free
/
freedombone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Move passwords to security settings

This commit is contained in:
Bob Mottram 2018-03-18 10:33:43 +00:00
parent 81942f9c22
commit a97c7d8dcf
3 changed files with 201 additions and 197 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

202
src/freedombone-controlpanel
View File

@ -185,73 +185,6 @@ function get_app_icann_address {
echo "${DEFAULT_DOMAIN_NAME}"
}
function passwords_select_user {
SELECTED_USERNAME=
# shellcheck disable=SC2207
users_array=($(ls /home))
delete=(git)
# shellcheck disable=SC2068
for del in ${delete[@]}
do
# shellcheck disable=SC2206
users_array=(${users_array[@]/$del})
done
i=0
W=()
name=()
# shellcheck disable=SC2068
for u in ${users_array[@]}
do
if [[ $(is_valid_user "$u") == "1" ]]; then
i=$((i+1))
W+=("$i" "$u")
name+=("$u")
fi
done
if [ $i -eq 1 ]; then
SELECTED_USERNAME="${name[0]}"
else
# shellcheck disable=SC2068
user_index=$(dialog --backtitle $"Freedombone Control Panel" --title $"Select User" --menu $"Select one of the following:" 24 40 17 ${W[@]} 3>&2 2>&1 1>&3)
# shellcheck disable=SC2181
if [ $? -eq 0 ]; then
SELECTED_USERNAME="${name[$((user_index-1))]}"
fi
fi
}
function passwords_show_apps {
SELECTED_APP=
i=0
W=()
name=()
# shellcheck disable=SC2068
for a in ${APPS_AVAILABLE[@]}
do
if [[ $(function_exists "change_password_${a}") == "1" ]]; then
i=$((i+1))
W+=("$i" "$a")
name+=("$a")
fi
done
i=$((i+1))
W+=("$i" "mariadb")
name+=("mariadb")
# shellcheck disable=SC2068
selected_app_index=$(dialog --backtitle $"Freedombone Control Panel" --title $"Select App" --menu $"Select one of the following:" 24 40 17 ${W[@]} 3>&2 2>&1 1>&3)
# shellcheck disable=SC2181
if [ $? -eq 0 ]; then
SELECTED_APP="${name[$((selected_app_index-1))]}"
fi
}
function reset_password_tries {
passwords_select_user
if [ ! "$SELECTED_USERNAME" ]; then
@ -262,67 +195,6 @@ function reset_password_tries {
--msgbox $"Password tries have been reset for $SELECTED_USERNAME" 6 60
}
function view_or_change_passwords {
passwords_select_user
if [ ! "$SELECTED_USERNAME" ]; then
return
fi
detect_installed_apps
passwords_show_apps
if [ ! "$SELECTED_APP" ]; then
return
fi
CURR_PASSWORD=$("${PROJECT_NAME}-pass" -u "${SELECTED_USERNAME}" -a "${SELECTED_APP}")
icann_address=$(get_app_icann_address "${SELECTED_APP}")
onion_address=$(get_app_onion_address "${SELECTED_APP}")
titlestr=$"View or Change Password"
if [ ${#onion_address} -gt 0 ]; then
viewstr=$"${SELECTED_APP} password for ${SELECTED_USERNAME} on $icann_address or $onion_address\\n\\nCopy or change it if you wish."
else
viewstr=$"${SELECTED_APP} password for ${SELECTED_USERNAME} on $icann_address\\n\\nCopy or change it if you wish."
fi
if [ -f /root/.nostore ]; then
titlestr=$"Change Password"
if [ ${#onion_address} -gt 0 ]; then
viewstr=$"Change the ${SELECTED_APP} password for ${SELECTED_USERNAME} on $icann_address or $onion_address."
else
viewstr=$"Change the ${SELECTED_APP} password for ${SELECTED_USERNAME} on $icann_address."
fi
fi
if [[ "${SELECTED_APP}" == 'mariadb' ]]; then
