free
/
freedombone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Command option to register a website with monkeysphere

This commit is contained in:
Bob Mottram 2016-05-02 19:08:29 +01:00
parent 428e42c4bc
commit a7572eabc1
1 changed files with 28 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
src/freedombone-sec
View File

@ -352,6 +352,7 @@ function regenerate_ssh_host_keys {
monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ssh://$DEFAULT_DOMAIN_NAME monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ssh://$DEFAULT_DOMAIN_NAME
SSH_ONION_HOSTNAME=$(cat ${COMPLETION_FILE} | grep 'ssh onion domain' | awk -F ':' '{print $2}') SSH_ONION_HOSTNAME=$(cat ${COMPLETION_FILE} | grep 'ssh onion domain' | awk -F ':' '{print $2}')
monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ssh://$SSH_ONION_HOSTNAME monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ssh://$SSH_ONION_HOSTNAME
monkeysphere-host publish-key --all
echo $'updated monkeysphere ssh host key' echo $'updated monkeysphere ssh host key'
systemctl restart ssh systemctl restart ssh
fi fi
@ -617,7 +618,7 @@ function enable_monkeysphere {
# The admin user is the identity certifier # The admin user is the identity certifier
fpr=$(gpg --with-colons --fingerprint $MY_GPG_PUBLIC_KEY_ID | grep fpr | head -n 1 | awk -F ':' '{print $10}') fpr=$(gpg --with-colons --fingerprint $MY_GPG_PUBLIC_KEY_ID | grep fpr | head -n 1 | awk -F ':' '{print $10}')
monkeysphere-authentication add-identity-certifier $fpr monkeysphere-authentication add-identity-certifier $fpr
monkeysphere-host publish-key monkeysphere-host publish-key --all
else else
sed -i 's|#AuthorizedKeysFile|AuthorizedKeysFile|g' /etc/ssh/sshd_config sed -i 's|#AuthorizedKeysFile|AuthorizedKeysFile|g' /etc/ssh/sshd_config
sed -i 's|AuthorizedKeysFile.*|AuthorizedKeysFile %h/.ssh/authorized_keys|g' /etc/ssh/sshd_config sed -i 's|AuthorizedKeysFile.*|AuthorizedKeysFile %h/.ssh/authorized_keys|g' /etc/ssh/sshd_config
@ -861,6 +862,25 @@ function refresh_gpg_keys {
exit 0 exit 0
} }
function register_website {
domain="$1"
if [[ ${domain} == *".local" ]]; then
echo $"Can't register local domains"
exit 82438
fi
if [ ! -f /etc/ssl/private/${domain}.key ]; then
echo $"No SSL/TLS private key found for ${domain}"
exit 62852
fi
if [ ! -f /etc/nginx/sites-available/${domain} ]; then
echo $"No virtual host found for ${domain}"
exit 25625
fi
monkeysphere-host import-key /etc/ssl/private/${domain}.key https://${domain}
monkeysphere-host publish-key
exit 0
}
function show_help { function show_help {
echo '' echo ''
echo "${PROJECT_NAME}-sec" echo "${PROJECT_NAME}-sec"
@ -872,6 +892,7 @@ function show_help {
echo $' -e --export Export security settings to a file' echo $' -e --export Export security settings to a file'
echo $' -i --import Import security settings from a file' echo $' -i --import Import security settings from a file'
echo $' -r --refresh Refresh GPG keys for all users' echo $' -r --refresh Refresh GPG keys for all users'
echo $' --register [domain] Register a https domain with monkeysphere'
echo '' echo ''
exit 0 exit 0
} }
@ -898,8 +919,14 @@ case $key in
;; ;;
# Refresh GPG keys # Refresh GPG keys
-r|--refresh) -r|--refresh)
shift
refresh_gpg_keys refresh_gpg_keys
;; ;;
# register a website
--register|--reg|--site)
shift
register_website "$1"
;;
*) *)
# unknown option # unknown option
;; ;;