Don't shred
In most cases we're writing to a microSSD or SSD, so shredding doesn't make sense
This commit is contained in:
Bob Mottram
parent
f14cbe5777
commit
de13a2940c
|
|
@ -142,7 +142,7 @@ chmod 600 "/home/$ADD_USERNAME/.gnupg/"*
|
|||
chown "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/gpg-genkey.conf"
|
||||
su -m root -c "gpg --homedir /home/$ADD_USERNAME/.gnupg --batch --full-gen-key /home/$ADD_USERNAME/gpg-genkey.conf" - "$ADD_USERNAME"
|
||||
chown -R "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/.gnupg"
|
||||
shred -zu "/home/$ADD_USERNAME/gpg-genkey.conf"
|
||||
rm "/home/$ADD_USERNAME/gpg-genkey.conf"
|
||||
MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$ADD_USERNAME" "$ADD_USERNAME@$HOSTNAME")
|
||||
MY_GPG_PUBLIC_KEY="/home/$ADD_USERNAME/public_key.gpg"
|
||||
su -m root -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - "$ADD_USERNAME"
|
||||
|
|
|
|||
|
|
@ -368,7 +368,7 @@ function restore_remote_tahoelafs {
|
|||
|
||||
function reconfigure_tahoelafs {
|
||||
if [ -f $tahoelafs_storage_file ]; then
|
||||
shred -zu $tahoelafs_storage_file
|
||||
rm $tahoelafs_storage_file
|
||||
fi
|
||||
sed -i '/HidServAuth /d' /etc/tor/torrc
|
||||
}
|
||||
|
|
@ -413,7 +413,7 @@ function remove_tahoelafs {
|
|||
fi
|
||||
remove_app tahoelafs
|
||||
if [ -f /etc/nginx/.htpasswd-tahoelafs ]; then
|
||||
shred -zu /etc/nginx/.htpasswd-tahoelafs
|
||||
rm /etc/nginx/.htpasswd-tahoelafs
|
||||
fi
|
||||
onion_update
|
||||
}
|
||||
|
|
|
|||
|
|
@ -74,10 +74,9 @@ function remove_user_tox {
|
|||
|
||||
if [ -d "/home/$remove_username/.config/tox" ]; then
|
||||
if [ -d "/home/$remove_username/.config/tox/chatlogs" ]; then
|
||||
shred -zu "/home/$remove_username/.config/tox/chatlogs/"*
|
||||
rm -rf "/home/$remove_username/.config/tox/chatlogs"
|
||||
fi
|
||||
shred -zu "/home/$remove_username/.config/tox/"*
|
||||
rm "/home/$remove_username/.config/tox/"*
|
||||
fi
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -351,7 +351,7 @@ function remove_vpn {
|
|||
for d in /home/*/ ; do
|
||||
USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
|
||||
if [ -f "/home/$USERNAME/$OPENVPN_KEY_FILENAME" ]; then
|
||||
shred -zu "/home/$USERNAME/$OPENVPN_KEY_FILENAME"
|
||||
rm "/home/$USERNAME/$OPENVPN_KEY_FILENAME"
|
||||
fi
|
||||
rm "/home/$USERNAME/stunnel*"
|
||||
done
|
||||
|
|
@ -448,7 +448,7 @@ function create_user_vpn_key {
|
|||
|
||||
#rm /etc/openvpn/easy-rsa/keys/$username.crt
|
||||
#rm /etc/openvpn/easy-rsa/keys/$username.csr
|
||||
shred -zu "/etc/openvpn/easy-rsa/keys/$username.key"
|
||||
rm "/etc/openvpn/easy-rsa/keys/$username.key"
|
||||
|
||||
echo $"VPN key created at $user_vpn_cert_file"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -419,7 +419,7 @@ function disperse_key_shares {
|
|||
fi
|
||||
|
||||
# remove the temp file/directory
|
||||
shred -zu "$temp_key_share_fragments/"*
|
||||
rm "$temp_key_share_fragments/"*
|
||||
rm -rf "$temp_key_share_dir"
|
||||
