Merge branch 'stretch' of https://github.com/bashrc/freedombone

src/freedombone-app-keyserver

@@ -82,17 +82,6 @@ function keyserver_watchdog {
     echo 'fi' >> $keyserver_watchdog_script
 
     chmod +x $keyserver_watchdog_script
-
-    # clear out log files daily
-    keyserver_watchdog_script=/etc/cron.daily/keyserver-db
-    echo '#!/bin/sh' > $keyserver_watchdog_script
-    echo 'if [ -d /var/lib/sks/DB ]; then' >> $keyserver_watchdog_script
-    echo '    cd /var/lib/sks/DB' >> $keyserver_watchdog_script
-    echo '    systemctl stop sks' >> $keyserver_watchdog_script
-    echo '    db_archive -d' >> $keyserver_watchdog_script
-    echo '    systemctl start sks' >> $keyserver_watchdog_script
-    echo 'fi' >> $keyserver_watchdog_script
-    chmod +x $keyserver_watchdog_script
 }
 
 

src/freedombone-base-tripwire

@@ -76,6 +76,7 @@ function install_tripwire {
     echo 'REPORTLEVEL   =3' >> /etc/tripwire/twcfg.txt
     echo 'SYSLOGREPORTING =false' >> /etc/tripwire/twcfg.txt
     echo 'MAILMETHOD    =SENDMAIL' >> /etc/tripwire/twcfg.txt
+    echo 'MAILPROGRAM   =/usr/lib/sendmail -oi -t' >> /etc/tripwire/twcfg.txt
     echo 'SMTPHOST      =localhost' >> /etc/tripwire/twcfg.txt
     echo 'SMTPPORT      =25' >> /etc/tripwire/twcfg.txt
     echo 'TEMPDIRECTORY =/tmp' >> /etc/tripwire/twcfg.txt
@@ -139,12 +140,6 @@ function install_tripwire {
 
        ' | reset-tripwire
 
-    if ! grep -q "tripwire" /etc/crontab; then
-        TRIPWIRE_MIN=$((1 + RANDOM % 49))
-        TRIPWIRE_HOUR=$((1 + RANDOM % 6))
-        echo "${TRIPWIRE_MIN} ${TRIPWIRE_HOUR}              *   *   *   root /usr/sbin/tripwire -m c" >> /etc/crontab
-    fi
-
     mark_completed $FUNCNAME
 }
 

src/freedombone-controlpanel

@@ -1280,11 +1280,25 @@ function reset_tripwire {
         return
     fi
     clear
+    echo $'Creating configuration...'
+    echo '
+
+       ' | twadmin --create-cfgfile -S /etc/tripwire/${HOSTNAME}-site.key /etc/tripwire/twcfg.txt
+    echo $'Resetting policy...'
+    echo '
+
+       ' | twadmin --create-polfile -S /etc/tripwire/${HOSTNAME}-site.key /etc/tripwire/twpol.txt
+    echo $'Creating tripwire database'
+    echo '
+
+' | tripwire --init --cfgfile /etc/tripwire/tw.cfg --polfile /etc/tripwire/tw.pol --dbfile /var/lib/tripwire/${HOSTNAME}.twd
     echo $'Resetting the Tripwire...'
-    echo ' '
+    echo ''
     echo '
 
                 ' | reset-tripwire
+    echo ''
+    echo $'Tripwire is now reset'
     any_key
 }
 

