From 075909f5224614362a3d4003a8a1481010b4cd6d Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Wed, 23 Nov 2016 09:34:45 +0000 Subject: [PATCH] Option to clear stored passwords --- src/freedombone-pass | 17 ++++++++++++++ src/freedombone-sec | 55 +++++++++++++++++++++++++++++--------------- 2 files changed, 54 insertions(+), 18 deletions(-) diff --git a/src/freedombone-pass b/src/freedombone-pass index b4a99fa2..f671ecd5 100755 --- a/src/freedombone-pass +++ b/src/freedombone-pass @@ -125,6 +125,20 @@ function run_tests { echo "Tests passed" } +function clear_passwords { + # remove all passwords except for the root one, which is needed + # for automatic database backups + for d in /root/.passwords/*/ ; do + USERNAME=$(echo "$d" | awk -F '/' '{print $4}') + if [[ "$USERNAME" != 'root' ]]; then + shred -zu /root/.passwords/$USERNAME/* + rm -rf /root/.passwords/$USERNAME + fi + done + echo $'Passwords cleared' + exit 0 +} + while [[ $# > 1 ]] do key="$1" @@ -137,6 +151,9 @@ do shift TESTS=1 ;; + -c|--clear|--erase) + clear_passwords + ;; -u|--user|--username) shift CURR_USERNAME="${1}" diff --git a/src/freedombone-sec b/src/freedombone-sec index 51263241..06a07187 100755 --- a/src/freedombone-sec +++ b/src/freedombone-sec @@ -685,22 +685,38 @@ function remove_pinning { esac } +function clear_passwords { + dialog --title $"Clear Passwords" \ + --backtitle $"Freedombone Security Configuration" \ + --defaultno \ + --yesno $"\nThis will remove all user passwords from the system. Are you sure that you want to do this?" 8 60 + sel=$? + case $sel in + 1) return;; + 255) return;; + esac + ${PROJECT_NAME}-pass --clear yes + dialog --title $"Passwords were removed" \ + --msgbox $"\nFor the best security you should now manually change passwords via web interfaces so that there is no possibility of them being recovered from the disk" 9 60 +} + function menu_security_settings { data=$(tempfile 2>/dev/null) trap "rm -f $data" 0 1 2 5 15 dialog --backtitle $"Freedombone Control Panel" \ --title $"Security Settings" \ - --radiolist $"Choose an operation:" 17 76 17 \ + --radiolist $"Choose an operation:" 18 76 18 \ 1 $"Show ssh host public key" off \ - 2 $"Regenerate ssh host keys" off \ - 3 $"Regenerate Diffie-Hellman keys" off \ - 4 $"Update cipersuite" off \ - 5 $"Create a new Let's Encrypt certificate" off \ - 6 $"Renew Let's Encrypt certificate" off \ - 7 $"Enable GPG based authentication (monkeysphere)" off \ - 8 $"Register a website with monkeysphere" off \ - 9 $"Allow ssh login with passwords" off \ - 10 $"Go Back/Exit" on 2> $data + 2 $"Clear password store" off \ + 3 $"Regenerate ssh host keys" off \ + 4 $"Regenerate Diffie-Hellman keys" off \ + 5 $"Update cipersuite" off \ + 6 $"Create a new Let's Encrypt certificate" off \ + 7 $"Renew Let's Encrypt certificate" off \ + 8 $"Enable GPG based authentication (monkeysphere)" off \ + 9 $"Register a website with monkeysphere" off \ + 10 $"Allow ssh login with passwords" off \ + 11 $"Go Back/Exit" on 2> $data sel=$? case $sel in 1) exit 1;; @@ -728,33 +744,36 @@ function menu_security_settings { exit 0 ;; 2) - regenerate_ssh_host_keys + clear_passwords ;; 3) - regenerate_dh_keys + regenerate_ssh_host_keys ;; 4) + regenerate_dh_keys + ;; + 5) interactive_setup update_ciphersuite ;; - 5) + 6) create_letsencrypt ;; - 6) + 7) renew_letsencrypt ;; - 7) + 8) enable_monkeysphere ;; - 8) + 9) register_website ;; - 9) + 10) allow_ssh_passwords change_ssh_settings exit 0 ;; - 10) + 11) exit 0 ;; esac