free
/
freedombone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Improve cyphersuite update

This commit is contained in:
Bob Mottram 2016-10-30 09:35:15 +00:00
parent d305983982
commit 691a815939
1 changed files with 15 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
src/freedombone-sec
View File

@ -528,49 +528,32 @@ function create_letsencrypt {
} }
function update_ciphersuite { function update_ciphersuite {
project_filename=/usr/local/bin/${PROJECT_NAME} read_config_param SSL_CIPHERS
if [ ! -f $project_filename ]; then read_config_param SSL_PROTOCOLS
project_filename=/usr/bin/${PROJECT_NAME} read_config_param SSH_CIPHERS
fi read_config_param SSH_MACS
SSH_FILENAME=${project_filename}-utils-ssh
SSL_FILENAME=${project_filename}-utils-web
RECOMMENDED_SSL_CIPHERS=$(cat $SSL_FILENAME | grep 'SSL_CIPHERS=' | head -n 1 | awk -F '=' '{print $2}' | awk -F '"' '{print $2}') RECOMMENDED_SSL_CIPHERS="$SSL_CIPHERS"
if [ ! "$RECOMMENDED_SSL_CIPHERS" ]; then
return
fi
if [ ${#RECOMMENDED_SSL_CIPHERS} -lt 5 ]; then if [ ${#RECOMMENDED_SSL_CIPHERS} -lt 5 ]; then
return return
fi fi
RECOMMENDED_SSL_PROTOCOLS=$(cat $SSL_FILENAME | grep 'SSL_PROTOCOLS=' | head -n 1 | awk -F '=' '{print $2}' | awk -F '"' '{print $2}') RECOMMENDED_SSL_PROTOCOLS="$SSL_PROTOCOLS"
if [ ! "$RECOMMENDED_SSL_PROTOCOLS" ]; then
return
fi
if [ ${#RECOMMENDED_SSL_PROTOCOLS} -lt 5 ]; then if [ ${#RECOMMENDED_SSL_PROTOCOLS} -lt 5 ]; then
return return
fi fi
RECOMMENDED_SSH_CIPHERS=$(cat $SSH_FILENAME | grep 'SSH_CIPHERS=' | head -n 1 | awk -F '=' '{print $2}' | awk -F '"' '{print $2}') RECOMMENDED_SSH_CIPHERS="$SSH_CIPHERS"
if [ ! "$RECOMMENDED_SSH_CIPHERS" ]; then
return
fi
if [ ${#RECOMMENDED_SSH_CIPHERS} -lt 5 ]; then if [ ${#RECOMMENDED_SSH_CIPHERS} -lt 5 ]; then
return return
fi fi
RECOMMENDED_SSH_MACS=$(cat $SSH_FILENAME | grep 'SSH_MACS=' | head -n 1 | awk -F '=' '{print $2}' | awk -F '"' '{print $2}') RECOMMENDED_SSH_MACS="$SSH_MACS"
if [ ! "$RECOMMENDED_SSH_MACS" ]; then
return
fi
if [ ${#RECOMMENDED_SSH_MACS} -lt 5 ]; then if [ ${#RECOMMENDED_SSH_MACS} -lt 5 ]; then
return return
fi fi
RECOMMENDED_SSH_KEX=$(cat $SSH_FILENAME | grep 'SSH_KEX=' | head -n 1 | awk -F '=' '{print $2}' | awk -F '"' '{print $2}') RECOMMENDED_SSH_KEX="$SSH_KEX"
if [ ! "$RECOMMENDED_SSH_KEX" ]; then
return
fi
if [ ${#RECOMMENDED_SSH_KEX} -lt 5 ]; then if [ ${#RECOMMENDED_SSH_KEX} -lt 5 ]; then
return return
fi fi
@ -581,12 +564,18 @@ function update_ciphersuite {
sed -i "s|ssl_ciphers .*|ssl_ciphers '$RECOMMENDED_SSL_CIPHERS';|g" $WEBSITES_DIRECTORY/$file sed -i "s|ssl_ciphers .*|ssl_ciphers '$RECOMMENDED_SSL_CIPHERS';|g" $WEBSITES_DIRECTORY/$file
done done
systemctl restart nginx systemctl restart nginx
write_config_param "SSL_PROTOCOLS" "$RECOMMENDED_SSL_PROTOCOLS"
write_config_param "SSL_CIPHERS" "$RECOMMENDED_SSL_CIPHERS"
sed -i "s|Ciphers .*|Ciphers $RECOMMENDED_SSH_CIPHERS|g" $SSH_CONFIG sed -i "s|Ciphers .*|Ciphers $RECOMMENDED_SSH_CIPHERS|g" $SSH_CONFIG
sed -i "s|MACs .*|MACs $RECOMMENDED_SSH_MACS|g" $SSH_CONFIG sed -i "s|MACs .*|MACs $RECOMMENDED_SSH_MACS|g" $SSH_CONFIG
sed -i "s|KexAlgorithms .*|KexAlgorithms $RECOMMENDED_SSH_KEX|g" $SSH_CONFIG sed -i "s|KexAlgorithms .*|KexAlgorithms $RECOMMENDED_SSH_KEX|g" $SSH_CONFIG
systemctl restart ssh systemctl restart ssh
write_config_param "SSH_CIPHERS" "$RECOMMENDED_SSH_CIPHERS"
write_config_param "SSH_MACS" "$RECOMMENDED_SSH_MACS"
write_config_param "SSH_KEX" "$RECOMMENDED_SSH_KEX"
dialog --title $"Update ciphersuite" \ dialog --title $"Update ciphersuite" \
--msgbox $"The ciphersuite has been updated to recommended versions" 6 40 --msgbox $"The ciphersuite has been updated to recommended versions" 6 40
exit 0 exit 0