This commit is contained in:
Bob Mottram 2016-09-20 22:02:18 +01:00
parent 1538234bf1
commit 27d1b85abb
1 changed files with 15 additions and 29 deletions

View File

@ -32,6 +32,10 @@ export TEXTDOMAIN=${PROJECT_NAME}-client
export TEXTDOMAINDIR="/usr/share/locale" export TEXTDOMAINDIR="/usr/share/locale"
CURR_USER=$USER CURR_USER=$USER
CURR_GROUP=$USER
if [ -f /usr/bin/pacman ]; then
CURR_GROUP='users'
fi
MESH_CLIENT_INSTALL= MESH_CLIENT_INSTALL=
ENABLE_MONKEYSPHERE= ENABLE_MONKEYSPHERE=
@ -49,10 +53,11 @@ if [ ! -f $MAIN_PROJECT_FILE ]; then
fi fi
# ssh (from https://stribika.github.io/2015/01/04/secure-secure-shell.html) # ssh (from https://stribika.github.io/2015/01/04/secure-secure-shell.html)
SSH_CIPHERS=$(cat $MAIN_PROJECT_FILE | grep 'SSH_CIPHERS=' | head -n 1 | awk -F '"' '{print $2}') UTILS_SSH=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-ssh
SSH_MACS=$(cat $MAIN_PROJECT_FILE | grep 'SSH_MACS=' | head -n 1 | awk -F '"' '{print $2}') SSH_CIPHERS=$(cat $UTILS_SSH | grep 'SSH_CIPHERS=' | head -n 1 | awk -F '"' '{print $2}')
SSH_KEX=$(cat $MAIN_PROJECT_FILE | grep 'SSH_KEX=' | head -n 1 | awk -F '"' '{print $2}') SSH_MACS=$(cat $UTILS_SSH | grep 'SSH_MACS=' | head -n 1 | awk -F '"' '{print $2}')
SSH_HOST_KEY_ALGORITHMS=$(cat $MAIN_PROJECT_FILE | grep 'SSH_HOST_KEY_ALGORITHMS=' | head -n 1 | awk -F '"' '{print $2}') SSH_KEX=$(cat $UTILS_SSH | grep 'SSH_KEX=' | head -n 1 | awk -F '"' '{print $2}')
SSH_HOST_KEY_ALGORITHMS=$(cat $UTILS_SSH | grep 'SSH_HOST_KEY_ALGORITHMS=' | head -n 1 | awk -F '"' '{print $2}')
# refresh gpg keys every few hours # refresh gpg keys every few hours
REFRESH_GPG_KEYS_HOURS=2 REFRESH_GPG_KEYS_HOURS=2
@ -67,11 +72,7 @@ function global_rate_limit {
fi fi
sudo cp $SYSCTL_FILE ~/sysctl.conf sudo cp $SYSCTL_FILE ~/sysctl.conf
if [ ! -f /usr/bin/pacman ]; then sudo chown $CURR_USER:$CURR_GROUP ~/sysctl.conf
sudo chown $CURR_USER:$CURR_USER ~/sysctl.conf
else
sudo chown $CURR_USER:users ~/sysctl.conf
fi
if ! grep -q "tcp_challenge_ack_limit" ~/sysctl.conf; then if ! grep -q "tcp_challenge_ack_limit" ~/sysctl.conf; then
echo 'net.ipv4.tcp_challenge_ack_limit = 999999999' >> ~/sysctl.conf echo 'net.ipv4.tcp_challenge_ack_limit = 999999999' >> ~/sysctl.conf
else else
@ -91,11 +92,7 @@ function refresh_gpg_keys {
fi fi
fi fi
sudo cp /etc/crontab ~/temp_crontab sudo cp /etc/crontab ~/temp_crontab
if [ ! -f /usr/bin/pacman ]; then sudo chown $CURR_USER:$CURR_GROUP ~/temp_crontab
sudo chown $CURR_USER:$CURR_USER ~/temp_crontab
else
sudo chown $CURR_USER:users ~/temp_crontab
fi
if ! grep -q "gpg --refresh-keys" ~/temp_crontab; then if ! grep -q "gpg --refresh-keys" ~/temp_crontab; then
echo "0 */$REFRESH_GPG_KEYS_HOURS * * * $CURR_USER /usr/bin/gpg --refresh-keys > /dev/null" >> ~/temp_crontab echo "0 */$REFRESH_GPG_KEYS_HOURS * * * $CURR_USER /usr/bin/gpg --refresh-keys > /dev/null" >> ~/temp_crontab
sudo cp ~/temp_crontab /etc/crontab sudo cp ~/temp_crontab /etc/crontab
