|
@@ -129,129 +129,10 @@ fi
|
129
|
129
|
|
130
|
130
|
function any_key {
|
131
|
131
|
echo ''
|
|
132
|
+ # shellcheck disable=SC2034
|
132
|
133
|
read -n1 -rsp $"Press any key to continue..." key
|
133
|
134
|
}
|
134
|
135
|
|
135
|
|
-function any_key_verify {
|
136
|
|
- echo ''
|
137
|
|
- read -n1 -rsp $"Press any key to continue or C to check a hash..." key
|
138
|
|
- if [[ "$key" != 'c' && "$key" != 'C' ]]; then
|
139
|
|
- return
|
140
|
|
- fi
|
141
|
|
-
|
142
|
|
- data=$(mktemp 2>/dev/null)
|
143
|
|
- dialog --title $"Check tripwire hash" \
|
144
|
|
- --backtitle $"Freedombone Control Panel" \
|
145
|
|
- --inputbox $"Paste your tripwire hash below and it will be checked against the current database" 12 60 2>"$data"
|
146
|
|
- sel=$?
|
147
|
|
- case $sel in
|
148
|
|
- 0)
|
149
|
|
- GIVEN_HASH=$(<"$data")
|
150
|
|
- if [ ${#GIVEN_HASH} -gt 8 ]; then
|
151
|
|
- if [[ "$GIVEN_HASH" == *' '* ]]; then
|
152
|
|
- dialog --title $"Check tripwire" \
|
153
|
|
- --msgbox $"\\nThe hash should not contain any spaces" 10 40
|
154
|
|
- else
|
155
|
|
- DBHASH=$(sha512sum "/var/lib/tripwire/${HOSTNAME}.twd" | awk -F ' ' '{print $1}')
|
156
|
|
- if [[ "$DBHASH" == "$GIVEN_HASH" ]]; then
|
157
|
|
- dialog --title $"Check tripwire" \
|
158
|
|
- --msgbox $"\\nSuccess\\n\\nThe hash you gave matches the current tripwire database" 10 40
|
159
|
|
- else
|
160
|
|
- dialog --title $"Check tripwire" \
|
161
|
|
- --msgbox $"\\nFailed\\n\\nThe hash you gave does not match the current tripwire database. This might be because you reset the tripwire, or there could have been an unauthorised modification of the system" 12 50
|
162
|
|
- fi
|
163
|
|
- fi
|
164
|
|
- fi
|
165
|
|
- ;;
|
166
|
|
- esac
|
167
|
|
- rm -f "$data"
|
168
|
|
-}
|
169
|
|
-
|
170
|
|
-function get_app_icann_address {
|
171
|
|
- app_name="$1"
|
172
|
|
- if grep -q "${app_name} domain" "$COMPLETION_FILE"; then
|
173
|
|
- grep "${app_name} domain" "${COMPLETION_FILE}" | head -n 1 | awk -F ':' '{print $2}'
|
174
|
|
- return
|
175
|
|
- else
|
176
|
|
- app_name_upper="$(echo "$app_name" | tr '[:lower:]' '[:upper:]')_DOMAIN_NAME"
|
177
|
|
- if [ "$app_name_upper" ]; then
|
178
|
|
- param_value=$(grep "${app_name_upper}=" "$CONFIGURATION_FILE" | head -n 1 | awk -F '=' '{print $2}')
|
179
|
|
- if [ "${param_value}" ]; then
|
180
|
|
- echo "${param_value}"
|
181
|
|
- return
|
182
|
|
- fi
|
183
|
|
- fi
|
184
|
|
- fi
|
185
|
|
- echo "${DEFAULT_DOMAIN_NAME}"
|
186
|
|
-}
|
187
|
|
-
|
188
|
|
-function passwords_select_user {
|
189
|
|
- SELECTED_USERNAME=
|
190
|
|
-
|
191
|
|
- # shellcheck disable=SC2207
|
192
|
|
- users_array=($(ls /home))
|
193
|
|
-
|
194
|
|
- delete=(git)
|
195
|
|
- # shellcheck disable=SC2068
|
196
|
|
- for del in ${delete[@]}
|
197
|
|
- do
|
198
|
|
- # shellcheck disable=SC2206
|
199
|
|
- users_array=(${users_array[@]/$del})
