From 24c39e1d072bc6355c31d9debd31a004fd312b6f Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sun, 18 Mar 2018 11:06:27 +0000 Subject: [PATCH] Move ping enable/disable to security menu --- src/freedombone-controlpanel | 72 ++++++++++--------------------- src/freedombone-sec | 83 ++++++++++++++++++++++++------------ 2 files changed, 79 insertions(+), 76 deletions(-) diff --git a/src/freedombone-controlpanel b/src/freedombone-controlpanel index 08c75cfe..6b0ffff9 100755 --- a/src/freedombone-controlpanel +++ b/src/freedombone-controlpanel @@ -1085,30 +1085,6 @@ function restore_data_remote { rm -f "$data" } -function ping_enable_disable { - ping_str=$"\\nDo you want to enable other systems to ping this machine?\\n\\nPing may be useful for diagnostic purposes, but for added security you may not want to enable it." - enable_ping="no" - dialog --title $"Enable Ping / ICMP" \ - --backtitle $"Freedombone Control Panel" \ - --defaultno \ - --yesno "$ping_str" 10 60 - sel=$? - case $sel in - 0) enable_ping="yes";; - 255) return;; - esac - - if [[ $enable_ping == "yes" ]]; then - iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT - iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT - echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_all - else - iptables -D INPUT -p icmp --icmp-type echo-request -j ACCEPT - iptables -D OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT - echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all - fi -} - function logging_on_off { logging="no" dialog --title $"Logging" \ @@ -1976,21 +1952,20 @@ function menu_top_level { 3 $"App Settings" 4 $"Add/Remove Apps" 5 $"Logging on/off" - 6 $"Ping enable/disable" - 7 $"Manage Users" - 8 $"Email Menu" - 9 $"Domain or User Blocking" - 10 $"Security Settings" - 11 $"Change the name of this system" - 12 $"Set a static local IP address" - 13 $"Wifi menu" - 14 $"Add Clacks" - 15 $"Check for updates" - 16 $"Power off the system" - 17 $"Restart the system") + 6 $"Manage Users" + 7 $"Email Menu" + 8 $"Domain or User Blocking" + 9 $"Security Settings" + 10 $"Change the name of this system" + 11 $"Set a static local IP address" + 12 $"Wifi menu" + 13 $"Add Clacks" + 14 $"Check for updates" + 15 $"Power off the system" + 16 $"Restart the system") # shellcheck disable=SC2068 - selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Administrator Control Panel" --menu $"Choose an operation, or ESC to exit:" 25 60 25 "${W[@]}" 3>&2 2>&1 1>&3) + selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Administrator Control Panel" --menu $"Choose an operation, or ESC to exit:" 24 60 24 "${W[@]}" 3>&2 2>&1 1>&3) if [ ! "$selection" ]; then break @@ -2007,18 +1982,17 @@ function menu_top_level { fi ;; 5) logging_on_off;; - 6) ping_enable_disable;; - 7) menu_users;; - 8) menu_email;; - 9) domain_blocking;; - 10) security_settings;; - 11) change_system_name;; - 12) set_static_IP;; - 13) menu_wifi;; - 14) add_clacks;; - 15) check_for_updates;; - 16) shut_down_system;; - 17) restart_system;; + 6) menu_users;; + 7) menu_email;; + 8) domain_blocking;; + 9) security_settings;; + 10) change_system_name;; + 11) set_static_IP;; + 12) menu_wifi;; + 13) add_clacks;; + 14) check_for_updates;; + 15) shut_down_system;; + 16) restart_system;; esac done } diff --git a/src/freedombone-sec b/src/freedombone-sec index d7f2194b..3a59e713 100755 --- a/src/freedombone-sec +++ b/src/freedombone-sec @@ -69,6 +69,30 @@ LETSENCRYPT_SERVER='https://acme-v01.api.letsencrypt.org/directory' MY_USERNAME= +function ping_enable_disable { + ping_str=$"\\nDo you want to enable other systems to ping this machine?\\n\\nPing may be useful for diagnostic purposes, but for added security you may not want to enable it." + enable_ping="no" + dialog --title $"Enable Ping / ICMP" \ + --backtitle $"Freedombone Control Panel" \ + --defaultno \ + --yesno "$ping_str" 10 60 + sel=$? + case $sel in + 0) enable_ping="yes";; + 255) return;; + esac + + if [[ $enable_ping == "yes" ]]; then + iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT + iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT + echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_all + else + iptables -D INPUT -p icmp --icmp-type echo-request -j ACCEPT + iptables -D OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT + echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all + fi +} + function any_key_verify { echo '' read -n1 -rsp $"Press any key to continue or C to check a hash..." key @@ -1177,20 +1201,21 @@ function menu_security_settings { 3 $"Fix STIG test failures" 4 $"Show tripwire verification code" 5 $"Reset tripwire" - 6 $"Show ssh host public key" - 7 $"Tor bridges" - 8 $"Password storage" - 9 $"Export passwords" - 10 $"Regenerate ssh host keys" - 11 $"Regenerate Diffie-Hellman keys" - 12 $"Update cipersuite" - 13 $"Create a new Let's Encrypt certificate" - 14 $"Renew Let's Encrypt certificate" - 15 $"Delete a Let's Encrypt certificate" - 16 $"Enable GPG based authentication (monkeysphere)" - 17 $"Register a website with monkeysphere" - 18 $"Allow ssh login with passwords" - 19 $"Show firewall") + 6 $"Enable or disable ping" + 7 $"Show ssh host public key" + 8 $"Tor bridges" + 9 $"Password storage" + 10 $"Export passwords" + 11 $"Regenerate ssh host keys" + 12 $"Regenerate Diffie-Hellman keys" + 13 $"Update cipersuite" + 14 $"Create a new Let's Encrypt certificate" + 15 $"Renew Let's Encrypt certificate" + 16 $"Delete a Let's Encrypt certificate" + 17 $"Enable GPG based authentication (monkeysphere)" + 18 $"Register a website with monkeysphere" + 19 $"Allow ssh login with passwords" + 20 $"Show firewall") # shellcheck disable=SC2068 selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Security Settings" --menu $"Choose an operation, or ESC to exit:" 24 76 24 "${W[@]}" 3>&2 2>&1 1>&3) @@ -1244,53 +1269,57 @@ function menu_security_settings { ;; 6) + ping_enable_disable + exit 0 + ;; + 7) dialog --title $"SSH host public keys" \ --msgbox "\\n$(get_ssh_server_key)" 12 60 exit 0 ;; - 7) + 8) menu_tor_bridges exit 0 ;; - 8) + 9) store_passwords exit 0 ;; - 9) + 10) export_passwords exit 0 ;; - 10) + 11) regenerate_ssh_host_keys ;; - 11) + 12) regenerate_dh_keys ;; - 12) + 13) interactive_setup update_ciphersuite ;; - 13) + 14) create_letsencrypt ;; - 14) + 15) renew_letsencrypt ;; - 15) + 16) delete_letsencrypt ;; - 16) + 17) enable_monkeysphere ;; - 17) + 18) register_website ;; - 18) + 19) allow_ssh_passwords change_ssh_settings exit 0 ;; - 19) + 20) show_firewall exit 0 ;;