@ -116,13 +113,10 @@ function configure_ssh_client {
sudo sed -i "s/# HostKeyAlgorithms.*/ HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS/g" /etc/ssh/ssh_config sudo sed -i "s/# HostKeyAlgorithms.*/ HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS/g" /etc/ssh/ssh_config
sudo sed -i "s/# Ciphers.*/ Ciphers $SSH_CIPHERS/g" /etc/ssh/ssh_config sudo sed -i "s/# Ciphers.*/ Ciphers $SSH_CIPHERS/g" /etc/ssh/ssh_config
sudo sed -i "s/# MACs.*/ MACs $SSH_MACS/g" /etc/ssh/ssh_config sudo sed -i "s/# MACs.*/ MACs $SSH_MACS/g" /etc/ssh/ssh_config
sudo sed -i "s/HostKeyAlgorithms.*/HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS/g" /etc/ssh/ssh_config
if ! grep -q "HostKeyAlgorithms" /etc/ssh/ssh_config; then if ! grep -q "HostKeyAlgorithms" /etc/ssh/ssh_config; then
sudo cp /etc/ssh/ssh_config ~/ssh_config sudo cp /etc/ssh/ssh_config ~/ssh_config
if [ ! -f /usr/bin/pacman ]; then sudo chown $CURR_USER:$CURR_GROUP ~/ssh_config
sudo chown $CURR_USER:$CURR_USER ~/ssh_config
else
sudo chown $CURR_USER:users ~/ssh_config
fi
echo " HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS" >> ~/ssh_config echo " HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS" >> ~/ssh_config
sudo mv ~/ssh_config /etc/ssh/ssh_config sudo mv ~/ssh_config /etc/ssh/ssh_config
sudo chown root:root /etc/ssh/ssh_config sudo chown root:root /etc/ssh/ssh_config
@ -130,11 +124,7 @@ function configure_ssh_client {
sudo sed -i "s/Ciphers.*/Ciphers $SSH_CIPHERS/g" /etc/ssh/ssh_config sudo sed -i "s/Ciphers.*/Ciphers $SSH_CIPHERS/g" /etc/ssh/ssh_config
if ! grep -q "Ciphers " /etc/ssh/ssh_config; then if ! grep -q "Ciphers " /etc/ssh/ssh_config; then
sudo cp /etc/ssh/ssh_config ~/ssh_config sudo cp /etc/ssh/ssh_config ~/ssh_config
if [ ! -f /usr/bin/pacman ]; then sudo chown $CURR_USER:$CURR_GROUP ~/ssh_config
sudo chown $CURR_USER:$CURR_USER ~/ssh_config
else
sudo chown $CURR_USER:users ~/ssh_config
fi
echo " Ciphers $SSH_CIPHERS" >> ~/ssh_config echo " Ciphers $SSH_CIPHERS" >> ~/ssh_config
sudo mv ~/ssh_config /etc/ssh/ssh_config sudo mv ~/ssh_config /etc/ssh/ssh_config
sudo chown root:root /etc/ssh/ssh_config sudo chown root:root /etc/ssh/ssh_config
@ -142,11 +132,7 @@ function configure_ssh_client {
sudo sed -i "s/MACs.*/MACs $SSH_MACS/g" /etc/ssh/ssh_config sudo sed -i "s/MACs.*/MACs $SSH_MACS/g" /etc/ssh/ssh_config
if ! grep -q "MACs " /etc/ssh/ssh_config; then if ! grep -q "MACs " /etc/ssh/ssh_config; then
sudo cp /etc/ssh/ssh_config ~/ssh_config sudo cp /etc/ssh/ssh_config ~/ssh_config
if [ ! -f /usr/bin/pacman ]; then sudo chown $CURR_USER:$CURR_GROUP ~/ssh_config
sudo chown $CURR_USER:$CURR_USER ~/ssh_config
else
sudo chown $CURR_USER:users ~/ssh_config
fi
echo " MACs $SSH_MACS" >> ~/ssh_config echo " MACs $SSH_MACS" >> ~/ssh_config
sudo mv ~/ssh_config /etc/ssh/ssh_config sudo mv ~/ssh_config /etc/ssh/ssh_config
sudo chown root:root /etc/ssh/ssh_config sudo chown root:root /etc/ssh/ssh_config