CURR_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
dialog --title $"MariaDB database password" \
--msgbox "\\n ${CURR_PASSWORD}" 7 40
return
fi
data=$(mktemp 2>/dev/null)
dialog --title "$titlestr" \
--backtitle $"Freedombone Control Panel" \
--inputbox "$viewstr" 12 75 "$CURR_PASSWORD" 2>"$data"
sel=$?
case $sel in
0)
CURR_PASSWORD=$(<"$data")
if [ ${#CURR_PASSWORD} -gt 8 ]; then
"${PROJECT_NAME}-pass" -u "${SELECTED_USERNAME}" -a "${SELECTED_APP}" -p "${CURR_PASSWORD}"
"change_password_${SELECTED_APP}" "${SELECTED_USERNAME}" "${CURR_PASSWORD}"
dialog --title $"Change password" \
--msgbox $"The password was changed" 6 40
else
dialog --title $"Change password" \
--msgbox $"The password given must be at least 8 characters" 6 40
fi
;;
esac
rm -f "$data"
}
function check_for_updates {
if [ ! -f "/etc/cron.weekly/$UPGRADE_SCRIPT_NAME" ]; then
dialog --title $"Check for updates" \
@ -2227,25 +2099,24 @@ function menu_top_level {
while true
do
W=(1 $"About this system"
2 $"Passwords"
3 $"Backup and Restore"
4 $"Verify Tripwire Code"
5 $"Reset Tripwire"
6 $"App Settings"
7 $"Add/Remove Apps"
8 $"Logging on/off"
9 $"Ping enable/disable"
10 $"Manage Users"
11 $"Email Menu"
12 $"Domain or User Blocking"
13 $"Security Settings"
14 $"Change the name of this system"
15 $"Set a static local IP address"
16 $"Wifi menu"
17 $"Add Clacks"
18 $"Check for updates"
19 $"Power off the system"
20 $"Restart the system")
2 $"Backup and Restore"
3 $"Verify Tripwire Code"
4 $"Reset Tripwire"
5 $"App Settings"
6 $"Add/Remove Apps"
7 $"Logging on/off"
8 $"Ping enable/disable"
9 $"Manage Users"
10 $"Email Menu"
11 $"Domain or User Blocking"
12 $"Security Settings"
13 $"Change the name of this system"
14 $"Set a static local IP address"
15 $"Wifi menu"
16 $"Add Clacks"
17 $"Check for updates"
18 $"Power off the system"
19 $"Restart the system")
# shellcheck disable=SC2068
selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Administrator Control Panel" --menu $"Choose an operation, or ESC to exit:" 27 60 27 "${W[@]}" 3>&2 2>&1 1>&3)
@ -2258,29 +2129,28 @@ function menu_top_level {
case $selection in
1) show_about;;
2) view_or_change_passwords;;
3) menu_backup_restore;;
4) show_tripwire_verification_code
2) menu_backup_restore;;
3) show_tripwire_verification_code
any_key_verify;;
5) reset_tripwire;;
6) menu_app_settings;;
7) if ! /usr/local/bin/addremove; then
4) reset_tripwire;;
5) menu_app_settings;;
6) if ! /usr/local/bin/addremove; then
any_key
fi
;;
8) logging_on_off;;
9) ping_enable_disable;;
10) menu_users;;
11) menu_email;;
12) domain_blocking;;
13) security_settings;;
14) change_system_name;;
15) set_static_IP;;
16) menu_wifi;;
17) add_clacks;;
18) check_for_updates;;
19) shut_down_system;;
20) restart_system;;
7) logging_on_off;;
8) ping_enable_disable;;
9) menu_users;;
10) menu_email;;
11) domain_blocking;;
12) security_settings;;
13) change_system_name;;
14) set_static_IP;;
15) menu_wifi;;
16) add_clacks;;
17) check_for_updates;;
18) shut_down_system;;
19) restart_system;;
esac
done
}

