5d0dc2b86479 msgid "" "In this scenario, you've to proceed with the generation of a completely new " "PKI." @@ -499,15 +499,15 @@ msgstr "" "In questo scenario, è necessario procedere con la generazione di una nuova " "PKI completa." -#: ../../openvpn_tunnels.rst:171 13c9f3a61f1b4fc18cddc7ea86b61a40 +#: ../../openvpn_tunnels.rst:181 d5ff12e479ab47d68535a30e09b2bbaf msgid "Access the server firewall terminal." msgstr "Accedere al terminale del firewall del server." -#: ../../openvpn_tunnels.rst:172 e0d066a8f8644f6e9fa47e4668a0c80c +#: ../../openvpn_tunnels.rst:182 62e05bd0d6b74bd1818116cc42f61f7d msgid "Execute the following commands:" msgstr "Eseguire i seguenti comandi:" -#: ../../openvpn_tunnels.rst:179 996b41a31383438392bacc3e196ab557 +#: ../../openvpn_tunnels.rst:189 4ae1fcb0012f402791d85606b2028604 msgid "" "These commands will generate a new CA certificate, as well as new server and" " client certificates signed by the new CA. In this scenario, it is " @@ -522,7 +522,7 @@ msgstr "" "questa operazione il prima possibile per ridurre al minimo i tempi di " "inattività." -#: ../../openvpn_tunnels.rst:182 792f49667d17411a9751b5278cf7e3de +#: ../../openvpn_tunnels.rst:192 b630d2e52e044f8abb5602262933786d msgid "" "All considerations remain the same as for Road Warrior connections. If the " "expired certificate is the CA certificate, you have to generate a completely" @@ -534,7 +534,7 @@ msgstr "" "nuova PKI completa, mentre se il certificato scaduto è quello del server o " "del client, è possibile rigenerarlo utilizzando l'azione dedicata." -#: ../../openvpn_tunnels.rst:76 9265dd62d9d742509dd497cfba78f501 +#: ../../openvpn_tunnels.rst:86 dff1d8e9e2d84bfcb88c8cff02e7e363 msgid "" "By default, OpenVPN tunnel instances created on NethSecurity are initialized" " with the following values:" @@ -542,15 +542,15 @@ msgstr "" "Per impostazione predefinita, le istanze del tunnel OpenVPN create su " "NethSecurity vengono inizializzate con i seguenti valori:" -#: ../../openvpn_tunnels.rst:78 f2ec0b8e225a4cb1ac40291803b9c255 +#: ../../openvpn_tunnels.rst:88 c7deb42990c34d88847d6049e40e9a2e msgid "Maximum Transmission Unit - ``tun_mtu`` = ``1500``" msgstr "Unità Massima di Trasmissione - ``tun_mtu`` = ``1500``" -#: ../../openvpn_tunnels.rst:79 caa77327c26e4d0cb6bb9a8f68e2bca6 +#: ../../openvpn_tunnels.rst:89 90639e5d14b24c7a981ab2060dc83332 msgid "Maximum Segment Size - ``mssfix`` = ``1450``." msgstr "Dimensione massima del segmento - ``mssfix`` = ``1450``." -#: ../../openvpn_tunnels.rst:81 d989c0e028bd4d33b7412dbc0a7752be +#: ../../openvpn_tunnels.rst:91 dbb99f31ce014029ad9dac4ef0ebaaed msgid "" "These are default values from OpenVPN which are generally suitable for most " "network environments that should be changed only if you experience " @@ -561,7 +561,7 @@ msgstr "" "in caso di problemi di connettività dovuti alla frammentazione dei " "pacchetti." -#: ../../openvpn_tunnels.rst:83 fe309515aeac4887b02b9c92b3df19e3 +#: ../../openvpn_tunnels.rst:93 395fd76f16084ce080f5498e19028388 msgid "" "VPN users may experience connectivity issues due to packet fragmentation. " "The LAN interface has an MTU of 1500 by default, but when packets are " @@ -576,7 +576,7 @@ msgstr "" "pacchetti. Per risolvere questo problema, è necessario abbassare l'MTU e " "l'MSS sul tunnel OpenVPN. Non sono richieste modifiche lato client." -#: ../../openvpn_tunnels.rst:86 82d71bc7e80b46c380ba8385795e690e +#: ../../openvpn_tunnels.rst:96 020930fad2794f8aa575cb1975dd0f41 msgid "" "The values of MTU and MSS can be adjusted directly on the UI, when creating " "the tunnel for the first time or later when editing it using the `Edit` " @@ -590,7 +590,7 @@ msgstr "" "avanzate`` del drawer. In alternativa, è possibile regolare i due valori di " "configurazione utilizzando l'interfaccia a riga di comando sul firewall::" -#: ../../openvpn_tunnels.rst:94 7c08321899dd4efabe257d824585e818 +#: ../../openvpn_tunnels.rst:104 11f35475d646422a93b9073899a4a235 msgid "" "The `tun_mtu` and `mssfix` values may need to be adjusted based on your " "specific network environment. A lower MTU ensures that packets fit within " @@ -605,7 +605,7 @@ msgstr "" "che valori leggermente diversi funzionino meglio per la propria " "configurazione." -#: ../../openvpn_tunnels.rst:96 96e37ff480994d318bf1c1b026596060 +#: ../../openvpn_tunnels.rst:106 9720ebd1a11045aba538c61c84beaf04 msgid "" "For more specific information please see the `official OpenVPN documentation" " `_." + +#: ../../openvpn_tunnels.rst:74 bd82d524d63b478ebce82ea4205c8d0c +msgid "Multiple OpenVPN tunnels" +msgstr "Tunnel OpenVPN multipli" + +#: ../../openvpn_tunnels.rst:75 6f4c7036bf5749389b4ddd0cbfda52a7 +msgid "" +"If a NethSecurity must act as the VPN server for multiple remote firewalls, " +"create a dedicated OpenVPN tunnel for each remote peer. The UI-supported and" +" recommended model is one server/client pair per site-to-site connection, " +"for example, a central firewall connected to three remote firewalls should " +"have three separate OpenVPN server tunnels, each with its own client " +"configuration imported on the corresponding remote firewall." +msgstr "" +"Se un NethSecurity deve agire come server VPN per più firewall remoti, è " +"necessario creare un tunnel OpenVPN dedicato per ciascun peer remoto. Il " +"modello supportato dall'interfaccia utente e raccomandato prevede una coppia" +" server/client per ogni connessione site-to-site; ad esempio, un firewall " +"centrale collegato a tre firewall remoti dovrebbe avere tre tunnel server " +"OpenVPN separati, ciascuno con la propria configurazione client importata " +"sul relativo firewall remoto." + +#: ../../openvpn_tunnels.rst:78 68d8030d427a441b8f7d3e756be127ab +msgid "" +"This approach allows each tunnel to be managed independently, with separate " +"configuration, certificates, routes, status, monitoring, and " +"troubleshooting. It also prevents issues on one remote connection from " +"affecting the operational management of the others." +msgstr "" +"Questo approccio consente di gestire ciascun tunnel in modo indipendente, " +"con configurazione, certificati, rotte, stato, monitoraggio e risoluzione " +"dei problemi separati. Inoltre, impedisce che eventuali problemi su una " +"connessione remota influenzino la gestione operativa delle altre." + +#: ../../openvpn_tunnels.rst:81 343700472f4a40e48c7722a4bb4cd060 +msgid "" +"Do not use a single OpenVPN server tunnel shared by multiple remote clients " +"for site-to-site configurations managed from the UI." +msgstr "" +"Non utilizzare un singolo tunnel server OpenVPN condiviso da più client " +"remoti per configurazioni site-to-site gestite dall'interfaccia utente." diff --git a/locale/it/LC_MESSAGES/reverse_proxy.po b/locale/it/LC_MESSAGES/reverse_proxy.po index 4a97b51d..9ff45bd2 100644 --- a/locale/it/LC_MESSAGES/reverse_proxy.po +++ b/locale/it/LC_MESSAGES/reverse_proxy.po @@ -2,15 +2,15 @@ msgid "" msgstr "" -#: ../../reverse_proxy.rst:3 08b49b5be7334d45afbaa0edd7460b96 +#: ../../reverse_proxy.rst:3 e7defd4e087d46f58a2f346c1c2e7019 msgid "Certificates and reverse proxy" msgstr "Certificati e reverse proxy" -#: ../../reverse_proxy.rst:8 20d4d53be32a4096a4c65df702c80580 +#: ../../reverse_proxy.rst:8 672f1c000d7c472f9632a11ea8896199 msgid "Reverse proxy" msgstr "Reverse proxy" -#: ../../reverse_proxy.rst:10 cf5f09e3e4d34e7d9a2bbf26e06ef40a +#: ../../reverse_proxy.rst:10 6f0bc62cc5294cc48c62e572a53345c8 msgid "" "NethSecurity provides a reverse proxy using `nginx `_. A " "reverse proxy, sometimes called also proxy pass, is a server that sits in " @@ -23,7 +23,7 @@ msgstr "" "richieste verso di essi. Può essere utilizzato per migliorare le " "prestazioni, la sicurezza e l'affidabilità." -#: ../../reverse_proxy.rst:14 82213e2cb5c14c779308889ea2ea85a5 +#: ../../reverse_proxy.rst:14 0277c2c07bf540f989489520c65dfb7e msgid "" "In simpler terms, a reverse proxy is like a traffic cop for web servers. It " "directs incoming requests to the appropriate server and sends back the " @@ -33,7 +33,7 @@ msgstr "" "i server web. Instrada le richieste in arrivo al server appropriato e " "restituisce le risposte." -#: ../../reverse_proxy.rst:16 431634111da248cea1998fdf8c2ee4ec +#: ../../reverse_proxy.rst:16 4f9efaf4e0a94eb8ba61dcdccfb9e474 msgid "" "Reverse proxies are often used to improve performance by caching static " "content and distributing traffic across multiple servers. They can also be " @@ -44,7 +44,7 @@ msgstr "" "più server. Possono anche essere utilizzati per aumentare la sicurezza " "implementando l'endpoint TLS." -#: ../../reverse_proxy.rst:20 eaac5f73cb0748ef8412257b3054409c +#: ../../reverse_proxy.rst:20 0095f90275f14196bef1250c14ab115e msgid "" "The reverse proxy is only available on port 443 (HTTPS) and *not* on port 80" " (HTTP)." @@ -52,7 +52,7 @@ msgstr "" "Il reverse proxy è disponibile solo sulla porta 443 (HTTPS) e *non* sulla " "porta 80 (HTTP)." -#: ../../reverse_proxy.rst:22 8c796009f2204fd79d522e27eddb45ee +#: ../../reverse_proxy.rst:22 f6dc464c3a3e44878fe064b2f951018f