free
/
freedomboneeee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'stretch' of https://github.com/bashrc/freedombone

This commit is contained in:
Bob Mottram 2017-08-05 11:37:41 +01:00
parent 50f29ef374 f2c17eddd5
commit 0aeeafa2ab
5 changed files with 54 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/freedombone-app-keyserver
View File

@ -82,17 +82,6 @@ function keyserver_watchdog {
echo 'fi' >> $keyserver_watchdog_script echo 'fi' >> $keyserver_watchdog_script
chmod +x $keyserver_watchdog_script chmod +x $keyserver_watchdog_script
# clear out log files daily
keyserver_watchdog_script=/etc/cron.daily/keyserver-db
echo '#!/bin/sh' > $keyserver_watchdog_script
echo 'if [ -d /var/lib/sks/DB ]; then' >> $keyserver_watchdog_script
echo ' cd /var/lib/sks/DB' >> $keyserver_watchdog_script
echo ' systemctl stop sks' >> $keyserver_watchdog_script
echo ' db_archive -d' >> $keyserver_watchdog_script
echo ' systemctl start sks' >> $keyserver_watchdog_script
echo 'fi' >> $keyserver_watchdog_script
chmod +x $keyserver_watchdog_script
} }

7
src/freedombone-base-tripwire
View File

@ -76,6 +76,7 @@ function install_tripwire {
echo 'REPORTLEVEL =3' >> /etc/tripwire/twcfg.txt echo 'REPORTLEVEL =3' >> /etc/tripwire/twcfg.txt
echo 'SYSLOGREPORTING =false' >> /etc/tripwire/twcfg.txt echo 'SYSLOGREPORTING =false' >> /etc/tripwire/twcfg.txt
echo 'MAILMETHOD =SENDMAIL' >> /etc/tripwire/twcfg.txt echo 'MAILMETHOD =SENDMAIL' >> /etc/tripwire/twcfg.txt
echo 'MAILPROGRAM =/usr/lib/sendmail -oi -t' >> /etc/tripwire/twcfg.txt
echo 'SMTPHOST =localhost' >> /etc/tripwire/twcfg.txt echo 'SMTPHOST =localhost' >> /etc/tripwire/twcfg.txt
echo 'SMTPPORT =25' >> /etc/tripwire/twcfg.txt echo 'SMTPPORT =25' >> /etc/tripwire/twcfg.txt
echo 'TEMPDIRECTORY =/tmp' >> /etc/tripwire/twcfg.txt echo 'TEMPDIRECTORY =/tmp' >> /etc/tripwire/twcfg.txt
@ -139,12 +140,6 @@ function install_tripwire {
' | reset-tripwire ' | reset-tripwire
if ! grep -q "tripwire" /etc/crontab; then
TRIPWIRE_MIN=$((1 + RANDOM % 49))
TRIPWIRE_HOUR=$((1 + RANDOM % 6))
echo "${TRIPWIRE_MIN} ${TRIPWIRE_HOUR} * * * root /usr/sbin/tripwire -m c" >> /etc/crontab
fi
mark_completed $FUNCNAME mark_completed $FUNCNAME
} }

16
src/freedombone-controlpanel
View File

@ -1280,11 +1280,25 @@ function reset_tripwire {
return return
fi fi
clear clear
echo $'Creating configuration...'
echo '
' | twadmin --create-cfgfile -S /etc/tripwire/${HOSTNAME}-site.key /etc/tripwire/twcfg.txt
echo $'Resetting policy...'
echo '
' | twadmin --create-polfile -S /etc/tripwire/${HOSTNAME}-site.key /etc/tripwire/twpol.txt
echo $'Creating tripwire database'
echo '
' | tripwire --init --cfgfile /etc/tripwire/tw.cfg --polfile /etc/tripwire/tw.pol --dbfile /var/lib/tripwire/${HOSTNAME}.twd
echo $'Resetting the Tripwire...' echo $'Resetting the Tripwire...'
echo ' ' echo ''
echo ' echo '
' | reset-tripwire ' | reset-tripwire
echo ''
echo $'Tripwire is now reset'
any_key any_key
} }

65
src/freedombone-sec
View File

@ -969,22 +969,23 @@ function menu_security_settings {
trap "rm -f $data" 0 1 2 5 15 trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \ dialog --backtitle $"Freedombone Control Panel" \
--title $"Security Settings" \ --title $"Security Settings" \
--radiolist $"Choose an operation:" 22 76 22 \ --radiolist $"Choose an operation:" 23 76 23 \
1 $"Run STIG tests" off \ 1 $"Run STIG tests" off \
2 $"Show ssh host public key" off \ 2 $"Fix STIG test failures" off \
3 $"Tor bridges" off \ 3 $"Show ssh host public key" off \
4 $"Password storage" off \ 4 $"Tor bridges" off \
5 $"Export passwords" off \ 5 $"Password storage" off \
6 $"Regenerate ssh host keys" off \ 6 $"Export passwords" off \
7 $"Regenerate Diffie-Hellman keys" off \ 7 $"Regenerate ssh host keys" off \
8 $"Update cipersuite" off \ 8 $"Regenerate Diffie-Hellman keys" off \
9 $"Create a new Let's Encrypt certificate" off \ 9 $"Update cipersuite" off \
10 $"Renew Let's Encrypt certificate" off \ 10 $"Create a new Let's Encrypt certificate" off \
11 $"Delete a Let's Encrypt certificate" off \ 11 $"Renew Let's Encrypt certificate" off \
12 $"Enable GPG based authentication (monkeysphere)" off \ 12 $"Delete a Let's Encrypt certificate" off \
13 $"Register a website with monkeysphere" off \ 13 $"Enable GPG based authentication (monkeysphere)" off \
14 $"Allow ssh login with passwords" off \ 14 $"Register a website with monkeysphere" off \
15 $"Go Back/Exit" on 2> $data 15 $"Allow ssh login with passwords" off \
16 $"Go Back/Exit" on 2> $data
sel=$? sel=$?
case $sel in case $sel in
1) exit 1;; 1) exit 1;;
@ -1014,53 +1015,61 @@ function menu_security_settings {
exit 0 exit 0
;; ;;
2) 2)
clear
echo $'Fixing any STIG failures...'
echo ''
${PROJECT_NAME}-tests --stig fix
echo $'Fixes applied. You will need to run the STIG tests again to be sure that they were all fixed.'
exit 0
;;
3)
dialog --title $"SSH host public keys" \ dialog --title $"SSH host public keys" \
--msgbox "\n$(get_ssh_server_key)" 12 60 --msgbox "\n$(get_ssh_server_key)" 12 60
exit 0 exit 0
;; ;;
3) 4)
menu_tor_bridges menu_tor_bridges
exit 0 exit 0
;; ;;
4) 5)
store_passwords store_passwords
exit 0 exit 0
;; ;;
5) 6)
export_passwords export_passwords
exit 0 exit 0
;; ;;
6) 7)
regenerate_ssh_host_keys regenerate_ssh_host_keys
;; ;;
7) 8)
regenerate_dh_keys regenerate_dh_keys
;; ;;
8) 9)
interactive_setup interactive_setup
update_ciphersuite update_ciphersuite
;; ;;
9) 10)
create_letsencrypt create_letsencrypt
;; ;;
10) 11)
renew_letsencrypt renew_letsencrypt
;; ;;
11) 12)
delete_letsencrypt delete_letsencrypt
;; ;;
12) 13)
enable_monkeysphere enable_monkeysphere
;; ;;
13) 14)
register_website register_website
;; ;;
14) 15)
allow_ssh_passwords allow_ssh_passwords
change_ssh_settings change_ssh_settings
exit 0 exit 0
;; ;;
15) 16)
exit 0 exit 0
;; ;;
esac esac

2
src/freedombone-utils-cron
View File

@ -82,7 +82,7 @@ function schedule_stig_tests {
echo "ADMIN_EMAIL_ADDRESS=${MY_USERNAME}@\${HOSTNAME}" >> /etc/cron.daily/stig_tests echo "ADMIN_EMAIL_ADDRESS=${MY_USERNAME}@\${HOSTNAME}" >> /etc/cron.daily/stig_tests
echo "pkill ${PROJECT_NAME}-tests" >> /etc/cron.daily/stig_tests echo "pkill ${PROJECT_NAME}-tests" >> /etc/cron.daily/stig_tests
echo 'rm -rf /tmp/*' >> /etc/cron.daily/stig_tests echo 'rm -rf /tmp/*' >> /etc/cron.daily/stig_tests
echo "${PROJECT_NAME}-tests --stig fix > /tmp/daily-stig-tests" >> /etc/cron.daily/stig_tests echo "${PROJECT_NAME}-tests --stig yes > /tmp/daily-stig-tests" >> /etc/cron.daily/stig_tests
echo 'if [ ! "$?" = "0" ]; then' >> /etc/cron.daily/stig_tests echo 'if [ ! "$?" = "0" ]; then' >> /etc/cron.daily/stig_tests
echo " echo \"\$(cat /tmp/daily-stig-tests)\" | mail -s \"${PROJECT_NAME} STIG test failures\" \$ADMIN_EMAIL_ADDRESS" >> /etc/cron.daily/stig_tests echo " echo \"\$(cat /tmp/daily-stig-tests)\" | mail -s \"${PROJECT_NAME} STIG test failures\" \$ADMIN_EMAIL_ADDRESS" >> /etc/cron.daily/stig_tests
echo 'fi' >> /etc/cron.daily/stig_tests echo 'fi' >> /etc/cron.daily/stig_tests