free
/
freedombone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Move ping enable/disable to security menu

This commit is contained in:
Bob Mottram 2018-03-18 11:06:27 +00:00
parent f506df693d
commit 24c39e1d07
2 changed files with 79 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
src/freedombone-controlpanel
View File

@ -1085,30 +1085,6 @@ function restore_data_remote {
rm -f "$data" rm -f "$data"
} }
function ping_enable_disable {
ping_str=$"\\nDo you want to enable other systems to ping this machine?\\n\\nPing may be useful for diagnostic purposes, but for added security you may not want to enable it."
enable_ping="no"
dialog --title $"Enable Ping / ICMP" \
--backtitle $"Freedombone Control Panel" \
--defaultno \
--yesno "$ping_str" 10 60
sel=$?
case $sel in
0) enable_ping="yes";;
255) return;;
esac
if [[ $enable_ping == "yes" ]]; then
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_all
else
iptables -D INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -D OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
fi
}
function logging_on_off { function logging_on_off {
logging="no" logging="no"
dialog --title $"Logging" \ dialog --title $"Logging" \
@ -1976,21 +1952,20 @@ function menu_top_level {
3 $"App Settings" 3 $"App Settings"
4 $"Add/Remove Apps" 4 $"Add/Remove Apps"
5 $"Logging on/off" 5 $"Logging on/off"
6 $"Ping enable/disable" 6 $"Manage Users"
7 $"Manage Users" 7 $"Email Menu"
8 $"Email Menu" 8 $"Domain or User Blocking"
9 $"Domain or User Blocking" 9 $"Security Settings"
10 $"Security Settings" 10 $"Change the name of this system"
11 $"Change the name of this system" 11 $"Set a static local IP address"
12 $"Set a static local IP address" 12 $"Wifi menu"
13 $"Wifi menu" 13 $"Add Clacks"
14 $"Add Clacks" 14 $"Check for updates"
15 $"Check for updates" 15 $"Power off the system"
16 $"Power off the system" 16 $"Restart the system")
17 $"Restart the system")
# shellcheck disable=SC2068 # shellcheck disable=SC2068
selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Administrator Control Panel" --menu $"Choose an operation, or ESC to exit:" 25 60 25 "${W[@]}" 3>&2 2>&1 1>&3) selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Administrator Control Panel" --menu $"Choose an operation, or ESC to exit:" 24 60 24 "${W[@]}" 3>&2 2>&1 1>&3)
if [ ! "$selection" ]; then if [ ! "$selection" ]; then
break break
@ -2007,18 +1982,17 @@ function menu_top_level {
fi fi
;; ;;
5) logging_on_off;; 5) logging_on_off;;
6) ping_enable_disable;; 6) menu_users;;
7) menu_users;; 7) menu_email;;
8) menu_email;; 8) domain_blocking;;
9) domain_blocking;; 9) security_settings;;
10) security_settings;; 10) change_system_name;;
11) change_system_name;; 11) set_static_IP;;
12) set_static_IP;; 12) menu_wifi;;
13) menu_wifi;; 13) add_clacks;;
14) add_clacks;; 14) check_for_updates;;
15) check_for_updates;; 15) shut_down_system;;
16) shut_down_system;; 16) restart_system;;
17) restart_system;;
esac esac
done done
} }

83
src/freedombone-sec
View File

@ -69,6 +69,30 @@ LETSENCRYPT_SERVER='https://acme-v01.api.letsencrypt.org/directory'
MY_USERNAME= MY_USERNAME=
function ping_enable_disable {
ping_str=$"\\nDo you want to enable other systems to ping this machine?\\n\\nPing may be useful for diagnostic purposes, but for added security you may not want to enable it."
enable_ping="no"
dialog --title $"Enable Ping / ICMP" \
--backtitle $"Freedombone Control Panel" \
--defaultno \
--yesno "$ping_str" 10 60
sel=$?
case $sel in
0) enable_ping="yes";;
255) return;;
esac
if [[ $enable_ping == "yes" ]]; then
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_all
else
iptables -D INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -D OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
fi
}
function any_key_verify { function any_key_verify {
echo '' echo ''
read -n1 -rsp $"Press any key to continue or C to check a hash..." key read -n1 -rsp $"Press any key to continue or C to check a hash..." key
@ -1177,20 +1201,21 @@ function menu_security_settings {
3 $"Fix STIG test failures" 3 $"Fix STIG test failures"
4 $"Show tripwire verification code" 4 $"Show tripwire verification code"
5 $"Reset tripwire" 5 $"Reset tripwire"
6 $"Show ssh host public key" 6 $"Enable or disable ping"
7 $"Tor bridges" 7 $"Show ssh host public key"
8 $"Password storage" 8 $"Tor bridges"
9 $"Export passwords" 9 $"Password storage"
10 $"Regenerate ssh host keys" 10 $"Export passwords"
11 $"Regenerate Diffie-Hellman keys" 11 $"Regenerate ssh host keys"
12 $"Update cipersuite" 12 $"Regenerate Diffie-Hellman keys"
13 $"Create a new Let's Encrypt certificate" 13 $"Update cipersuite"
14 $"Renew Let's Encrypt certificate" 14 $"Create a new Let's Encrypt certificate"
15 $"Delete a Let's Encrypt certificate" 15 $"Renew Let's Encrypt certificate"
16 $"Enable GPG based authentication (monkeysphere)" 16 $"Delete a Let's Encrypt certificate"
17 $"Register a website with monkeysphere" 17 $"Enable GPG based authentication (monkeysphere)"
18 $"Allow ssh login with passwords" 18 $"Register a website with monkeysphere"
19 $"Show firewall") 19 $"Allow ssh login with passwords"
20 $"Show firewall")
# shellcheck disable=SC2068 # shellcheck disable=SC2068
selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Security Settings" --menu $"Choose an operation, or ESC to exit:" 24 76 24 "${W[@]}" 3>&2 2>&1 1>&3) selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Security Settings" --menu $"Choose an operation, or ESC to exit:" 24 76 24 "${W[@]}" 3>&2 2>&1 1>&3)
@ -1244,53 +1269,57 @@ function menu_security_settings {
;; ;;
6) 6)
ping_enable_disable
exit 0
;;
7)
dialog --title $"SSH host public keys" \ dialog --title $"SSH host public keys" \
--msgbox "\\n$(get_ssh_server_key)" 12 60 --msgbox "\\n$(get_ssh_server_key)" 12 60
exit 0 exit 0
;; ;;
7) 8)
menu_tor_bridges menu_tor_bridges
exit 0 exit 0
;; ;;
8) 9)
store_passwords store_passwords
exit 0 exit 0
;; ;;
9) 10)
export_passwords export_passwords
exit 0 exit 0
;; ;;
10) 11)
regenerate_ssh_host_keys regenerate_ssh_host_keys
;; ;;
11) 12)
regenerate_dh_keys regenerate_dh_keys
;; ;;
12) 13)
interactive_setup interactive_setup
update_ciphersuite update_ciphersuite
;; ;;
13) 14)
create_letsencrypt create_letsencrypt
;; ;;
14) 15)
renew_letsencrypt renew_letsencrypt
;; ;;
15) 16)
delete_letsencrypt delete_letsencrypt
;; ;;
16) 17)
enable_monkeysphere enable_monkeysphere
;; ;;
17) 18)
register_website register_website
;; ;;
18) 19)
allow_ssh_passwords allow_ssh_passwords
change_ssh_settings change_ssh_settings
exit 0 exit 0
;; ;;
19) 20)
show_firewall show_firewall
exit 0 exit 0
;; ;;