|
@@ -69,6 +69,30 @@ LETSENCRYPT_SERVER='https://acme-v01.api.letsencrypt.org/directory'
|
69
|
69
|
|
70
|
70
|
MY_USERNAME=
|
71
|
71
|
|
|
72
|
+function ping_enable_disable {
|
|
73
|
+ ping_str=$"\\nDo you want to enable other systems to ping this machine?\\n\\nPing may be useful for diagnostic purposes, but for added security you may not want to enable it."
|
|
74
|
+ enable_ping="no"
|
|
75
|
+ dialog --title $"Enable Ping / ICMP" \
|
|
76
|
+ --backtitle $"Freedombone Control Panel" \
|
|
77
|
+ --defaultno \
|
|
78
|
+ --yesno "$ping_str" 10 60
|
|
79
|
+ sel=$?
|
|
80
|
+ case $sel in
|
|
81
|
+ 0) enable_ping="yes";;
|
|
82
|
+ 255) return;;
|
|
83
|
+ esac
|
|
84
|
+
|
|
85
|
+ if [[ $enable_ping == "yes" ]]; then
|
|
86
|
+ iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
|
|
87
|
+ iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
|
|
88
|
+ echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_all
|
|
89
|
+ else
|
|
90
|
+ iptables -D INPUT -p icmp --icmp-type echo-request -j ACCEPT
|
|
91
|
+ iptables -D OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
|
|
92
|
+ echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
|
|
93
|
+ fi
|
|
94
|
+}
|
|
95
|
+
|
72
|
96
|
function any_key_verify {
|
73
|
97
|
echo ''
|
74
|
98
|
read -n1 -rsp $"Press any key to continue or C to check a hash..." key
|
|
@@ -1177,20 +1201,21 @@ function menu_security_settings {
|
1177
|
1201
|
3 $"Fix STIG test failures"
|
1178
|
1202
|
4 $"Show tripwire verification code"
|
1179
|
1203
|
5 $"Reset tripwire"
|
1180
|
|
- 6 $"Show ssh host public key"
|
1181
|
|
- 7 $"Tor bridges"
|
1182
|
|
- 8 $"Password storage"
|
1183
|
|
- 9 $"Export passwords"
|
1184
|
|
- 10 $"Regenerate ssh host keys"
|
1185
|
|
- 11 $"Regenerate Diffie-Hellman keys"
|
1186
|
|
- 12 $"Update cipersuite"
|
1187
|
|
- 13 $"Create a new Let's Encrypt certificate"
|
1188
|
|
- 14 $"Renew Let's Encrypt certificate"
|
1189
|
|
- 15 $"Delete a Let's Encrypt certificate"
|
1190
|
|
- 16 $"Enable GPG based authentication (monkeysphere)"
|
1191
|
|
- 17 $"Register a website with monkeysphere"
|
1192
|
|
- 18 $"Allow ssh login with passwords"
|
1193
|
|
- 19 $"Show firewall")
|
|
1204
|
+ 6 $"Enable or disable ping"
|
|
1205
|
+ 7 $"Show ssh host public key"
|
|
1206
|
+ 8 $"Tor bridges"
|
|
1207
|
+ 9 $"Password storage"
|
|
1208
|
+ 10 $"Export passwords"
|
|
1209
|
+ 11 $"Regenerate ssh host keys"
|
|
1210
|
+ 12 $"Regenerate Diffie-Hellman keys"
|
|
1211
|
+ 13 $"Update cipersuite"
|
|
1212
|
+ 14 $"Create a new Let's Encrypt certificate"
|
|
1213
|
+ 15 $"Renew Let's Encrypt certificate"
|
|
1214
|
+ 16 $"Delete a Let's Encrypt certificate"
|
|
1215
|
+ 17 $"Enable GPG based authentication (monkeysphere)"
|
|
1216
|
+ 18 $"Register a website with monkeysphere"
|
|
1217
|
+ 19 $"Allow ssh login with passwords"
|
|
1218
|
+ 20 $"Show firewall")
|
1194
|
1219
|
|
1195
|
1220
|
# shellcheck disable=SC2068
|
1196
|
1221
|
selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Security Settings" --menu $"Choose an operation, or ESC to exit:" 24 76 24 "${W[@]}" 3>&2 2>&1 1>&3)
|
|
@@ -1244,53 +1269,57 @@ function menu_security_settings {
|
1244
|
1269
|
;;
|
1245
|
1270
|
|
1246
|
1271
|
6)
|
|
1272
|
+ ping_enable_disable
|
|
1273
|
+ exit 0
|
|
1274
|
+ ;;
|
|
1275
|
+ 7)
|
1247
|
1276
|
dialog --title $"SSH host public keys" \
|
1248
|
1277
|
--msgbox "\\n$(get_ssh_server_key)" 12 60
|
1249
|
1278
|
exit 0
|
1250
|
1279
|
;;
|
1251
|
|
- 7)
|
|
1280
|
+ 8)
|
1252
|
1281
|
menu_tor_bridges
|
1253
|
1282
|
exit 0
|
1254
|
1283
|
;;
|
1255
|
|
- 8)
|
|
1284
|
+ 9)
|
1256
|
1285
|
store_passwords
|
1257
|
1286
|
exit 0
|
1258
|
1287
|
;;
|
1259
|
|
- 9)
|
|
1288
|
+ 10)
|
1260
|
1289
|
export_passwords
|
1261
|
1290
|
exit 0
|
1262
|
1291
|
;;
|
1263
|
|
- 10)
|
|
1292
|
+ 11)
|
1264
|
1293
|
regenerate_ssh_host_keys
|
1265
|
1294
|
;;
|
1266
|
|
- 11)
|
|
1295
|
+ 12)
|
1267
|
1296
|
regenerate_dh_keys
|
1268
|
1297
|
;;
|
1269
|
|
- 12)
|
|
1298
|
+ 13)
|
1270
|
1299
|
interactive_setup
|
1271
|
1300
|
update_ciphersuite
|
1272
|
1301
|
;;
|
1273
|
|
- 13)
|
|
1302
|
+ 14)
|
1274
|
1303
|
create_letsencrypt
|
1275
|
1304
|
;;
|
1276
|
|
- 14)
|
|
1305
|
+ 15)
|
1277
|
1306
|
renew_letsencrypt
|
1278
|
1307
|
;;
|
1279
|
|
- 15)
|
|
1308
|
+ 16)
|
1280
|
1309
|
delete_letsencrypt
|
1281
|
1310
|
;;
|
1282
|
|
- 16)
|
|
1311
|
+ 17)
|
1283
|
1312
|
enable_monkeysphere
|
1284
|
1313
|
;;
|
1285
|
|
- 17)
|
|
1314
|
+ 18)
|
1286
|
1315
|
register_website
|
1287
|
1316
|
;;
|
1288
|
|
- 18)
|
|
1317
|
+ 19)
|
1289
|
1318
|
allow_ssh_passwords
|
1290
|
1319
|
change_ssh_settings
|
1291
|
1320
|
exit 0
|
1292
|
1321
|
;;
|
1293
|
|
- 19)
|
|
1322
|
+ 20)
|
1294
|
1323
|
show_firewall
|
1295
|
1324
|
exit 0
|
1296
|
1325
|
;;
|