diff --git a/src/freedombone-client b/src/freedombone-client index 33215634..bc5cfed4 100755 --- a/src/freedombone-client +++ b/src/freedombone-client @@ -32,6 +32,10 @@ export TEXTDOMAIN=${PROJECT_NAME}-client export TEXTDOMAINDIR="/usr/share/locale" CURR_USER=$USER +CURR_GROUP=$USER +if [ -f /usr/bin/pacman ]; then + CURR_GROUP='users' +fi MESH_CLIENT_INSTALL= ENABLE_MONKEYSPHERE= @@ -49,10 +53,11 @@ if [ ! -f $MAIN_PROJECT_FILE ]; then fi # ssh (from https://stribika.github.io/2015/01/04/secure-secure-shell.html) -SSH_CIPHERS=$(cat $MAIN_PROJECT_FILE | grep 'SSH_CIPHERS=' | head -n 1 | awk -F '"' '{print $2}') -SSH_MACS=$(cat $MAIN_PROJECT_FILE | grep 'SSH_MACS=' | head -n 1 | awk -F '"' '{print $2}') -SSH_KEX=$(cat $MAIN_PROJECT_FILE | grep 'SSH_KEX=' | head -n 1 | awk -F '"' '{print $2}') -SSH_HOST_KEY_ALGORITHMS=$(cat $MAIN_PROJECT_FILE | grep 'SSH_HOST_KEY_ALGORITHMS=' | head -n 1 | awk -F '"' '{print $2}') +UTILS_SSH=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-ssh +SSH_CIPHERS=$(cat $UTILS_SSH | grep 'SSH_CIPHERS=' | head -n 1 | awk -F '"' '{print $2}') +SSH_MACS=$(cat $UTILS_SSH | grep 'SSH_MACS=' | head -n 1 | awk -F '"' '{print $2}') +SSH_KEX=$(cat $UTILS_SSH | grep 'SSH_KEX=' | head -n 1 | awk -F '"' '{print $2}') +SSH_HOST_KEY_ALGORITHMS=$(cat $UTILS_SSH | grep 'SSH_HOST_KEY_ALGORITHMS=' | head -n 1 | awk -F '"' '{print $2}') # refresh gpg keys every few hours REFRESH_GPG_KEYS_HOURS=2 @@ -67,11 +72,7 @@ function global_rate_limit { fi sudo cp $SYSCTL_FILE ~/sysctl.conf - if [ ! -f /usr/bin/pacman ]; then - sudo chown $CURR_USER:$CURR_USER ~/sysctl.conf - else - sudo chown $CURR_USER:users ~/sysctl.conf - fi + sudo chown $CURR_USER:$CURR_GROUP ~/sysctl.conf if ! grep -q "tcp_challenge_ack_limit" ~/sysctl.conf; then echo 'net.ipv4.tcp_challenge_ack_limit = 999999999' >> ~/sysctl.conf else @@ -91,11 +92,7 @@ function refresh_gpg_keys { fi fi sudo cp /etc/crontab ~/temp_crontab - if [ ! -f /usr/bin/pacman ]; then - sudo chown $CURR_USER:$CURR_USER ~/temp_crontab - else - sudo chown $CURR_USER:users ~/temp_crontab - fi + sudo chown $CURR_USER:$CURR_GROUP ~/temp_crontab if ! grep -q "gpg --refresh-keys" ~/temp_crontab; then echo "0 */$REFRESH_GPG_KEYS_HOURS * * * $CURR_USER /usr/bin/gpg --refresh-keys > /dev/null" >> ~/temp_crontab sudo cp ~/temp_crontab /etc/crontab @@ -116,13 +113,10 @@ function configure_ssh_client { sudo sed -i "s/# HostKeyAlgorithms.*/ HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS/g" /etc/ssh/ssh_config sudo sed -i "s/# Ciphers.*/ Ciphers $SSH_CIPHERS/g" /etc/ssh/ssh_config sudo sed -i "s/# MACs.*/ MACs $SSH_MACS/g" /etc/ssh/ssh_config + sudo sed -i "s/HostKeyAlgorithms.*/HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS/g" /etc/ssh/ssh_config if ! grep -q "HostKeyAlgorithms" /etc/ssh/ssh_config; then sudo cp /etc/ssh/ssh_config ~/ssh_config - if [ ! -f /usr/bin/pacman ]; then - sudo chown $CURR_USER:$CURR_USER ~/ssh_config - else - sudo chown $CURR_USER:users ~/ssh_config - fi + sudo chown $CURR_USER:$CURR_GROUP ~/ssh_config echo " HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS" >> ~/ssh_config sudo mv ~/ssh_config /etc/ssh/ssh_config sudo chown root:root /etc/ssh/ssh_config @@ -130,11 +124,7 @@ function configure_ssh_client { sudo sed -i "s/Ciphers.*/Ciphers $SSH_CIPHERS/g" /etc/ssh/ssh_config if ! grep -q "Ciphers " /etc/ssh/ssh_config; then sudo cp /etc/ssh/ssh_config ~/ssh_config - if [ ! -f /usr/bin/pacman ]; then - sudo chown $CURR_USER:$CURR_USER ~/ssh_config - else - sudo chown $CURR_USER:users ~/ssh_config - fi + sudo chown $CURR_USER:$CURR_GROUP ~/ssh_config echo " Ciphers $SSH_CIPHERS" >> ~/ssh_config sudo mv ~/ssh_config /etc/ssh/ssh_config sudo chown root:root /etc/ssh/ssh_config @@ -142,11 +132,7 @@ function configure_ssh_client { sudo sed -i "s/MACs.*/MACs $SSH_MACS/g" /etc/ssh/ssh_config if ! grep -q "MACs " /etc/ssh/ssh_config; then sudo cp /etc/ssh/ssh_config ~/ssh_config - if [ ! -f /usr/bin/pacman ]; then - sudo chown $CURR_USER:$CURR_USER ~/ssh_config - else - sudo chown $CURR_USER:users ~/ssh_config - fi + sudo chown $CURR_USER:$CURR_GROUP ~/ssh_config echo " MACs $SSH_MACS" >> ~/ssh_config sudo mv ~/ssh_config /etc/ssh/ssh_config sudo chown root:root /etc/ssh/ssh_config