Bläddra i källkod

Encrypt incoming email

Bob Mottram 10 år sedan
förälder
incheckning
de21cda292
1 ändrade filer med 43 tillägg och 8 borttagningar
  1. 43
    8
      install-freedombone.sh

+ 43
- 8
install-freedombone.sh Visa fil

@@ -150,6 +150,9 @@ WIKI_SQLITE_ADDON_HASH="930335e647c7e62f3068689c256ee169fad2426b64f8360685d391ec
150 150
 
151 151
 GPG_KEYSERVER="hkp://keys.gnupg.net"
152 152
 
153
+# whether to encrypt all incoming email with your public key
154
+GPG_ENCRYPT_STORED_EMAIL="yes"
155
+
153 156
 # gets set to yes if gpg keys are imported from usb
154 157
 GPG_KEYS_IMPORTED="no"
155 158
 
@@ -1339,6 +1342,37 @@ function configure_gpg {
1339 1342
   echo 'configure_gpg' >> $COMPLETION_FILE
1340 1343
 }
1341 1344
 
1345
+function encrypt_incoming_email {
1346
+  # encrypts incoming mail using your GPG public key
1347
+  # so even if an attacker gains access to the data at rest they still need
1348
+  # to know your GPG key password to be able to read anything
1349
+  if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
1350
+      return
1351
+  fi
1352
+  if grep -Fxq "encrypt_incoming_email" $COMPLETION_FILE; then
1353
+      return
1354
+  fi
1355
+  if [[ $GPG_ENCRYPT_STORED_EMAIL != "yes" ]]; then
1356
+      return
1357
+  fi
1358
+  if [ ! -f /usr/bin/gpgit.pl ]; then
1359
+      apt-get -y --force-yes install git
1360
+      cd $INSTALL_DIR
1361
+      git clone https://github.com/mikecardwell/gpgit
1362
+      cd gpgit
1363
+      cp gpgit.pl /usr/bin
1364
+  fi
1365
+
1366
+  # add a procmail rule
1367
+  if ! grep -q "/usr/bin/gpgit.pl" /home/$MY_USERNAME/.procmailrc; then
1368
+      echo '  :0 f' >> /home/$MY_USERNAME/.procmailrc
1369
+      echo "  | /usr/bin/gpgit.pl $MY_USERNAME@$DOMAIN_NAME" >> /home/$MY_USERNAME/.procmailrc
1370
+      chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc
1371
+  fi
1372
+  echo 'encrypt_incoming_email' >> $COMPLETION_FILE
1373
+}
1374
+
1375
+
1342 1376
 function email_client {
1343 1377
   if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
1344 1378
       return
@@ -3198,7 +3232,7 @@ function create_backup_script {
3198 3232
           echo "  if [ ! -d $USB_MOUNT/backup/owncloud ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
3199 3233
           echo "    mkdir $USB_MOUNT/backup/owncloud" >> /usr/bin/$BACKUP_SCRIPT_NAME
3200 3234
           echo '  fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
3201
-		  echo "  rsyncrypto --ne-nesting=2 --trim=3 -n ~/rr/map -cvr /var/www/$OWNCLOUD_DOMAIN_NAME $USB_MOUNT/backup/owncloud ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$BACKUP_SCRIPT_NAME
3235
+          echo "  rsyncrypto --ne-nesting=2 --trim=3 -n ~/rr/map -cvr /var/www/$OWNCLOUD_DOMAIN_NAME $USB_MOUNT/backup/owncloud ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$BACKUP_SCRIPT_NAME
3202 3236
       fi
3203 3237
   fi
3204 3238
   # prosody
@@ -3214,7 +3248,7 @@ function create_backup_script {
3214 3248
           echo "  if [ ! -d $USB_MOUNT/backup/wiki-blog ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
3215 3249
           echo "    mkdir $USB_MOUNT/backup/wiki-blog" >> /usr/bin/$BACKUP_SCRIPT_NAME
3216 3250
           echo '  fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
3217
-		  echo "  rsyncrypto --ne-nesting=2 --trim=3 -n ~/rr/map -cvr /var/www/$WIKI_DOMAIN_NAME $USB_MOUNT/backup/wiki-blog ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$BACKUP_SCRIPT_NAME
3251
+          echo "  rsyncrypto --ne-nesting=2 --trim=3 -n ~/rr/map -cvr /var/www/$WIKI_DOMAIN_NAME $USB_MOUNT/backup/wiki-blog ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$BACKUP_SCRIPT_NAME
3218 3252
       fi
3219 3253
   fi
3220 3254
   # microblog
@@ -3240,7 +3274,7 @@ function create_backup_script {
3240 3274
       echo "  if [ ! -d $USB_MOUNT/backup/dlna ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
3241 3275
       echo "    mkdir $USB_MOUNT/backup/dlna" >> /usr/bin/$BACKUP_SCRIPT_NAME
3242 3276
       echo '  fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
3243
-	  echo "  rsyncrypto --ne-nesting=2 --trim=3 -n ~/rr/map -cvr /var/cache/minidlna $USB_MOUNT/backup/dlna ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$BACKUP_SCRIPT_NAME
3277
+      echo "  rsyncrypto --ne-nesting=2 --trim=3 -n ~/rr/map -cvr /var/cache/minidlna $USB_MOUNT/backup/dlna ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$BACKUP_SCRIPT_NAME
3244 3278
   fi
3245 3279
   echo 'else' >> /usr/bin/$BACKUP_SCRIPT_NAME
3246 3280
   echo '  echo "Please insert a USB drive to create the backup."' >> /usr/bin/$BACKUP_SCRIPT_NAME
@@ -3286,8 +3320,8 @@ function create_restore_script {
3286 3320
   # email
3287 3321
   if ! [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
3288 3322
       echo "  if [ -d $USB_MOUNT/backup/Maildir ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
3289
-	  echo "    rsyncrypto --trim=${DIR_TRIM} -vrd $USB_MOUNT/backup/Maildir /home/$MY_USERNAME/Maildir ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$RESTORE_SCRIPT_NAME
3290
-	  echo "    rsyncrypto --trim=${DIR_TRIM} -vrd $USB_MOUNT/backup/gpg /home/$MY_USERNAME/.gnupg ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$RESTORE_SCRIPT_NAME
3323
+      echo "    rsyncrypto --trim=${DIR_TRIM} -vrd $USB_MOUNT/backup/Maildir /home/$MY_USERNAME/Maildir ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$RESTORE_SCRIPT_NAME
3324
+      echo "    rsyncrypto --trim=${DIR_TRIM} -vrd $USB_MOUNT/backup/gpg /home/$MY_USERNAME/.gnupg ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$RESTORE_SCRIPT_NAME
3291 3325
       echo "    cp -f $USB_MOUNT/backup/gpg/.muttrc /home/$MY_USERNAME" >> /usr/bin/$RESTORE_SCRIPT_NAME
3292 3326
       echo "    cp -f $USB_MOUNT/backup/gpg/.procmailrc /home/$MY_USERNAME" >> /usr/bin/$RESTORE_SCRIPT_NAME
3293 3327
       echo '  fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
@@ -3314,7 +3348,7 @@ function create_restore_script {
3314 3348
   if ! [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" ]]; then
3315 3349
       if [ $OWNCLOUD_DOMAIN_NAME ]; then
3316 3350
           echo "  if [ -d $USB_MOUNT/backup/owncloud ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
3317
-		  echo "    rsyncrypto --trim=${DIR_TRIM} -vrd $USB_MOUNT/backup/owncloud /var/www/$OWNCLOUD_DOMAIN_NAME ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$RESTORE_SCRIPT_NAME
3351
+          echo "    rsyncrypto --trim=${DIR_TRIM} -vrd $USB_MOUNT/backup/owncloud /var/www/$OWNCLOUD_DOMAIN_NAME ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$RESTORE_SCRIPT_NAME
3318 3352
           echo '  fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
3319 3353
       fi
3320 3354
   fi
@@ -3328,7 +3362,7 @@ function create_restore_script {
3328 3362
   if ! [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" ]]; then
3329 3363
       if [ $WIKI_DOMAIN_NAME ]; then
3330 3364
           echo "  if [ -d $USB_MOUNT/backup/wiki-blog ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
3331
-		  echo "    rsyncrypto --trim=${DIR_TRIM} -vrd $USB_MOUNT/backup/wiki-blog /var/www/$WIKI_DOMAIN_NAME ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$RESTORE_SCRIPT_NAME
3365
+          echo "    rsyncrypto --trim=${DIR_TRIM} -vrd $USB_MOUNT/backup/wiki-blog /var/www/$WIKI_DOMAIN_NAME ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$RESTORE_SCRIPT_NAME
3332 3366
           echo '  fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
3333 3367
       fi
3334 3368
   fi
@@ -3353,7 +3387,7 @@ IPT_NAME
3353 3387
   # dlna
3354 3388
   if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" ]]; then
3355 3389
       echo "  if [ -d $USB_MOUNT/backup/dlna ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
3356
-	  echo "    rsyncrypto --trim=${DIR_TRIM} -vrd $USB_MOUNT/backup/minidlna /var/cache/minidlna ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$RESTORE_SCRIPT_NAME
3390
+      echo "    rsyncrypto --trim=${DIR_TRIM} -vrd $USB_MOUNT/backup/minidlna /var/cache/minidlna ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$RESTORE_SCRIPT_NAME
3357 3391
       echo '  fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
3358 3392
   fi
3359 3393
   echo 'else' >> /usr/bin/$RESTORE_SCRIPT_NAME
@@ -3420,6 +3454,7 @@ configure_email
3420 3454
 #spam_filtering
3421 3455
 configure_imap
3422 3456
 configure_gpg
3457
+encrypt_incoming_email
3423 3458
 email_client
3424 3459
 configure_firewall_for_email
3425 3460
 folders_for_mailing_lists