Import and export of security settings

src/freedombone-sec

@@ -45,6 +45,9 @@ XMPP_CONFIG='/etc/prosody/conf.avail/xmpp.cfg.lua'
 
 MINIMUM_LENGTH=6
 
+IMPORT_FILE=
+EXPORT_FILE=
+
 function get_protocols_from_website {
   if [ ! -f $WEBSITES_DIRECTORY/$1 ]; then
       return
@@ -311,10 +314,222 @@ function interactive_setup {
   clear
 }
 
+function import_settings {
+  if [ ! $IMPORT_FILE ]; then
+      return
+  fi
+
+  if [ ! -f $IMPORT_FILE ]; then
+      echo "Import file $IMPORT_FILE not found"
+      exit 6393
+  fi
+
+  if grep -q "SSL_PROTOCOLS" $IMPORT_FILE; then
+      TEMP_VALUE=$(grep "SSL_PROTOCOLS" $IMPORT_FILE | awk -F '=' '{print $2}')
+      if [ ${#TEMP_VALUE} -gt $MINIMUM_LENGTH ]; then
+          SSL_PROTOCOLS=$TEMP_VALUE
+      fi
+  fi
+  if grep -q "SSL_CIPHERS" $IMPORT_FILE; then
+      TEMP_VALUE=$(grep "SSL_CIPHERS" $IMPORT_FILE | awk -F '=' '{print $2}')
+      if [ ${#TEMP_VALUE} -gt $MINIMUM_LENGTH ]; then
+          SSL_CIPHERS=$TEMP_VALUE
+      fi
+  fi
+  if grep -q "SSH_CIPHERS" $IMPORT_FILE; then
+      TEMP_VALUE=$(grep "SSH_CIPHERS" $IMPORT_FILE | awk -F '=' '{print $2}')
+      if [ ${#TEMP_VALUE} -gt $MINIMUM_LENGTH ]; then
+          SSH_CIPHERS=$TEMP_VALUE
+      fi
+  fi
+  if grep -q "SSH_MACS" $IMPORT_FILE; then
+      TEMP_VALUE=$(grep "SSH_MACS" $IMPORT_FILE | awk -F '=' '{print $2}')
+      if [ ${#TEMP_VALUE} -gt $MINIMUM_LENGTH ]; then
+          SSH_MACS=$TEMP_VALUE
+      fi
+  fi
+  if grep -q "SSH_KEX" $IMPORT_FILE; then
+      TEMP_VALUE=$(grep "SSH_KEX" $IMPORT_FILE | awk -F '=' '{print $2}')
+      if [ ${#TEMP_VALUE} -gt $MINIMUM_LENGTH ]; then
+          SSH_KEX=$TEMP_VALUE
+      fi
+  fi
+  if grep -q "SSH_HOST_KEY_ALGORITHMS" $IMPORT_FILE; then
+      TEMP_VALUE=$(grep "SSH_HOST_KEY_ALGORITHMS" $IMPORT_FILE | awk -F '=' '{print $2}')
+      if [ ${#TEMP_VALUE} -gt $MINIMUM_LENGTH ]; then
+          SSH_HOST_KEY_ALGORITHMS=$TEMP_VALUE
+      fi
+  fi
+  if grep -q "SSH_PASSWORDS" $IMPORT_FILE; then
+      TEMP_VALUE=$(grep "SSH_PASSWORDS" $IMPORT_FILE | awk -F '=' '{print $2}')
+      if [[ $TEMP_VALUE == "yes" || $TEMP_VALUE == "no" ]]; then
+          SSH_PASSWORDS=$TEMP_VALUE
+      fi
+  fi
+  if grep -q "XMPP_CIPHERS" $IMPORT_FILE; then
+      TEMP_VALUE=$(grep "XMPP_CIPHERS" $IMPORT_FILE | awk -F '=' '{print $2}')
+      if [ ${#TEMP_VALUE} -gt $MINIMUM_LENGTH ]; then
+          XMPP_CIPHERS=$TEMP_VALUE
+      fi
+  fi
+  if grep -q "XMPP_ECC_CURVE" $IMPORT_FILE; then
+      TEMP_VALUE=$(grep "XMPP_ECC_CURVE" $IMPORT_FILE | awk -F '=' '{print $2}')
+      if [ ${#TEMP_VALUE} -gt 3 ]; then
+          XMPP_ECC_CURVE=$TEMP_VALUE
+      fi
+  fi
+}
+
+function export_settings {
+  if [ ! $EXPORT_FILE ]; then
+      return
+  fi
+
+  if [ ! -f $EXPORT_FILE ]; then
+      if [ $SSL_PROTOCOLS ]; then
+          echo "SSL_PROTOCOLS=$SSL_PROTOCOLS" >> $EXPORT_FILE
+      fi
+      if [ $SSL_CIPHERS ]; then
+          echo "SSL_CIPHERS=$SSL_CIPHERS" >> $EXPORT_FILE
+      fi
+      if [ $SSH_CIPHERS ]; then
+          echo "SSH_CIPHERS=$SSH_CIPHERS" >> $EXPORT_FILE
+      fi
+      if [ $SSH_MACS ]; then
+          echo "SSH_MACS=$SSH_MACS" >> $EXPORT_FILE
+      fi
+      if [ $SSH_KEX ]; then
+          echo "SSH_KEX=$SSH_KEX" >> $EXPORT_FILE
+      fi
+      if [ $SSH_HOST_KEY_ALGORITHMS ]; then
+          echo "SSH_HOST_KEY_ALGORITHMS=$SSH_HOST_KEY_ALGORITHMS" >> $EXPORT_FILE
+      fi
+      if [ $SSH_PASSWORDS ]; then
+          echo "SSH_PASSWORDS=$SSH_PASSWORDS" >> $EXPORT_FILE
