free
/
freedombone
Bevaka 1
Stjärnmärk 0
Förgrening 0
Kod Ärenden 0 Pull-förfrågningar 0 Släpp 0 Wiki Activity
Bläddra i källkod

Improve cyphersuite update

Bob Mottram 8 år sedan
förälder
d305983982
incheckning
691a815939
1 ändrade filer med 15 tillägg och 26 borttagningar
Delad Vy Visa Diff Statistik
  1. 15
    26
      src/freedombone-sec

+ 15
- 26
src/freedombone-sec Visa fil 

@@ -528,49 +528,32 @@ function create_letsencrypt {
528 528 
 }
529 529
530 530 
 function update_ciphersuite {
531 
-    project_filename=/usr/local/bin/${PROJECT_NAME}
532 
-    if [ ! -f $project_filename ]; then
533 
-        project_filename=/usr/bin/${PROJECT_NAME}
534 
-    fi
535 
-    SSH_FILENAME=${project_filename}-utils-ssh
536 
-    SSL_FILENAME=${project_filename}-utils-web
531 
+    read_config_param SSL_CIPHERS
532 
+    read_config_param SSL_PROTOCOLS
533 
+    read_config_param SSH_CIPHERS
534 
+    read_config_param SSH_MACS
537 535
538 
-    RECOMMENDED_SSL_CIPHERS=$(cat $SSL_FILENAME | grep 'SSL_CIPHERS=' | head -n 1 | awk -F '=' '{print $2}' | awk -F '"' '{print $2}')
539 
-    if [ ! "$RECOMMENDED_SSL_CIPHERS" ]; then
540 
-        return
541 
-    fi
536 
+    RECOMMENDED_SSL_CIPHERS="$SSL_CIPHERS"
542 537 
     if [ ${#RECOMMENDED_SSL_CIPHERS} -lt 5 ]; then
543 538 
         return
544 539 
     fi
545 540
546 
-    RECOMMENDED_SSL_PROTOCOLS=$(cat $SSL_FILENAME | grep 'SSL_PROTOCOLS=' | head -n 1 | awk -F '=' '{print $2}' | awk -F '"' '{print $2}')
547 
-    if [ ! "$RECOMMENDED_SSL_PROTOCOLS" ]; then
548 
-        return
549 
-    fi
541 
+    RECOMMENDED_SSL_PROTOCOLS="$SSL_PROTOCOLS"
550 542 
     if [ ${#RECOMMENDED_SSL_PROTOCOLS} -lt 5 ]; then
551 543 
         return
552 544 
     fi
553 545
554 
-    RECOMMENDED_SSH_CIPHERS=$(cat $SSH_FILENAME | grep 'SSH_CIPHERS=' | head -n 1 | awk -F '=' '{print $2}' | awk -F '"' '{print $2}')
555 
-    if [ ! "$RECOMMENDED_SSH_CIPHERS" ]; then
556 
-        return
557 
-    fi
546 
+    RECOMMENDED_SSH_CIPHERS="$SSH_CIPHERS"
558 547 
     if [ ${#RECOMMENDED_SSH_CIPHERS} -lt 5 ]; then
559 548 
         return
560 549 
     fi
561 550
562 
-    RECOMMENDED_SSH_MACS=$(cat $SSH_FILENAME | grep 'SSH_MACS=' | head -n 1 | awk -F '=' '{print $2}' | awk -F '"' '{print $2}')
563 
-    if [ ! "$RECOMMENDED_SSH_MACS" ]; then
564 
-        return
565 
-    fi
551 
+    RECOMMENDED_SSH_MACS="$SSH_MACS"
566 552 
     if [ ${#RECOMMENDED_SSH_MACS} -lt 5 ]; then
567 553 
         return
568 554 
     fi
569 555
570 
-    RECOMMENDED_SSH_KEX=$(cat $SSH_FILENAME | grep 'SSH_KEX=' | head -n 1 | awk -F '=' '{print $2}' | awk -F '"' '{print $2}')
571 
-    if [ ! "$RECOMMENDED_SSH_KEX" ]; then
572 
-        return
573 
-    fi
556 
+    RECOMMENDED_SSH_KEX="$SSH_KEX"
574 557 
     if [ ${#RECOMMENDED_SSH_KEX} -lt 5 ]; then
575 558 
         return
576 559 
     fi
 
@@ -581,12 +564,18 @@ function update_ciphersuite {
581 564 
         sed -i "s|ssl_ciphers .*|ssl_ciphers '$RECOMMENDED_SSL_CIPHERS';|g" $WEBSITES_DIRECTORY/$file
582 565 
     done
583 566 
     systemctl restart nginx
567 
+    write_config_param "SSL_PROTOCOLS" "$RECOMMENDED_SSL_PROTOCOLS"
568 
+    write_config_param "SSL_CIPHERS" "$RECOMMENDED_SSL_CIPHERS"
584 569
585 570 
     sed -i "s|Ciphers .*|Ciphers $RECOMMENDED_SSH_CIPHERS|g" $SSH_CONFIG
586 571 
     sed -i "s|MACs .*|MACs $RECOMMENDED_SSH_MACS|g" $SSH_CONFIG
587 572 
     sed -i "s|KexAlgorithms .*|KexAlgorithms $RECOMMENDED_SSH_KEX|g" $SSH_CONFIG
588 573 
     systemctl restart ssh
589 574
575 
+    write_config_param "SSH_CIPHERS" "$RECOMMENDED_SSH_CIPHERS"
576 
+    write_config_param "SSH_MACS" "$RECOMMENDED_SSH_MACS"
577 
+    write_config_param "SSH_KEX" "$RECOMMENDED_SSH_KEX"
578 
+
590 579 
     dialog --title $"Update ciphersuite" \
591 580 
            --msgbox $"The ciphersuite has been updated to recommended versions" 6 40
592 581 
     exit 0