fi
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -1473,7 +1473,7 @@ function create_gpg_subkey {
|
|||
su -m root -c "gpg --homedir /home/$MY_USERNAME/.gnupg --batch --full-gen-key /home/$MY_USERNAME/gpg-genkey.conf" - "$MY_USERNAME"
|
||||
chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.gnupg"
|
||||
|
||||
shred -zu "/home/$MY_USERNAME/gpg-genkey.conf"
|
||||
rm "/home/$MY_USERNAME/gpg-genkey.conf"
|
||||
|
||||
# shellcheck disable=SC2034
|
||||
MY_GPG_SUBKEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
|
||||
|
|
@ -1596,7 +1596,7 @@ function configure_gpg {
|
|||
fi
|
||||
|
||||
# for security ensure that the private key file doesn't linger around
|
||||
shred -zu $MY_GPG_PRIVATE_KEY
|
||||
rm $MY_GPG_PRIVATE_KEY
|
||||
MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
|
||||
if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
|
||||
echo $'GPG public key ID could not be obtained'
|
||||
|
|
|
|||
|
|
@ -162,7 +162,7 @@ chmod -R 755 "/home/$USERNAME/emailcert"
|
|||
chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/emailcert"
|
||||
chmod +x "/home/$USERNAME/emailcert/install.sh"
|
||||
|
||||
shred -zu "/etc/ssl/requests/$USERNAME.csr"
|
||||
rm "/etc/ssl/requests/$USERNAME.csr"
|
||||
|
||||
echo $'Email authentication certificate created. You can obtain it on the client with:'
|
||||
echo ''
|
||||
|
|
|
|||
|
|
@ -986,7 +986,7 @@ function interactive_config {
|
|||
|
||||
# delete the temporary configuration file
|
||||
if [ -f temp.cfg ]; then
|
||||
shred -zu temp.cfg
|
||||
rm temp.cfg
|
||||
fi
|
||||
|
||||
# This file indicates that the configuration happened successfully
|
||||
|
|
|
|||
|
|
@ -423,7 +423,7 @@ EOF
|
|||
echo ' rm /root/.initial_setup';
|
||||
echo ' rm /home/fbone/.initial_setup';
|
||||
echo " touch /root/.remove_${GENERIC_IMAGE_USERNAME}";
|
||||
echo ' shred -zu ~/login.txt'; } >> "$rootdir/root/.bashrc"
|
||||
echo ' rm ~/login.txt'; } >> "$rootdir/root/.bashrc"
|
||||
if [[ "$VARIANT" != "mesh"* && "$VARIANT" != "usb" ]]; then
|
||||
{ echo " SSH_ONION_HOSTNAME=\$(cat /var/lib/tor/hidden_service_ssh/hostname)";
|
||||
|
||||
|
|
|
|||
|
|
@ -276,4 +276,4 @@ sudo -H \
|
|||
$pkgopts
|
||||
|
||||
echo $'Removing customised customisation script'
|
||||
sudo shred -zu $TEMP_CUSTOMISE
|
||||
sudo rm $TEMP_CUSTOMISE
|
||||
|
|
|
|||
|
|
@ -870,10 +870,10 @@ function mesh_amnesic {
|
|||
echo "MY_USERNAME=\$1";
|
||||
echo 'tomb slam all';
|
||||
echo "if [ -f /home/${MY_USERNAME}/.bash_history ]; then";
|
||||
echo " shred -zu /home/${MY_USERNAME}/.bash_history";
|
||||
echo " rm /home/${MY_USERNAME}/.bash_history";
|
||||
echo 'fi';
|
||||
echo "if [ -f /home/${MY_USERNAME}/.xsession-errors ]; then";
|
||||
echo " shred -zu /home/${MY_USERNAME}/.xsession-errors";
|
||||
echo " rm /home/${MY_USERNAME}/.xsession-errors";
|
||||
echo 'fi';
|
||||
echo '';
|
||||
echo 'exit 0'; } > /usr/bin/amnesic
|
||||
|
|
@ -944,7 +944,7 @@ function setup_amnesic_data {
