Option to clear stored passwords
This commit is contained in:
parent
4d2092d502
commit
075909f522
|
@ -125,6 +125,20 @@ function run_tests {
|
|||
echo "Tests passed"
|
||||
}
|
||||
|
||||
function clear_passwords {
|
||||
# remove all passwords except for the root one, which is needed
|
||||
# for automatic database backups
|
||||
for d in /root/.passwords/*/ ; do
|
||||
USERNAME=$(echo "$d" | awk -F '/' '{print $4}')
|
||||
if [[ "$USERNAME" != 'root' ]]; then
|
||||
shred -zu /root/.passwords/$USERNAME/*
|
||||
rm -rf /root/.passwords/$USERNAME
|
||||
fi
|
||||
done
|
||||
echo $'Passwords cleared'
|
||||
exit 0
|
||||
}
|
||||
|
||||
while [[ $# > 1 ]]
|
||||
do
|
||||
key="$1"
|
||||
|
@ -137,6 +151,9 @@ do
|
|||
shift
|
||||
TESTS=1
|
||||
;;
|
||||
-c|--clear|--erase)
|
||||
clear_passwords
|
||||
;;
|
||||
-u|--user|--username)
|
||||
shift
|
||||
CURR_USERNAME="${1}"
|
||||
|
|
|
@ -685,22 +685,38 @@ function remove_pinning {
|
|||
esac
|
||||
}
|
||||
|
||||
function clear_passwords {
|
||||
dialog --title $"Clear Passwords" \
|
||||
--backtitle $"Freedombone Security Configuration" \
|
||||
--defaultno \
|
||||
--yesno $"\nThis will remove all user passwords from the system. Are you sure that you want to do this?" 8 60
|
||||
sel=$?
|
||||
case $sel in
|
||||
1) return;;
|
||||
255) return;;
|
||||
esac
|
||||
${PROJECT_NAME}-pass --clear yes
|
||||
dialog --title $"Passwords were removed" \
|
||||
--msgbox $"\nFor the best security you should now manually change passwords via web interfaces so that there is no possibility of them being recovered from the disk" 9 60
|
||||
}
|
||||
|
||||
function menu_security_settings {
|
||||
data=$(tempfile 2>/dev/null)
|
||||
trap "rm -f $data" 0 1 2 5 15
|
||||
dialog --backtitle $"Freedombone Control Panel" \
|
||||
--title $"Security Settings" \
|
||||
--radiolist $"Choose an operation:" 17 76 17 \
|
||||
--radiolist $"Choose an operation:" 18 76 18 \
|
||||
1 $"Show ssh host public key" off \
|
||||
2 $"Regenerate ssh host keys" off \
|
||||
3 $"Regenerate Diffie-Hellman keys" off \
|
||||
4 $"Update cipersuite" off \
|
||||
5 $"Create a new Let's Encrypt certificate" off \
|
||||
6 $"Renew Let's Encrypt certificate" off \
|
||||
7 $"Enable GPG based authentication (monkeysphere)" off \
|
||||
8 $"Register a website with monkeysphere" off \
|
||||
9 $"Allow ssh login with passwords" off \
|
||||
10 $"Go Back/Exit" on 2> $data
|
||||
2 $"Clear password store" off \
|
||||
3 $"Regenerate ssh host keys" off \
|
||||
4 $"Regenerate Diffie-Hellman keys" off \
|
||||
5 $"Update cipersuite" off \
|
||||
6 $"Create a new Let's Encrypt certificate" off \
|
||||
7 $"Renew Let's Encrypt certificate" off \
|
||||
8 $"Enable GPG based authentication (monkeysphere)" off \
|
||||
9 $"Register a website with monkeysphere" off \
|
||||
10 $"Allow ssh login with passwords" off \
|
||||
11 $"Go Back/Exit" on 2> $data
|
||||
sel=$?
|
||||
case $sel in
|
||||
1) exit 1;;
|
||||
|
@ -728,33 +744,36 @@ function menu_security_settings {
|
|||
exit 0
|
||||
;;
|
||||
2)
|
||||
regenerate_ssh_host_keys
|
||||
clear_passwords
|
||||
;;
|
||||
3)
|
||||
regenerate_dh_keys
|
||||
regenerate_ssh_host_keys
|
||||
;;
|
||||
4)
|
||||
regenerate_dh_keys
|
||||
;;
|
||||
5)
|
||||
interactive_setup
|
||||
update_ciphersuite
|
||||
;;
|
||||
5)
|
||||
6)
|
||||
create_letsencrypt
|
||||
;;
|
||||
6)
|
||||
7)
|
||||
renew_letsencrypt
|
||||
;;
|
||||
7)
|
||||
8)
|
||||
enable_monkeysphere
|
||||
;;
|
||||
8)
|
||||
9)
|
||||
register_website
|
||||
;;
|
||||
9)
|
||||
10)
|
||||
allow_ssh_passwords
|
||||
change_ssh_settings
|
||||
exit 0
|
||||
;;
|
||||
10)
|
||||
11)
|
||||
exit 0
|
||||
;;
|
||||
esac
|
||||
|
|
Loading…
Reference in New Issue