Option to update the ciphersuite to recommended values
This commit is contained in:
parent
d0f330d9da
commit
77669098a6
|
@ -493,6 +493,69 @@ function create_letsencrypt {
|
||||||
exit 0
|
exit 0
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function update_ciphersuite {
|
||||||
|
project_filename=/usr/local/bin/${PROJECT_NAME}
|
||||||
|
if [ ! -f $project_filename ]; then
|
||||||
|
project_filename=/usr/bin/${PROJECT_NAME}
|
||||||
|
fi
|
||||||
|
|
||||||
|
RECOMMENDED_SSL_CIPHERS=$(cat $project_filename | grep 'SSL_CIPHERS=' | head -n 1 | awk -F '=' '{print $2}' | awk -F '"' '{print $2}')
|
||||||
|
if [ ! "$RECOMMENDED_SSL_CIPHERS" ]; then
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
if [ ${#RECOMMENDED_SSL_CIPHERS} -lt 5 ]; then
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
|
||||||
|
RECOMMENDED_SSL_PROTOCOLS=$(cat $project_filename | grep 'SSL_PROTOCOLS=' | head -n 1 | awk -F '=' '{print $2}' | awk -F '"' '{print $2}')
|
||||||
|
if [ ! "$RECOMMENDED_SSL_PROTOCOLS" ]; then
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
if [ ${#RECOMMENDED_SSL_PROTOCOLS} -lt 5 ]; then
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
|
||||||
|
RECOMMENDED_SSH_CIPHERS=$(cat $project_filename | grep 'SSH_CIPHERS=' | head -n 1 | awk -F '=' '{print $2}' | awk -F '"' '{print $2}')
|
||||||
|
if [ ! "$RECOMMENDED_SSH_CIPHERS" ]; then
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
if [ ${#RECOMMENDED_SSH_CIPHERS} -lt 5 ]; then
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
|
||||||
|
RECOMMENDED_SSH_MACS=$(cat $project_filename | grep 'SSH_MACS=' | head -n 1 | awk -F '=' '{print $2}' | awk -F '"' '{print $2}')
|
||||||
|
if [ ! "$RECOMMENDED_SSH_MACS" ]; then
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
if [ ${#RECOMMENDED_SSH_MACS} -lt 5 ]; then
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
|
||||||
|
RECOMMENDED_SSH_KEX=$(cat $project_filename | grep 'SSH_KEX=' | head -n 1 | awk -F '=' '{print $2}' | awk -F '"' '{print $2}')
|
||||||
|
if [ ! "$RECOMMENDED_SSH_KEX" ]; then
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
if [ ${#RECOMMENDED_SSH_KEX} -lt 5 ]; then
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
|
||||||
|
cd $WEBSITES_DIRECTORY
|
||||||
|
for file in `dir -d *` ; do
|
||||||
|
sed -i "s|ssl_protocols .*|ssl_protocols $RECOMMENDED_SSL_PROTOCOLS;|g" $WEBSITES_DIRECTORY/$file
|
||||||
|
sed -i "s|ssl_ciphers .*|ssl_ciphers '$RECOMMENDED_SSL_CIPHERS';|g" $WEBSITES_DIRECTORY/$file
|
||||||
|
done
|
||||||
|
systemctl restart nginx
|
||||||
|
|
||||||
|
sed -i "s|Ciphers .*|Ciphers $RECOMMENDED_SSH_CIPHERS|g" $SSH_CONFIG
|
||||||
|
sed -i "s|MACs .*|MACs $RECOMMENDED_SSH_MACS|g" $SSH_CONFIG
|
||||||
|
sed -i "s|KexAlgorithms .*|KexAlgorithms $RECOMMENDED_SSH_KEX|g" $SSH_CONFIG
|
||||||
|
systemctl restart ssh
|
||||||
|
|
||||||
|
dialog --title $"Update ciphersuite" \
|
||||||
|
--msgbox $"The ciphersuite has been updated to recommended versions" 6 40
|
||||||
|
exit 0
|
||||||
|
}
|
||||||
|
|
||||||
function housekeeping {
|
function housekeeping {
|
||||||
cmd=(dialog --separate-output \
|
cmd=(dialog --separate-output \
|
||||||
--backtitle "Freedombone Security Configuration" \
|
--backtitle "Freedombone Security Configuration" \
|
||||||
|
@ -501,8 +564,9 @@ function housekeeping {
|
||||||
options=(1 "Regenerate ssh host keys" off
|
options=(1 "Regenerate ssh host keys" off
|
||||||
2 "Regenerate Diffie-Hellman keys" off
|
2 "Regenerate Diffie-Hellman keys" off
|
||||||
3 "Renew a StartSSL certificate" off
|
3 "Renew a StartSSL certificate" off
|
||||||
4 "Create a new Let's Encrypt certificate" off
|
4 "Update cipersuite" off
|
||||||
5 "Renew Let's Encrypt certificate" off)
|
5 "Create a new Let's Encrypt certificate" off
|
||||||
|
6 "Renew Let's Encrypt certificate" off)
|
||||||
choices=$("${cmd[@]}" "${options[@]}" 2>&1 >/dev/tty)
|
choices=$("${cmd[@]}" "${options[@]}" 2>&1 >/dev/tty)
|
||||||
clear
|
clear
|
||||||
for choice in $choices
|
for choice in $choices
|
||||||
|
@ -518,9 +582,12 @@ function housekeeping {
|
||||||
renew_startssl
|
renew_startssl
|
||||||
;;
|
;;
|
||||||
4)
|
4)
|
||||||
create_letsencrypt
|
update_ciphersuite
|
||||||
;;
|
;;
|
||||||
5)
|
5)
|
||||||
|
create_letsencrypt
|
||||||
|
;;
|
||||||
|
6)
|
||||||
renew_letsencrypt
|
renew_letsencrypt
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
Loading…
Reference in New Issue