free
/
freedomboneeee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'stretch' of https://github.com/bashrc/freedombone

This commit is contained in:
Bob Mottram 2018-03-23 17:20:38 +00:00
parent 47feb45691 8a366a6103
commit e909a996ef
18 changed files with 602 additions and 512 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/EN/socialinstance.org
View File

@ -10,7 +10,7 @@
[[file:images/logo.png]]
#+END_CENTER
#+BEGIN_EXPORT html
#+BEGIN_EXPORT HTML
<center>
<h1>Social Instance</h1>
</center>

BIN
image_build/prosody-0.10-1nightly382.tar.gz
View File

Binary file not shown.

BIN
image_build/prosody-0.10-1nightly410.tar.gz
View File

Binary file not shown.

BIN
image_build/prosody-0.10-1nightly468.tar.gz Normal file
View File

Binary file not shown.

BIN
image_build/prosody-modules-20180104.tar.gz
View File

Binary file not shown.

BIN
image_build/prosody-modules-20180322.tar.gz Normal file
View File

Binary file not shown.

4
src/freedombone-app-gnusocial
View File

@ -614,6 +614,10 @@ function remove_gnusocial {
sed -i 's|mysqli.allow_persistent.*|mysqli.allow_persistent = On|g' /etc/php/7.0/cli/php.ini
sed -i 's|mysqli.reconnect.*|mysqli.reconnect = Off|g' /etc/php/7.0/cli/php.ini
if [ -f /usr/bin/gnusocial-firewall ]; then
rm /usr/bin/gnusocial-firewall
fi
function_check remove_ddns_domain
remove_ddns_domain "$GNUSOCIAL_DOMAIN_NAME"
}

35
src/freedombone-app-pleroma
View File

@ -9,15 +9,6 @@
# Freedom in the Cloud
#
# Pleroma backend application
# https://git.pleroma.social/pleroma/pleroma/wikis/Installing-on-Debian-Based-Distributions
#
# Show stopper: This is dependent on https://placehold.it for avatar images,
# so at present it's not usable until a first party placeholder image system
# is included.
#
# There is also a possible issue with the chat system which uses an object called
# "Agent" which may not be supported with the version of elixir within the
# Debian package. This only applies if you're installing from the latest commit.
#
# License
# =======
@ -47,7 +38,7 @@ PLEROMA_CODE=
PLEROMA_PORT=4000
PLEROMA_ONION_PORT=8011
PLEROMA_REPO="https://git.pleroma.social/pleroma/pleroma.git"
PLEROMA_COMMIT='59a76ea464998476f8c4814324647f4ae4a7f2cb'
PLEROMA_COMMIT='c50c7745bc8b8f52ba07c69c0d2505df54da0f59'
PLEROMA_ADMIN_PASSWORD=
PLEROMA_DIR=/etc/pleroma
PLEROMA_SECRET_KEY=""
@ -254,7 +245,6 @@ function pleroma_recompile {
if [ -f /etc/systemd/system/pleroma.service ]; then
systemctl restart pleroma
fi
}
function logging_on_pleroma {
@ -733,6 +723,11 @@ function upgrade_pleroma {
return
fi
pleroma_registrations=open
if grep -q 'registrations_open: false' $PLEROMA_DIR/config/config.exs; then
pleroma_registrations=
fi
# make a copy of the configuration
cp $PLEROMA_DIR/priv/static/static/config.json $PLEROMA_DIR/priv/static/static/config_prev.json
@ -760,12 +755,19 @@ function upgrade_pleroma {
sudo -u pleroma mix deps.get
if [ ! $pleroma_registrations ]; then
sed -i 's|registrations_open: true|registrations_open: false|g' $PLEROMA_DIR/config/config.exs
sed -i 's|registrations_open: True|registrations_open: false|g' $PLEROMA_DIR/config/config.exs
fi
pleroma_recompile
# migrate database
sudo -u pleroma mix deps.clean --build mime
sudo -u pleroma mix ecto.migrate
pleroma_custom_logo "$PLEROMA_DIR"
expire_pleroma_posts "$PLEROMA_DOMAIN_NAME" "$PLEROMA_EXPIRE_MONTHS"
create_pleroma_blocklist
@ -934,6 +936,10 @@ function remove_pleroma {
sed -i '/pleroma commit/d' "$COMPLETION_FILE"
sed -i "/$blocking_script_file/d" /etc/crontab
if [ -f /usr/bin/pleroma-blocking ]; then
rm /usr/bin/pleroma-blocking
fi
function_check remove_ddns_domain
remove_ddns_domain "$PLEROMA_DOMAIN_NAME"
}
@ -1183,6 +1189,13 @@ function install_pleroma {
sed -i 's|registrations_open:.*|registrations_open: true,|g' $PLEROMA_DIR/config/config.exs
sed -i 's|"registrationOpen":.*|"registrationOpen": true,|g' $PLEROMA_DIR/priv/static/static/config.json
if ! grep -q "media_proxy" $PLEROMA_DIR/priv/static/static/config.json; then
sed -i '/"name":/a "media_proxy": false,' $PLEROMA_DIR/priv/static/static/config.json
sed -i 's|"media_proxy"| "media_proxy"|g' $PLEROMA_DIR/priv/static/static/config.json
else
sed -i 's|"media_proxy".*|"media_proxy": false,|g' $PLEROMA_DIR/priv/static/static/config.json
fi
systemctl daemon-reload
systemctl enable pleroma
systemctl start pleroma

4
src/freedombone-app-postactiv
View File

@ -627,6 +627,10 @@ function remove_postactiv {
sed -i 's|mysqli.allow_persistent.*|mysqli.allow_persistent = On|g' /etc/php/7.0/cli/php.ini
sed -i 's|mysqli.reconnect.*|mysqli.reconnect = Off|g' /etc/php/7.0/cli/php.ini
if [ -f /usr/bin/postactiv-firewall ]; then
rm /usr/bin/postactiv-firewall
fi
function_check remove_ddns_domain
remove_ddns_domain "$POSTACTIV_DOMAIN_NAME"
}

37
src/freedombone-app-xmpp
View File

@ -45,14 +45,14 @@ XMPP_CIPHERS='"EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+
XMPP_ECC_CURVE='"secp384r1"'
prosody_latest_version='0.10'
prosody_nightly=410
prosody_nightly_hash='9cf3db6a09895a744d72eb90b4a635758a710afe1a16b78506c7139c4e7211eb'
prosody_nightly=468
prosody_nightly_hash='c72aaab1182a86090188284f443d2f819889ca242d4e955258ef60f4c7c9a1ba'
prosody_filename=prosody-${prosody_latest_version}-1nightly${prosody_nightly}
prosody_nightly_url="https://prosody.im/nightly/${prosody_latest_version}/latest/${prosody_filename}.tar.gz"
# From https://hg.prosody.im/prosody-modules
prosody_modules_filename='prosody-modules-20180104.tar.gz'
prosody_modules_hash='7c81b4ed8a90130b4db5902dc1f299ad1c4dab57a0970552b71cb2042a490bc1'
prosody_modules_filename='prosody-modules-20180322.tar.gz'
prosody_modules_hash='982d0dfcef98e9cb9cee4cc3801b8ce9a503a32e44c32b99df6fe94545b90072'
xmpp_variables=(ONION_ONLY
INSTALLED_WITHIN_DOCKER
@ -414,10 +414,16 @@ function prosody_daemon_restart_script {
# On rare occasions the daemon appears to get stuck
# i.e. still active, but not accepting connections
# This ensures that it will unstick itself at least once per day
if [ ! -f /etc/cron.daily/prosody ]; then
echo '#!/bin/bash' > /etc/cron.daily/prosody
echo 'systemctl restart prosody' >> /etc/cron.daily/prosody
chmod +x /etc/cron.daily/prosody
if [ -f /etc/cron.daily/prosody ]; then
rm /etc/cron.daily/prosody
fi
if [ ! -f /etc/cron.hourly/prosody ]; then
{ echo '#!/bin/bash';
echo "is_active=\$(systemctl is-active prosody)";
echo "if [[ \"\$is_active\" != 'active' ]]; then";
echo ' systemctl restart prosody'
echo 'fi'; } > /etc/cron.hourly/prosody
chmod +x /etc/cron.hourly/prosody
fi
}
@ -667,13 +673,13 @@ function xmpp_contact_info {
return
fi
{ 'contact_info = {';
"abuse = { \"mailto:${MY_EMAIL_ADDRESS}\", \"xmpp:${MY_USERNAME}@${HOSTNAME}\" };";
"admin = { \"mailto:${MY_EMAIL_ADDRESS}\", \"xmpp:${MY_USERNAME}@${HOSTNAME}\" };";
"feedback = { \"mailto:${MY_EMAIL_ADDRESS}\", \"xmpp:${MY_USERNAME}@${HOSTNAME}\" };";
"security = { \"xmpp:${MY_USERNAME}@${HOSTNAME}\" };";
"support = { \"xmpp:${MY_USERNAME}@${HOSTNAME}\" };";
'};'; } >> "$filename"
{ echo 'contact_info = {';
echo "abuse = { \"mailto:${MY_EMAIL_ADDRESS}\", \"xmpp:${MY_USERNAME}@${HOSTNAME}\" };";
echo "admin = { \"mailto:${MY_EMAIL_ADDRESS}\", \"xmpp:${MY_USERNAME}@${HOSTNAME}\" };";
echo "feedback = { \"mailto:${MY_EMAIL_ADDRESS}\", \"xmpp:${MY_USERNAME}@${HOSTNAME}\" };";
echo "security = { \"xmpp:${MY_USERNAME}@${HOSTNAME}\" };";
echo "support = { \"xmpp:${MY_USERNAME}@${HOSTNAME}\" };";
echo '};'; } >> "$filename"
}
function xmpp_modules {
@ -867,6 +873,7 @@ function xmpp_create_config {
echo 'http_upload_file_size_limit = 307200';
echo '';
echo "Component \"chat.${DEFAULT_DOMAIN_NAME}\" \"muc\"";
echo ' restrict_room_creation = true';
echo ' name = "Chatrooms"';
echo ' modules_enabled = {';
echo ' "muc_limits";';

67
src/freedombone-base-email
View File

@ -57,8 +57,6 @@ MY_GPG_PRIVATE_KEY=
# optionally specify your public key ID
MY_GPG_PUBLIC_KEY_ID=
EXIM_ONION_REPO="https://github.com/petterreinholdtsen/exim4-smtorp"
# automatic archiving of email
CLEANUP_MAILDIR_REPO="https://github.com/bashrc/cleanup-maildir"
CLEANUP_MAILDIR_COMMIT='33241d2e3861f901ba17f5c77ada007e1ec06a86'
@ -150,6 +148,71 @@ function configure_email_onion {
set_completion_param "email onion domain" "${onion_address}"
add_email_hostname "$onion_address"
apt-get -yq install tinycdb perl
# MX record should be:
# _onion-mx._tcp.$DEFAULT_DOMAIN_NAME. 3600 IN SRV 0 5 25 $onion_address
echo "$DEFAULT_DOMAIN_NAME $onion_address" > /etc/exim4/onionrelay.txt
cdb -m -c -t ~/onionrelay.tmp /etc/exim4/onionrelay.cdb /etc/exim4/onionrelay.txt
{ echo "perl_startup = do '/etc/exim4/perl-routines.pl'";
echo "perl_at_start"; } > /etc/exim4/conf.d/main/perl
{ echo "use Net::DNS::Resolver;";
echo "sub onionLookup {";
echo " my \$hostname = shift;";
echo " my \$res = Net::DNS::Resolver->new(nameservers => [qw(127.0.0.1)],);";
echo " \$res->port(5300);";
echo " my \$query = \$res->search(\$hostname);";
echo " foreach my \$rr (\$query->answer) {";
echo " next unless \$rr->type eq \"A\";";
echo " return \$rr->address;";
echo " }";
echo " return 'no_such_host';";
echo "}"; } > /etc/exim4/perl-routines.pl
{ echo "ONION_RELAYDB=/etc/exim4/onionrelay.cdb";
echo "domainlist onion_relays = cdb;ONION_RELAYDB"; } > /etc/exim4/conf.d/domainlists
{ echo "# send things over tor where we have an entry for it";
echo "onionrelays:";
echo " driver = manualroute";
echo " domains = +onion_relays";
echo " transport = onion_relay";
echo " # get the automap IP for the onion address from the tor daemon";
echo " route_data = \${perl{onionLookup}{\${lookup{\$domain}cdb{ONION_RELAYDB}}}}";
echo " no_more"; } > /etc/exim4/conf.d/router/50_exim4-config-onion
{ echo "onion_relay:";
echo " driver = smtp";
echo " socks_proxy = 127.0.0.1 port=9050"; } > /etc/exim4/conf.d/transport/50_exim4-config_onion
if ! grep -q "AutomapHostsOnResolve" /etc/tor/torrc; then
echo 'AutomapHostsOnResolve 1' >> /etc/tor/torrc
else
sed -i 's|#AutomapHostsOnResolve.*|AutomapHostsOnResolve 1|g' /etc/tor/torrc
sed -i 's|AutomapHostsOnResolve.*|AutomapHostsOnResolve 1|g' /etc/tor/torrc
fi
if ! grep -q "DNSPort " /etc/tor/torrc; then
echo 'DNSPort 5300' >> /etc/tor/torrc
else
sed -i 's|#DNSPort .*|DNSPort 5300|g' /etc/tor/torrc
sed -i 's|DNSPort .*|DNSPort 5300|g' /etc/tor/torrc
fi
if ! grep -q "DNSListenAddress" /etc/tor/torrc; then
echo 'DNSListenAddress 127.0.0.1' >> /etc/tor/torrc
else
sed -i 's|#DNSListenAddress.*|DNSListenAddress 127.0.0.1|g' /etc/tor/torrc
sed -i 's|DNSListenAddress.*|DNSListenAddress 127.0.0.1|g' /etc/tor/torrc
fi
dpkg-reconfigure --frontend noninteractive exim4-config
systemctl restart tor
systemctl restart exim4
mark_completed "${FUNCNAME[0]}"
}

542
src/freedombone-controlpanel
View File

@ -129,129 +129,10 @@ fi
function any_key {
echo ''
# shellcheck disable=SC2034
read -n1 -rsp $"Press any key to continue..." key
}
function any_key_verify {
echo ''
read -n1 -rsp $"Press any key to continue or C to check a hash..." key
if [[ "$key" != 'c' && "$key" != 'C' ]]; then
return
fi
data=$(mktemp 2>/dev/null)
dialog --title $"Check tripwire hash" \
--backtitle $"Freedombone Control Panel" \
--inputbox $"Paste your tripwire hash below and it will be checked against the current database" 12 60 2>"$data"
sel=$?
case $sel in
0)
GIVEN_HASH=$(<"$data")
if [ ${#GIVEN_HASH} -gt 8 ]; then
if [[ "$GIVEN_HASH" == *' '* ]]; then
dialog --title $"Check tripwire" \
--msgbox $"\\nThe hash should not contain any spaces" 10 40
else
DBHASH=$(sha512sum "/var/lib/tripwire/${HOSTNAME}.twd" | awk -F ' ' '{print $1}')
if [[ "$DBHASH" == "$GIVEN_HASH" ]]; then
dialog --title $"Check tripwire" \
--msgbox $"\\nSuccess\\n\\nThe hash you gave matches the current tripwire database" 10 40
else
dialog --title $"Check tripwire" \
--msgbox $"\\nFailed\\n\\nThe hash you gave does not match the current tripwire database. This might be because you reset the tripwire, or there could have been an unauthorised modification of the system" 12 50
fi
fi
fi
;;
esac
rm -f "$data"
}
function get_app_icann_address {
app_name="$1"
if grep -q "${app_name} domain" "$COMPLETION_FILE"; then
grep "${app_name} domain" "${COMPLETION_FILE}" | head -n 1 | awk -F ':' '{print $2}'
return
else
app_name_upper="$(echo "$app_name" | tr '[:lower:]' '[:upper:]')_DOMAIN_NAME"
if [ "$app_name_upper" ]; then
param_value=$(grep "${app_name_upper}=" "$CONFIGURATION_FILE" | head -n 1 | awk -F '=' '{print $2}')
if [ "${param_value}" ]; then
echo "${param_value}"
return
fi
fi
fi
echo "${DEFAULT_DOMAIN_NAME}"
}
function passwords_select_user {
SELECTED_USERNAME=
# shellcheck disable=SC2207
users_array=($(ls /home))
delete=(git)
# shellcheck disable=SC2068
for del in ${delete[@]}
do
# shellcheck disable=SC2206
users_array=(${users_array[@]/$del})
done
i=0
W=()
name=()
# shellcheck disable=SC2068
for u in ${users_array[@]}
do
if [[ $(is_valid_user "$u") == "1" ]]; then
i=$((i+1))
W+=("$i" "$u")
name+=("$u")
fi
done
if [ $i -eq 1 ]; then
SELECTED_USERNAME="${name[0]}"
else
# shellcheck disable=SC2068
user_index=$(dialog --backtitle $"Freedombone Control Panel" --title $"Select User" --menu $"Select one of the following:" 24 40 17 ${W[@]} 3>&2 2>&1 1>&3)
# shellcheck disable=SC2181
if [ $? -eq 0 ]; then
SELECTED_USERNAME="${name[$((user_index-1))]}"
fi
fi
}
function passwords_show_apps {
SELECTED_APP=
i=0
W=()
name=()
# shellcheck disable=SC2068
for a in ${APPS_AVAILABLE[@]}
do
if [[ $(function_exists "change_password_${a}") == "1" ]]; then
i=$((i+1))
W+=("$i" "$a")
name+=("$a")
fi
done
i=$((i+1))
W+=("$i" "mariadb")
name+=("mariadb")
# shellcheck disable=SC2068
selected_app_index=$(dialog --backtitle $"Freedombone Control Panel" --title $"Select App" --menu $"Select one of the following:" 24 40 17 ${W[@]} 3>&2 2>&1 1>&3)
# shellcheck disable=SC2181
if [ $? -eq 0 ]; then
SELECTED_APP="${name[$((selected_app_index-1))]}"
fi
}
function reset_password_tries {
passwords_select_user
if [ ! "$SELECTED_USERNAME" ]; then
@ -262,67 +143,6 @@ function reset_password_tries {
--msgbox $"Password tries have been reset for $SELECTED_USERNAME" 6 60
}
function view_or_change_passwords {
passwords_select_user
if [ ! "$SELECTED_USERNAME" ]; then
return
fi
detect_installed_apps
passwords_show_apps
if [ ! "$SELECTED_APP" ]; then
return
fi
CURR_PASSWORD=$("${PROJECT_NAME}-pass" -u "${SELECTED_USERNAME}" -a "${SELECTED_APP}")
icann_address=$(get_app_icann_address "${SELECTED_APP}")
onion_address=$(get_app_onion_address "${SELECTED_APP}")
titlestr=$"View or Change Password"
if [ ${#onion_address} -gt 0 ]; then
viewstr=$"${SELECTED_APP} password for ${SELECTED_USERNAME} on $icann_address or $onion_address\\n\\nCopy or change it if you wish."
else
viewstr=$"${SELECTED_APP} password for ${SELECTED_USERNAME} on $icann_address\\n\\nCopy or change it if you wish."
fi
if [ -f /root/.nostore ]; then
titlestr=$"Change Password"
if [ ${#onion_address} -gt 0 ]; then
viewstr=$"Change the ${SELECTED_APP} password for ${SELECTED_USERNAME} on $icann_address or $onion_address."
else
viewstr=$"Change the ${SELECTED_APP} password for ${SELECTED_USERNAME} on $icann_address."
fi
fi
if [[ "${SELECTED_APP}" == 'mariadb' ]]; then
CURR_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
dialog --title $"MariaDB database password" \
--msgbox "\\n ${CURR_PASSWORD}" 7 40
return
fi
data=$(mktemp 2>/dev/null)
dialog --title "$titlestr" \
--backtitle $"Freedombone Control Panel" \
--inputbox "$viewstr" 12 75 "$CURR_PASSWORD" 2>"$data"
sel=$?
case $sel in
0)
CURR_PASSWORD=$(<"$data")
if [ ${#CURR_PASSWORD} -gt 8 ]; then
"${PROJECT_NAME}-pass" -u "${SELECTED_USERNAME}" -a "${SELECTED_APP}" -p "${CURR_PASSWORD}"
"change_password_${SELECTED_APP}" "${SELECTED_USERNAME}" "${CURR_PASSWORD}"
dialog --title $"Change password" \
--msgbox $"The password was changed" 6 40
else
dialog --title $"Change password" \
--msgbox $"The password given must be at least 8 characters" 6 40
fi
;;
esac
rm -f "$data"
}
function check_for_updates {
if [ ! -f "/etc/cron.weekly/$UPGRADE_SCRIPT_NAME" ]; then
dialog --title $"Check for updates" \
@ -383,34 +203,59 @@ function pad_string {
echo -n -e "$1" | sed -e :a -e 's/^.\{1,25\}$/& /;ta'
}
function show_tor_bridges {
if ! grep -q "#BridgeRelay" /etc/tor/torrc; then
if grep -q "BridgeRelay 1" /etc/tor/torrc; then
read_config_param 'TOR_BRIDGE_PORT'
read_config_param 'TOR_BRIDGE_NICKNAME'
if [ ${#TOR_BRIDGE_NICKNAME} -gt 0 ]; then
W+=($"Your Tor Bridge" "$(get_ipv4_address):${TOR_BRIDGE_PORT} ${TOR_BRIDGE_NICKNAME}")
fi
fi
fi
bridges_list=$(grep "Bridge " /etc/tor/torrc | grep -v '##')
if [ ${#bridges_list} -gt 0 ]; then
for i in "${bridges_list[@]}"
do
bridgestr=$(i//Bridge /)
W+=($"Tor Bridge" "$bridgestr")
done
fi
}
function show_domains {
read_config_param "DEFAULT_DOMAIN_NAME"
echo 'Domains'
echo '======='
echo ''
echo -n -e "$(pad_string 'Name')"
echo -n -e "$(pad_string 'ICANN')"
echo -n -e "$(pad_string 'Tor')"
echo ''
echo '--------------------------------------------------------------------------'
W=()
W+=("IPv4" "$(get_ipv4_address) / $(get_external_ipv4_address)")
ipv6_address="$(get_ipv6_address)"
if [ ${#ipv6_address} -gt 0 ]; then
W+=("IPv6" "${ipv6_address}")
fi
if grep -q "ssh onion domain" "$COMPLETION_FILE"; then
echo -n -e "$(pad_string 'ssh')"
echo -n -e "$(pad_string "${DEFAULT_DOMAIN_NAME}")"
grep 'ssh onion domain' "${COMPLETION_FILE}" | awk -F ':' '{print $2}'
domain_onion=$(grep 'ssh onion domain' "${COMPLETION_FILE}" | awk -F ':' '{print $2}')
W+=("ssh" "${DEFAULT_DOMAIN_NAME} / ${domain_onion}")
fi
if grep -q "email onion domain" "$COMPLETION_FILE"; then
echo -n -e "$(pad_string 'Email')"
echo -n -e "$(pad_string "${DEFAULT_DOMAIN_NAME}")"
grep 'email onion domain' "${COMPLETION_FILE}" | awk -F ':' '{print $2}'
domain_onion=$(grep 'email onion domain' "${COMPLETION_FILE}" | awk -F ':' '{print $2}')
W+=("Email" "${DEFAULT_DOMAIN_NAME} / ${domain_onion}")
fi
if grep -q "sks onion domain" "$COMPLETION_FILE"; then
read_config_param "KEYSERVER_DOMAIN_NAME"
echo -n -e "$(pad_string 'SKS')"
echo -n -e "$(pad_string "${KEYSERVER_DOMAIN_NAME}")"
grep 'sks onion domain' "${COMPLETION_FILE}" | awk -F ':' '{print $2}'
domain_onion=$(grep 'sks onion domain' "${COMPLETION_FILE}" | awk -F ':' '{print $2}')
W+=("SKS" "${KEYSERVER_DOMAIN_NAME} / ${domain_onion}")
fi
INTRODUCER_FILENAME=/home/tahoelafs/data/private/introducer.furl
if [ -f $INTRODUCER_FILENAME ]; then
W+=("Tahoe-LAFS" "$(cat $INTRODUCER_FILENAME)")
fi
show_tor_bridges
# shellcheck disable=SC2068
for app_name in ${APPS_INSTALLED_NAMES[@]}
do
@ -446,36 +291,43 @@ function show_domains {
onion_address="-"
fi
echo -n -e "$(pad_string "${app_name}")"
echo -n -e "$(pad_string "${icann_address}")"
echo "${onion_address}"
if [[ "${icann_address}" != '-' ]]; then
if [[ "${onion_address}" != '-' ]]; then
W+=("${app_name}" "${icann_address} / ${onion_address}")
else
W+=("${app_name}" "${icann_address}")
fi
else
W+=("${app_name}" "${onion_address}")
fi
if grep -q "mobile${app_name} onion domain" "$COMPLETION_FILE"; then
onion_address=$(get_app_onion_address "${app_name}" "mobile")
echo -n -e "$(pad_string "${app_name} (mobile)")"
echo -n -e "$(pad_string "${icann_address}")"
echo "${onion_address}"
if [[ "${icann_address}" != '-' ]]; then
W+=("${app_name} (mobile)" "${icann_address} / ${onion_address}")
else
W+=("${app_name} (mobile)" "${onion_address}")
fi
fi
fi
done
if grep -q "rss reader domain" "$COMPLETION_FILE"; then
if [ -d /var/lib/tor/hidden_service_ttrss ]; then
echo -n -e "$(pad_string 'RSS reader')"
RSSDOM='-'
echo -n -e "$(pad_string ${RSSDOM})"
echo -n "$(cat /var/lib/tor/hidden_service_ttrss/hostname)"
echo ''
domain_onion=$(cat /var/lib/tor/hidden_service_ttrss/hostname)
W+=("RSS Reader" "${domain_onion}")
fi
if [ -d /var/lib/tor/hidden_service_mobilerss ]; then
echo -n -e "$(pad_string 'RSS mobile')"
RSSMOBILEDOM='-'
echo -n -e "$(pad_string ${RSSMOBILEDOM})"
echo -n "$(cat /var/lib/tor/hidden_service_mobilerss/hostname)"
echo ''
domain_onion=$(cat /var/lib/tor/hidden_service_mobilerss/hostname)
W+=("RSS mobile" "${domain_onion}")
fi
fi
echo ''
width=$(tput cols)
height=$(tput lines)
# shellcheck disable=SC2068
dialog --backtitle $"Freedombone Control Panel" --title $"Domains" --menu $"Use Shift+cursors to select and copy onion addresses" $((height-4)) $((width-4)) $((height-4)) "${W[@]}" 3>&2 2>&1 1>&3
}
function show_users {
@ -525,34 +377,6 @@ function show_ip_addresses {
echo ''
}
function show_tor_bridges {
bridges_list=$(grep "Bridge " /etc/tor/torrc | grep -v '##')
if [ ${#bridges_list} -gt 0 ]; then
echo $'Tor Bridges'
echo '==========='
echo ''
echo "${bridges_list}"
echo ''
echo ''
fi
if ! grep -q "#BridgeRelay" /etc/tor/torrc; then
if grep -q "BridgeRelay 1" /etc/tor/torrc; then
read_config_param 'TOR_BRIDGE_PORT'
read_config_param 'TOR_BRIDGE_NICKNAME'
if [ ${#TOR_BRIDGE_NICKNAME} -gt 0 ]; then
echo "Tor bridge on this system"
echo '========================='
echo ''
echo "IP Address: $(get_ipv4_address)"
echo "Port: ${TOR_BRIDGE_PORT}"
echo "Nickname: ${TOR_BRIDGE_NICKNAME}"
echo ''
echo ''
fi
fi
fi
}
function show_ssh_public_key {
echo $'SSH Public Keys'
echo '==============='
@ -562,33 +386,18 @@ function show_ssh_public_key {
echo ''
}
function show_tahoelafs_introducer {
INTRODUCER_FILENAME=/home/tahoelafs/data/private/introducer.furl
if [ ! -f $INTRODUCER_FILENAME ]; then
return
fi
echo $'Tahoe-LAFS introducer'
echo '====================='
echo ''
cat $INTRODUCER_FILENAME
echo ''
echo ''
}
function show_about {
detect_apps
get_apps_installed_names
clear
echo "==== ${PROJECT_NAME} version ${VERSION} ($DEBIAN_VERSION) ===="
echo ''
show_ip_addresses
show_tor_bridges
show_ssh_public_key
#clear
#echo "==== ${PROJECT_NAME} version ${VERSION} ($DEBIAN_VERSION) ===="
#echo ''
#show_ip_addresses
#show_ssh_public_key
show_domains
show_tahoelafs
show_users
any_key
#show_users
#any_key
}
function select_user {
@ -1265,30 +1074,6 @@ function restore_data_remote {
rm -f "$data"
}
function ping_enable_disable {
ping_str=$"\\nDo you want to enable other systems to ping this machine?\\n\\nPing may be useful for diagnostic purposes, but for added security you may not want to enable it."
enable_ping="no"
dialog --title $"Enable Ping / ICMP" \
--backtitle $"Freedombone Control Panel" \
--defaultno \
--yesno "$ping_str" 10 60
sel=$?
case $sel in
0) enable_ping="yes";;
255) return;;
esac
if [[ $enable_ping == "yes" ]]; then
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_all
else
iptables -D INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -D OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
fi
}
function logging_on_off {
logging="no"
dialog --title $"Logging" \
@ -1326,82 +1111,6 @@ function restore_gpg_key {
function security_settings {
"${PROJECT_NAME}-sec"
any_key
}
function show_tripwire_verification_code {
if [ ! -f "/var/lib/tripwire/${HOSTNAME}.twd" ]; then
return
fi
clear
echo ''
echo $'Tripwire Verification Code'
echo ''
DBHASH=$(sha512sum "/var/lib/tripwire/${HOSTNAME}.twd")
echo -n "$DBHASH" | qrencode -t UTF8
echo ''
echo "$DBHASH"
echo ''
}
function reset_tripwire {
if [ ! -f /usr/bin/reset-tripwire ]; then
echo $'Missing /usr/bin/reset-tripwire'
any_key
return
fi
if [ ! -f "/etc/tripwire/${HOSTNAME}-local.key" ]; then
if [ -f "/etc/tripwire/${PROJECT_NAME}-local.key" ]; then
# shellcheck disable=SC2086
mv /etc/tripwire/${PROJECT_NAME}-local.key /etc/tripwire/${HOSTNAME}-local.key
# shellcheck disable=SC2086
mv /etc/tripwire/${PROJECT_NAME}-site.key /etc/tripwire/${HOSTNAME}-site.key
else
echo $'Error: missing local key'
any_key
return
fi
fi
clear
echo $'Turing off logging...'
"${PROJECT_NAME}-logging" off
echo $'Locking down permissions...'
lockdown_permissions
echo $'Creating configuration...'
echo '
' | twadmin --create-cfgfile -S "/etc/tripwire/${HOSTNAME}-site.key" /etc/tripwire/twcfg.txt
echo $'Resetting policy...'
echo '
' | twadmin --create-polfile -S "/etc/tripwire/${HOSTNAME}-site.key" /etc/tripwire/twpol.txt
echo $'Creating tripwire database'
echo '
' | tripwire --init --cfgfile /etc/tripwire/tw.cfg --polfile /etc/tripwire/tw.pol --dbfile "/var/lib/tripwire/${HOSTNAME}.twd"
echo $'Resetting the Tripwire...'
echo ''
echo '
' | reset-tripwire
echo ''
# Sometimes nginx fails to restart if matrix is installed
# Restart matrix first
if [ -d /etc/matrix ]; then
systemctl restart matrix
systemctl restart nginx
fi
if [ -f "/var/lib/tripwire/${HOSTNAME}.twd" ]; then
show_tripwire_verification_code
echo $'Tripwire is now reset. Take a note of the above hash, or record'
echo $'the QR code using a mobile device. This will enable you to independently'
echo $'verify the integrity of the tripwire.'
else
echo $'ERROR: tripwire database was not created'
fi
any_key
}
function format_drive {
@ -1775,19 +1484,6 @@ function reinstall_mariadb {
--msgbox $"MariaDB has been reinstalled" 6 40
}
function show_firewall {
clear
echo $"Firewall Settings"
echo ''
while read -r line; do
firewall_name=$(echo "$line" | awk -F '=' '{print $1}')
firewall_port=$(echo "$line" | awk -F '=' '{print $2}')
echo -n -e "$(pad_string "${firewall_name}")"
echo "${firewall_port}"
done < "$FIREWALL_CONFIG"
any_key
}
function email_extra_domains {
email_hostnames=$(grep "dc_other_hostnames" /etc/exim4/update-exim4.conf.conf | awk -F "'" '{print $2}')
@ -2198,7 +1894,7 @@ function menu_wifi {
function menu_app_settings {
detect_installable_apps
applist=""
W=()
appnames=()
n=1
app_index=0
@ -2207,7 +1903,7 @@ function menu_app_settings {
do
if [[ ${APPS_INSTALLED[$app_index]} != "0" ]]; then
if [[ $(function_exists "configure_interactive_${a}") == "1" ]]; then
applist="$applist $n $a off"
W+=("$n" "$a")
n=$((n+1))
appnames+=("$a")
fi
@ -2217,53 +1913,43 @@ function menu_app_settings {
if [ $n -le 1 ]; then
return
fi
backstr=$'Exit'
applist="$applist $n $backstr on"
appnames+=("Exit")
# shellcheck disable=SC2086
choice=$(dialog --stdout --backtitle $"Freedombone" \
choice=$(dialog --backtitle $"Freedombone" \
--title $"Change settings for an App" \
--radiolist $'Choose:' \
26 40 30 $applist)
--menu $'Choose:' \
26 40 30 "${W[@]}" 3>&2 2>&1 1>&3)
# shellcheck disable=SC2181
if [ $? -eq 0 ]; then
if [ "$choice" ]; then
app_index=$((choice-1))
chosen_app=${appnames[$app_index]}
if [[ $chosen_app != "Exit" ]]; then
"configure_interactive_${chosen_app}"
fi
fi
}
function menu_top_level {
while true
do
W=(1 $"About this system"
2 $"Passwords"
3 $"Backup and Restore"
4 $"Show Firewall"
5 $"Verify Tripwire Code"
6 $"Reset Tripwire"
7 $"App Settings"
8 $"Add/Remove Apps"
9 $"Logging on/off"
10 $"Ping enable/disable"
11 $"Manage Users"
12 $"Email Menu"
13 $"Domain or User Blocking"
14 $"Security Settings"
15 $"Change the name of this system"
16 $"Set a static local IP address"
17 $"Wifi menu"
18 $"Add Clacks"
19 $"Check for updates"
20 $"Power off the system"
21 $"Restart the system")
2 $"Backup and Restore"
3 $"App Settings"
4 $"Add/Remove Apps"
5 $"Logging on/off"
6 $"Manage Users"
7 $"Email Menu"
8 $"Domain or User Blocking"
9 $"Security Settings"
10 $"Change the name of this system"
11 $"Set a static local IP address"
12 $"Wifi menu"
13 $"Add Clacks"
14 $"Check for updates"
15 $"Power off the system"
16 $"Restart the system")
# shellcheck disable=SC2068
selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Administrator Control Panel" --menu $"Choose an operation, or ESC to exit:" 28 60 28 "${W[@]}" 3>&2 2>&1 1>&3)
selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Administrator Control Panel" --menu $"Choose an operation, or ESC to exit:" 24 60 24 "${W[@]}" 3>&2 2>&1 1>&3)
if [ ! "$selection" ]; then
break
@ -2273,30 +1959,24 @@ function menu_top_level {
case $selection in
1) show_about;;
2) view_or_change_passwords;;
3) menu_backup_restore;;
4) show_firewall;;
5) show_tripwire_verification_code
any_key_verify;;
6) reset_tripwire;;
7) menu_app_settings;;
8) if ! /usr/local/bin/addremove; then
2) menu_backup_restore;;
3) menu_app_settings;;
4) if ! /usr/local/bin/addremove; then
any_key
fi
;;
9) logging_on_off;;
10) ping_enable_disable;;
11) menu_users;;
12) menu_email;;
13) domain_blocking;;
14) security_settings;;
15) change_system_name;;
16) set_static_IP;;
17) menu_wifi;;
18) add_clacks;;
19) check_for_updates;;
20) shut_down_system;;
21) restart_system;;
5) logging_on_off;;
6) menu_users;;
7) menu_email;;
8) domain_blocking;;
9) security_settings;;
10) change_system_name;;
11) set_static_IP;;
12) menu_wifi;;
13) add_clacks;;
14) check_for_updates;;
15) shut_down_system;;
16) restart_system;;
esac
done
}

1
src/freedombone-controlpanel-user
View File

@ -890,7 +890,6 @@ function menu_top_level {
selection=$(dialog --backtitle $"Freedombone User Control Panel" --title $"User Control Panel" --menu $"Choose an operation, or ESC to log out:" 20 60 13 "${W[@]}" 3>&2 2>&1 1>&3)
if [ ! "$selection" ]; then
kill -HUP "$(pgrep -s 0 -o)"
break
fi
case $selection in

321
src/freedombone-sec
View File

@ -69,6 +69,240 @@ LETSENCRYPT_SERVER='https://acme-v01.api.letsencrypt.org/directory'
MY_USERNAME=
function ping_enable_disable {
ping_str=$"\\nDo you want to enable other systems to ping this machine?\\n\\nPing may be useful for diagnostic purposes, but for added security you may not want to enable it."
enable_ping="no"
dialog --title $"Enable Ping / ICMP" \
--backtitle $"Freedombone Control Panel" \
--defaultno \
--yesno "$ping_str" 10 60
sel=$?
case $sel in
0) enable_ping="yes";;
255) return;;
esac
if [[ $enable_ping == "yes" ]]; then
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_all
else
iptables -D INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -D OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
fi
}
function any_key_verify {
echo ''
read -n1 -rsp $"Press any key to continue or C to check a hash..." key
if [[ "$key" != 'c' && "$key" != 'C' ]]; then
return
fi
data=$(mktemp 2>/dev/null)
dialog --title $"Check tripwire hash" \
--backtitle $"Freedombone Control Panel" \
--inputbox $"Paste your tripwire hash below and it will be checked against the current database" 12 60 2>"$data"
sel=$?
case $sel in
0)
GIVEN_HASH=$(<"$data")
if [ ${#GIVEN_HASH} -gt 8 ]; then
if [[ "$GIVEN_HASH" == *' '* ]]; then
dialog --title $"Check tripwire" \
--msgbox $"\\nThe hash should not contain any spaces" 10 40
else
DBHASH=$(sha512sum "/var/lib/tripwire/${HOSTNAME}.twd" | awk -F ' ' '{print $1}')
if [[ "$DBHASH" == "$GIVEN_HASH" ]]; then
dialog --title $"Check tripwire" \
--msgbox $"\\nSuccess\\n\\nThe hash you gave matches the current tripwire database" 10 40
else
dialog --title $"Check tripwire" \
--msgbox $"\\nFailed\\n\\nThe hash you gave does not match the current tripwire database. This might be because you reset the tripwire, or there could have been an unauthorised modification of the system" 12 50
fi
fi
fi
;;
esac
rm -f "$data"
}
function show_tripwire_verification_code {
if [ ! -f "/var/lib/tripwire/${HOSTNAME}.twd" ]; then
return
fi
clear
echo ''
echo $'Tripwire Verification Code'
echo ''
DBHASH=$(sha512sum "/var/lib/tripwire/${HOSTNAME}.twd")
echo -n "$DBHASH" | qrencode -t UTF8
echo ''
echo "$DBHASH"
echo ''
}
function reset_tripwire {
if [ ! -f /usr/bin/reset-tripwire ]; then
echo $'Missing /usr/bin/reset-tripwire'
any_key
return
fi
if [ ! -f "/etc/tripwire/${HOSTNAME}-local.key" ]; then
if [ -f "/etc/tripwire/${PROJECT_NAME}-local.key" ]; then
# shellcheck disable=SC2086
mv /etc/tripwire/${PROJECT_NAME}-local.key /etc/tripwire/${HOSTNAME}-local.key
# shellcheck disable=SC2086
mv /etc/tripwire/${PROJECT_NAME}-site.key /etc/tripwire/${HOSTNAME}-site.key
else
echo $'Error: missing local key'
any_key
return
fi
fi
clear
echo $'Turing off logging...'
"${PROJECT_NAME}-logging" off
echo $'Locking down permissions...'
lockdown_permissions
echo $'Creating configuration...'
echo '
' | twadmin --create-cfgfile -S "/etc/tripwire/${HOSTNAME}-site.key" /etc/tripwire/twcfg.txt
echo $'Resetting policy...'
echo '
' | twadmin --create-polfile -S "/etc/tripwire/${HOSTNAME}-site.key" /etc/tripwire/twpol.txt
echo $'Creating tripwire database'
echo '
' | tripwire --init --cfgfile /etc/tripwire/tw.cfg --polfile /etc/tripwire/tw.pol --dbfile "/var/lib/tripwire/${HOSTNAME}.twd"
echo $'Resetting the Tripwire...'
echo ''
echo '
' | reset-tripwire
echo ''
# Sometimes nginx fails to restart if matrix is installed
# Restart matrix first
if [ -d /etc/matrix ]; then
systemctl restart matrix
systemctl restart nginx
fi
if [ -f "/var/lib/tripwire/${HOSTNAME}.twd" ]; then
show_tripwire_verification_code
echo $'Tripwire is now reset. Take a note of the above hash, or record'
echo $'the QR code using a mobile device. This will enable you to independently'
echo $'verify the integrity of the tripwire.'
else
echo $'ERROR: tripwire database was not created'
fi
any_key
}
function passwords_show_apps {
SELECTED_APP=
i=0
W=()
name=()
# shellcheck disable=SC2068
for a in ${APPS_AVAILABLE[@]}
do
if grep -q "change_password_" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-${a}"; then
i=$((i+1))
W+=("$i" "$a")
name+=("$a")
fi
done
i=$((i+1))
W+=("$i" "mariadb")
name+=("mariadb")
# shellcheck disable=SC2068
selected_app_index=$(dialog --backtitle $"Freedombone Control Panel" --title $"User $SELECTED_USERNAME: Select App" --menu $"Select one of the following:" 24 40 17 ${W[@]} 3>&2 2>&1 1>&3)
# shellcheck disable=SC2181
if [ $? -eq 0 ]; then
SELECTED_APP="${name[$((selected_app_index-1))]}"
fi
}
function view_or_change_passwords {
passwords_select_user
if [ ! "$SELECTED_USERNAME" ]; then
return
fi
detect_installed_apps
passwords_show_apps
if [ ! "$SELECTED_APP" ]; then
return
fi
CURR_PASSWORD=$("${PROJECT_NAME}-pass" -u "${SELECTED_USERNAME}" -a "${SELECTED_APP}")
icann_address=$(get_app_icann_address "${SELECTED_APP}")
onion_address=$(get_app_onion_address "${SELECTED_APP}")
titlestr=$"View or Change Password"
if [ ${#onion_address} -gt 0 ]; then
viewstr=$"${SELECTED_APP} password for ${SELECTED_USERNAME} on $icann_address or $onion_address\\n\\nCopy or change it if you wish."
else
viewstr=$"${SELECTED_APP} password for ${SELECTED_USERNAME} on $icann_address\\n\\nCopy or change it if you wish."
fi
if [ -f /root/.nostore ]; then
titlestr=$"Change Password"
if [ ${#onion_address} -gt 0 ]; then
viewstr=$"Change the ${SELECTED_APP} password for ${SELECTED_USERNAME} on $icann_address or $onion_address."
else
viewstr=$"Change the ${SELECTED_APP} password for ${SELECTED_USERNAME} on $icann_address."
fi
fi
if [[ "${SELECTED_APP}" == 'mariadb' ]]; then
CURR_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
dialog --title $"MariaDB database password" \
--msgbox "\\n ${CURR_PASSWORD}" 7 40
return
fi
data=$(mktemp 2>/dev/null)
dialog --title "$titlestr" \
--backtitle $"Freedombone Control Panel" \
--inputbox "$viewstr" 12 75 "$CURR_PASSWORD" 2>"$data"
sel=$?
case $sel in
0)
CURR_PASSWORD=$(<"$data")
if [ ${#CURR_PASSWORD} -gt 8 ]; then
"${PROJECT_NAME}-pass" -u "${SELECTED_USERNAME}" -a "${SELECTED_APP}" -p "${CURR_PASSWORD}"
"change_password_${SELECTED_APP}" "${SELECTED_USERNAME}" "${CURR_PASSWORD}"
dialog --title $"Change password" \
--msgbox $"The password was changed" 6 40
else
dialog --title $"Change password" \
--msgbox $"The password given must be at least 8 characters" 6 40
fi
;;
esac
rm -f "$data"
}
function show_firewall {
W=()
while read -r line; do
firewall_name=$(echo "$line" | awk -F '=' '{print $1}')
firewall_port=$(echo "$line" | awk -F '=' '{print $2}')
W+=("${firewall_name}" "${firewall_port}")
done < "$FIREWALL_CONFIG"
# shellcheck disable=SC2068
dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Firewall" --menu $"Press ESC to return to main menu" 28 50 28 "${W[@]}" 3>&2 2>&1 1>&3
}
function export_passwords {
detect_usb_drive
dialog --title $"Export passwords to USB drive $USB_DRIVE" \
@ -962,24 +1196,27 @@ function menu_tor_bridges {
}
function menu_security_settings {
W=(1 $"Run STIG tests"
2 $"Fix STIG test failures"
3 $"Show ssh host public key"
4 $"Tor bridges"
5 $"Password storage"
6 $"Export passwords"
7 $"Regenerate ssh host keys"
8 $"Regenerate Diffie-Hellman keys"
9 $"Update cipersuite"
10 $"Create a new Let's Encrypt certificate"
11 $"Renew Let's Encrypt certificate"
12 $"Delete a Let's Encrypt certificate"
13 $"Enable GPG based authentication (monkeysphere)"
14 $"Register a website with monkeysphere"
15 $"Allow ssh login with passwords")
W=(1 $"Passwords"
2 $"Run STIG tests"
3 $"Fix STIG test failures"
4 $"Show tripwire verification code"
5 $"Reset tripwire"
6 $"Enable or disable ping"
7 $"Show ssh host public key"
8 $"Tor bridges"
9 $"Password storage"
10 $"Export passwords"
11 $"Regenerate ssh host keys"
12 $"Regenerate Diffie-Hellman keys"
13 $"Update cipersuite"
14 $"Create a new Let's Encrypt certificate"
15 $"Renew Let's Encrypt certificate"
16 $"Delete a Let's Encrypt certificate"
17 $"Allow ssh login with passwords"
18 $"Show firewall")
# shellcheck disable=SC2068
selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Security Settings" --menu $"Choose an operation, or ESC to exit:" 23 76 23 "${W[@]}" 3>&2 2>&1 1>&3)
selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Security Settings" --menu $"Choose an operation, or ESC to exit:" 25 76 25 "${W[@]}" 3>&2 2>&1 1>&3)
if [ ! "$selection" ]; then
exit 0
@ -1001,13 +1238,17 @@ function menu_security_settings {
case $selection in
1)
view_or_change_passwords
exit 0;
;;
2)
clear
echo $'Running STIG tests...'
echo ''
${PROJECT_NAME}-tests --stig showall
exit 0
;;
2)
3)
clear
echo $'Fixing any STIG failures...'
echo ''
@ -1015,53 +1256,65 @@ function menu_security_settings {
echo $'Fixes applied. You will need to run the STIG tests again to be sure that they were all fixed.'
exit 0
;;
3)
4)
show_tripwire_verification_code
any_key_verify
exit 0
;;
5)
reset_tripwire
exit 0
;;
6)
ping_enable_disable
exit 0
;;
7)
dialog --title $"SSH host public keys" \
--msgbox "\\n$(get_ssh_server_key)" 12 60
exit 0
;;
4)
8)
menu_tor_bridges
exit 0
;;
5)
9)
store_passwords
exit 0
;;
6)
10)
export_passwords
exit 0
;;
7)
11)
regenerate_ssh_host_keys
;;
8)
12)
regenerate_dh_keys
;;
9)
13)
interactive_setup
update_ciphersuite
;;
10)
14)
create_letsencrypt
;;
11)
15)
renew_letsencrypt
;;
12)
16)
delete_letsencrypt
;;
13)
enable_monkeysphere
;;
14)
register_website
;;
15)
17)
allow_ssh_passwords
change_ssh_settings
exit 0
;;
18)
show_firewall
exit 0
;;
esac
change_website_settings

1
src/freedombone-upgrade
View File

@ -95,6 +95,7 @@ if [ -d "$PROJECT_DIR" ]; then
apt-get -yq -t stretch-backports install certbot
email_install_tls
email_disable_chunking
rm /etc/exim4/exim4.conf.template.bak*
#defrag_filesystem
# reinstall tor from backports

39
src/freedombone-utils-gnusocialtools
View File

@ -95,6 +95,28 @@ function qvitter_update_background {
fi
}
function pleroma_custom_logo {
basedir="$1"
if [ "$2" ]; then
if [[ "$2" == *".png" ]]; then
cp "$2" "$basedir/priv/static/static/logo.png"
return
fi
fi
if [ -f "$basedir/priv/static/static/logo.png" ]; then
if [ -f "$HOME/${PROJECT_NAME}/img/logo_fbone3.png" ]; then
cp "$HOME/${PROJECT_NAME}/img/logo_fbone3.png" "$basedir/static/logo.png"
cp "$HOME/${PROJECT_NAME}/img/logo_fbone3.png" "$basedir/priv/static/static/logo.png"
else
if [ -f "/home/$MY_USERNAME/${PROJECT_NAME}/img/logo_fbone3.png" ]; then
cp "/home/$MY_USERNAME/${PROJECT_NAME}/img/logo_fbone3.png" "$basedir/static/logo.png"
cp "/home/$MY_USERNAME/${PROJECT_NAME}/img/logo_fbone3.png" "$basedir/priv/static/static/logo.png"
fi
fi
fi
}
function pleroma_set_background_image_from_url {
basedir="$1"
domain_name="$2"
@ -157,22 +179,7 @@ function pleroma_set_background_image_from_url {
return
fi
# customise the logo
if [ -f "$basedir/static/logo.png" ]; then
if [ -f "$HOME/${PROJECT_NAME}/img/logo_fbone3.png" ]; then
cp "$HOME/${PROJECT_NAME}/img/logo_fbone3.png" "$basedir/static/logo.png"
if [ -d "$basedir/priv/static/static" ]; then
cp "$HOME/${PROJECT_NAME}/img/logo_fbone3.png" "$basedir/priv/static/static/logo.png"
fi
else
if [ -f "/home/$MY_USERNAME/${PROJECT_NAME}/img/logo_fbone3.png" ]; then
cp "/home/$MY_USERNAME/${PROJECT_NAME}/img/logo_fbone3.png" "$basedir/static/logo.png"
if [ -d "$basedir/priv/static/static" ]; then
cp "/home/$MY_USERNAME/${PROJECT_NAME}/img/logo_fbone3.png" "$basedir/priv/static/static/logo.png"
fi
fi
fi
fi
pleroma_custom_logo "$basedir"
# customise the title
if [ -f "$basedir/static/config.json" ]; then

18
src/freedombone-utils-network
View File

@ -47,6 +47,24 @@ ROUTER_IP_ADDRESS="192.168.1.254"
MESH_INSTALL_DIR=/var/lib
function get_app_icann_address {
app_name="$1"
if grep -q "${app_name} domain" "$COMPLETION_FILE"; then
grep "${app_name} domain" "${COMPLETION_FILE}" | head -n 1 | awk -F ':' '{print $2}'
return
else
app_name_upper="$(echo "$app_name" | tr '[:lower:]' '[:upper:]')_DOMAIN_NAME"
if [ "$app_name_upper" ]; then
param_value=$(grep "${app_name_upper}=" "$CONFIGURATION_FILE" | head -n 1 | awk -F '=' '{print $2}')
if [ "${param_value}" ]; then
echo "${param_value}"
return
fi
fi
fi
echo "${DEFAULT_DOMAIN_NAME}"
}
function install_static_network {
if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
return

41
src/freedombone-utils-passwords
View File

@ -39,6 +39,47 @@ MINIMUM_PASSWORD_LENGTH=10
# The default password length used in images
DEFAULT_PASSWORD_LENGTH=20
function passwords_select_user {
SELECTED_USERNAME=
# shellcheck disable=SC2207
users_array=($(ls /home))
delete=(git)
# shellcheck disable=SC2068
for del in ${delete[@]}
do
# shellcheck disable=SC2206
users_array=(${users_array[@]/$del})
done
i=0
W=()
name=()
# shellcheck disable=SC2068
for u in ${users_array[@]}
do
if [[ $(is_valid_user "$u") == "1" ]]; then
i=$((i+1))
W+=("$i" "$u")
name+=("$u")
fi
done
if [ $i -eq 1 ]; then
SELECTED_USERNAME="${name[0]}"
else
# shellcheck disable=SC2068
user_index=$(dialog --backtitle $"Freedombone Control Panel" --title $"Select User" --menu $"Select one of the following:" 24 40 17 ${W[@]} 3>&2 2>&1 1>&3)
# shellcheck disable=SC2181
if [ $? -eq 0 ]; then
# shellcheck disable=SC2034
SELECTED_USERNAME="${name[$((user_index-1))]}"
fi
fi
}
function enforce_good_passwords {
# because humans are generally bad at choosing passwords
if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then