|
200
|
|
- done
|
201
|
|
-
|
202
|
|
- i=0
|
203
|
|
- W=()
|
204
|
|
- name=()
|
205
|
|
- # shellcheck disable=SC2068
|
206
|
|
- for u in ${users_array[@]}
|
207
|
|
- do
|
208
|
|
- if [[ $(is_valid_user "$u") == "1" ]]; then
|
209
|
|
- i=$((i+1))
|
210
|
|
- W+=("$i" "$u")
|
211
|
|
- name+=("$u")
|
212
|
|
- fi
|
213
|
|
- done
|
214
|
|
-
|
215
|
|
- if [ $i -eq 1 ]; then
|
216
|
|
- SELECTED_USERNAME="${name[0]}"
|
217
|
|
- else
|
218
|
|
- # shellcheck disable=SC2068
|
219
|
|
- user_index=$(dialog --backtitle $"Freedombone Control Panel" --title $"Select User" --menu $"Select one of the following:" 24 40 17 ${W[@]} 3>&2 2>&1 1>&3)
|
220
|
|
-
|
221
|
|
- # shellcheck disable=SC2181
|
222
|
|
- if [ $? -eq 0 ]; then
|
223
|
|
- SELECTED_USERNAME="${name[$((user_index-1))]}"
|
224
|
|
- fi
|
225
|
|
- fi
|
226
|
|
-}
|
227
|
|
-
|
228
|
|
-function passwords_show_apps {
|
229
|
|
- SELECTED_APP=
|
230
|
|
- i=0
|
231
|
|
- W=()
|
232
|
|
- name=()
|
233
|
|
- # shellcheck disable=SC2068
|
234
|
|
- for a in ${APPS_AVAILABLE[@]}
|
235
|
|
- do
|
236
|
|
- if [[ $(function_exists "change_password_${a}") == "1" ]]; then
|
237
|
|
- i=$((i+1))
|
238
|
|
- W+=("$i" "$a")
|
239
|
|
- name+=("$a")
|
240
|
|
- fi
|
241
|
|
- done
|
242
|
|
- i=$((i+1))
|
243
|
|
- W+=("$i" "mariadb")
|
244
|
|
- name+=("mariadb")
|
245
|
|
-
|
246
|
|
- # shellcheck disable=SC2068
|
247
|
|
- selected_app_index=$(dialog --backtitle $"Freedombone Control Panel" --title $"Select App" --menu $"Select one of the following:" 24 40 17 ${W[@]} 3>&2 2>&1 1>&3)
|
248
|
|
-
|
249
|
|
- # shellcheck disable=SC2181
|
250
|
|
- if [ $? -eq 0 ]; then
|
251
|
|
- SELECTED_APP="${name[$((selected_app_index-1))]}"
|
252
|
|
- fi
|
253
|
|
-}
|
254
|
|
-
|
255
|
136
|
function reset_password_tries {
|
256
|
137
|
passwords_select_user
|
257
|
138
|
if [ ! "$SELECTED_USERNAME" ]; then
|
|
@@ -262,67 +143,6 @@ function reset_password_tries {
|
262
|
143
|
--msgbox $"Password tries have been reset for $SELECTED_USERNAME" 6 60
|
263
|
144
|
}
|
264
|
145
|
|
265
|
|
-function view_or_change_passwords {
|
266
|
|
- passwords_select_user
|
267
|
|
- if [ ! "$SELECTED_USERNAME" ]; then
|
268
|
|
- return
|
269
|
|
- fi
|
270
|
|
- detect_installed_apps
|
271
|
|
- passwords_show_apps
|
272
|
|
- if [ ! "$SELECTED_APP" ]; then
|
273
|
|
- return
|
274
|
|
- fi
|
275
|
|
-
|
276
|
|
- CURR_PASSWORD=$("${PROJECT_NAME}-pass" -u "${SELECTED_USERNAME}" -a "${SELECTED_APP}")
|
277
|
|
-
|
278
|
|
- icann_address=$(get_app_icann_address "${SELECTED_APP}")
|
279
|
|
- onion_address=$(get_app_onion_address "${SELECTED_APP}")
|
280
|
|
-
|
281
|
|
- titlestr=$"View or Change Password"
|
282
|
|
- if [ ${#onion_address} -gt 0 ]; then
|
283
|
|
- viewstr=$"${SELECTED_APP} password for ${SELECTED_USERNAME} on $icann_address or $onion_address\\n\\nCopy or change it if you wish."