src/freedombone-sec

@@ -969,22 +969,23 @@ function menu_security_settings {
     trap "rm -f $data" 0 1 2 5 15
     dialog --backtitle $"Freedombone Control Panel" \
            --title $"Security Settings" \
-           --radiolist $"Choose an operation:" 22 76 22 \
+           --radiolist $"Choose an operation:" 23 76 23 \
            1 $"Run STIG tests" off \
-           2 $"Show ssh host public key" off \
-           3 $"Tor bridges" off \
-           4 $"Password storage" off \
-           5 $"Export passwords" off \
-           6 $"Regenerate ssh host keys" off \
-           7 $"Regenerate Diffie-Hellman keys" off \
-           8 $"Update cipersuite" off \
-           9 $"Create a new Let's Encrypt certificate" off \
-           10 $"Renew Let's Encrypt certificate" off \
-           11 $"Delete a Let's Encrypt certificate" off \
-           12 $"Enable GPG based authentication (monkeysphere)" off \
-           13 $"Register a website with monkeysphere" off \
-           14 $"Allow ssh login with passwords" off \
-           15 $"Go Back/Exit" on 2> $data
+           2 $"Fix STIG test failures" off \
+           3 $"Show ssh host public key" off \
+           4 $"Tor bridges" off \
+           5 $"Password storage" off \
+           6 $"Export passwords" off \
+           7 $"Regenerate ssh host keys" off \
+           8 $"Regenerate Diffie-Hellman keys" off \
+           9 $"Update cipersuite" off \
+           10 $"Create a new Let's Encrypt certificate" off \
+           11 $"Renew Let's Encrypt certificate" off \
+           12 $"Delete a Let's Encrypt certificate" off \
+           13 $"Enable GPG based authentication (monkeysphere)" off \
+           14 $"Register a website with monkeysphere" off \
+           15 $"Allow ssh login with passwords" off \
+           16 $"Go Back/Exit" on 2> $data
     sel=$?
     case $sel in
         1) exit 1;;
@@ -1014,53 +1015,61 @@ function menu_security_settings {
             exit 0
             ;;
         2)
+            clear
+            echo $'Fixing any STIG failures...'
+            echo ''
+            ${PROJECT_NAME}-tests --stig fix
+            echo $'Fixes applied. You will need to run the STIG tests again to be sure that they were all fixed.'
+            exit 0
+            ;;
+        3)
             dialog --title $"SSH host public keys" \
                    --msgbox "\n$(get_ssh_server_key)" 12 60
             exit 0
             ;;
-        3)
+        4)
             menu_tor_bridges
             exit 0
             ;;
-        4)
+        5)
             store_passwords
             exit 0
             ;;
-        5)
+        6)
             export_passwords
             exit 0
             ;;
-        6)
+        7)
             regenerate_ssh_host_keys
             ;;
-        7)
+        8)
             regenerate_dh_keys
             ;;
-        8)
+        9)
             interactive_setup
             update_ciphersuite
             ;;
-        9)
+        10)
             create_letsencrypt
             ;;
-        10)
+        11)
             renew_letsencrypt
             ;;
-        11)
+        12)
             delete_letsencrypt
             ;;
-        12)
+        13)
             enable_monkeysphere
             ;;
-        13)
+        14)
             register_website
             ;;
-        14)
+        15)
             allow_ssh_passwords
             change_ssh_settings
             exit 0
             ;;
-        15)
+        16)
             exit 0
             ;;
     esac

src/freedombone-utils-cron

@@ -82,7 +82,7 @@ function schedule_stig_tests {
     echo "ADMIN_EMAIL_ADDRESS=${MY_USERNAME}@\${HOSTNAME}" >> /etc/cron.daily/stig_tests
     echo "pkill ${PROJECT_NAME}-tests" >> /etc/cron.daily/stig_tests
     echo 'rm -rf /tmp/*' >> /etc/cron.daily/stig_tests
-    echo "${PROJECT_NAME}-tests --stig fix > /tmp/daily-stig-tests" >> /etc/cron.daily/stig_tests
+    echo "${PROJECT_NAME}-tests --stig yes > /tmp/daily-stig-tests" >> /etc/cron.daily/stig_tests
     echo 'if [ ! "$?" = "0" ]; then' >> /etc/cron.daily/stig_tests
     echo "    echo \"\$(cat /tmp/daily-stig-tests)\" | mail -s \"${PROJECT_NAME} STIG test failures\" \$ADMIN_EMAIL_ADDRESS" >> /etc/cron.daily/stig_tests
     echo 'fi' >> /etc/cron.daily/stig_tests