Simplify
This commit is contained in:
parent
1538234bf1
commit
27d1b85abb
|
@ -32,6 +32,10 @@ export TEXTDOMAIN=${PROJECT_NAME}-client
|
||||||
export TEXTDOMAINDIR="/usr/share/locale"
|
export TEXTDOMAINDIR="/usr/share/locale"
|
||||||
|
|
||||||
CURR_USER=$USER
|
CURR_USER=$USER
|
||||||
|
CURR_GROUP=$USER
|
||||||
|
if [ -f /usr/bin/pacman ]; then
|
||||||
|
CURR_GROUP='users'
|
||||||
|
fi
|
||||||
MESH_CLIENT_INSTALL=
|
MESH_CLIENT_INSTALL=
|
||||||
ENABLE_MONKEYSPHERE=
|
ENABLE_MONKEYSPHERE=
|
||||||
|
|
||||||
|
@ -49,10 +53,11 @@ if [ ! -f $MAIN_PROJECT_FILE ]; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# ssh (from https://stribika.github.io/2015/01/04/secure-secure-shell.html)
|
# ssh (from https://stribika.github.io/2015/01/04/secure-secure-shell.html)
|
||||||
SSH_CIPHERS=$(cat $MAIN_PROJECT_FILE | grep 'SSH_CIPHERS=' | head -n 1 | awk -F '"' '{print $2}')
|
UTILS_SSH=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-ssh
|
||||||
SSH_MACS=$(cat $MAIN_PROJECT_FILE | grep 'SSH_MACS=' | head -n 1 | awk -F '"' '{print $2}')
|
SSH_CIPHERS=$(cat $UTILS_SSH | grep 'SSH_CIPHERS=' | head -n 1 | awk -F '"' '{print $2}')
|
||||||
SSH_KEX=$(cat $MAIN_PROJECT_FILE | grep 'SSH_KEX=' | head -n 1 | awk -F '"' '{print $2}')
|
SSH_MACS=$(cat $UTILS_SSH | grep 'SSH_MACS=' | head -n 1 | awk -F '"' '{print $2}')
|
||||||
SSH_HOST_KEY_ALGORITHMS=$(cat $MAIN_PROJECT_FILE | grep 'SSH_HOST_KEY_ALGORITHMS=' | head -n 1 | awk -F '"' '{print $2}')
|
SSH_KEX=$(cat $UTILS_SSH | grep 'SSH_KEX=' | head -n 1 | awk -F '"' '{print $2}')
|
||||||
|
SSH_HOST_KEY_ALGORITHMS=$(cat $UTILS_SSH | grep 'SSH_HOST_KEY_ALGORITHMS=' | head -n 1 | awk -F '"' '{print $2}')
|
||||||
|
|
||||||
# refresh gpg keys every few hours
|
# refresh gpg keys every few hours
|
||||||
REFRESH_GPG_KEYS_HOURS=2
|
REFRESH_GPG_KEYS_HOURS=2
|
||||||
|
@ -67,11 +72,7 @@ function global_rate_limit {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
sudo cp $SYSCTL_FILE ~/sysctl.conf
|
sudo cp $SYSCTL_FILE ~/sysctl.conf
|
||||||
if [ ! -f /usr/bin/pacman ]; then
|
sudo chown $CURR_USER:$CURR_GROUP ~/sysctl.conf
|
||||||
sudo chown $CURR_USER:$CURR_USER ~/sysctl.conf
|
|
||||||
else
|
|
||||||
sudo chown $CURR_USER:users ~/sysctl.conf
|
|
||||||
fi
|
|
||||||
if ! grep -q "tcp_challenge_ack_limit" ~/sysctl.conf; then
|
if ! grep -q "tcp_challenge_ack_limit" ~/sysctl.conf; then
|
||||||
echo 'net.ipv4.tcp_challenge_ack_limit = 999999999' >> ~/sysctl.conf
|
echo 'net.ipv4.tcp_challenge_ack_limit = 999999999' >> ~/sysctl.conf
|
||||||
else
|
else
|
||||||
|
@ -91,11 +92,7 @@ function refresh_gpg_keys {
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
sudo cp /etc/crontab ~/temp_crontab
|
sudo cp /etc/crontab ~/temp_crontab
|
||||||
if [ ! -f /usr/bin/pacman ]; then
|
sudo chown $CURR_USER:$CURR_GROUP ~/temp_crontab
|
||||||
sudo chown $CURR_USER:$CURR_USER ~/temp_crontab
|
|
||||||
else
|
|
||||||
sudo chown $CURR_USER:users ~/temp_crontab
|
|
||||||
fi
|
|
||||||
if ! grep -q "gpg --refresh-keys" ~/temp_crontab; then
|
if ! grep -q "gpg --refresh-keys" ~/temp_crontab; then
|
||||||
echo "0 */$REFRESH_GPG_KEYS_HOURS * * * $CURR_USER /usr/bin/gpg --refresh-keys > /dev/null" >> ~/temp_crontab
|
echo "0 */$REFRESH_GPG_KEYS_HOURS * * * $CURR_USER /usr/bin/gpg --refresh-keys > /dev/null" >> ~/temp_crontab
|
||||||
sudo cp ~/temp_crontab /etc/crontab
|
sudo cp ~/temp_crontab /etc/crontab
|