|
284
|
|
- else
|
285
|
|
- viewstr=$"${SELECTED_APP} password for ${SELECTED_USERNAME} on $icann_address\\n\\nCopy or change it if you wish."
|
286
|
|
- fi
|
287
|
|
-
|
288
|
|
- if [ -f /root/.nostore ]; then
|
289
|
|
- titlestr=$"Change Password"
|
290
|
|
- if [ ${#onion_address} -gt 0 ]; then
|
291
|
|
- viewstr=$"Change the ${SELECTED_APP} password for ${SELECTED_USERNAME} on $icann_address or $onion_address."
|
292
|
|
- else
|
293
|
|
- viewstr=$"Change the ${SELECTED_APP} password for ${SELECTED_USERNAME} on $icann_address."
|
294
|
|
- fi
|
295
|
|
- fi
|
296
|
|
-
|
297
|
|
- if [[ "${SELECTED_APP}" == 'mariadb' ]]; then
|
298
|
|
- CURR_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
|
299
|
|
- dialog --title $"MariaDB database password" \
|
300
|
|
- --msgbox "\\n ${CURR_PASSWORD}" 7 40
|
301
|
|
- return
|
302
|
|
- fi
|
303
|
|
-
|
304
|
|
- data=$(mktemp 2>/dev/null)
|
305
|
|
- dialog --title "$titlestr" \
|
306
|
|
- --backtitle $"Freedombone Control Panel" \
|
307
|
|
- --inputbox "$viewstr" 12 75 "$CURR_PASSWORD" 2>"$data"
|
308
|
|
- sel=$?
|
309
|
|
- case $sel in
|
310
|
|
- 0)
|
311
|
|
- CURR_PASSWORD=$(<"$data")
|
312
|
|
- if [ ${#CURR_PASSWORD} -gt 8 ]; then
|
313
|
|
- "${PROJECT_NAME}-pass" -u "${SELECTED_USERNAME}" -a "${SELECTED_APP}" -p "${CURR_PASSWORD}"
|
314
|
|
- "change_password_${SELECTED_APP}" "${SELECTED_USERNAME}" "${CURR_PASSWORD}"
|
315
|
|
- dialog --title $"Change password" \
|
316
|
|
- --msgbox $"The password was changed" 6 40
|
317
|
|
- else
|
318
|
|
- dialog --title $"Change password" \
|
319
|
|
- --msgbox $"The password given must be at least 8 characters" 6 40
|
320
|
|
- fi
|
321
|
|
- ;;
|
322
|
|
- esac
|
323
|
|
- rm -f "$data"
|
324
|
|
-}
|
325
|
|
-
|
326
|
146
|
function check_for_updates {
|
327
|
147
|
if [ ! -f "/etc/cron.weekly/$UPGRADE_SCRIPT_NAME" ]; then
|
328
|
148
|
dialog --title $"Check for updates" \
|
|
@@ -383,34 +203,59 @@ function pad_string {
|
383
|
203
|
echo -n -e "$1" | sed -e :a -e 's/^.\{1,25\}$/& /;ta'
|
384
|
204
|
}
|
385
|
205
|
|
|
206
|
+function show_tor_bridges {
|
|
207
|
+ if ! grep -q "#BridgeRelay" /etc/tor/torrc; then
|
|
208
|
+ if grep -q "BridgeRelay 1" /etc/tor/torrc; then
|
|
209
|
+ read_config_param 'TOR_BRIDGE_PORT'
|
|
210
|
+ read_config_param 'TOR_BRIDGE_NICKNAME'
|
|
211
|
+ if [ ${#TOR_BRIDGE_NICKNAME} -gt 0 ]; then
|
|
212
|
+ W+=($"Your Tor Bridge" "$(get_ipv4_address):${TOR_BRIDGE_PORT} ${TOR_BRIDGE_NICKNAME}")
|