msgid "" "This page allows users to configure proxy pass settings, specifying whether " "the rule applies to a domain or a path. For domain configurations, users can" @@ -69,7 +69,7 @@ msgstr "" "specifiche reti in formato CIDR. È possibile aggiungere una descrizione per " "maggiore chiarezza." -#: ../../reverse_proxy.rst:27 1766d04fb1a644d68891126bc0ab4ab6 +#: ../../reverse_proxy.rst:27 7baba4129dda4ecc8a565038cc9c1341 msgid "" "To configure a new proxy pass, click on the :guilabel:`Add reverse proxy` " "and customize the following options:" @@ -77,7 +77,7 @@ msgstr "" "Per configurare un nuovo proxy pass, fare clic su :guilabel:`Aggiungi " "reverse proxy` e personalizzare le seguenti opzioni:" -#: ../../reverse_proxy.rst:29 42f4413586074a4dbaea1e9aa0a3d6d7 +#: ../../reverse_proxy.rst:29 b87d9285577b4c6388a0b0d3a499db0e msgid "" "``Type``: choose between Domain or Path. If type is ``Path``, enter the " "resource path starting with a '/' for matching rules (e.g., ``/resource-" @@ -92,7 +92,7 @@ msgstr "" "sito web. Selezionare anche un :ref:`certificato ` " "associato." -#: ../../reverse_proxy.rst:32 47f3160de4d4400f95e41325b2250475 +#: ../../reverse_proxy.rst:32 38880730dcf940d0a351fea07e9980fd msgid "" "``Destination URL``: specify the forwarding location for incoming requests " "(e.g., ``http://destination-server:port/path``)." @@ -100,7 +100,7 @@ msgstr "" "``URL di destinazione``: specificare la posizione di inoltro per le " "richieste in arrivo (ad esempio, ``http://destination-server:port/path``)." -#: ../../reverse_proxy.rst:33 2eb8d5d50ca34d62b749c6046fcb6288 +#: ../../reverse_proxy.rst:33 0d1fc92a4d3a46a8b12490d901596482 msgid "" "``Allowed networks``: define allowed IPv4/IPv6 networks in CIDR format. By " "default, accessible from anywhere." @@ -108,17 +108,17 @@ msgstr "" "``Reti permesse``: definire le reti IPv4/IPv6 consentite in formato CIDR. " "Per impostazione predefinita, accessibile da qualsiasi luogo." -#: ../../reverse_proxy.rst:34 c1576a73d176444e88a706311b08bc11 +#: ../../reverse_proxy.rst:34 3faa970400e74561a32eaf5585ec2eb8 msgid "``Description``: optionally, add a description for clarity." msgstr "" "``Descrizione``: facoltativamente, aggiungere una descrizione per maggiore " "chiarezza." -#: ../../reverse_proxy.rst:36 18f470133b6041368d9f19b2e0a3d261 +#: ../../reverse_proxy.rst:36 c08e804ee3d44c49a4cda4f7e5a29e5b msgid "Additional information:" msgstr "Informazioni aggiuntive:" -#: ../../reverse_proxy.rst:38 130b2b75b1d24b1faaa6454209b95a55 +#: ../../reverse_proxy.rst:38 f2456069da0f41e49045374be4674a6b msgid "" "Headers sent to destination server: X-Forwarded-Proto, X-Forwarded-For, " "X-Real-IP are always sent." @@ -126,7 +126,7 @@ msgstr "" "Header verso il server di destinazione: X-Forwarded-Proto, X-Forwarded-For, " "X-Real-IP sono sempre inviati." -#: ../../reverse_proxy.rst:39 a339a547bd4845f1b8c5114ecf74f947 +#: ../../reverse_proxy.rst:39 bf359032dcb4472f8e6bd48790d3e56a msgid "" "Certificate validation: if the destination uses HTTPS, the certificate is " "not validated to avoid errors on misconfigured servers." @@ -135,18 +135,18 @@ msgstr "" "certificato non viene validato per evitare errori su server configurati in " "modo errato." -#: ../../reverse_proxy.rst:40 d92af085b7bc40749a7424718e546f06 +#: ../../reverse_proxy.rst:40 e4ac7dacfae24aebb08b60ed59941f48 msgid "" "WebSocket support: all reverse proxies automatically support WebSockets." msgstr "" "Supporto WebSocket: tutti i reverse proxy supportano automaticamente i " "WebSocket." -#: ../../reverse_proxy.rst:113 c70e82862083454ca1d049cfd95ca42b +#: ../../reverse_proxy.rst:120 6ad89649496e4c499584379f195c118d msgid "Certificates" msgstr "Certificati" -#: ../../reverse_proxy.rst:115 6a78ee51ed834c85a0fa8f59386323f2 +#: ../../reverse_proxy.rst:122 b143269dd60e48c8906f3a45430f1871 msgid "" "The ``Certificates`` page centralizes certificate management " "functionalities, facilitating the handling of certificates on the firewall. " @@ -158,7 +158,7 @@ msgstr "" "avvio del firewall, viene generato automaticamente un certificato " "autofirmato. Questo certificato funge da opzione sicura predefinita." -#: ../../reverse_proxy.rst:118 288df540a0ae4b9489ca9d8f435b84e1 +#: ../../reverse_proxy.rst:125 8d565e72eccd41848bbf27301a0c750b msgid "" "The certificate management page allows users to upload custom certificates, " "request certificates from Let's Encrypt, and manage existing certificates." @@ -167,7 +167,7 @@ msgstr "" "personalizzati, richiedere certificati da Let's Encrypt e gestire i " "certificati esistenti." -#: ../../reverse_proxy.rst:120 64e4c41677164e2485b5ec48152bf959 +#: ../../reverse_proxy.rst:127 5ac67ddb496d455496a71f8630c592c9 msgid "" "The page lists all certificates, highlighting the default certificate. To " "set a certificate as the default certificate, click on the :guilabel:`Set as" @@ -183,11 +183,11 @@ msgstr "" "porta 443, sia sulla :ref:`9090 o su una porta personalizzata " "`." -#: ../../reverse_proxy.rst:127 20ba6897d2f44f0a94b9cee6e49f01cc +#: ../../reverse_proxy.rst:134 baaf8a417b4543be99ae4e11bb33a39d msgid "Let's Encrypt" msgstr "Let's Encrypt" -#: ../../reverse_proxy.rst:129 8687923da2f34d7aa39ecf692f57b159 +#: ../../reverse_proxy.rst:136 2205e8a363a041f6ab64370b4e4b3569 msgid "" "Let's Encrypt is a free, automated, and open Certificate Authority (CA) that" " provides SSL/TLS certificates for securing websites. These certificates " @@ -206,7 +206,7 @@ msgstr "" "proprietari e agli amministratori di siti web senza costi significativi o " "particolari competenze tecniche." -#: ../../reverse_proxy.rst:134 111eaa85e5e6407c9212923b43b6f9ba +#: ../../reverse_proxy.rst:141 b2db5082d8ef4b239b7df6404edad498 msgid "" "The certificate page allows users to request certificates from Let's " "Encrypt. The process is straightforward and requires minimal configuration. " @@ -218,35 +218,35 @@ msgstr "" "possibile specificare un nome significativo per il certificato e uno o più " "domini. Il certificato viene rinnovato automaticamente ogni 60 giorni." -#: ../../reverse_proxy.rst:137 954dc52c8b31433baac75e93dc23f705 +#: ../../reverse_proxy.rst:144 30cf94eda73e414dbb2d5579571258dc msgid "" "The Let's Encrypt certificate request process involves the following steps:" msgstr "" "Il processo di richiesta del certificato Let's Encrypt prevede i seguenti " "passaggi:" -#: ../../reverse_proxy.rst:139 1f6f8c38010d4b1c81e17cab4400bd78 +#: ../../reverse_proxy.rst:146 fa6d0ce1d3594144b9a758a160f47e87 msgid "click on the :guilabel:`Add Let's Encrypt certificate` button;" msgstr "" "fare clic sul pulsante :guilabel:`Aggiungi certificato Let's Encrypt`;" -#: ../../reverse_proxy.rst:140 62d03d30f5d44202a339b4b5e0e02620 +#: ../../reverse_proxy.rst:147 17e9c1e2e91645c798e0814524dfef60 msgid "specify a meaningful name for the certificate;" msgstr "specificare un nome significativo per il certificato;" -#: ../../reverse_proxy.rst:141 d5685fc864de452e85e8224c787385dc +#: ../../reverse_proxy.rst:148 023410e2d402470d865e7397dee87808 msgid "specify one or more domains for the certificate;" msgstr "specificare uno o più domini per il certificato;" -#: ../../reverse_proxy.rst:142 9df0696454c849159a1f0e26ca15ca2f +#: ../../reverse_proxy.rst:149 f6f264cdd2b44d4f88aec9ab3e32e142 msgid "click on the :guilabel:`Save` button." msgstr "fare clic sul pulsante :guilabel:`Salva`." -#: ../../reverse_proxy.rst:144 5be0e847b0dd446f9a6aee72b52eedaf +#: ../../reverse_proxy.rst:151 db5d33f5068046439054e63a7bda5197 msgid "The validation process can be performed in two ways:" msgstr "Il processo di validazione può essere eseguito in due modi:" -#: ../../reverse_proxy.rst:146 bc2dccb12b62401781aeb3224b118054 +#: ../../reverse_proxy.rst:153 9942f545fb7d4ba8981c49e5dfcfd122 msgid "" "Standalone mode (HTTP validation): the Standalone mode involves temporarily " "stopping the web server to allow the ACME client tool to bind to the " @@ -259,7 +259,7 @@ msgstr "" "autenticazione per dimostrare la proprietà del dominio, ottenendo e " "installando il certificato." -#: ../../reverse_proxy.rst:149 51db8f31cb954dcd9c2deafa286dd8d7 +#: ../../reverse_proxy.rst:156 e95cbd2f6e3d4bc8a09d00ad61b00f9d msgid "" "DNS validation: DNS validation requires adding a specific DNS TXT record to " "the domain's DNS configuration. ACME client checks for this record to verify" @@ -272,7 +272,7 @@ msgstr "" " metodo è utile in situazioni in cui modificare la configurazione del server" " web risulta difficile o non è desiderato." -#: ../../reverse_proxy.rst:152 c5f5818636f741b19ead6a88ea357d67 +#: ../../reverse_proxy.rst:159 f5032097650344d2954a0fa8265a4c38 msgid "" "When standalone mode is selected, make sure the following requirements are " "met:" @@ -280,7 +280,7 @@ msgstr "" "Quando viene selezionata la modalità standalone, assicurarsi che siano " "soddisfatti i seguenti requisiti:" -#: ../../reverse_proxy.rst:154 a8124ba638bf4757824c58b146a64445 +#: ../../reverse_proxy.rst:161 6990cfdb0cbd482d9e41ffd7ce7d0683 msgid "" "The firewall must be reachable from outside