||||||
|
@ -116,13 +113,10 @@ function configure_ssh_client {
|
||||||
sudo sed -i "s/# HostKeyAlgorithms.*/ HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS/g" /etc/ssh/ssh_config
|
sudo sed -i "s/# HostKeyAlgorithms.*/ HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS/g" /etc/ssh/ssh_config
|
||||||
sudo sed -i "s/# Ciphers.*/ Ciphers $SSH_CIPHERS/g" /etc/ssh/ssh_config
|
sudo sed -i "s/# Ciphers.*/ Ciphers $SSH_CIPHERS/g" /etc/ssh/ssh_config
|
||||||
sudo sed -i "s/# MACs.*/ MACs $SSH_MACS/g" /etc/ssh/ssh_config
|
sudo sed -i "s/# MACs.*/ MACs $SSH_MACS/g" /etc/ssh/ssh_config
|
||||||
|
sudo sed -i "s/HostKeyAlgorithms.*/HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS/g" /etc/ssh/ssh_config
|
||||||
if ! grep -q "HostKeyAlgorithms" /etc/ssh/ssh_config; then
|
if ! grep -q "HostKeyAlgorithms" /etc/ssh/ssh_config; then
|
||||||
sudo cp /etc/ssh/ssh_config ~/ssh_config
|
sudo cp /etc/ssh/ssh_config ~/ssh_config
|
||||||
if [ ! -f /usr/bin/pacman ]; then
|
sudo chown $CURR_USER:$CURR_GROUP ~/ssh_config
|
||||||
sudo chown $CURR_USER:$CURR_USER ~/ssh_config
|
|
||||||
else
|
|
||||||
sudo chown $CURR_USER:users ~/ssh_config
|
|
||||||
fi
|
|
||||||
echo " HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS" >> ~/ssh_config
|
echo " HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS" >> ~/ssh_config
|
||||||
sudo mv ~/ssh_config /etc/ssh/ssh_config
|
sudo mv ~/ssh_config /etc/ssh/ssh_config
|
||||||
sudo chown root:root /etc/ssh/ssh_config
|
sudo chown root:root /etc/ssh/ssh_config
|
||||||
|
@ -130,11 +124,7 @@ function configure_ssh_client {
|
||||||
sudo sed -i "s/Ciphers.*/Ciphers $SSH_CIPHERS/g" /etc/ssh/ssh_config
|
sudo sed -i "s/Ciphers.*/Ciphers $SSH_CIPHERS/g" /etc/ssh/ssh_config
|
||||||
if ! grep -q "Ciphers " /etc/ssh/ssh_config; then
|
if ! grep -q "Ciphers " /etc/ssh/ssh_config; then
|
||||||
sudo cp /etc/ssh/ssh_config ~/ssh_config
|
sudo cp /etc/ssh/ssh_config ~/ssh_config
|
||||||
if [ ! -f /usr/bin/pacman ]; then
|
sudo chown $CURR_USER:$CURR_GROUP ~/ssh_config
|
||||||
sudo chown $CURR_USER:$CURR_USER ~/ssh_config
|
|
||||||
else
|
|
||||||
sudo chown $CURR_USER:users ~/ssh_config
|
|
||||||
fi
|
|
||||||
echo " Ciphers $SSH_CIPHERS" >> ~/ssh_config
|
echo " Ciphers $SSH_CIPHERS" >> ~/ssh_config
|
||||||
sudo mv ~/ssh_config /etc/ssh/ssh_config
|
sudo mv ~/ssh_config /etc/ssh/ssh_config
|
||||||
sudo chown root:root /etc/ssh/ssh_config
|
sudo chown root:root /etc/ssh/ssh_config
|
||||||
|
@ -142,11 +132,7 @@ function configure_ssh_client {
|
||||||
sudo sed -i "s/MACs.*/MACs $SSH_MACS/g" /etc/ssh/ssh_config
|
sudo sed -i "s/MACs.*/MACs $SSH_MACS/g" /etc/ssh/ssh_config
|
||||||
if ! grep -q "MACs " /etc/ssh/ssh_config; then
|
if ! grep -q "MACs " /etc/ssh/ssh_config; then
|
||||||
sudo cp /etc/ssh/ssh_config ~/ssh_config
|
sudo cp /etc/ssh/ssh_config ~/ssh_config
|
||||||
if [ ! -f /usr/bin/pacman ]; then
|
sudo chown $CURR_USER:$CURR_GROUP ~/ssh_config
|
||||||
sudo chown $CURR_USER:$CURR_USER ~/ssh_config
|
|
||||||
else
|
|
||||||
sudo chown $CURR_USER:users ~/ssh_config
|
|
||||||
fi
|
|
||||||
echo " MACs $SSH_MACS" >> ~/ssh_config
|
echo " MACs $SSH_MACS" >> ~/ssh_config
|
||||||
sudo mv ~/ssh_config /etc/ssh/ssh_config
|
sudo mv ~/ssh_config /etc/ssh/ssh_config
|
||||||
sudo chown root:root /etc/ssh/ssh_config
|
sudo chown root:root /etc/ssh/ssh_config
|
||||||
|
|
Loading…
Reference in New Issue