155
src/freedombone-sec
View File

@ -69,6 +69,94 @@ LETSENCRYPT_SERVER='https://acme-v01.api.letsencrypt.org/directory'
MY_USERNAME=
function passwords_show_apps {
SELECTED_APP=
i=0
W=()
name=()
# shellcheck disable=SC2068
for a in ${APPS_AVAILABLE[@]}
do
if [[ $(function_exists "change_password_${a}") == "1" ]]; then
i=$((i+1))
W+=("$i" "$a")
name+=("$a")
fi
done
i=$((i+1))
W+=("$i" "mariadb")
name+=("mariadb")
# shellcheck disable=SC2068
selected_app_index=$(dialog --backtitle $"Freedombone Control Panel" --title $"Select App" --menu $"Select one of the following:" 24 40 17 ${W[@]} 3>&2 2>&1 1>&3)
# shellcheck disable=SC2181
if [ $? -eq 0 ]; then
SELECTED_APP="${name[$((selected_app_index-1))]}"
fi
}
function view_or_change_passwords {
passwords_select_user
if [ ! "$SELECTED_USERNAME" ]; then
return
fi
detect_installed_apps
passwords_show_apps
if [ ! "$SELECTED_APP" ]; then
return
fi
CURR_PASSWORD=$("${PROJECT_NAME}-pass" -u "${SELECTED_USERNAME}" -a "${SELECTED_APP}")
icann_address=$(get_app_icann_address "${SELECTED_APP}")
onion_address=$(get_app_onion_address "${SELECTED_APP}")
titlestr=$"View or Change Password"
if [ ${#onion_address} -gt 0 ]; then
viewstr=$"${SELECTED_APP} password for ${SELECTED_USERNAME} on $icann_address or $onion_address\\n\\nCopy or change it if you wish."
else
viewstr=$"${SELECTED_APP} password for ${SELECTED_USERNAME} on $icann_address\\n\\nCopy or change it if you wish."
fi
if [ -f /root/.nostore ]; then
titlestr=$"Change Password"
if [ ${#onion_address} -gt 0 ]; then
viewstr=$"Change the ${SELECTED_APP} password for ${SELECTED_USERNAME} on $icann_address or $onion_address."
else
viewstr=$"Change the ${SELECTED_APP} password for ${SELECTED_USERNAME} on $icann_address."
fi
fi
if [[ "${SELECTED_APP}" == 'mariadb' ]]; then
CURR_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
dialog --title $"MariaDB database password" \
--msgbox "\\n ${CURR_PASSWORD}" 7 40
return
fi
data=$(mktemp 2>/dev/null)
dialog --title "$titlestr" \
--backtitle $"Freedombone Control Panel" \
--inputbox "$viewstr" 12 75 "$CURR_PASSWORD" 2>"$data"
sel=$?
case $sel in
0)
CURR_PASSWORD=$(<"$data")
if [ ${#CURR_PASSWORD} -gt 8 ]; then
"${PROJECT_NAME}-pass" -u "${SELECTED_USERNAME}" -a "${SELECTED_APP}" -p "${CURR_PASSWORD}"
"change_password_${SELECTED_APP}" "${SELECTED_USERNAME}" "${CURR_PASSWORD}"
dialog --title $"Change password" \
--msgbox $"The password was changed" 6 40
else
dialog --title $"Change password" \
--msgbox $"The password given must be at least 8 characters" 6 40
fi
;;
esac
rm -f "$data"
}
function show_firewall {
W=()
while read -r line; do
@ -974,22 +1062,23 @@ function menu_tor_bridges {
}
function menu_security_settings {
W=(1 $"Run STIG tests"
2 $"Fix STIG test failures"
3 $"Show ssh host public key"
4 $"Tor bridges"
5 $"Password storage"
6 $"Export passwords"
7 $"Regenerate ssh host keys"
8 $"Regenerate Diffie-Hellman keys"
9 $"Update cipersuite"
10 $"Create a new Let's Encrypt certificate"
11 $"Renew Let's Encrypt certificate"
12 $"Delete a Let's Encrypt certificate"
13 $"Enable GPG based authentication (monkeysphere)"
14 $"Register a website with monkeysphere"
15 $"Allow ssh login with passwords"
16 $"Show firewall")
W=(1 $"Passwords"
2 $"Run STIG tests"
3 $"Fix STIG test failures"
4 $"Show ssh host public key"
5 $"Tor bridges"
6 $"Password storage"
7 $"Export passwords"
8 $"Regenerate ssh host keys"
9 $"Regenerate Diffie-Hellman keys"
10 $"Update cipersuite"
11 $"Create a new Let's Encrypt certificate"
12 $"Renew Let's Encrypt certificate"
13 $"Delete a Let's Encrypt certificate"
14 $"Enable GPG based authentication (monkeysphere)"
15 $"Register a website with monkeysphere"
16 $"Allow ssh login with passwords"
17 $"Show firewall")
# shellcheck disable=SC2068
selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Security Settings" --menu $"Choose an operation, or ESC to exit:" 24 76 24 "${W[@]}" 3>&2 2>&1 1>&3)
@ -1014,13 +1103,17 @@ function menu_security_settings {
case $selection in
1)
view_or_change_passwords
exit 0;
;;
2)
clear
echo $'Running STIG tests...'
echo ''
${PROJECT_NAME}-tests --stig showall
exit 0
;;
2)
3)
clear
echo $'Fixing any STIG failures...'
echo ''
@ -1028,54 +1121,54 @@ function menu_security_settings {
echo $'Fixes applied. You will need to run the STIG tests again to be sure that they were all fixed.'
exit 0
;;
3)
4)
dialog --title $"SSH host public keys" \
--msgbox "\\n$(get_ssh_server_key)" 12 60
exit 0
;;
4)
5)
menu_tor_bridges
exit 0
;;
5)
6)
store_passwords
exit 0
;;
6)
7)
export_passwords
exit 0
;;
7)
8)
regenerate_ssh_host_keys
;;
8)
9)
regenerate_dh_keys
;;
9)
10)
interactive_setup
update_ciphersuite
;;
10)
11)
create_letsencrypt
;;
11)
12)
renew_letsencrypt
;;
12)
13)
delete_letsencrypt
;;
13)
14)
enable_monkeysphere
;;
14)
15)
register_website
;;
15)
16)
allow_ssh_passwords
change_ssh_settings
exit 0
;;
16)
17)
show_firewall
exit 0
;;