on port 80. The acme client " "will:" @@ -288,20 +288,20 @@ msgstr "" "Il firewall deve essere raggiungibile dall'esterno sulla porta 80. Il client" " acme:" -#: ../../reverse_proxy.rst:156 456c6febf4e045978b8799a12573838f +#: ../../reverse_proxy.rst:163 d9e9fa71955b48538b97498dade80c4c msgid "temporarily bind to port 80 to serve the authentication challenges" msgstr "" "associare temporaneamente alla porta 80 per servire le sfide di " "autenticazione" -#: ../../reverse_proxy.rst:157 6fa69624e6564ae3868d3146d2d259b3 +#: ../../reverse_proxy.rst:164 2c9c4802f5f6422f9a5f039d71a55e7f msgid "" "temporarily open port 80 to the public Internet to perform the validation." msgstr "" "apri temporaneamente la porta 80 verso Internet pubblico per eseguire la " "convalida." -#: ../../reverse_proxy.rst:159 0025b38c171349a1a9cf8a6e1b7be841 +#: ../../reverse_proxy.rst:166 4e33e949eb3f4079ac5dde8ca8863245 msgid "" "Once the validation is complete, port 80 is automatically closed. Please " "note that if port 80 is forwarded to another server, the validation will " @@ -311,7 +311,7 @@ msgstr "" " Si noti che, se la porta 80 è inoltrata a un altro server, la convalida non" " andrà a buon fine." -#: ../../reverse_proxy.rst:162 069e6ce2daff4c06852345c415190086 +#: ../../reverse_proxy.rst:169 af5037699d4a4d83871b492488206991 msgid "" "The domains that you want the certificate for must be public domain names " "associated to server own public IP. Make sure you have public DNS name " @@ -323,7 +323,7 @@ msgstr "" "avere un nome DNS pubblico che punti al proprio server (è possibile " "verificare con siti come `VDNS `_)." -#: ../../reverse_proxy.rst:166 b62148ba5efe47419dea1eeec496ed6f +#: ../../reverse_proxy.rst:173 fc6851ca2e4e4b99a23cb3b9d41de0a1 msgid "" "Select DNS validation if your DNS provider supports API access. Choose the " "DNS provider from the drop-down menu and enter the API key and secret. " @@ -339,7 +339,7 @@ msgstr "" "sapere quale chiave API e quale segreto sono richiesti dal proprio provider " "DNS. La convalida DNS è l'unica supportata per i certificati wildcard." -#: ../../reverse_proxy.rst:171 840f16b8b30643a7a5408bb766d80e20 +#: ../../reverse_proxy.rst:178 81189ddc02ef4a678537dcea47e5b76e msgid "" "The certificate generation process can take a few minutes. During this time," " the certificate status is ``Pending``." @@ -347,11 +347,11 @@ msgstr "" "Il processo di generazione del certificato può richiedere alcuni minuti. " "Durante questo periodo, lo stato del certificato è ``In attesa``." -#: ../../reverse_proxy.rst:174 0a7ec15b48e740b4baba27287b93dddd +#: ../../reverse_proxy.rst:181 58d1ab89c2fc4c79be8348f8f1c89d5d msgid "Debug Let's Encrypt" msgstr "Debug Let's Encrypt" -#: ../../reverse_proxy.rst:176 2ff760228a62445eb15b1f221a02efc8 +#: ../../reverse_proxy.rst:183 e11464997fd748e8b311628ae3eeb38f msgid "" "If the Let's Encrypt certificate request fails, the user can debug the " "process by entering the following commands in the terminal: ::" @@ -359,7 +359,7 @@ msgstr "" "Se la richiesta del certificato Let's Encrypt fallisce, è possibile eseguire" " il debug del processo inserendo i seguenti comandi nel terminale: ::" -#: ../../reverse_proxy.rst:181 94c194b37ed04f5ab33f8cb6d9d19bc1 +#: ../../reverse_proxy.rst:188 aff5c4b2fa3d436d943ca1f8626c8b2d msgid "" "The debug messages will be printed on the standard output. After the problem" " is solved, the user can disable debug by entering the following command in " @@ -369,27 +369,27 @@ msgstr "" "problema è stato risolto, è possibile disabilitare il debug inserendo il " "seguente comando nel terminale: ::" -#: ../../reverse_proxy.rst:187 bdfac9542bba4e509f0f76a5a998cc6e +#: ../../reverse_proxy.rst:194 f6fb77f15fea44ee889f4854ceaad0ab msgid "Custom certificate" msgstr "Certificato personalizzato" -#: ../../reverse_proxy.rst:189 d193443f7f194ea7951feb0bff72bef2 +#: ../../reverse_proxy.rst:196 20c6ccccbad6450eb84bf7e03410a8ad msgid "The user can upload a custom certificate to the firewall." msgstr "L'utente può caricare un certificato personalizzato nel firewall." -#: ../../reverse_proxy.rst:191 ebeeb99630f141fab403c7dfd3223833 +#: ../../reverse_proxy.rst:198 3328890c74bb42d08e0cfaa10f4eb39f msgid "The process involves the following steps:" msgstr "Il processo prevede i seguenti passaggi:" -#: ../../reverse_proxy.rst:193 7d32117c7d13435ab678551c08d4c37d +#: ../../reverse_proxy.rst:200 3bf69b4a750846258f89f222bc8e0445 msgid "click on the :guilabel:`Import certificate` button" msgstr "fare clic sul pulsante :guilabel:`Importa certificato`" -#: ../../reverse_proxy.rst:194 4c97ef0928a04a8eb30e595cce33c1d0 +#: ../../reverse_proxy.rst:201 211d424f0b85462f9dfb7c05453dc84b msgid "specify a meaningful name for the certificate" msgstr "specificare un nome significativo per il certificato" -#: ../../reverse_proxy.rst:195 7a1928c6b47e49d7b138095a0f9d515d +#: ../../reverse_proxy.rst:202 3c48d6c2fe9e4181bf269031e02565d9 msgid "" "drag and drop the certificate, private key, and optionally, the chain " "certificate; ensure that all uploaded files adhere to the `PEM format " @@ -400,15 +400,15 @@ msgstr "" "caricati rispettino gli standard del formato `PEM " "`_" -#: ../../reverse_proxy.rst:197 c2e615afc71a4e348564c43469a0bb05 +#: ../../reverse_proxy.rst:204 03313e4746424f2a8e519445c66f20ca msgid "click on the :guilabel:`Save` button" msgstr "fare clic sul pulsante :guilabel:`Salva`" -#: ../../reverse_proxy.rst:45 1a2b08553dc9451e829ca1fa5e84b89e +#: ../../reverse_proxy.rst:52 3fe5bc49bd964e1888ee94019c8893a7 msgid "Proxy on port 80 (HTTP)" msgstr "Proxy sulla porta 80 (HTTP)" -#: ../../reverse_proxy.rst:47 408d5d543da24a1a9f6ac9ff286d20c9 +#: ../../reverse_proxy.rst:54 97904eba578a45b280193f1c446840f9 msgid "" "NethSecurity 8 only listens on HTTPS (port 443) for reverse proxy rules. " "This differs from NethSecurity 7, where the reverse proxy listened on both " @@ -418,7 +418,7 @@ msgstr "" "proxy. Questo differisce da NethSecurity 7, dove il reverse proxy ascoltava " "sia su HTTP (porta 80)." -#: ../../reverse_proxy.rst:50 49450416fb2a46d898d8be1058d478d1 +#: ../../reverse_proxy.rst:57 0c953657c58047b58874bb770eee37df msgid "" "When migrating from NethSecurity 7, some services or user bookmarks may " "still use HTTP. Because NethSecurity 8 does not listen on port 80 by " @@ -431,7 +431,7 @@ msgstr "" "raggiungeranno più il reverse proxy e potrebbero risultare non funzionanti " "per gli utenti." -#: ../../reverse_proxy.rst:54 6ed74947fe2e4f13b9c9f040cc7c7692 +#: ../../reverse_proxy.rst:61 736ac16231d3458481446ad0496a2f9e msgid "" "Eenabling port 80 may expose services, including the web UI, over " "unencrypted channels. For this reason, the recommended approach is to keep " @@ -443,7 +443,7 @@ msgstr "" "il reverse proxy in ascolto solo su un canale sicuro e fornire un " "reindirizzamento permanente (301) da HTTP a HTTPS." -#: ../../reverse_proxy.rst:58 70e051ad34ad4091a38b6fb985e763a1 +#: ../../reverse_proxy.rst:65 ec00db74590c41f0b9ec66fa01937831 msgid "" "To create a global HTTP to HTTPS redirect, access the terminal and enter the" " following commands:" @@ -451,7 +451,7 @@ msgstr "" "Per creare un reindirizzamento globale da HTTP a HTTPS, accedere al " "terminale e inserire i seguenti comandi:" -#: ../../reverse_proxy.rst:70 f5d475a7e1be4638ae1da07f1bb4bd8a +#: ../../reverse_proxy.rst:77 fb77e40a1e3e4148901fd19ba166daa7 msgid "" "After enabling the redirect, access the firewall rules page and make sure " "the port 80 is open on the WAN side to allow incoming connections." @@ -460,11 +460,11 @@ msgstr "" "del firewall e assicurarsi che la porta 80 sia aperta sul lato WAN per " "consentire le connessioni in ingresso." -#: ../../reverse_proxy.rst:76 d5ba713d2df847e09b23daa6809f32ba +#: ../../reverse_proxy.rst:83 40bf70f81712431697df3b9783b03172 msgid "Hide web server version" msgstr "Nascondere la versione del server web" -#: ../../reverse_proxy.rst:78 82e51a82c8fb406b973c77bf61dfac12 +#: ../../reverse_proxy.rst:85 32334f31a77c4170b929eb07860e3fce msgid "" "By default, the nginx reverse proxy includes its version number in HTTP " "response headers. Many vulnerability assessments rely on software version " @@ -482,7 +482,7 @@ msgstr "" "limitare l'esposizione di vulnerabilità note e specifiche della versione " "agli strumenti di scansione automatizzati." -#: ../../reverse_proxy.rst:82 ffb750ecabf14578b66d36ddffa7bab1 +#: ../../reverse_proxy.rst:89 3e51a40d2d5b4367bdd3fbe6dbb894e5 msgid "" "To disable the nginx version from being displayed in the reverse proxy HTTP " "headers, you need to configure the ``server_tokens`` directive for your " @@ -492,11 +492,11 @@ msgstr "" "HTTP del reverse proxy, è necessario configurare la direttiva " "``server_tokens`` nelle configurazioni del server nginx." -#: ../../reverse_proxy.rst:84 8cb1b0ffc66a494e8b87c5f509c47c38 +#: ../../reverse_proxy.rst:91 6b645030738b4a1da4e1f1f0f3b5632d msgid "First, identify your nginx server configurations: ::" msgstr "Per prima cosa, identificare le configurazioni del server nginx: ::" -#: ../../reverse_proxy.rst:88 825fe270816d41149c57e72f3149bb0e +#: ../../reverse_proxy.rst:95 ed3dfb5c226b42eca41e7426f71abca9 msgid "" "This will show you the server blocks configured in your system (e.g., " "``nginx._lan=server``, ``nginx.ns_88e3b6fd=server``)." @@ -504,7 +504,7 @@ msgstr "" "Questo mostrerà i blocchi server configurati nel sistema (ad esempio, " "``nginx._lan=server``, ``nginx.ns_88e3b6fd=server``)." -#: ../../reverse_proxy.rst:90 8ffa7ea7af4f4a909244d7976e3be193 +#: ../../reverse_proxy.rst:97 6576c05b308a4174996a5d7aae63d157 msgid "" "Then, for each server block you want to configure, set the ``server_tokens``" " to ``off``. For example, to configure the ``_lan`` server: ::" @@ -513,7 +513,7 @@ msgstr "" "``server_tokens`` su ``off``. Ad esempio, per configurare il server " "``_lan``: ::" -#: ../../reverse_proxy.rst:96 537efc9bccc043a59ec743efabbc0a27 +#: ../../reverse_proxy.rst:103 9bd925fa69734a2d9219f26b8ee7f627 msgid "" "If you have additional custom server blocks (like ``ns_88e3b6fd`` in the " "example), apply the same configuration: ::" @@ -521,10 +521,32 @@ msgstr "" "Se sono presenti ulteriori blocchi server personalizzati (come " "``ns_88e3b6fd`` nell'esempio), applicare la stessa configurazione: ::" -#: ../../reverse_proxy.rst:102 c94a97d7d26a4e62ad74a3669536d1a3 +#: ../../reverse_proxy.rst:109 3259482e68f6425f838337dbda16765f msgid "" "To apply this setting globally to all reverse proxy servers at once, you can" " use a script: ::" msgstr "" "Per applicare questa impostazione globalmente a tutti i server reverse proxy" " contemporaneamente, è possibile utilizzare uno script: ::" + +#: ../../reverse_proxy.rst:45 818811ee4e0e4fa292bcabf6cf641004 +msgid "Interaction with port forward rules" +msgstr "Interazione con le regole di port forwarding" + +#: ../../reverse_proxy.rst:47 4cc85c87517a4b3f82af7c7fdbeb576d +msgid "" +"Reverse proxy uses only port 443, if a port forward rule is also configured " +"on port 443, the port forward rule always takes precedence. In this case, " +"HTTPS traffic is forwarded according to the port forward rule and the " +"reverse proxy rule is not applied because no traffic reaches the web server " +"running on the firewall itself. To use the reverse proxy, make sure that no " +"port forward rule is configured on port 443 for the same WAN address." +msgstr "" +"Il reverse proxy utilizza solo la porta 443; se è configurata anche una " +"regola di port forwarding sulla porta 443, la regola di port forwarding ha " +"sempre la precedenza. In questo caso, il traffico HTTPS viene inoltrato " +"secondo la regola di port forwarding e la regola di reverse proxy non viene " +"applicata perché nessun traffico raggiunge il server web in esecuzione sul " +"firewall stesso. Per utilizzare il reverse proxy, assicurarsi che non sia " +"configurata alcuna regola di port forwarding sulla porta 443 per lo stesso " +"indirizzo WAN." diff --git a/locale/it/LC_MESSAGES/uci.po b/locale/it/LC_MESSAGES/uci.po index ea586683..82c7de03 100644 --- a/locale/it/LC_MESSAGES/uci.po +++ b/locale/it/LC_MESSAGES/uci.po @@ -2,11 +2,11 @@ msgid "" msgstr "" -#: ../../uci.rst:5 a74265388406474ab79e76c782a8a335 +#: ../../uci.rst:5 243a19952aa94dc38e2cdc279452677d msgid "UCI (Unified Configuration Interface)" msgstr "UCI (Unified Configuration Interface)" -#: ../../uci.rst:7 c21233c7b1a54b8791865189f52bec70 +#: ../../uci.rst:7 55ec8a491f064494979151e29fbe04ae msgid "" "UCI (Unified Configuration Interface) is a centralized configuration " "management system used in NethSecurity. It provides a unified approach to " @@ -18,11 +18,11 @@ msgstr "" "unificato alla configurazione del sistema tramite un'interfaccia a riga di " "comando e file di configurazione standardizzati." -#: ../../uci.rst:10 6f8e5193d7d64dbdaca0e83e0e7d89e4 +#: ../../uci.rst:10 e5048617afe64af696b8da0d060298d5 msgid "Key Characteristics" msgstr "Caratteristiche principali" -#: ../../uci.rst:12 7800682b64be44e2a1d6f522432454f0 +#: ../../uci.rst:12 02d890bc3a47455389f9700ab129c0d6 msgid "" "**Centralized Configuration**: All system configurations are stored in a " "single location (``/etc/config/``)" @@ -30,14 +30,14 @@ msgstr "" "**Configurazione centralizzata**: Tutte le configurazioni di sistema sono " "memorizzate in un'unica posizione (``/etc/config/``)" -#: ../../uci.rst:13 c8758f0299a746fdb77bb869bb47b92f +#: ../../uci.rst:13 5ff699a1de49431bbd9b21cdfb2babe6 msgid "" "**Database-driven**: Configurations are stored in structured database files" msgstr "" "**Basato su database**: Le configurazioni sono memorizzate in file di " "database strutturati" -#: ../../uci.rst:14 2887a3b66f7f40c9a1e77a4bacb9d26c +#: ../../uci.rst:14 5856710a1aa349aab22ea63870e9ebe6 msgid "" "**No Built-in Validation**: UCI executes commands without safety checks - " "requires system knowledge" @@ -45,12 +45,12 @@ msgstr "" "**Nessuna validazione integrata**: UCI esegue i comandi senza controlli di " "sicurezza - è richiesta conoscenza del sistema" -#: ../../uci.rst:15 319dc47c072947569d4c7cc419a06a71 +#: ../../uci.rst:15 3e7f9f4204524b2188d9143039b0fac1 msgid "**Three-phase Workflow**: Modify → Commit → Restart/Reload" msgstr "" "**Flusso di lavoro in tre fasi**: Modifica → Commit → Riavvia/Ricarica" -#: ../../uci.rst:16 cd7fc4fe432844669303a85515c30afd +#: ../../uci.rst:16 f385048796e44f8193fd038372bf510d msgid "" "**Multi-event Capable**: User interfaces can trigger multiple configuration " "events simultaneously" @@ -58,11 +58,11 @@ msgstr "" "**Supporto per eventi multipli**: Le interfacce utente possono attivare più " "eventi di configurazione simultaneamente" -#: ../../uci.rst:19 37c129239bcb49d29dd9a8b7899b77cd +#: ../../uci.rst:19 edd56571561044e28a58234694e89de7 msgid "Configuration Storage" msgstr "Archiviazione della configurazione" -#: ../../uci.rst:21 fd2cbf1273b44e2199927b19145fe491 +#: ../../uci.rst:21 68e04537826f4c8c93d73f88409563c6 msgid "" "All UCI configurations are stored as database files in ``/etc/config/``. " "Each file represents a different system component or service, a non-" @@ -72,61 +72,61 @@ msgstr "" "``/etc/config/``. Ogni file rappresenta un diverso componente o servizio di " "sistema; di seguito è fornito un elenco esemplificativo non esaustivo." -#: ../../uci.rst:24 fdd5a60caf9b40f58c51c0d82065d361 +#: ../../uci.rst:24 fc4e4a19cc1f47d7b69db4d36af9bb93 msgid "Configuration Files Structure" msgstr "Struttura dei file di configurazione" -#: ../../uci.rst:60 982288b77f3747d9ba3a9f6ea900f05e +#: ../../uci.rst:60 02ee468b986e4127afdd012edd1ca507 msgid "Viewing Configuration" msgstr "Visualizzazione della configurazione" -#: ../../uci.rst:63 4193c3bde91645c4b6bbcfd1d21315b0 +#: ../../uci.rst:63 89520a3358e5482a8f0380d0f98c0c0d msgid "Show all configuration for a specific service" msgstr "Mostra tutta la configurazione per un servizio specifico" -#: ../../uci.rst:69 ../../uci.rst:104 ../../uci.rst:189 -#: dba925c1760f4d1ab824d242f6ae13e0 b2da3e354ef9471a86c96f96ab91959a -#: c3b8ee16b5c046a09bd6cc04476e50b2 +#: ../../uci.rst:69 ../../uci.rst:104 ../../uci.rst:216 +#: d0c32da479374aa79fd05e9898e1884a efea2a08c0e64655a27f6752984bd8cf +#: 92a1d70f9b864c85ad3329d102278370 msgid "**Example:**" msgstr "**Esempio:**" -#: ../../uci.rst:75 daceb30d90dd423488fa0fe1797e5d4f +#: ../../uci.rst:75 c9dbf360bffc45e1a949a8de36dff602 msgid "**Output:**" msgstr "**Output:**" -#: ../../uci.rst:98 6e3d79d1735446ba9725a682a6cafd82 +#: ../../uci.rst:98 49911e7933ce4b589fd9f1711b8d7bd8 msgid "Show specific configuration option" msgstr "Mostra opzione di configurazione specifica" -#: ../../uci.rst:111 1c28533e740a4accb6d0bb4ea404ba1c +#: ../../uci.rst:111 7c4168d7db45428e9adca7b841d4420c msgid "Complete Configuration Workflow" msgstr "Flusso di lavoro completo di configurazione" -#: ../../uci.rst:114 c839d5c8f6d840d48ebcaa13ebc50df1 +#: ../../uci.rst:114 b1d8b930b3c14100a5c3281ee6a8d3dd msgid "Standard Three-Phase Process" msgstr "Processo standard in tre fasi" -#: ../../uci.rst:116 7ad49cca52f847e3a3d4bc651f85705f +#: ../../uci.rst:116 f3cf95a279644fb29eb1ebfe205d5114 msgid "**MODIFY** - Make configuration changes" msgstr "**MODIFICA** - Apportare modifiche alla configurazione" -#: ../../uci.rst:117 4e95e41c4ff14150bc228af10fe7eb27 +#: ../../uci.rst:117 417f208a528e4de4b8159b04bb4335cf msgid "**COMMIT** - Save changes to the configuration database" msgstr "**COMMIT** - Salva le modifiche nel database di configurazione" -#: ../../uci.rst:118 6357c63df41c49e8a42baebb47569825 +#: ../../uci.rst:118 9c688e8582af45dfb7b4112c5c48e13e msgid "**RELOAD** - Apply changes to the running system" msgstr "**RELOAD** - Applica le modifiche al sistema in esecuzione" -#: ../../uci.rst:121 9fda44d9ac644adfab615dc6f3b8f2fa +#: ../../uci.rst:121 e4415822fe434802af8f79a32016dc0e msgid "Practical Example: Changing LAN IP Address" msgstr "Esempio pratico: modifica dell'indirizzo IP LAN" -#: ../../uci.rst:135 ca2ca5bc7bdf44309e28b5287ce5c472 +#: ../../uci.rst:135 dd10a08fb1104dc2a0addbec2a4431d5 msgid "SET - Modifying Configuration" msgstr "SET - Modifica