|
|||
|
||||
# clear crypttab
|
||||
if [ -f /etc/crypttab ]; then
|
||||
shred -zu /etc/crypttab
|
||||
rm /etc/crypttab
|
||||
touch /etc/crypttab
|
||||
fi
|
||||
|
||||
|
|
@ -977,7 +977,6 @@ function setup_amnesic_data {
|
|||
fi
|
||||
fi
|
||||
if [ -d /var/lib/tox-bootstrapd ]; then
|
||||
shred -zu /var/lib/tox-bootstrapd/*
|
||||
rm -rf /var/lib/tox-bootstrapd
|
||||
fi
|
||||
ln -s /media/${tomb_name} /var/lib/tox-bootstrapd
|
||||
|
|
@ -1018,7 +1017,7 @@ function setup_ipfs {
|
|||
su -c "systemctl --user enable ipfs" - $MY_USERNAME
|
||||
|
||||
if [ -f $CURRENT_BLOG_INDEX ]; then
|
||||
shred -zu $CURRENT_BLOG_INDEX
|
||||
rm $CURRENT_BLOG_INDEX
|
||||
fi
|
||||
|
||||
if [ -d /home/$MY_USERNAME/Public ]; then
|
||||
|
|
@ -1027,11 +1026,11 @@ function setup_ipfs {
|
|||
fi
|
||||
|
||||
if [ -d /home/$MY_USERNAME/CreateBlog/content/images ]; then
|
||||
shred -zu /home/$MY_USERNAME/CreateBlog/content/images/*
|
||||
rm /home/$MY_USERNAME/CreateBlog/content/images/*
|
||||
fi
|
||||
|
||||
if [ -d /home/$MY_USERNAME/CreateBlog/content ]; then
|
||||
shred -zu /home/$MY_USERNAME/CreateBlog/content/*
|
||||
rm /home/$MY_USERNAME/CreateBlog/content/*
|
||||
if grep -q "THEME=" /home/$MY_USERNAME/CreateBlog/pelicanconf.py; then
|
||||
sed -i "s|THEME=.*|THEME='themes/nice-blog'|g" /home/$MY_USERNAME/CreateBlog/pelicanconf.py
|
||||
else
|
||||
|
|
@ -1040,7 +1039,7 @@ function setup_ipfs {
|
|||
fi
|
||||
|
||||
if [ -d /home/$MY_USERNAME/.ipfs ]; then
|
||||
shred -zu /home/$MY_USERNAME/.ipfs/config
|
||||
rm /home/$MY_USERNAME/.ipfs/config
|
||||
rm -rf /home/$MY_USERNAME/.ipfs
|
||||
su -c "systemctl --user restart ipfs" - $MY_USERNAME
|
||||
else
|
||||
|
|
@ -1048,19 +1047,19 @@ function setup_ipfs {
|
|||
fi
|
||||
|
||||
if [ -f /home/$MY_USERNAME/.blog-index ]; then
|
||||
shred -zu /home/$MY_USERNAME/.blog-index
|
||||
rm /home/$MY_USERNAME/.blog-index
|
||||
fi
|
||||
|
||||
if [ -f /home/$MY_USERNAME/.blog-theme-index ]; then
|
||||
shred -zu /home/$MY_USERNAME/.blog-theme-index
|
||||
rm /home/$MY_USERNAME/.blog-theme-index
|
||||
fi
|
||||
|
||||
if [ -f /home/$MY_USERNAME/.ipfs-id ]; then
|
||||
shred -zu /home/$MY_USERNAME/.ipfs-id
|
||||
rm /home/$MY_USERNAME/.ipfs-id
|
||||
fi
|
||||
|
||||
if [ -f /home/$MY_USERNAME/.ipfs-public ]; then
|
||||
shred -zu /home/$MY_USERNAME/.ipfs-public
|
||||
rm /home/$MY_USERNAME/.ipfs-public
|
||||
fi
|
||||
|
||||
chmod 755 $IPFS_COMMAND
|
||||
|
|
@ -1204,7 +1203,7 @@ function create_user_vpn_key {
|
|||
|
||||
#rm /etc/openvpn/easy-rsa/keys/$username.crt
|
||||
#rm /etc/openvpn/easy-rsa/keys/$username.csr
|
||||
shred -zu "/etc/openvpn/easy-rsa/keys/$username.key"
|
||||
rm "/etc/openvpn/easy-rsa/keys/$username.key"
|
||||
|
||||
echo $"VPN key created at $user_vpn_cert_file" >> "/var/log/${PROJECT_NAME}.log"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -33,9 +33,6 @@ export TEXTDOMAINDIR="/usr/share/locale"
|
|||
|
||||
WEBSERVER_LOG_LEVEL='warn'