41
src/freedombone-utils-passwords
View File

@ -39,6 +39,47 @@ MINIMUM_PASSWORD_LENGTH=10
# The default password length used in images
DEFAULT_PASSWORD_LENGTH=20
function passwords_select_user {
SELECTED_USERNAME=
# shellcheck disable=SC2207
users_array=($(ls /home))
delete=(git)
# shellcheck disable=SC2068
for del in ${delete[@]}
do
# shellcheck disable=SC2206
users_array=(${users_array[@]/$del})
done
i=0
W=()
name=()
# shellcheck disable=SC2068
for u in ${users_array[@]}
do
if [[ $(is_valid_user "$u") == "1" ]]; then
i=$((i+1))
W+=("$i" "$u")
name+=("$u")
fi
done
if [ $i -eq 1 ]; then
SELECTED_USERNAME="${name[0]}"
else
# shellcheck disable=SC2068
user_index=$(dialog --backtitle $"Freedombone Control Panel" --title $"Select User" --menu $"Select one of the following:" 24 40 17 ${W[@]} 3>&2 2>&1 1>&3)
# shellcheck disable=SC2181
if [ $? -eq 0 ]; then
# shellcheck disable=SC2034
SELECTED_USERNAME="${name[$((user_index-1))]}"
fi
fi
}
function enforce_good_passwords {
# because humans are generally bad at choosing passwords
if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then