|
|
@@ -32,6 +32,10 @@ export TEXTDOMAIN=${PROJECT_NAME}-client
|
|
32
|
32
|
export TEXTDOMAINDIR="/usr/share/locale"
|
|
33
|
33
|
|
|
34
|
34
|
CURR_USER=$USER
|
|
|
35
|
+CURR_GROUP=$USER
|
|
|
36
|
+if [ -f /usr/bin/pacman ]; then
|
|
|
37
|
+ CURR_GROUP='users'
|
|
|
38
|
+fi
|
|
35
|
39
|
MESH_CLIENT_INSTALL=
|
|
36
|
40
|
ENABLE_MONKEYSPHERE=
|
|
37
|
41
|
|
|
|
@@ -49,10 +53,11 @@ if [ ! -f $MAIN_PROJECT_FILE ]; then
|
|
49
|
53
|
fi
|
|
50
|
54
|
|
|
51
|
55
|
# ssh (from https://stribika.github.io/2015/01/04/secure-secure-shell.html)
|
|
52
|
|
-SSH_CIPHERS=$(cat $MAIN_PROJECT_FILE | grep 'SSH_CIPHERS=' | head -n 1 | awk -F '"' '{print $2}')
|
|
53
|
|
-SSH_MACS=$(cat $MAIN_PROJECT_FILE | grep 'SSH_MACS=' | head -n 1 | awk -F '"' '{print $2}')
|
|
54
|
|
-SSH_KEX=$(cat $MAIN_PROJECT_FILE | grep 'SSH_KEX=' | head -n 1 | awk -F '"' '{print $2}')
|
|
55
|
|
-SSH_HOST_KEY_ALGORITHMS=$(cat $MAIN_PROJECT_FILE | grep 'SSH_HOST_KEY_ALGORITHMS=' | head -n 1 | awk -F '"' '{print $2}')
|
|
|
56
|
+UTILS_SSH=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-ssh
|
|
|
57
|
+SSH_CIPHERS=$(cat $UTILS_SSH | grep 'SSH_CIPHERS=' | head -n 1 | awk -F '"' '{print $2}')
|
|
|
58
|
+SSH_MACS=$(cat $UTILS_SSH | grep 'SSH_MACS=' | head -n 1 | awk -F '"' '{print $2}')
|
|
|
59
|
+SSH_KEX=$(cat $UTILS_SSH | grep 'SSH_KEX=' | head -n 1 | awk -F '"' '{print $2}')
|
|
|
60
|
+SSH_HOST_KEY_ALGORITHMS=$(cat $UTILS_SSH | grep 'SSH_HOST_KEY_ALGORITHMS=' | head -n 1 | awk -F '"' '{print $2}')
|
|
56
|
61
|
|
|
57
|
62
|
# refresh gpg keys every few hours
|
|
58
|
63
|
REFRESH_GPG_KEYS_HOURS=2
|
|
|
@@ -67,11 +72,7 @@ function global_rate_limit {
|
|
67
|
72
|
fi
|
|
68
|
73
|
|
|
69
|
74
|
sudo cp $SYSCTL_FILE ~/sysctl.conf
|
|
70
|
|
- if [ ! -f /usr/bin/pacman ]; then
|
|
71
|
|
- sudo chown $CURR_USER:$CURR_USER ~/sysctl.conf
|
|
72
|
|
- else
|
|
73
|
|
- sudo chown $CURR_USER:users ~/sysctl.conf
|
|
74
|
|
- fi
|
|
|
75
|
+ sudo chown $CURR_USER:$CURR_GROUP ~/sysctl.conf
|
|
75
|
76
|
if ! grep -q "tcp_challenge_ack_limit" ~/sysctl.conf; then
|
|
76
|
77
|
echo 'net.ipv4.tcp_challenge_ack_limit = 999999999' >> ~/sysctl.conf
|
|
77
|
78
|
else
|
|
|
@@ -91,11 +92,7 @@ function refresh_gpg_keys {
|
|
91
|
92
|
fi
|
|
92
|
93
|
fi
|
|
93
|
94
|
sudo cp /etc/crontab ~/temp_crontab
|
|
94
|
|
- if [ ! -f /usr/bin/pacman ]; then
|
|
95
|
|
- sudo chown $CURR_USER:$CURR_USER ~/temp_crontab
|
|
96
|
|
- else
|
|
97
|
|
- sudo chown $CURR_USER:users ~/temp_crontab
|
|
98
|
|
- fi
|
|
|
95
|
+ sudo chown $CURR_USER:$CURR_GROUP ~/temp_crontab
|
|
99
|
96
|
if ! grep -q "gpg --refresh-keys" ~/temp_crontab; then
|
|
100
|
97
|