|
213
|
+ fi
|
|
214
|
+ fi
|
|
215
|
+ fi
|
|
216
|
+ bridges_list=$(grep "Bridge " /etc/tor/torrc | grep -v '##')
|
|
217
|
+ if [ ${#bridges_list} -gt 0 ]; then
|
|
218
|
+ for i in "${bridges_list[@]}"
|
|
219
|
+ do
|
|
220
|
+ bridgestr=$(i//Bridge /)
|
|
221
|
+ W+=($"Tor Bridge" "$bridgestr")
|
|
222
|
+ done
|
|
223
|
+ fi
|
|
224
|
+}
|
|
225
|
+
|
386
|
226
|
function show_domains {
|
387
|
227
|
read_config_param "DEFAULT_DOMAIN_NAME"
|
388
|
228
|
|
389
|
|
- echo 'Domains'
|
390
|
|
- echo '======='
|
391
|
|
- echo ''
|
392
|
|
- echo -n -e "$(pad_string 'Name')"
|
393
|
|
- echo -n -e "$(pad_string 'ICANN')"
|
394
|
|
- echo -n -e "$(pad_string 'Tor')"
|
395
|
|
- echo ''
|
396
|
|
- echo '--------------------------------------------------------------------------'
|
|
229
|
+ W=()
|
|
230
|
+
|
|
231
|
+ W+=("IPv4" "$(get_ipv4_address) / $(get_external_ipv4_address)")
|
|
232
|
+ ipv6_address="$(get_ipv6_address)"
|
|
233
|
+ if [ ${#ipv6_address} -gt 0 ]; then
|
|
234
|
+ W+=("IPv6" "${ipv6_address}")
|
|
235
|
+ fi
|
|
236
|
+
|
|
237
|
+
|
397
|
238
|
if grep -q "ssh onion domain" "$COMPLETION_FILE"; then
|
398
|
|
- echo -n -e "$(pad_string 'ssh')"
|
399
|
|
- echo -n -e "$(pad_string "${DEFAULT_DOMAIN_NAME}")"
|
400
|
|
- grep 'ssh onion domain' "${COMPLETION_FILE}" | awk -F ':' '{print $2}'
|
|
239
|
+ domain_onion=$(grep 'ssh onion domain' "${COMPLETION_FILE}" | awk -F ':' '{print $2}')
|
|
240
|
+ W+=("ssh" "${DEFAULT_DOMAIN_NAME} / ${domain_onion}")
|
401
|
241
|
fi
|
402
|
242
|
if grep -q "email onion domain" "$COMPLETION_FILE"; then
|
403
|
|
- echo -n -e "$(pad_string 'Email')"
|
404
|
|
- echo -n -e "$(pad_string "${DEFAULT_DOMAIN_NAME}")"
|
405
|
|
- grep 'email onion domain' "${COMPLETION_FILE}" | awk -F ':' '{print $2}'
|
|
243
|
+ domain_onion=$(grep 'email onion domain' "${COMPLETION_FILE}" | awk -F ':' '{print $2}')
|
|
244
|
+ W+=("Email" "${DEFAULT_DOMAIN_NAME} / ${domain_onion}")
|
406
|
245
|
fi
|
407
|
246
|
if grep -q "sks onion domain" "$COMPLETION_FILE"; then
|
408
|
247
|
read_config_param "KEYSERVER_DOMAIN_NAME"
|
409
|
|
- echo -n -e "$(pad_string 'SKS')"
|
410
|
|
- echo -n -e "$(pad_string "${KEYSERVER_DOMAIN_NAME}")"
|
411
|
|
- grep 'sks onion domain' "${COMPLETION_FILE}" | awk -F ':' '{print $2}'
|
|
248
|
+ domain_onion=$(grep 'sks onion domain' "${COMPLETION_FILE}" | awk -F ':' '{print $2}')
|
|
249
|
+ W+=("SKS" "${KEYSERVER_DOMAIN_NAME} / ${domain_onion}")
|
412
|
250
|
fi
|
413
|
251
