freedombone/src/freedombone-utils-passwords

#!/bin/bash
#
# .---.                  .              .
# |                      |              |
# |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
# |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
# '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
#
#                    Freedom in the Cloud
#
# Password functions
#
# License
# =======
#
# Copyright (C) 2014-2016 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

# If this file exists it contains a global password used with
# disk image installs. This simplifies password management for
# deployment at scale
IMAGE_PASSWORD_FILE=/root/login.txt

# Minimum number of characters in a password
MINIMUM_PASSWORD_LENGTH=10

# The default password length used in images
DEFAULT_PASSWORD_LENGTH=20

function enforce_good_passwords {
    # because humans are generally bad at choosing passwords
    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
        return
    fi
    apt-get -yq install libpam-cracklib

    sed -i 's/password.*requisite.*pam_cracklib.so.*/password        required                       pam_cracklib.so retry=2 dcredit=-4 ucredit=-1 ocredit=-1 lcredit=0 minlen=10 reject_username/g' /etc/pam.d/common-password
    mark_completed $FUNCNAME
}

function create_password {
    openssl rand -base64 32 | tr -dc A-Za-z0-9 | head -c ${1} ; echo -n ''
}

# NOTE: deliberately no exit 0
Stockholm initial 2016-07-03 17:13:34 +02:00			`#!/bin/bash`
			`#`
			`# .---. . .`
			`# \| \| \|`
			`# \|--- .--. .-. .-. .-.\| .-. .--.--. \|.-. .-. .--. .-.`
			`# \| \| (.-' (.-' ( \| ( )\| \| \| \| )( )\| \| (.-'`
			`# ' ' --' --' -' - -' ' ' -' -' -' ' - --'`
			`#`
			`# Freedom in the Cloud`
			`#`
			`# Password functions`
			`#`
			`# License`
			`# =======`
			`#`
Change email address 2016-10-31 17:24:49 +01:00			`# Copyright (C) 2014-2016 Bob Mottram <bob@freedombone.net>`
Stockholm initial 2016-07-03 17:13:34 +02:00			`#`
			`# This program is free software: you can redistribute it and/or modify`
			`# it under the terms of the GNU Affero General Public License as published by`
			`# the Free Software Foundation, either version 3 of the License, or`
			`# (at your option) any later version.`
			`#`
			`# This program is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU Affero General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU Affero General Public License`
			`# along with this program. If not, see <http://www.gnu.org/licenses/>.`

			`# If this file exists it contains a global password used with`
			`# disk image installs. This simplifies password management for`
			`# deployment at scale`
			`IMAGE_PASSWORD_FILE=/root/login.txt`

			`# Minimum number of characters in a password`
			`MINIMUM_PASSWORD_LENGTH=10`

Use a longer default password for better security 2016-10-14 11:34:05 +02:00			`# The default password length used in images`
			`DEFAULT_PASSWORD_LENGTH=20`

Stockholm initial 2016-07-03 17:13:34 +02:00			`function enforce_good_passwords {`
Use a longer default password for better security 2016-10-14 11:34:05 +02:00			`# because humans are generally bad at choosing passwords`
Typo 2016-10-17 19:27:51 +02:00			`if [[ $(is_completed $FUNCNAME) == "1" ]]; then`
Use a longer default password for better security 2016-10-14 11:34:05 +02:00			`return`
			`fi`
Quieter install 2016-10-23 20:38:14 +02:00			`apt-get -yq install libpam-cracklib`
Stockholm initial 2016-07-03 17:13:34 +02:00
Use a longer default password for better security 2016-10-14 11:34:05 +02:00			`sed -i 's/password.requisite.pam_cracklib.so.*/password required pam_cracklib.so retry=2 dcredit=-4 ucredit=-1 ocredit=-1 lcredit=0 minlen=10 reject_username/g' /etc/pam.d/common-password`
Tidying 2016-10-16 20:50:56 +02:00			`mark_completed $FUNCNAME`
Stockholm initial 2016-07-03 17:13:34 +02:00			`}`

			`function create_password {`
Don't include training carriage return on passwords 2017-09-20 16:23:58 +02:00			`openssl rand -base64 32 \| tr -dc A-Za-z0-9 \| head -c ${1} ; echo -n ''`
Stockholm initial 2016-07-03 17:13:34 +02:00			`}`

			`# NOTE: deliberately no exit 0`