della configurazione" -#: ../../uci.rst:137 0ae5d9feffdd4566949382e727f792ac +#: ../../uci.rst:137 3589bfc29dbf4e6c9fa46a131ae72b75 msgid "" "The ``uci set`` command is used to modify configuration values. Changes are " "stored temporarily and must be committed to become persistent." @@ -135,27 +135,27 @@ msgstr "" "configurazione. Le modifiche vengono memorizzate temporaneamente e devono " "essere confermate per diventare permanenti." -#: ../../uci.rst:140 5c13dd2094e746caa8bac977a3cac7a0 +#: ../../uci.rst:140 47b479db827d442eb1f399d91f22e5ab msgid "Set a configuration value" msgstr "Impostare un valore di configurazione" -#: ../../uci.rst:146 ab0a57cbe5864f58b76379e37fd73406 +#: ../../uci.rst:146 d8674ed0f4414f38880e58af289f57be msgid "**Examples:**" msgstr "**Esempi:**" -#: ../../uci.rst:160 0216653de8a846a9b39e846a23626c25 +#: ../../uci.rst:160 456dd93f601547c6bb015c79d9ed3287 msgid "Add a new section" msgstr "Aggiungere una nuova sezione" -#: ../../uci.rst:167 c6cabf836e444c1f98b51019b74184bf +#: ../../uci.rst:167 288209eb793c483e9451c91cd67f2500 msgid "Delete operations" msgstr "Operazioni di eliminazione" -#: ../../uci.rst:178 7458f5771b5f4b3f94a73d98e489b607 +#: ../../uci.rst:205 b993e6b9c86e4ba9b889446c5a86df10 msgid "COMMIT - Saving Changes" msgstr "COMMIT - Salvataggio delle modifiche" -#: ../../uci.rst:180 4410ae4378704054b58a36a968e481e9 +#: ../../uci.rst:207 26571675434f433f866978630e7e6cac msgid "" "Changes made with ``uci set`` are not immediately applied to the system. " "They must be committed first to make them persistent." @@ -163,37 +163,37 @@ msgstr "" "Le modifiche apportate con ``uci set`` non vengono applicate immediatamente " "al sistema. Devono essere prima confermate per renderle persistenti." -#: ../../uci.rst:183 bc4d5428b27a4c869a3a86b2c1fc8de3 +#: ../../uci.rst:210 62b40f975e9a4bffa184b9e48f0faa10 msgid "Commit specific service" msgstr "Servizio specifico del commit" -#: ../../uci.rst:196 3ee2ddb02d3a4e3fb4a0bcf0f2fa67db +#: ../../uci.rst:223 443343aa363c429a9b889805620ad947 msgid "Commit all pending changes" msgstr "Confermare tutte le modifiche in sospeso" -#: ../../uci.rst:203 a762065d5bea492786d44ef9a6362aa7 +#: ../../uci.rst:230 72af9b050e0241be8f04639a2531014f msgid "Check pending changes" msgstr "Controllare le modifiche in sospeso" -#: ../../uci.rst:205 3c2fb041044b48c4967393f3a81c0a64 +#: ../../uci.rst:232 cdd6c1dfae7b41afbd6e56af0f2888cb msgid "Before committing, you can review what changes will be applied:" msgstr "" "Prima di eseguire il commit, è possibile esaminare quali modifiche verranno " "applicate:" -#: ../../uci.rst:212 3c6e289966414f58b459dd4ae4201154 +#: ../../uci.rst:239 4e0cf0ca109a49dfa3483a3491715865 msgid "Revert uncommitted changes" msgstr "Annullare le modifiche non confermate" -#: ../../uci.rst:214 b3b43160b5df4f4da82b133367721d13 +#: ../../uci.rst:241 f5e9a92c46414fb09ab7a5272dbf205b msgid "If you want to discard uncommitted changes:" msgstr "Se si desidera scartare le modifiche non confermate:" -#: ../../uci.rst:221 70ae286f87304aa483c75924889593e7 +#: ../../uci.rst:248 d071003891dd4b87b74dd2b27934e931 msgid "RELOAD - Applying Changes" msgstr "RELOAD - Applicazione delle modifiche" -#: ../../uci.rst:223 5bb5a79a95c8453bb80726c644357c5a +#: ../../uci.rst:250 682385af3f3a4d34ae9d79aa2822b182 msgid "" "After committing, you can apply the new configuration to the running system " "with a single command. This will automatically reload the affected services " @@ -204,77 +204,77 @@ msgstr "" "ricaricherà automaticamente i servizi interessati senza la necessità di " "riavviarli manualmente uno per uno." -#: ../../uci.rst:227 42f82ee0474f4a548ae5744a51f29985 +#: ../../uci.rst:254 a89dce631b414626ba452e8f86a2b68a msgid "Reload configuration" msgstr "Ricarica configurazione" -#: ../../uci.rst:235 764009f8639745cfbe6f69a7fec792c7 +#: ../../uci.rst:262 e22e788ffd49401ba0acd1eb648cd541 msgid "Configuration File Format" msgstr "Formato del file di configurazione" -#: ../../uci.rst:237 62251a9385bb4254ac4d84f4f2d3aabe +#: ../../uci.rst:264 5722d9dac22348d7a896b2f1fb537747 msgid "" "UCI configuration files use a structured format with sections and options:" msgstr "" "I file di configurazione UCI utilizzano un formato strutturato con sezioni e" " opzioni:" -#: ../../uci.rst:247 523804536e1b4418801173ab068183cf +#: ../../uci.rst:274 0799099150464dd8a7758598322892a3 msgid "Example: Network Configuration File" msgstr "Esempio: File di configurazione di rete" -#: ../../uci.rst:249 a581bb12dcde48349c1abd1bb5940607 +#: ../../uci.rst:276 29e9592f00894dc199bd2227043a11fd msgid "Network Configuration File (``/etc/config/network``):" msgstr "File di configurazione di rete (``/etc/config/network``):" -#: ../../uci.rst:275 255e1d34a8b8479ab1906cfba845eebd +#: ../../uci.rst:302 b6d8c0d6af6f4697bcd71c4ad4083536 msgid "Best Practices" msgstr "Migliori pratiche" -#: ../../uci.rst:278 6620d89f5bfb4ca58cbaa8660677eb8b +#: ../../uci.rst:305 78c5b1ee325f4dbe84fbbae9a9bd12be msgid "Safety Considerations" msgstr "Considerazioni sulla sicurezza" -#: ../../uci.rst:280 e1a36043ea834c96a2c6217f39105388 +#: ../../uci.rst:307 f71033c8e2884bedb3919a4fb1e1864f msgid "**Always backup configurations** before making changes" msgstr "" "**Eseguire sempre il backup delle configurazioni** prima di apportare " "modifiche" -#: ../../uci.rst:281 72af2fa0b53141088666c0b0e18b3733 +#: ../../uci.rst:308 032e47b57e984d7f943bdf4e7ce05f6d msgid "" "**Test changes incrementally** rather than making multiple changes at once" msgstr "" "**Testare le modifiche in modo incrementale** invece di apportare più " "modifiche contemporaneamente" -#: ../../uci.rst:282 de244d1ba0d84c68939018c4ae1a63d9 +#: ../../uci.rst:309 0558281205f3447bbd1dcbe8b540e1b8 msgid "**Understand service dependencies** before restarting services" msgstr "" "**Comprendere le dipendenze dei servizi** prima di riavviare i servizi" -#: ../../uci.rst:283 46524b2eb6414531999f1221131873a5 +#: ../../uci.rst:310 ca8a2ccad2e8464eb0a8c62965261b62 msgid "**Use** ``uci changes`` **to review** pending modifications" msgstr "" "**Utilizzare** ``uci changes`` **per esaminare** le modifiche in sospeso" -#: ../../uci.rst:284 dc11d856d4a64d5aac320c8c636ef6d1 +#: ../../uci.rst:311 fab84e785c8549aca6bae5e68e27e3e2 msgid "**Have console access** available when making network changes" msgstr "" "**Avere accesso alla console** disponibile durante la modifica delle " "impostazioni di rete" -#: ../../uci.rst:287 cf8cd050da604960a6211ba82afbd584 +#: ../../uci.rst:314 028674c046584183a48dd12a81dff5e1 msgid "Common Pitfalls" msgstr "Problemi comuni" -#: ../../uci.rst:289 221df18161434a62bad5a7edaedf1962 +#: ../../uci.rst:316 84c9bcad1f62476180927ce65d3d0c22 msgid "**Forgetting to commit**: Changes are not persistent until committed" msgstr "" "**Dimenticare di eseguire il commit**: le modifiche non sono persistenti " "fino a quando non viene effettuato il commit" -#: ../../uci.rst:290 0284c206480d4a52a7fc88da4e28e7a1 +#: ../../uci.rst:317 772f1396d1df4bbe9b370e15107e98e5 msgid "" "**Not restarting services**: Committed changes may not be active until " "service restart" @@ -282,41 +282,41 @@ msgstr "" "**Nessun riavvio dei servizi**: le modifiche confermate potrebbero non " "essere attive fino al riavvio del servizio" -#: ../../uci.rst:291 ace31e7357944e27ace5e44f961f8ef5 +#: ../../uci.rst:318 c44622b3985544fea014f55649084c09 msgid "" "**Breaking network connectivity**: Always ensure alternative access methods" msgstr "" "**Interruzione della connettività di rete**: Assicurarsi sempre di disporre " "di metodi di accesso alternativi" -#: ../../uci.rst:292 9836bc93e63f4b198fb9d787a1d082a6 +#: ../../uci.rst:319 af4ad0076cc64778abbc3da4a6db4bf3 msgid "" "**Syntax errors**: Invalid UCI syntax can cause configuration corruption" msgstr "" "**Errori di sintassi**: Una sintassi UCI non valida può causare la " "corruzione della configurazione" -#: ../../uci.rst:295 b0f6563d2a5a4c889e1d76c688415393 +#: ../../uci.rst:322 54ade763438544d396931bda6cebf7e9 msgid "Troubleshooting" msgstr "Risoluzione dei problemi" -#: ../../uci.rst:298 8092dc6b25c44fa0afeef149a5dcc2b8 +#: ../../uci.rst:325 ec9ce99bccb245a4bc0dd83599e6def0 msgid "Common Commands for Debugging" msgstr "Comandi comuni per il debug" -#: ../../uci.rst:301 d19ca7a8aabb40f9bf99d5c9ab9cdd2a +#: ../../uci.rst:328 0ed4961ac10b466f8dd866699b594d91 msgid "View pending changes" msgstr "Visualizza modifiche in sospeso" -#: ../../uci.rst:308 b06970c561a8406caf53b19b8e9de773 +#: ../../uci.rst:335 f640ab5363694d9aaf87ef9b7205fb3b msgid "Revert to last committed state" msgstr "Ripristina allo stato dell'ultimo commit" -#: ../../uci.rst:315 e730e70e30ba422e83c4183c9b36e15f +#: ../../uci.rst:342 60d16632d3564c9fba92e07e64b193f6 msgid "Check UCI syntax" msgstr "Controllare la sintassi UCI" -#: ../../uci.rst:322 a9bb13d90d2d4b799086a3e27e029c66 +#: ../../uci.rst:349 91a898bf3d654a85a613b47d127587b4 msgid "" "Always ensure you have alternative access to the system when making critical" " configuration changes, especially