|
|
|
252
|
+ INTRODUCER_FILENAME=/home/tahoelafs/data/private/introducer.furl
|
|
253
|
+ if [ -f $INTRODUCER_FILENAME ]; then
|
|
254
|
+ W+=("Tahoe-LAFS" "$(cat $INTRODUCER_FILENAME)")
|
|
255
|
+ fi
|
|
256
|
+
|
|
257
|
+ show_tor_bridges
|
|
258
|
+
|
414
|
259
|
# shellcheck disable=SC2068
|
415
|
260
|
for app_name in ${APPS_INSTALLED_NAMES[@]}
|
416
|
261
|
do
|
|
@@ -446,36 +291,43 @@ function show_domains {
|
446
|
291
|
onion_address="-"
|
447
|
292
|
fi
|
448
|
293
|
|
449
|
|
- echo -n -e "$(pad_string "${app_name}")"
|
450
|
|
- echo -n -e "$(pad_string "${icann_address}")"
|
451
|
|
- echo "${onion_address}"
|
|
294
|
+ if [[ "${icann_address}" != '-' ]]; then
|
|
295
|
+ if [[ "${onion_address}" != '-' ]]; then
|
|
296
|
+ W+=("${app_name}" "${icann_address} / ${onion_address}")
|
|
297
|
+ else
|
|
298
|
+ W+=("${app_name}" "${icann_address}")
|
|
299
|
+ fi
|
|
300
|
+ else
|
|
301
|
+ W+=("${app_name}" "${onion_address}")
|
|
302
|
+ fi
|
452
|
303
|
|
453
|
304
|
if grep -q "mobile${app_name} onion domain" "$COMPLETION_FILE"; then
|
454
|
305
|
onion_address=$(get_app_onion_address "${app_name}" "mobile")
|
455
|
|
- echo -n -e "$(pad_string "${app_name} (mobile)")"
|
456
|
|
- echo -n -e "$(pad_string "${icann_address}")"
|
457
|
|
- echo "${onion_address}"
|
|
306
|
+ if [[ "${icann_address}" != '-' ]]; then
|
|
307
|
+ W+=("${app_name} (mobile)" "${icann_address} / ${onion_address}")
|
|
308
|
+ else
|
|
309
|
+ W+=("${app_name} (mobile)" "${onion_address}")
|
|
310
|
+ fi
|
458
|
311
|
fi
|
459
|
312
|
fi
|
460
|
313
|
done
|
461
|
314
|
|
462
|
315
|
if grep -q "rss reader domain" "$COMPLETION_FILE"; then
|
463
|
316
|
if [ -d /var/lib/tor/hidden_service_ttrss ]; then
|
464
|
|
- echo -n -e "$(pad_string 'RSS reader')"
|
465
|
|
- RSSDOM='-'
|
466
|
|
- echo -n -e "$(pad_string ${RSSDOM})"
|
467
|
|
- echo -n "$(cat /var/lib/tor/hidden_service_ttrss/hostname)"
|
468
|
|
- echo ''
|
|
317
|
+ domain_onion=$(cat /var/lib/tor/hidden_service_ttrss/hostname)
|
|
318
|
+ W+=("RSS Reader" "${domain_onion}")
|
469
|
319
|
fi
|
470
|
320
|
if [ -d /var/lib/tor/hidden_service_mobilerss ]; then
|
471
|
|
- echo -n -e "$(pad_string 'RSS mobile')"
|
472
|
|
- RSSMOBILEDOM='-'
|
473
|
|
- echo -n -e "$(pad_string ${RSSMOBILEDOM})"
|
474
|
|
- echo -n "$(cat /var/lib/tor/hidden_service_mobilerss/hostname)"
|
475
|
|
- echo ''
|
|
321
|
+ domain_onion=$(cat /var/lib/tor/hidden_service_mobilerss/hostname)
|
|
322
|