+      fi
+      if [ $XMPP_CIPHERS ]; then
+          echo "XMPP_CIPHERS=$XMPP_CIPHERS" >> $EXPORT_FILE
+      fi
+      if [ $XMPP_ECC_CURVE ]; then
+          echo "XMPP_ECC_CURVE=$XMPP_ECC_CURVE" >> $EXPORT_FILE
+      fi
+      return
+  fi
+
+  if [ $SSL_PROTOCOLS ]; then
+      if grep -q "SSL_PROTOCOLS" $EXPORT_FILE; then
+          sed -i "s|SSL_PROTOCOLS=.*|SSL_PROTOCOLS=$SSL_PROTOCOLS|g" $EXPORT_FILE
+      else
+          echo "SSL_PROTOCOLS=$SSL_PROTOCOLS" >> $EXPORT_FILE
+      fi
+  fi
+  if [ $SSL_CIPHERS ]; then
+      if grep -q "SSL_CIPHERS" $EXPORT_FILE; then
+          sed -i "s|SSL_CIPHERS=.*|SSL_CIPHERS=$SSL_CIPHERS|g" $EXPORT_FILE
+      else
+          echo "SSL_CIPHERS=$SSL_CIPHERS" >> $EXPORT_FILE
+      fi
+  fi
+  if [ $SSH_CIPHERS ]; then
+      if grep -q "SSH_CIPHERS" $EXPORT_FILE; then
+          sed -i "s|SSH_CIPHERS=.*|SSH_CIPHERS=$SSH_CIPHERS|g" $EXPORT_FILE
+      else
+          echo "SSH_CIPHERS=$SSH_CIPHERS" >> $EXPORT_FILE
+      fi
+  fi
+  if [ $SSH_MACS ]; then
+      if grep -q "SSH_MACS" $EXPORT_FILE; then
+          sed -i "s|SSH_MACS=.*|SSH_MACS=$SSH_MACS|g" $EXPORT_FILE
+      else
+          echo "SSH_MACS=$SSH_MACS" >> $EXPORT_FILE
+      fi
+  fi
+  if [ $SSH_KEX ]; then
+      if grep -q "SSH_KEX" $EXPORT_FILE; then
+          sed -i "s|SSH_KEX=.*|SSH_KEX=$SSH_KEX|g" $EXPORT_FILE
+      else
+          echo "SSH_KEX=$SSH_KEX" >> $EXPORT_FILE
+      fi
+  fi
+  if [ $SSH_HOST_KEY_ALGORITHMS ]; then
+      if grep -q "SSH_HOST_KEY_ALGORITHMS" $EXPORT_FILE; then
+          sed -i "s|SSH_HOST_KEY_ALGORITHMS=.*|SSH_HOST_KEY_ALGORITHMS=$SSH_HOST_KEY_ALGORITHMS|g" $EXPORT_FILE
+      else
+          echo "SSH_HOST_KEY_ALGORITHMS=$SSH_HOST_KEY_ALGORITHMS" >> $EXPORT_FILE
+      fi
+  fi
+  if [ $SSH_PASSWORDS ]; then
+      if grep -q "SSH_PASSWORDS" $EXPORT_FILE; then
+          sed -i "s|SSH_PASSWORDS=.*|SSH_PASSWORDS=$SSH_PASSWORDS|g" $EXPORT_FILE
+      else
+          echo "SSH_PASSWORDS=$SSH_PASSWORDS" >> $EXPORT_FILE
+      fi
+  fi
+  if [ $XMPP_CIPHERS ]; then
+      if grep -q "XMPP_CIPHERS" $EXPORT_FILE; then
+          sed -i "s|XMPP_CIPHERS=.*|XMPP_CIPHERS=$XMPP_CIPHERS|g" $EXPORT_FILE
+      else
+          echo "XMPP_CIPHERS=$XMPP_CIPHERS" >> $EXPORT_FILE
+      fi
+  fi
+  if [ $XMPP_ECC_CURVE ]; then
+      if grep -q "XMPP_ECC_CURVE" $EXPORT_FILE; then
+          sed -i "s|XMPP_ECC_CURVE=.*|XMPP_ECC_CURVE=$XMPP_ECC_CURVE|g" $EXPORT_FILE
+      else
+          echo "XMPP_ECC_CURVE=$XMPP_ECC_CURVE" >> $EXPORT_FILE
+      fi
+  fi
+  echo "Security settings exported to $EXPORT_FILE"
+  exit 0
+}
+
+function show_help {
+  echo ''
+  echo 'freedombone-sec'
+  echo ''
+  echo 'Alters the security settings'
+  echo ''
+  echo ''
+  echo '  -h --help             Show help'
+  echo '  -e --export           Export security settings to a file'
+  echo '  -i --import           Import security settings from a file'
+  echo ''
+  exit 0
+}
+
+
+# Get the commandline options
+while [[ $# > 1 ]]
+do
+key="$1"
+
+case $key in
+    -h|--help)
+    show_help
+    ;;
+    # Export settings
+    -e|--export)
+    shift
+    EXPORT_FILE="$1"
+    ;;
+    # Export settings
+    -i|--import)
+    shift
+    IMPORT_FILE="$1"
+    ;;
+    *)
+    # unknown option
+    ;;
+esac
+shift
+done
+
 get_website_settings
 get_imap_settings
 get_ssh_settings
 get_xmpp_settings
+import_settings
+export_settings
 interactive_setup
 change_website_settings
 change_imap_settings