Option to clear stored passwords

This commit is contained in:
Bob Mottram 2016-11-23 09:34:45 +00:00
parent 4d2092d502
commit 075909f522
2 changed files with 54 additions and 18 deletions

View File

@ -125,6 +125,20 @@ function run_tests {
echo "Tests passed"
}
function clear_passwords {
# remove all passwords except for the root one, which is needed
# for automatic database backups
for d in /root/.passwords/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $4}')
if [[ "$USERNAME" != 'root' ]]; then
shred -zu /root/.passwords/$USERNAME/*
rm -rf /root/.passwords/$USERNAME
fi
done
echo $'Passwords cleared'
exit 0
}
while [[ $# > 1 ]]
do
key="$1"
@ -137,6 +151,9 @@ do
shift
TESTS=1
;;
-c|--clear|--erase)
clear_passwords
;;
-u|--user|--username)
shift
CURR_USERNAME="${1}"

View File

@ -685,22 +685,38 @@ function remove_pinning {
esac
}
function clear_passwords {
dialog --title $"Clear Passwords" \
--backtitle $"Freedombone Security Configuration" \
--defaultno \
--yesno $"\nThis will remove all user passwords from the system. Are you sure that you want to do this?" 8 60
sel=$?
case $sel in
1) return;;
255) return;;
esac
${PROJECT_NAME}-pass --clear yes
dialog --title $"Passwords were removed" \
--msgbox $"\nFor the best security you should now manually change passwords via web interfaces so that there is no possibility of them being recovered from the disk" 9 60
}
function menu_security_settings {
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \
--title $"Security Settings" \
--radiolist $"Choose an operation:" 17 76 17 \
--radiolist $"Choose an operation:" 18 76 18 \
1 $"Show ssh host public key" off \
2 $"Regenerate ssh host keys" off \
3 $"Regenerate Diffie-Hellman keys" off \
4 $"Update cipersuite" off \
5 $"Create a new Let's Encrypt certificate" off \
6 $"Renew Let's Encrypt certificate" off \
7 $"Enable GPG based authentication (monkeysphere)" off \
8 $"Register a website with monkeysphere" off \
9 $"Allow ssh login with passwords" off \
10 $"Go Back/Exit" on 2> $data
2 $"Clear password store" off \
3 $"Regenerate ssh host keys" off \
4 $"Regenerate Diffie-Hellman keys" off \
5 $"Update cipersuite" off \
6 $"Create a new Let's Encrypt certificate" off \
7 $"Renew Let's Encrypt certificate" off \
8 $"Enable GPG based authentication (monkeysphere)" off \
9 $"Register a website with monkeysphere" off \
10 $"Allow ssh login with passwords" off \
11 $"Go Back/Exit" on 2> $data
sel=$?
case $sel in
1) exit 1;;
@ -728,33 +744,36 @@ function menu_security_settings {
exit 0
;;
2)
regenerate_ssh_host_keys
clear_passwords
;;
3)
regenerate_dh_keys
regenerate_ssh_host_keys
;;
4)
regenerate_dh_keys
;;
5)
interactive_setup
update_ciphersuite
;;
5)
6)
create_letsencrypt
;;
6)
7)
renew_letsencrypt
;;
7)
8)
enable_monkeysphere
;;
8)
9)
register_website
;;
9)
10)
allow_ssh_passwords
change_ssh_settings
exit 0
;;
10)
11)
exit 0
;;
esac