network-related modifications." @@ -325,10 +325,51 @@ msgstr "" "si apportano modifiche critiche alla configurazione, in particolare per " "quanto riguarda le modifiche relative alla rete." -#: ../../uci.rst:325 b823b9ba7bf24e2fa37594cf5b4cce39 +#: ../../uci.rst:352 bc243b01be44416cbd479ee45f1ce913 msgid "" "UCI commands execute without validation. Incorrect configurations can render" " the system inaccessible." msgstr "" "I comandi UCI vengono eseguiti senza validazione. Configurazioni errate " "possono rendere il sistema inaccessibile." + +#: ../../uci.rst:180 08f5eeeab59a4016ada3c3f710504c8f +msgid "LISTS - Editing List Options" +msgstr "LISTE - Modifica delle opzioni della lista" + +#: ../../uci.rst:182 63255e95fb6f43b38a7d84b9a32a6b7e +msgid "Lists are a special type of option that can contain multiple values." +msgstr "" +"Le liste sono un tipo speciale di opzione che può contenere più valori." + +#: ../../uci.rst:185 92e1d93a30844ae8aee352305bfaf994 +msgid "Add a value to a list" +msgstr "Aggiungere un valore a una lista" + +#: ../../uci.rst:187 fba8c27ed27a4032bbf5a18d2ff906b7 +msgid "" +"Use the ``uci add_list`` command to add values to a list, the command " +"creates the list if it does not already exist." +msgstr "" +"Utilizzare il comando ``uci add_list`` per aggiungere valori a una lista; il" +" comando crea la lista se non esiste già." + +#: ../../uci.rst:194 7439b8f243384d6baadd524d9c398f48 +msgid "Remove a value from a list" +msgstr "Rimuovere un valore da una lista" + +#: ../../uci.rst:196 ca7f3e3e6de04847803db62be863c6a7 +msgid "" +"To remove the last value from a list, use the ``uci del_list``, you must " +"specify the value to be removed." +msgstr "" +"Per rimuovere l'ultimo valore da una lista, utilizzare ``uci del_list``; è " +"necessario specificare il valore da rimuovere." + +#: ../../uci.rst:202 c273b5319fd14bf79bc677871269d091 +msgid "" +"To remove all values from a list, use the ``uci delete`` command as " +"explained in the previous section." +msgstr "" +"Per rimuovere tutti i valori da un elenco, utilizzare il comando ``uci " +"delete`` come spiegato nella sezione precedente." diff --git a/locale/it/LC_MESSAGES/users_databases.po b/locale/it/LC_MESSAGES/users_databases.po index ae75e4f3..7d49c9fe 100644 --- a/locale/it/LC_MESSAGES/users_databases.po +++ b/locale/it/LC_MESSAGES/users_databases.po @@ -2,11 +2,11 @@ msgid "" msgstr "" -#: ../../users_databases.rst:5 923561cab8fd43db8efb1fbe7a823a64 +#: ../../users_databases.rst:5 3d5e702659174720adf9af5e92770351 msgid "Users databases" msgstr "Database utenti" -#: ../../users_databases.rst:7 1788747c2874465e97bb5a1f22982d7e +#: ../../users_databases.rst:7 ac25e822c770420ea5c3c6fe6f79cae5 msgid "" "NethSecurity introduces support for two types of users databases: a local " "database and a remote LDAP database, enhancing user management capabilities." @@ -19,7 +19,7 @@ msgstr "" "utilizzati per le connessioni VPN, inclusa la :ref:`openvpn_roadwarrior-" "section`." -#: ../../users_databases.rst:10 f8ec4b04d1804217ad61eba6066e5bd6 +#: ../../users_databases.rst:10 754bc271e98142208456e3742008d272 msgid "" "Only users with a password can connect to VPN by authenticating with a " "username and password. Users without a password can connect to VPN by " @@ -30,11 +30,11 @@ msgstr "" "alla VPN autenticandosi tramite certificato o altri metodi di " "autenticazione." -#: ../../users_databases.rst:14 c0e01d1ce5da450d96e3195d2e1887a5 +#: ../../users_databases.rst:14 a41a278b32de4a4db7b29cf0059638ef msgid "Local database" msgstr "Database locale" -#: ../../users_databases.rst:20 17513ba8cea2497f806e3516c7a6096b +#: ../../users_databases.rst:20 b648e3af763b4c5c86aa7398bb284307 msgid "" "To create a new user, click on the :guilabel:`Add user` button to initiate " "the process. When configuring a local user, you should fill all the " @@ -44,11 +44,11 @@ msgstr "" "utente` per avviare la procedura. Durante la configurazione di un utente " "locale, è necessario compilare tutti i seguenti campi:" -#: ../../users_databases.rst:23 0c4e15ac982d4b42a11af28e9fa2df32 +#: ../../users_databases.rst:23 7a0a240d12764878b8cd8902fb1eea40 msgid "``Username``: specifies the desired username." msgstr "``Nome utente``: specifica il nome utente desiderato." -#: ../../users_databases.rst:24 6d1715ed290c4cd1b66f7866fe6567a3 +#: ../../users_databases.rst:24 9b0514b28cf54c08ab68f1749482dc07 msgid "" "``Display Name``: specifies the display name of the user. This field is " "optional." @@ -56,7 +56,7 @@ msgstr "" "``Nome visualizzato``: specifica il nome visualizzato dell'utente. Questo " "campo è facoltativo." -#: ../../users_databases.rst:25 1cdaf3a2ece340ccb1603cc075653447 +#: ../../users_databases.rst:25 d5b577e57ee0443889b75a96e331c6fc msgid "" "``User password``: specifies the password of the user. This is required only" " if the VPN is configured to use password authentication." @@ -65,7 +65,7 @@ msgstr "" "solo se la VPN è configurata per utilizzare l'autenticazione tramite " "password." -#: ../../users_databases.rst:26 4febec18800d470ca7cf6b8f4d4a32eb +#: ../../users_databases.rst:26 5ba6504989ff4b20aacc6ff23aa3f82e msgid "" "``Confirm password``: specifies the password of the user, make sure to match" " the password with the one specified in the previous field." @@ -73,7 +73,7 @@ msgstr "" "``Conferma password``: specifica la password dell'utente; assicurarsi che la" " password corrisponda a quella inserita nel campo precedente." -#: ../../users_databases.rst:28 4b68985ed074423bb709ed857696ea44 +#: ../../users_databases.rst:28 3b467e57407a4e83a3f5ee72fc074af9 msgid "" "The local user database is implemented as UCI configuration file. Passwords " "of local users are stored in the Unix passwd format, ensuring compatibility " @@ -83,33 +83,22 @@ msgstr "" " password degli utenti locali sono memorizzate nel formato Unix passwd, " "garantendo compatibilità e sicurezza nel database utenti locale." -#: ../../users_databases.rst:31 dcdb013e10754994a1510a86be3062cf -msgid "" -"Users inside the local database can be granted :ref:`administrative " -"privileges ` on the web user interface by enabling the " -"``Administrator user`` option. The user must have a password set." -msgstr "" -"Agli utenti presenti nel database locale possono essere concessi " -":ref:`privilegi amministrativi ` sull'interfaccia web " -"abilitando l'opzione ``Utente amministratore``. L'utente deve avere una " -"password impostata." - -#: ../../users_databases.rst:37 b0a2d9708f144b57bd7b5306b4039f7f +#: ../../users_databases.rst:37 dbfa08489f984699987b55ff56261618 msgid "Remote databases" msgstr "Database remoti" -#: ../../users_databases.rst:39 3a2474bc29c34ce1b3e1721e236574ee +#: ../../users_databases.rst:39 a7e1f1f89c454ab7ac873d006522e8cb msgid "Subscription required" msgstr "Subscription richiesta" -#: ../../users_databases.rst:41 6f8c131cf7d14dc28648dff8f1098f98 +#: ../../users_databases.rst:41 bca6a431f3554a389958ce257a673089 msgid "" "This feature is available only if the firewall has a valid subscription." msgstr "" "Questa funzionalità è disponibile solo se il firewall dispone di una " "subscription valida." -#: ../../users_databases.rst:53 9dacca84a53f43428771bf0c672b9450 +#: ../../users_databases.rst:53 9279134e44c042fd9ad4f3fc964fcbcf msgid "" "When configuring a remote database, click on the :guilabel:`Add remote " "database` button and fill all the following fields:" @@ -117,7 +106,7 @@ msgstr "" "Quando si configura un database remoto, fare clic sul pulsante " ":guilabel:`Aggiungi database remoto` e compilare tutti i seguenti campi:" -#: ../../users_databases.rst:55 7e753e5973054b56b67fccbc3918c2e4 +#: ../../users_databases.rst:55 769951a8a6594c3c8e4085e92cdd2029 msgid "" "``LDAP URI``: specifies the LDAP Uniform Resource Identifier (URI), " "including the server address and port (e.g., ``ldap://example.com:389``)." @@ -125,7 +114,7 @@ msgstr "" "``LDAP URI``: specifica l'Uniform Resource Identifier (URI) LDAP, includendo" " l'indirizzo del server e la porta (ad esempio, ``ldap://example.com:389``)." -#: ../../users_databases.rst:57 92439aa2e29244f8a6ec9d575034a638 +#: ../../users_databases.rst:57 26a5b1e20f5744d78715d93e176c870e msgid "" "``Type``: specifies the type of LDAP server. The available options are " "``Active Directory`` and ``OpenLDAP``. If OpenLDAP is selected, the remote " @@ -135,7 +124,7 @@ msgstr "" "``Active Directory`` e ``OpenLDAP``. Se viene selezionato OpenLDAP, il " "server remoto deve rispettare lo schema RFC 2307." -#: ../../users_databases.rst:60 48346593735c4bce94eb7f3be9f7735a +#: ../../users_databases.rst:60 ec1c7527c1fd48eda9f7a7021cc9d5ee msgid "" "``Base DN``: specifies the LDAP Base Distinguished Name (DN), representing " "the starting point for searches in the LDAP directory (eg. " @@ -145,7 +134,7 @@ msgstr "" "rappresenta il punto di partenza per le ricerche nella directory LDAP (ad " "es. ``dc=example,dc=com``)." -#: ../../users_databases.rst:62 33649d2da8e944049544e21464f7d48a +#: ../../users_databases.rst:62 