|
||||
|
||||
# Shredding could be used here, but especially on microSD
|
||||
# or SSD it's debatable how useful shredding really is.
|
||||
# Also the shred command can be very slow on Beaglebone Black
|
||||
REMOVE_FILES_COMMAND='rm -rf'
|
||||
|
||||
source /usr/local/bin/${PROJECT_NAME}-vars
|
||||
|
|
|
|||
|
|
@ -139,7 +139,6 @@ function clear_passwords {
|
|||
for d in /root/.passwords/*/ ; do
|
||||
USERNAME=$(echo "$d" | awk -F '/' '{print $4}')
|
||||
if [[ "$USERNAME" != 'root' ]]; then
|
||||
shred -zu "/root/.passwords/$USERNAME/"*
|
||||
rm -rf "/root/.passwords/$USERNAME"
|
||||
fi
|
||||
done
|
||||
|
|
@ -287,7 +286,7 @@ fi
|
|||
|
||||
if [ "${REMOVE_APP}" ]; then
|
||||
if [ -d "${HOME}/.passwords/${CURR_USERNAME}/${REMOVE_APP}" ]; then
|
||||
shred -zu "${HOME}/.passwords/${CURR_USERNAME}/${REMOVE_APP}"
|
||||
rm "${HOME}/.passwords/${CURR_USERNAME}/${REMOVE_APP}"
|
||||
fi
|
||||
exit 0
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -165,10 +165,10 @@ echo $'Key fragments recombined'
|
|||
# import the gpg key
|
||||
if ! gpg --homedir="/home/$MY_USERNAME/.gnupg" --allow-secret-key-import --import "$KEYS_FILE"; then
|
||||
echo $'Unable to import gpg key'
|
||||
shred -zu "$KEYS_FILE"
|
||||
rm "$KEYS_FILE"
|
||||
exit 3682
|
||||
fi
|
||||
shred -zu "$KEYS_FILE"
|
||||
rm "$KEYS_FILE"
|
||||
chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.gnupg"
|
||||
chmod -R 600 "/home/$MY_USERNAME/.gnupg"
|
||||
|
||||
|
|
|
|||
|
|
@ -100,7 +100,7 @@ function renew_startssl {
|
|||
# remove the password from the private cert
|
||||
openssl rsa -in /etc/ssl/private/$HOSTNAME.key -out /etc/ssl/private/$HOSTNAME.new.key
|
||||
cp /etc/ssl/private/$HOSTNAME.new.key /etc/ssl/private/$HOSTNAME.key
|
||||
shred -zu /etc/ssl/private/$HOSTNAME.new.key
|
||||
rm /etc/ssl/private/$HOSTNAME.new.key
|
||||
|
||||
# bundle the cert
|
||||
cat /etc/ssl/certs/$HOSTNAME.crt /etc/ssl/chains/startssl-sub.class1.server.ca.pem > /etc/ssl/certs/$HOSTNAME.bundle.crt
|
||||
|
|
|
|||
|
|
@ -50,7 +50,7 @@ if [ -f $DATABASE_PASSWORD_FILE ]; then
|
|||
${PROJECT_NAME}-pass -u root -a mariadb -p "$MARIADB_PASSWORD"
|
||||
stored_password=$(${PROJECT_NAME}-pass -u root -a mariadb)
|
||||
if [[ "$stored_password" == "$MARIADB_PASSWORD" ]]; then
|
||||
shred -zu $DATABASE_PASSWORD_FILE
|
||||
rm $DATABASE_PASSWORD_FILE
|
||||
fi
|
||||
fi
|
||||
|
||||
|
|
|
|||
|
|
@ -110,12 +110,12 @@ fi
|
|||
|
||||
# remove gpg keys
|
||||
if [ -d "/home/$REMOVE_USERNAME/.gnupg" ]; then
|
||||
shred -zu "/home/$REMOVE_USERNAME/.gnupg/"*
|
||||
rm "/home/$REMOVE_USERNAME/.gnupg/"*
|
||||
fi
|
||||
|
||||
# remove ssh keys
|
||||
if [ -d "/home/$REMOVE_USERNAME/.ssh" ]; then
|
||||
shred -zu "/home/$REMOVE_USERNAME/.ssh/"*
|
||||
rm "/home/$REMOVE_USERNAME/.ssh/"*
|
||||
fi
|
||||
|
||||
echo $'Detecting installed apps...'
|
||||
|
|
|
|||
|
|
@ -155,7 +155,7 @@ if [ ! "$?" = "0" ]; then
|
|||
fi
|
||||
if ! gpg --output "$FRAGMENTS_DIR/backup_pubkey.txt" \
|
||||
--armor --export "$MY_BACKUP_KEY_ID"; then
|
||||
shred -zu "$FRAGMENTS_DIR/privkey.txt"
|
||||
rm "$FRAGMENTS_DIR/privkey.txt"
|
||||
echo $"Unable to extract backup public key for $MY_BACKUP_KEY_ID"
|
||||
exit 62928
|
||||
fi
|
||||
|
|
@ -163,7 +163,7 @@ echo "$BACKUP_DUMMY_PASSWORD" | \
|
|||
if ! gpg --output "$FRAGMENTS_DIR/backup_privkey.txt" \
|
||||
--batch --passphrase-fd 0 \
|
||||
--armor --export-secret-key "$MY_BACKUP_KEY_ID"; then
|
||||
shred -zu "$FRAGMENTS_DIR/privkey.txt"
|
||||
rm "$FRAGMENTS_DIR/privkey.txt"
|
||||
echo $"Unable to extract backup private key for $MY_BACKUP_KEY_ID"
|
||||
exit 13783
|
||||
fi
|
||||
|
|
@ -176,21 +176,21 @@ cat "$FRAGMENTS_DIR/pubkey.txt" \
|
|||
"$FRAGMENTS_DIR/privkey.txt" \
|
||||
"$FRAGMENTS_DIR/backup_pubkey.txt" \
|
||||
"$FRAGMENTS_DIR/backup_privkey.txt" > "$KEYS_FILE"
|
||||
shred -zu "$FRAGMENTS_DIR/privkey.txt"
|
||||
shred -zu "$FRAGMENTS_DIR/pubkey.txt"
|
||||
shred -zu "$FRAGMENTS_DIR/backup_privkey.txt"
|
||||
shred -zu "$FRAGMENTS_DIR/backup_pubkey.txt"
|
||||
rm "$FRAGMENTS_DIR/privkey.txt"
|
||||
rm "$FRAGMENTS_DIR/pubkey.txt"
|
||||
rm "$FRAGMENTS_DIR/backup_privkey.txt"
|
||||
rm "$FRAGMENTS_DIR/backup_pubkey.txt"
|
||||
|
||||
KEY_SHARES=$((KEY_FRAGMENTS * 2))
|
||||
if ! gfsplit -n "$KEY_FRAGMENTS" -m $KEY_SHARES "$KEYS_FILE"; then
|
||||
echo $"Unable to split the gpg key"
|
||||
rm -rf "$FRAGMENTS_DIR"
|
||||
if [ -f "$KEYS_FILE" ]; then
|
||||
shred -zu "$KEYS_FILE"
|
||||
rm "$KEYS_FILE"
|
||||
fi
|
||||
exit 63028
|
||||
fi
|
||||
shred -zu "$KEYS_FILE"
|
||||
rm "$KEYS_FILE"
|
||||
|
||||
# set permissions
|
||||
chown -R "$MY_USERNAME":"$MY_USERNAME" "$FRAGMENTS_DIR"
|
||||
|
|
|
|||
|
|
@ -97,7 +97,7 @@ function configure_backup_key {
|
|||
su -m root -c "gpg --homedir /home/$MY_USERNAME/.gnupg --batch --full-gen-key /home/$MY_USERNAME/gpg-genkey.conf" - "$MY_USERNAME"
|
||||
chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.gnupg"
|
||||
|
||||
shred -zu "/home/$MY_USERNAME/gpg-genkey.conf"
|
||||
rm "/home/$MY_USERNAME/gpg-genkey.conf"
|
||||
echo $'Checking that the Backup key was created'
|
||||
BACKUP_KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_NAME (backup key)")
|
||||
if [[ $BACKUP_KEY_EXISTS == "no" ]]; then
|
||||
|
|
@ -127,8 +127,8 @@ function configure_backup_key {
|
|||
gpg --import --import "${MY_BACKUP_KEY}_public.asc"
|
||||
echo "$BACKUP_DUMMY_PASSWORD" | gpg --batch --passphrase-fd 0 --allow-secret-key-import --import "${MY_BACKUP_KEY}_private.asc"
|
||||
|
||||
shred -zu "${MY_BACKUP_KEY}_public.asc"
|
||||
shred -zu "${MY_BACKUP_KEY}_private.asc"
|
||||
rm "${MY_BACKUP_KEY}_public.asc"
|
||||
rm "${MY_BACKUP_KEY}_private.asc"
|
||||
|
||||
mark_completed "${FUNCNAME[0]}"
|
||||
}
|
||||
|
|
@ -258,7 +258,6 @@ function backup_database_local_usb {
|
|||
if [ -f "${local_database_dir}/${1}.${database_file_extension}" ]; then
|
||||
if [ ! -s "${local_database_dir}/${1}.${database_file_extension}" ]; then
|
||||
echo $"${1} database could not be saved"
|
||||
shred -zu "${local_database_dir}/"*
|
||||
rm -rf "${local_database_dir}"
|
||||
umount "$USB_MOUNT"
|
||||
rm -rf "$USB_MOUNT"
|
||||
|
|
@ -284,7 +283,6 @@ function backup_directory_to_usb_duplicity {
|
|||
umount "$USB_MOUNT"
|
||||
rm -rf "$USB_MOUNT"
|
||||
if [[ ${1} == "/root/temp"* || ${1} == *"tempbackup" ]]; then
|
||||
shred -zu "${1}/"*
|
||||
rm -rf "${1}"
|
||||
fi
|
||||
function_check restart_site
|
||||
|
|
@ -299,7 +297,6 @@ function backup_directory_to_usb_duplicity {
|
|||
umount "$USB_MOUNT"
|
||||
rm -rf "$USB_MOUNT"
|
||||
if [[ ${1} == "/root/temp"* || ${1} == *"tempbackup" ]]; then
|
||||
shred -zu "${1}/"*
|
||||
rm -rf "${1}"
|
||||
fi
|
||||
function_check restart_site
|
||||
|
|
@ -332,7 +329,6 @@ function backup_directory_to_usb {
|
|||
backup_directory_to_usb_duplicity "${1}" "${2}"
|
||||
|
||||
if [[ ${1} == "/root/temp"* || ${1} == *"tempbackup" ]]; then
|
||||
shred -zu "${1}/"*
|
||||
rm -rf "${1}"
|
||||
fi
|
||||
fi
|
||||
|
|
@ -414,7 +410,6 @@ function backup_directory_to_friend_duplicity {
|
|||
# shellcheck disable=SC2181
|
||||
if [ ! "$?" = "0" ]; then
|
||||
if [[ "${1}" == "/root/temp"* || ${1} == *"tempbackup" ]]; then
|
||||
shred -zu "${1}/"*
|
||||
rm -rf "${1}"
|
||||
fi
|
||||
function_check restart_site
|
||||
|
|
@ -427,7 +422,6 @@ function backup_directory_to_friend_duplicity {
|
|||
# shellcheck disable=SC2181
|
||||
if [ ! "$?" = "0" ]; then
|
||||
if [[ "${1}" == "/root/temp"* || ${1} == *"tempbackup" ]]; then
|
||||
shred -zu "${1}/"*
|
||||
rm -rf "${1}"
|
||||
fi
|
||||
function_check restart_site
|
||||
|
|
@ -457,7 +451,6 @@ function backup_directory_to_friend {
|
|||
backup_directory_to_friend_duplicity "${1}" "${2}"
|
||||
|
||||
if [[ "${1}" == "/root/temp"* || ${1} == *"tempbackup" ]]; then
|
||||
shred -zu "/root/temp${2}/"*
|
||||
rm -rf "/root/temp${2}"
|
||||
fi
|
||||
}
|
||||
|
|
@ -508,7 +501,6 @@ function backup_database_remote {
|
|||
if [ -f "${local_database_dir}/${1}.${database_file_extension}" ]; then
|
||||
if [ ! -s "${local_database_dir}/${1}.${database_file_extension}" ]; then
|
||||
echo $"${1} database could not be saved"
|
||||
shred -zu "${local_database_dir}/"*
|
||||
rm -rf "${local_database_dir}"
|
||||
# Send a warning email
|
||||
echo $"Unable to export ${1} database" | mail -s $"${PROJECT_NAME} backup to friends" "$ADMIN_EMAIL_ADDRESS"
|
||||
|
|
@ -629,9 +621,9 @@ function restore_database_from_friend {
|
|||
exit 8735271
|
||||
fi
|
||||
if [ -d "${local_database_dir}/${RESTORE_SUBDIR}/temp${1}data" ]; then
|
||||
shred -zu "${local_database_dir}/${RESTORE_SUBDIR}/temp${1}data/"*
|
||||
rm "${local_database_dir}/${RESTORE_SUBDIR}/temp${1}data/"*
|
||||
else
|
||||
shred -zu "${local_database_dir}/*.${database_file_extension}"
|
||||
rm "${local_database_dir}/*.${database_file_extension}"
|
||||
fi
|
||||
rm -rf "${local_database_dir}"
|
||||
echo $"Restoring ${1} installation"
|
||||
|
|
@ -739,9 +731,9 @@ function restore_database {
|
|||
exit 482638995
|
||||
fi
|
||||
if [ -d "${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data" ]; then
|
||||
shred -zu "${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data/"*
|
||||
rm "${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data/"*
|
||||
else
|
||||
shred -zu "${local_database_dir}/*.${database_file_extension}"
|
||||
rm "${local_database_dir}/*.${database_file_extension}"
|
||||
fi
|
||||
|
||||
rm -rf "${local_database_dir}"
|
||||
|
|
|
|||
|
|
@ -139,7 +139,7 @@ function get_mariadb_password {
|
|||
"${PROJECT_NAME}-pass" -u root -a mariadb -p "$MARIADB_PASSWORD"
|
||||
stored_password=$("${PROJECT_NAME}-pass" -u root -a mariadb)
|
||||
if [[ "$stored_password" == "$MARIADB_PASSWORD" ]]; then
|
||||
shred -zu $DATABASE_PASSWORD_FILE
|
||||
rm $DATABASE_PASSWORD_FILE
|
||||
echo $'MariaDB password moved into password store'
|
||||
return
|
||||
fi
|
||||
|
|
@ -311,7 +311,7 @@ quit" > "$INSTALL_DIR/batch.sql"
|
|||
chmod 600 "$INSTALL_DIR/batch.sql"
|
||||
keep_database_running
|
||||
mysql -u root --password="$MARIADB_PASSWORD" < "$INSTALL_DIR/batch.sql"
|
||||
shred -zu "$INSTALL_DIR/batch.sql"
|
||||
rm "$INSTALL_DIR/batch.sql"
|
||||
}
|
||||
|
||||
function initialise_database {
|
||||
|
|
@ -359,7 +359,7 @@ quit" > "$INSTALL_DIR/batch.sql"
|
|||
chmod 600 "$INSTALL_DIR/batch.sql"
|
||||
keep_database_running
|
||||
mysql -u root --password="$MARIADB_PASSWORD" < "$INSTALL_DIR/batch.sql"
|
||||
shred -zu "$INSTALL_DIR/batch.sql"
|
||||
rm "$INSTALL_DIR/batch.sql"
|
||||
}
|
||||
|
||||
function run_query_with_output {
|
||||
|
|
@ -385,7 +385,7 @@ quit" > "$INSTALL_DIR/batch.sql"
|
|||
chmod 600 "$INSTALL_DIR/batch.sql"
|
||||
keep_database_running
|
||||
mysql -u root --password="$MARIADB_PASSWORD" < "$INSTALL_DIR/batch.sql"
|
||||
shred -zu "$INSTALL_DIR/batch.sql"
|
||||
rm "$INSTALL_DIR/batch.sql"
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -118,7 +118,7 @@ function gpg_create_key {
|
|||
echo $"A GPG key for $MY_EMAIL_ADDRESS could not be created"
|
||||
exit 63621
|
||||
fi
|
||||
shred -zu "/home/$key_username/gpg-genkey.conf"
|
||||
rm "/home/$key_username/gpg-genkey.conf"
|
||||
CURR_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$key_username" "$MY_EMAIL_ADDRESS")
|
||||
if [ ${#CURR_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
|
||||
echo $"GPG public key ID could not be obtained for $MY_EMAIL_ADDRESS"
|
||||
|
|
@ -196,7 +196,7 @@ function gpg_reconstruct_key {
|
|||
fi
|
||||
|
||||
if ! gpg --homedir="/home/$key_username/.gnupg" --allow-secret-key-import --import "$KEYS_FILE"; then
|
||||
shred -zu "$KEYS_FILE"
|
||||
rm "$KEYS_FILE"
|
||||
rm -rf "/home/$key_username/.tempgnupg"
|
||||
if [ "$key_interactive" ]; then
|
||||
dialog --title $"Recover Encryption Keys" --msgbox $'Unable to import gpg key' 6 70
|
||||
|
|
@ -205,7 +205,7 @@ function gpg_reconstruct_key {
|
|||
fi
|
||||
exit 96547
|
||||
fi
|
||||
shred -zu "$KEYS_FILE"
|
||||
rm "$KEYS_FILE"
|
||||
|
||||
gpg_set_permissions "$key_username"
|
||||
|
||||
|
|
|
|||
|
|
@ -136,11 +136,9 @@ function remove_onion_service {
|
|||
fi
|
||||
fi
|
||||
if [ -d "${HIDDEN_SERVICE_PATH}${onion_service_name}" ]; then
|
||||
shred -zu "${HIDDEN_SERVICE_PATH}${onion_service_name}/"*
|
||||
rm -rf "${HIDDEN_SERVICE_PATH}${onion_service_name}"
|
||||
fi
|
||||
if [ -d "${HIDDEN_SERVICE_PATH}${onion_service_name}_mobile" ]; then
|
||||
shred -zu "${HIDDEN_SERVICE_PATH}${onion_service_name}_mobile/"*
|
||||
rm -rf "${HIDDEN_SERVICE_PATH}${onion_service_name}_mobile"
|
||||
fi
|
||||
remove_completion_param "${onion_service_name} onion domain"
|
||||
|
|
|
|||
|
|
@ -202,7 +202,7 @@ quit" > "$INSTALL_DIR/batch.sql"
|
|||
chmod 600 "$INSTALL_DIR/batch.sql"
|
||||
cd /etc/postgresql || exit 247284684
|
||||
sudo -u postgres psql -d "$database_name" --file="$INSTALL_DIR/batch.sql"
|
||||
shred -zu "$INSTALL_DIR/batch.sql"
|
||||
rm "$INSTALL_DIR/batch.sql"
|
||||
}
|
||||
|
||||
# NOTE: deliberately there is no "exit 0"
|
||||
|
|
|
|||
Loading…
Reference in New Issue