echo "0 */$REFRESH_GPG_KEYS_HOURS * * * $CURR_USER /usr/bin/gpg --refresh-keys > /dev/null" >> ~/temp_crontab
|
|
101
|
98
|
sudo cp ~/temp_crontab /etc/crontab
|
|
|
@@ -116,13 +113,10 @@ function configure_ssh_client {
|
|
116
|
113
|
sudo sed -i "s/# HostKeyAlgorithms.*/ HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS/g" /etc/ssh/ssh_config
|
|
117
|
114
|
sudo sed -i "s/# Ciphers.*/ Ciphers $SSH_CIPHERS/g" /etc/ssh/ssh_config
|
|
118
|
115
|
sudo sed -i "s/# MACs.*/ MACs $SSH_MACS/g" /etc/ssh/ssh_config
|
|
|
116
|
+ sudo sed -i "s/HostKeyAlgorithms.*/HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS/g" /etc/ssh/ssh_config
|
|
119
|
117
|
if ! grep -q "HostKeyAlgorithms" /etc/ssh/ssh_config; then
|
|
120
|
118
|
sudo cp /etc/ssh/ssh_config ~/ssh_config
|
|
121
|
|
- if [ ! -f /usr/bin/pacman ]; then
|
|
122
|
|
- sudo chown $CURR_USER:$CURR_USER ~/ssh_config
|
|
123
|
|
- else
|
|
124
|
|
- sudo chown $CURR_USER:users ~/ssh_config
|
|
125
|
|
- fi
|
|
|
119
|
+ sudo chown $CURR_USER:$CURR_GROUP ~/ssh_config
|
|
126
|
120
|
echo " HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS" >> ~/ssh_config
|
|
127
|
121
|
sudo mv ~/ssh_config /etc/ssh/ssh_config
|
|
128
|
122
|
sudo chown root:root /etc/ssh/ssh_config
|
|
|
@@ -130,11 +124,7 @@ function configure_ssh_client {
|
|
130
|
124
|
sudo sed -i "s/Ciphers.*/Ciphers $SSH_CIPHERS/g" /etc/ssh/ssh_config
|
|
131
|
125
|
if ! grep -q "Ciphers " /etc/ssh/ssh_config; then
|
|
132
|
126
|
sudo cp /etc/ssh/ssh_config ~/ssh_config
|
|
133
|
|
- if [ ! -f /usr/bin/pacman ]; then
|
|
134
|
|
- sudo chown $CURR_USER:$CURR_USER ~/ssh_config
|
|
135
|
|
- else
|
|
136
|
|
- sudo chown $CURR_USER:users ~/ssh_config
|
|
137
|
|
- fi
|
|
|
127
|
+ sudo chown $CURR_USER:$CURR_GROUP ~/ssh_config
|
|
138
|
128
|
echo " Ciphers $SSH_CIPHERS" >> ~/ssh_config
|
|
139
|
129
|
sudo mv ~/ssh_config /etc/ssh/ssh_config
|
|
140
|
130
|
sudo chown root:root /etc/ssh/ssh_config
|
|
|
@@ -142,11 +132,7 @@ function configure_ssh_client {
|
|
142
|
132
|
sudo sed -i "s/MACs.*/MACs $SSH_MACS/g" /etc/ssh/ssh_config
|
|
143
|
133
|
if ! grep -q "MACs " /etc/ssh/ssh_config; then
|
|
144
|
134
|
sudo cp /etc/ssh/ssh_config ~/ssh_config
|
|
145
|
|
- if [ ! -f /usr/bin/pacman ]; then
|
|
146
|
|
- sudo chown $CURR_USER:$CURR_USER ~/ssh_config
|
|
147
|
|
- else
|
|
148
|
|
- sudo chown $CURR_USER:users ~/ssh_config
|
|
149
|
|
- fi
|
|
|
135
|
+ sudo chown $CURR_USER:$CURR_GROUP ~/ssh_config
|
|
150
|
136
|
echo " MACs $SSH_MACS" >> ~/ssh_config
|
|
151
|
137
|
sudo mv ~/ssh_config /etc/ssh/ssh_config
|
|
152
|
138
|
sudo chown root:root /etc/ssh/ssh_config
|
Bob Mottram
8 years ago