625375810e4e4f4288534a51fa765f76 msgid "" "``User DN``: specifies the LDAP User Distinguished Name (DN). If not " "present, the default value is equal to base_dn (eg. " @@ -155,7 +144,7 @@ msgstr "" " presente, il valore predefinito è uguale a base_dn (ad es. " "``cn=users,dc=example,dc=com``)." -#: ../../users_databases.rst:64 c72954c61444493388808e2048aa5552 +#: ../../users_databases.rst:64 c0f4cdd102bf4fd796be4d004847bec0 msgid "" "``User attribute field``: specifies the user attribute used to identify the " "user, this option is used by the OpenVPN road warrior server to compose the " @@ -167,7 +156,7 @@ msgstr "" "road warrior per comporre il bind DN dell'utente. Dovrebbe essere ``cn`` per" " Active Directory oppure ``uid`` per OpenLDAP." -#: ../../users_databases.rst:67 9a826989a59b465683645e84008378db +#: ../../users_databases.rst:67 ef4777b39856406192acac15b758dcfc msgid "" "This field is used to authenticate users in the OpenVPN road warrior server." " The authentication process is based on a LDAP bind operation which uses the" @@ -182,7 +171,7 @@ msgstr "" " nella directory OpenLDAP, il bind DN dell'utente viene composto come " "``uid=jdoe,ou=People,dc=directory,dc=nh``." -#: ../../users_databases.rst:72 ba6caff621cd49f2ada71d4aa86023da +#: ../../users_databases.rst:72 7bbf5c52239847b7aa3a79ec449fe7b6 msgid "" "``User display name field``: specifies the user attribute containing the " "user's complete name like `John Doe`. Usually is ``cn`` for OpenLDAP and " @@ -192,7 +181,7 @@ msgstr "" "dell'utente, come `John Doe`. Di solito è ``cn`` per OpenLDAP e " "``displayName`` per Active Directory." -#: ../../users_databases.rst:75 af91340e6c3a48148b7de6bc0a52260c +#: ../../users_databases.rst:75 b11b2e73dd554276a5095532d13bba62 msgid "" "``Custom user bind DN``: if this field is set, it overrides the calculated " "user bind DN used to authenticate users in the OpenVPN road warrior server. " @@ -211,7 +200,7 @@ msgstr "" "come ``jdoe``. Se il server remoto è un server Active Directory, è possibile" " utilizzare uno dei seguenti valori:" -#: ../../users_databases.rst:80 6764e6a424a143a28b3ac56bc3e67cc0 +#: ../../users_databases.rst:80 94b5e1de41de44c284fda9eb18299135 msgid "" "``%u@domain.local``: where `domain.local` is the domain name of the Active " "Directory server; inside the OpenVPN client, to authenticate the user use " @@ -221,7 +210,7 @@ msgstr "" "Active Directory; all'interno del client OpenVPN, per autenticare l'utente " "utilizzare solo il nome utente come ``jdoe``" -#: ../../users_databases.rst:82 2e25590ad7234f75aca35f63847080fc +#: ../../users_databases.rst:82 4c8d43135789422c8f72e638e9125e8e msgid "" "``DOMAIN\\%u``: where `DOMAIN` is the realm of the Active Directory server; " "inside the OpenVPN client, to authenticate the user use only the username " @@ -231,7 +220,7 @@ msgstr "" "all'interno del client OpenVPN, per autenticare l'utente utilizzare solo il " "nome utente come ``jdoe``" -#: ../../users_databases.rst:85 ce0d1a4681a04295aa58cb9cbf15ee82 +#: ../../users_databases.rst:85 aa8c7015994d4fd59944ff0732b3c178 msgid "" "If the remote server is an OpenLDAP you can leave this field empty or " "specify it like ``uid=%u,dc=directory,dc=nh``." @@ -239,7 +228,7 @@ msgstr "" "Se il server remoto è un OpenLDAP è possibile lasciare questo campo vuoto " "oppure specificarlo come ``uid=%u,dc=directory,dc=nh``." -#: ../../users_databases.rst:87 3a54d20d8b854763822c3ae103cd1031 +#: ../../users_databases.rst:87 e8d2812d67d0422a95572a97a71a8d23 msgid "" "``Bind DN``: specifies the LDAP Bind Distinguished Name (DN), representing " "the user used to bind to the LDAP server. For an OpenLDAP server, it's " @@ -255,7 +244,7 @@ msgstr "" "Directory, di solito è qualcosa come ``ldapservice@example.com`` oppure " "``cn=ldapservice,cn=Users,dc=example,dc=com``." -#: ../../users_databases.rst:91 9869a235709a4cef8217291dca903bf8 +#: ../../users_databases.rst:91 15ac2e813c65403e84c33f02a9928bab msgid "" "``Bind password``: specifies the password of the user used to bind to the " "LDAP server." @@ -263,7 +252,7 @@ msgstr "" "``Password di bind``: specifica la password dell'utente utilizzato per " "effettuare il bind al server LDAP." -#: ../../users_databases.rst:93 5dfab0c9ec634e7d86a7a668d96fcd73 +#: ../../users_databases.rst:93 9b8b05d1564b4835ad7ad5a33cb709d3 msgid "" "``StartTLS``: enables StartTLS for secure communication with the LDAP " "server, it should be disabled if the LDAP URI is already using the " @@ -273,7 +262,7 @@ msgstr "" "LDAP; dovrebbe essere disabilitato se l'URI LDAP utilizza già lo schema " "``ldaps://``." -#: ../../users_databases.rst:95 746d402267454cb2bf912bbe0648f2e7 +#: ../../users_databases.rst:95 a462f61daf4e430caa892e468116c768 msgid "" "``Verify TLS certificate``: determines whether to enable or disable " "certificate validation, it must be disabled if the LDAP server is using a " @@ -283,11 +272,11 @@ msgstr "" "validazione del certificato; deve essere disabilitata se il server LDAP " "utilizza un certificato autofirmato." -#: ../../users_databases.rst:99 4623fa0e34eb49eaba7d3332ebef9840 +#: ../../users_databases.rst:99 1a37d5b384904cb2b4db0eec73254516 msgid "Suggested configurations" msgstr "Configurazioni consigliate" -#: ../../users_databases.rst:101 de70c2520f744f01be8d3e0942c1bcf9 +#: ../../users_databases.rst:101 cefe2f244570489b864cfa9257979deb msgid "" "The following configurations are suggested for the most common LDAP servers." " When configuring the remote database:" @@ -295,7 +284,7 @@ msgstr "" "Le seguenti configurazioni sono suggerite per i server LDAP più comuni. " "Durante la configurazione del database remoto:" -#: ../../users_databases.rst:104 af3b270fb715432bb02b5f99ea8ece79 +#: ../../users_databases.rst:104 c8e6004e4b924e0e8a9c6b4360e340e9 msgid "" "ensure the LDAP server is reachable from the firewall. If the LDAP URI " "contains a hostname, make sure the hostname is resolvable" @@ -303,11 +292,11 @@ msgstr "" "assicurarsi che il server LDAP sia raggiungibile dal firewall. Se l'URI LDAP" " contiene un nome host, verificare che il nome host sia risolvibile" -#: ../../users_databases.rst:105 a8ecb26c8a6e4d08891b869b57dfa548 +#: ../../users_databases.rst:105 fde91a18f4a24bd7a782ac0a0bfd9993 msgid "replace the example values with the actual values of the LDAP server" msgstr "sostituire i valori di esempio con i valori effettivi del server LDAP" -#: ../../users_databases.rst:106 65005db72d534c7799375a1d4b5dd384 +#: ../../users_databases.rst:106 976e7a254c8f4c2591a3a3bff2f1c486 msgid "" "for Active Directory, it's recommended to use ``Custom user bind DN`` to " "specify how the OpenVPN server should authenticate the user" @@ -316,39 +305,39 @@ msgstr "" "personalizzato`` per specificare come il server OpenVPN deve autenticare " "l'utente" -#: ../../users_databases.rst:109 9cfa714a4f3f43f0accf6e7e0b36a96b +#: ../../users_databases.rst:109 a8cf7a1835b04633b682fc570c77b6b6 msgid "OpenLDAP (RFC 2307)" msgstr "OpenLDAP (RFC 2307)" -#: ../../users_databases.rst:111 27236c3ee1554bd6baef408c1f73430d +#: ../../users_databases.rst:111 704b5ccc01e6464386b387705fe0d4a1 msgid "You can access the NethServer 7 OpenLDAP without authentication:" msgstr "È possibile accedere a NethServer 7 OpenLDAP senza autenticazione:" -#: ../../users_databases.rst:113 764872db173d460ebdefa5d67d1f819d +#: ../../users_databases.rst:113 cf564e07a5a2485cbd5674738ca5d0bb msgid "LDAP URI: ``ldap://ns7ldap.nethserver.org``" msgstr "URI LDAP: ``ldap://ns7ldap.nethserver.org``" -#: ../../users_databases.rst:114 2c6299a8f30f475ea1071d87b7298855 +#: ../../users_databases.rst:114 60c73d1d9eb04b9ea9323db56bcffe20 msgid "Type: ``OpenLDAP``" msgstr "Tipo: ``OpenLDAP``" -#: ../../users_databases.rst:115 82a625afef0749e3a711c9a159335986 +#: ../../users_databases.rst:115 bda303e97ad34cb4957387d1b8084b79 msgid "Base DN: ``dc=directory,dc=nh``" msgstr "Base DN: ``dc=directory,dc=nh``" -#: ../../users_databases.rst:116 77e14d5dac5640dba71b1c1e0e671f58 +#: ../../users_databases.rst:116 431f75427d3340448e129c3f02344547 msgid "User DN: ``ou=People,dc=directory,dc=nh``" msgstr "DN utente: ``ou=People,dc=directory,dc=nh``" -#: ../../users_databases.rst:117 d34f41e7a8544cbdb47fff56263e1787 +#: ../../users_databases.rst:117 90bf86e9c29c4f9eb18680882e425d7e msgid "User attribute field: ``uid``" msgstr "Campo attributo utente: ``uid``" -#: ../../users_databases.rst:118 bdf883501e384557b6ec5de43f48d04d +#: ../../users_databases.rst:118 b68fa78fe3f94dc1b2618da710e9e3a0 msgid "User display name field: ``cn``" msgstr "Campo nome visualizzato utente: ``cn``" -#: ../../users_databases.rst:120 a37d132dfb40492ea898ecf56efe9a77 +#: ../../users_databases.rst:120 03344e994f494f99b350a4d3b8102bb2 msgid "" "If you want to use authentication by entering Bind DN and Bind Password, " "remember to enable StartTLS." @@ -356,11 +345,11 @@ msgstr "" "Se si desidera utilizzare l'autenticazione inserendo Bind DN e Bind " "Password, ricordarsi di abilitare StartTLS." -#: ../../users_databases.rst:123 0f14b8b3fc854c54801a9063632eeef6 +#: ../../users_databases.rst:123 6f06958a9dfb4b09baa3613829e17da1 msgid "Active Directory" msgstr "Active Directory" -#: ../../users_databases.rst:125 b66f3505db9641bfa03c55741d1fcb91 +#: ../../users_databases.rst:125 168b169ffc4e4b1b9ceb3423a3e299c6 msgid "" "To access NethServer 7 Samba Active Directory or Windows Server 2012 Active " "Directory, use the following configuration:" @@ -368,35 +357,35 @@ msgstr "" "Per accedere a NethServer 7 Samba Active Directory o Windows Server 2012 " "Active Directory, utilizzare la seguente configurazione:" -#: ../../users_databases.rst:127 2416457eafd54363bbb50cfcb9cc0554 +#: ../../users_databases.rst:127 ed51cabe71be4e76b0314aa965a4525c msgid "LDAP URI: ``ldap://dcserver.ad.example.com``" msgstr "URI LDAP: ``ldap://dcserver.ad.example.com``" -#: ../../users_databases.rst:128 b392d5c6814849568d5a6429d8eb6e62 +#: ../../users_databases.rst:128 26dfcb88a8e64e27b85d77e8dc12bfac msgid "Type: ``Active Directory``" msgstr "Tipo: ``Active Directory``" -#: ../../users_databases.rst:129 3b23a02970944d538f6aa049f001a609 +#: ../../users_databases.rst:129 ac25f23984724e3782047bfffa873ede msgid "Base DN: ``dc=example,dc=com``" msgstr "Base DN: ``dc=example,dc=com``" -#: ../../users_databases.rst:130 f847ece291ba4b1d9d7d4401aa42429b +#: ../../users_databases.rst:130 ab868cffda3e454ea8d789fb528c88eb msgid "User DN: ``cn=Users,dc=example,dc=com``" msgstr "DN utente: ``cn=Users,dc=example,dc=com``" -#: ../../users_databases.rst:131 6fa826a525bd4627a18a604f8b019d66 +#: ../../users_databases.rst:131 ee396463f3d9444aa25cf481999868b9 msgid "User attribute field: ``sAMAccountName``" msgstr "Campo attributo utente: ``sAMAccountName``" -#: ../../users_databases.rst:132 92004add0de14c2ea1c2ae1730bc8bcc +#: ../../users_databases.rst:132 82bfd89a45ae41a19062e4e4120ebad8 msgid "User display name field: ``displayName``" msgstr "Campo nome visualizzato utente: ``displayName``" -#: ../../users_databases.rst:133 318ed09e18934af5bb1192f54deb8bf9 +#: ../../users_databases.rst:133 579d694c3cc24b46b12efa59a475ebbd msgid "Custom user bind DN: ``%u@example.com``" msgstr "DN di binding utente personalizzato: ``%u@example.com``" -#: ../../users_databases.rst:134 70b36a69687a4a1fa6a1b7ae5e6fcd50 +#: ../../users_databases.rst:134 f32a46c6193343caab82c26e313f6bb6 msgid "" "Bind DN: ``@exampl.com`` or ``cn=,cn=Users,dc=example,dc=com``, " "where ```` is the username of the user used to bind to the LDAP server" @@ -405,7 +394,7 @@ msgstr "" "``cn=,cn=Users,dc=example,dc=com``, dove ```` è il nome utente " "dell'utente utilizzato per effettuare il bind al server LDAP" -#: ../../users_databases.rst:135 269e4ae749d34b358602f308d65f2b17 +#: ../../users_databases.rst:135 da84891df89941aa8af4df2a68111e98 msgid "" "Bind Password: ````, where ```` is the password of the " "user inserted in the Bind DN field" @@ -413,7 +402,7 @@ msgstr "" "Password di Bind: ````, dove ```` è la password " "dell'utente inserito nel campo Bind DN" -#: ../../users_databases.rst:137 dcae3f6fdb07448c8b07bd10b2205791 +#: ../../users_databases.rst:137 0f985e787e8c400bb49eb6e61237999f msgid "" "The ``StartTLS`` option should be enabled for NethServer 7 Samba Active " "Directory, while it should be usually disabled for Windows Server 2012 " @@ -423,7 +412,7 @@ msgstr "" "Active Directory, mentre di solito dovrebbe essere disabilitata per Windows " "Server 2012 Active Directory." -#: ../../users_databases.rst:16 9b11caf77b6e4bafb4f97cefc9000a2f +#: ../../users_databases.rst:16 87ca8936d9114be48059d8b7ac1b5513 msgid "" "The local user database is an inherent component of the firewall, it's " "available by default and does not require any additional configuration. It " @@ -439,7 +428,7 @@ msgstr "" "integra inoltre perfettamente con i servizi VPN, in particolare con il " "server OpenVPN Road Warrior." -#: ../../users_databases.rst:43 3c88795b5d24488dbbbba8268c8d4c60 +#: ../../users_databases.rst:43 1e3f854e3d94476599d510fdc5c05c39 msgid "" "The administrator can extend the capabilities of the firewall by adding new " "remote databases. Remote databases allow the firewall to authenticate users " @@ -450,7 +439,7 @@ msgstr "" "autenticare gli utenti tramite un server LDAP esterno, come Active Directory" " o OpenLDAP." -#: ../../users_databases.rst:46 fc092366e2a64b56b461cd98ec5215e9 +#: ../../users_databases.rst:46 f4c21dc44ec147b5966073fab25498f5 msgid "" "Unlike local users, users in remote databases must be managed directly on " "the source LDAP server. Any additions, deletions, or modifications to user " @@ -465,7 +454,7 @@ msgstr "" "pagina di configurazione del firewall ma non potranno essere effettuate " "dall'interfaccia del firewall." -#: ../../users_databases.rst:50 42d7a01b98184b49a541d2feb77dee39 +#: ../../users_databases.rst:50 34e4a819fc47463faf24a4044dd0a6ec msgid "" "Also note that if the remote database is offline, VPN authentication will " "fail. It is crucial to ensure that the remote database is online and " @@ -476,34 +465,14 @@ msgstr "" " online e accessibile per garantire una corretta autenticazione degli utenti" " tramite il servizio VPN." -#~ msgid "" -#~ "The administrator can extend the capabilities of the firewall by adding new " -#~ "remote databases. Users in remote databases must be added directly at the " -#~ "source. User modifications should be made on the underlying LDAP server to " -#~ "accurately reflect changes in the firewall configuration page." -#~ msgstr "" -#~ "L'amministratore può estendere le funzionalità del firewall aggiungendo " -#~ "nuovi database remoti. Gli utenti presenti nei database remoti devono essere" -#~ " aggiunti direttamente alla fonte. Le modifiche agli utenti devono essere " -#~ "effettuate sul server LDAP sottostante per riflettere accuratamente i " -#~ "cambiamenti nella pagina di configurazione del firewall." - -#~ msgid "" -#~ "If the remote database is offline, VPN authentication will fail. It is " -#~ "crucial to ensure that the remote database is online and accessible to " -#~ "ensure proper user authentication through the VPN service." -#~ msgstr "" -#~ "Se il database remoto è offline, l'autenticazione VPN non andrà a buon fine." -#~ " È fondamentale assicurarsi che il database remoto sia online e accessibile " -#~ "per garantire una corretta autenticazione degli utenti tramite il servizio " -#~ "VPN." - -#~ msgid "" -#~ "The local user database is an inherent component of the firewall, ensuring " -#~ "seamless user authentication for VPN services. It is present by default, " -#~ "offering a foundation for user management." -#~ msgstr "" -#~ "Il database utenti locale è una componente intrinseca del firewall, che " -#~ "garantisce un'autenticazione utente senza interruzioni per i servizi VPN. È " -#~ "presente per impostazione predefinita, offrendo una base per la gestione " -#~ "degli utenti." +#: ../../users_databases.rst:31 737b83889128483dbbb6379a00f8a437 +msgid "" +"Users inside the local database can be granted administrative privileges on " +"the web user interface by enabling the ``Administrator user`` option, the " +"user must have a password set. Please refer to to section " +":ref:`administrative_users-section`." +msgstr "" +"Agli utenti presenti nel database locale possono essere concessi privilegi " +"amministrativi sull'interfaccia web abilitando l'opzione ``Utente " +"amministratore``; l'utente deve avere una password impostata. Fare " +"riferimento alla sezione :ref:`administrative_users-section`." From 9c9d252a060e580656adb819d03670f5224548d9 Mon Sep 17 00:00:00 2001 From: Tommaso Bailetti Date: Tue, 30 Jun 2026 09:49:49 +0200 Subject: [PATCH 7/7] docs: added documentation on how to enable receiving logs from remote --- logs.rst | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/logs.rst b/logs.rst index 20d601db..61761162 100644 --- a/logs.rst +++ b/logs.rst @@ -152,6 +152,26 @@ To stop and disable the forwarder: :: /etc/init.d/ns-clm stop && /etc/init.d/ns-clm disable +Receiving logs from remote devices +=================================== + +NethSecurity runs an rsyslog input that can receive log messages from other devices over the network. +The UDP input is enabled by default on port 514, while the TCP input is disabled. + +For security reasons, both inputs are bound to the loopback interface (``127.0.0.1``) by default, so the service +does not accept logs from remote devices unless explicitly configured. The bind address is controlled by the +``udp_input_address`` and ``tcp_input_address`` options of the ``syslog`` configuration. + +To receive logs from remote devices, set the input to listen on all interfaces (``0.0.0.0``) or on a specific +local IP address. Example for the UDP input on port 514: :: + + uci set rsyslog.syslog.udp_input_address=0.0.0.0 + uci commit rsyslog + /etc/init.d/rsyslog restart + +The same applies to the TCP input using the ``tcp_input_address`` option. Access to this service must be +handled at firewall level, by adding the appropriate rules to allow inbound traffic on the chosen port. + .. _log-rotation-section: