Преглед изворни кода

Merge branch 'stretch' of https://github.com/bashrc/freedombone

Bob Mottram пре 8 година
родитељ
комит
0aeeafa2ab

+ 0
- 11
src/freedombone-app-keyserver Прегледај датотеку

@@ -82,17 +82,6 @@ function keyserver_watchdog {
82 82
     echo 'fi' >> $keyserver_watchdog_script
83 83
 
84 84
     chmod +x $keyserver_watchdog_script
85
-
86
-    # clear out log files daily
87
-    keyserver_watchdog_script=/etc/cron.daily/keyserver-db
88
-    echo '#!/bin/sh' > $keyserver_watchdog_script
89
-    echo 'if [ -d /var/lib/sks/DB ]; then' >> $keyserver_watchdog_script
90
-    echo '    cd /var/lib/sks/DB' >> $keyserver_watchdog_script
91
-    echo '    systemctl stop sks' >> $keyserver_watchdog_script
92
-    echo '    db_archive -d' >> $keyserver_watchdog_script
93
-    echo '    systemctl start sks' >> $keyserver_watchdog_script
94
-    echo 'fi' >> $keyserver_watchdog_script
95
-    chmod +x $keyserver_watchdog_script
96 85
 }
97 86
 
98 87
 

+ 1
- 6
src/freedombone-base-tripwire Прегледај датотеку

@@ -76,6 +76,7 @@ function install_tripwire {
76 76
     echo 'REPORTLEVEL   =3' >> /etc/tripwire/twcfg.txt
77 77
     echo 'SYSLOGREPORTING =false' >> /etc/tripwire/twcfg.txt
78 78
     echo 'MAILMETHOD    =SENDMAIL' >> /etc/tripwire/twcfg.txt
79
+    echo 'MAILPROGRAM   =/usr/lib/sendmail -oi -t' >> /etc/tripwire/twcfg.txt
79 80
     echo 'SMTPHOST      =localhost' >> /etc/tripwire/twcfg.txt
80 81
     echo 'SMTPPORT      =25' >> /etc/tripwire/twcfg.txt
81 82
     echo 'TEMPDIRECTORY =/tmp' >> /etc/tripwire/twcfg.txt
@@ -139,12 +140,6 @@ function install_tripwire {
139 140
 
140 141
        ' | reset-tripwire
141 142
 
142
-    if ! grep -q "tripwire" /etc/crontab; then
143
-        TRIPWIRE_MIN=$((1 + RANDOM % 49))
144
-        TRIPWIRE_HOUR=$((1 + RANDOM % 6))
145
-        echo "${TRIPWIRE_MIN} ${TRIPWIRE_HOUR}              *   *   *   root /usr/sbin/tripwire -m c" >> /etc/crontab
146
-    fi
147
-
148 143
     mark_completed $FUNCNAME
149 144
 }
150 145
 

+ 15
- 1
src/freedombone-controlpanel Прегледај датотеку

@@ -1280,11 +1280,25 @@ function reset_tripwire {
1280 1280
         return
1281 1281
     fi
1282 1282
     clear
1283
+    echo $'Creating configuration...'
1284
+    echo '
1285
+
1286
+       ' | twadmin --create-cfgfile -S /etc/tripwire/${HOSTNAME}-site.key /etc/tripwire/twcfg.txt
1287
+    echo $'Resetting policy...'
1288
+    echo '
1289
+
1290
+       ' | twadmin --create-polfile -S /etc/tripwire/${HOSTNAME}-site.key /etc/tripwire/twpol.txt
1291
+    echo $'Creating tripwire database'
1292
+    echo '
1293
+
1294
+' | tripwire --init --cfgfile /etc/tripwire/tw.cfg --polfile /etc/tripwire/tw.pol --dbfile /var/lib/tripwire/${HOSTNAME}.twd
1283 1295
     echo $'Resetting the Tripwire...'
1284
-    echo ' '
1296
+    echo ''
1285 1297
     echo '
1286 1298
 
1287 1299
                 ' | reset-tripwire
1300
+    echo ''
1301
+    echo $'Tripwire is now reset'
1288 1302
     any_key
1289 1303
 }
1290 1304
 

+ 37
- 28
src/freedombone-sec Прегледај датотеку

@@ -969,22 +969,23 @@ function menu_security_settings {
969 969
     trap "rm -f $data" 0 1 2 5 15
970 970
     dialog --backtitle $"Freedombone Control Panel" \
971 971
            --title $"Security Settings" \
972
-           --radiolist $"Choose an operation:" 22 76 22 \
972
+           --radiolist $"Choose an operation:" 23 76 23 \
973 973
            1 $"Run STIG tests" off \
974
-           2 $"Show ssh host public key" off \
975
-           3 $"Tor bridges" off \
976
-           4 $"Password storage" off \
977
-           5 $"Export passwords" off \
978
-           6 $"Regenerate ssh host keys" off \
979
-           7 $"Regenerate Diffie-Hellman keys" off \
980
-           8 $"Update cipersuite" off \
981
-           9 $"Create a new Let's Encrypt certificate" off \
982
-           10 $"Renew Let's Encrypt certificate" off \
983
-           11 $"Delete a Let's Encrypt certificate" off \
984
-           12 $"Enable GPG based authentication (monkeysphere)" off \
985
-           13 $"Register a website with monkeysphere" off \
986
-           14 $"Allow ssh login with passwords" off \
987
-           15 $"Go Back/Exit" on 2> $data
974
+           2 $"Fix STIG test failures" off \
975
+           3 $"Show ssh host public key" off \
976
+           4 $"Tor bridges" off \
977
+           5 $"Password storage" off \
978
+           6 $"Export passwords" off \
979
+           7 $"Regenerate ssh host keys" off \
980
+           8 $"Regenerate Diffie-Hellman keys" off \
981
+           9 $"Update cipersuite" off \
982
+           10 $"Create a new Let's Encrypt certificate" off \
983
+           11 $"Renew Let's Encrypt certificate" off \
984
+           12 $"Delete a Let's Encrypt certificate" off \
985
+           13 $"Enable GPG based authentication (monkeysphere)" off \
986
+           14 $"Register a website with monkeysphere" off \
987
+           15 $"Allow ssh login with passwords" off \
988
+           16 $"Go Back/Exit" on 2> $data
988 989
     sel=$?
989 990
     case $sel in
990 991
         1) exit 1;;
@@ -1014,53 +1015,61 @@ function menu_security_settings {
1014 1015
             exit 0
1015 1016
             ;;
1016 1017
         2)
1018
+            clear
1019
+            echo $'Fixing any STIG failures...'
1020
+            echo ''
1021
+            ${PROJECT_NAME}-tests --stig fix
1022
+            echo $'Fixes applied. You will need to run the STIG tests again to be sure that they were all fixed.'
1023
+            exit 0
1024
+            ;;
1025
+        3)
1017 1026
             dialog --title $"SSH host public keys" \
1018 1027
                    --msgbox "\n$(get_ssh_server_key)" 12 60
1019 1028
             exit 0
1020 1029
             ;;
1021
-        3)
1030
+        4)
1022 1031
             menu_tor_bridges
1023 1032
             exit 0
1024 1033
             ;;
1025
-        4)
1034
+        5)
1026 1035
             store_passwords
1027 1036
             exit 0
1028 1037
             ;;
1029
-        5)
1038
+        6)
1030 1039
             export_passwords
1031 1040
             exit 0
1032 1041
             ;;
1033
-        6)
1042
+        7)
1034 1043
             regenerate_ssh_host_keys
1035 1044
             ;;
1036
-        7)
1045
+        8)
1037 1046
             regenerate_dh_keys
1038 1047
             ;;
1039
-        8)
1048
+        9)
1040 1049
             interactive_setup
1041 1050
             update_ciphersuite
1042 1051
             ;;
1043
-        9)
1052
+        10)
1044 1053
             create_letsencrypt
1045 1054
             ;;
1046
-        10)
1055
+        11)
1047 1056
             renew_letsencrypt
1048 1057
             ;;
1049
-        11)
1058
+        12)
1050 1059
             delete_letsencrypt
1051 1060
             ;;
1052
-        12)
1061
+        13)
1053 1062
             enable_monkeysphere
1054 1063
             ;;
1055
-        13)
1064
+        14)
1056 1065
             register_website
1057 1066
             ;;
1058
-        14)
1067
+        15)
1059 1068
             allow_ssh_passwords
1060 1069
             change_ssh_settings
1061 1070
             exit 0
1062 1071
             ;;
1063
-        15)
1072
+        16)
1064 1073
             exit 0
1065 1074
             ;;
1066 1075
     esac

+ 1
- 1
src/freedombone-utils-cron Прегледај датотеку

@@ -82,7 +82,7 @@ function schedule_stig_tests {
82 82
     echo "ADMIN_EMAIL_ADDRESS=${MY_USERNAME}@\${HOSTNAME}" >> /etc/cron.daily/stig_tests
83 83
     echo "pkill ${PROJECT_NAME}-tests" >> /etc/cron.daily/stig_tests
84 84
     echo 'rm -rf /tmp/*' >> /etc/cron.daily/stig_tests
85
-    echo "${PROJECT_NAME}-tests --stig fix > /tmp/daily-stig-tests" >> /etc/cron.daily/stig_tests
85
+    echo "${PROJECT_NAME}-tests --stig yes > /tmp/daily-stig-tests" >> /etc/cron.daily/stig_tests
86 86
     echo 'if [ ! "$?" = "0" ]; then' >> /etc/cron.daily/stig_tests
87 87
     echo "    echo \"\$(cat /tmp/daily-stig-tests)\" | mail -s \"${PROJECT_NAME} STIG test failures\" \$ADMIN_EMAIL_ADDRESS" >> /etc/cron.daily/stig_tests
88 88
     echo 'fi' >> /etc/cron.daily/stig_tests