free
/
freedomboneeee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Move ping enable/disable to security menu

This commit is contained in:
Bob Mottram 2018-03-18 11:06:27 +00:00
parent f506df693d
commit 24c39e1d07
2 changed files with 79 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
src/freedombone-controlpanel
View File

@ -1085,30 +1085,6 @@ function restore_data_remote {
rm -f "$data"
}
function ping_enable_disable {
ping_str=$"\\nDo you want to enable other systems to ping this machine?\\n\\nPing may be useful for diagnostic purposes, but for added security you may not want to enable it."
enable_ping="no"
dialog --title $"Enable Ping / ICMP" \
--backtitle $"Freedombone Control Panel" \
--defaultno \
--yesno "$ping_str" 10 60
sel=$?
case $sel in
0) enable_ping="yes";;
255) return;;
esac
if [[ $enable_ping == "yes" ]]; then
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_all
else
iptables -D INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -D OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
fi
}
function logging_on_off {
logging="no"
dialog --title $"Logging" \
@ -1976,21 +1952,20 @@ function menu_top_level {
3 $"App Settings"
4 $"Add/Remove Apps"
5 $"Logging on/off"
6 $"Ping enable/disable"
7 $"Manage Users"
8 $"Email Menu"
9 $"Domain or User Blocking"
10 $"Security Settings"
11 $"Change the name of this system"
12 $"Set a static local IP address"
13 $"Wifi menu"
14 $"Add Clacks"
15 $"Check for updates"
16 $"Power off the system"
17 $"Restart the system")
6 $"Manage Users"
7 $"Email Menu"
8 $"Domain or User Blocking"
9 $"Security Settings"
10 $"Change the name of this system"
11 $"Set a static local IP address"
12 $"Wifi menu"
13 $"Add Clacks"
14 $"Check for updates"
15 $"Power off the system"
16 $"Restart the system")
# shellcheck disable=SC2068
selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Administrator Control Panel" --menu $"Choose an operation, or ESC to exit:" 25 60 25 "${W[@]}" 3>&2 2>&1 1>&3)
selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Administrator Control Panel" --menu $"Choose an operation, or ESC to exit:" 24 60 24 "${W[@]}" 3>&2 2>&1 1>&3)
if [ ! "$selection" ]; then
break
@ -2007,18 +1982,17 @@ function menu_top_level {
fi
;;
5) logging_on_off;;
6) ping_enable_disable;;
7) menu_users;;
8) menu_email;;
9) domain_blocking;;
10) security_settings;;
11) change_system_name;;
12) set_static_IP;;
13) menu_wifi;;
14) add_clacks;;
15) check_for_updates;;
16) shut_down_system;;
17) restart_system;;
6) menu_users;;
7) menu_email;;
8) domain_blocking;;
9) security_settings;;
10) change_system_name;;
11) set_static_IP;;
12) menu_wifi;;
13) add_clacks;;
14) check_for_updates;;
15) shut_down_system;;
16) restart_system;;
esac
done
}

83
src/freedombone-sec
View File

@ -69,6 +69,30 @@ LETSENCRYPT_SERVER='https://acme-v01.api.letsencrypt.org/directory'
MY_USERNAME=
function ping_enable_disable {
ping_str=$"\\nDo you want to enable other systems to ping this machine?\\n\\nPing may be useful for diagnostic purposes, but for added security you may not want to enable it."
enable_ping="no"
dialog --title $"Enable Ping / ICMP" \
--backtitle $"Freedombone Control Panel" \
--defaultno \
--yesno "$ping_str" 10 60
sel=$?
case $sel in
0) enable_ping="yes";;
255) return;;
esac
if [[ $enable_ping == "yes" ]]; then
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_all
else
iptables -D INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -D OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
fi
}
function any_key_verify {
echo ''
read -n1 -rsp $"Press any key to continue or C to check a hash..." key
@ -1177,20 +1201,21 @@ function menu_security_settings {
3 $"Fix STIG test failures"
4 $"Show tripwire verification code"
5 $"Reset tripwire"
6 $"Show ssh host public key"
7 $"Tor bridges"
8 $"Password storage"
9 $"Export passwords"
10 $"Regenerate ssh host keys"
11 $"Regenerate Diffie-Hellman keys"
12 $"Update cipersuite"
13 $"Create a new Let's Encrypt certificate"
14 $"Renew Let's Encrypt certificate"
15 $"Delete a Let's Encrypt certificate"
16 $"Enable GPG based authentication (monkeysphere)"
17 $"Register a website with monkeysphere"
18 $"Allow ssh login with passwords"
19 $"Show firewall")
6 $"Enable or disable ping"
7 $"Show ssh host public key"
8 $"Tor bridges"
9 $"Password storage"
10 $"Export passwords"
11 $"Regenerate ssh host keys"
12 $"Regenerate Diffie-Hellman keys"
13 $"Update cipersuite"
14 $"Create a new Let's Encrypt certificate"
15 $"Renew Let's Encrypt certificate"
16 $"Delete a Let's Encrypt certificate"
17 $"Enable GPG based authentication (monkeysphere)"
18 $"Register a website with monkeysphere"
19 $"Allow ssh login with passwords"
20 $"Show firewall")
# shellcheck disable=SC2068
selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Security Settings" --menu $"Choose an operation, or ESC to exit:" 24 76 24 "${W[@]}" 3>&2 2>&1 1>&3)
@ -1244,53 +1269,57 @@ function menu_security_settings {
;;
6)
ping_enable_disable
exit 0
;;
7)
dialog --title $"SSH host public keys" \
--msgbox "\\n$(get_ssh_server_key)" 12 60
exit 0
;;
7)
8)
menu_tor_bridges
exit 0
;;
8)
9)
store_passwords
exit 0
;;
9)
10)
export_passwords
exit 0
;;
10)
11)
regenerate_ssh_host_keys
;;
11)
12)
regenerate_dh_keys
;;
12)
13)
interactive_setup
update_ciphersuite
;;
13)
14)
create_letsencrypt
;;
14)
15)
renew_letsencrypt
;;
15)
16)
delete_letsencrypt
;;
16)
17)
enable_monkeysphere
;;
17)
18)
register_website
;;
18)
19)
allow_ssh_passwords
change_ssh_settings
exit 0
;;
19)
20)
show_firewall
exit 0
;;