+ W+=("RSS mobile" "${domain_onion}")
|
476
|
323
|
fi
|
477
|
324
|
fi
|
478
|
|
- echo ''
|
|
325
|
+
|
|
326
|
+ width=$(tput cols)
|
|
327
|
+ height=$(tput lines)
|
|
328
|
+
|
|
329
|
+ # shellcheck disable=SC2068
|
|
330
|
+ dialog --backtitle $"Freedombone Control Panel" --title $"Domains" --menu $"Use Shift+cursors to select and copy onion addresses" $((height-4)) $((width-4)) $((height-4)) "${W[@]}" 3>&2 2>&1 1>&3
|
479
|
331
|
}
|
480
|
332
|
|
481
|
333
|
function show_users {
|
|
@@ -525,34 +377,6 @@ function show_ip_addresses {
|
525
|
377
|
echo ''
|
526
|
378
|
}
|
527
|
379
|
|
528
|
|
-function show_tor_bridges {
|
529
|
|
- bridges_list=$(grep "Bridge " /etc/tor/torrc | grep -v '##')
|
530
|
|
- if [ ${#bridges_list} -gt 0 ]; then
|
531
|
|
- echo $'Tor Bridges'
|
532
|
|
- echo '==========='
|
533
|
|
- echo ''
|
534
|
|
- echo "${bridges_list}"
|
535
|
|
- echo ''
|
536
|
|
- echo ''
|
537
|
|
- fi
|
538
|
|
- if ! grep -q "#BridgeRelay" /etc/tor/torrc; then
|
539
|
|
- if grep -q "BridgeRelay 1" /etc/tor/torrc; then
|
540
|
|
- read_config_param 'TOR_BRIDGE_PORT'
|
541
|
|
- read_config_param 'TOR_BRIDGE_NICKNAME'
|
542
|
|
- if [ ${#TOR_BRIDGE_NICKNAME} -gt 0 ]; then
|
543
|
|
- echo "Tor bridge on this system"
|
544
|
|
- echo '========================='
|
545
|
|
- echo ''
|
546
|
|
- echo "IP Address: $(get_ipv4_address)"
|
547
|
|
- echo "Port: ${TOR_BRIDGE_PORT}"
|
548
|
|
- echo "Nickname: ${TOR_BRIDGE_NICKNAME}"
|
549
|
|
- echo ''
|
550
|
|
- echo ''
|
551
|
|
- fi
|
552
|
|
- fi
|
553
|
|
- fi
|
554
|
|
-}
|
555
|
|
-
|
556
|
380
|
function show_ssh_public_key {
|
557
|
381
|
echo $'SSH Public Keys'
|
558
|
382
|
echo '==============='
|
|
@@ -562,33 +386,18 @@ function show_ssh_public_key {
|
562
|
386
|
echo ''
|
563
|
387
|
}
|
564
|
388
|
|
565
|
|
-function show_tahoelafs_introducer {
|
566
|
|
- INTRODUCER_FILENAME=/home/tahoelafs/data/private/introducer.furl
|
567
|
|
- if [ ! -f $INTRODUCER_FILENAME ]; then
|
568
|
|
- return
|
569
|
|
- fi
|
570
|
|
- echo $'Tahoe-LAFS introducer'
|
571
|
|
- echo '====================='
|
572
|
|
- echo ''
|
573
|
|
- cat $INTRODUCER_FILENAME
|
574
|
|
- echo ''
|
575
|
|
- echo ''
|
576
|
|
-}
|
577
|
|
-
|
578
|
389
|
function show_about {
|
579
|
390
|
detect_apps
|
580
|
391
|
get_apps_installed_names
|
581
|
392
|
|
582
|
|
- clear
|
583
|
|
- echo "==== ${PROJECT_NAME} version ${VERSION} ($DEBIAN_VERSION) ===="
|
584
|
|
- echo ''
|
585
|
|
- show_ip_addresses
|
586
|
|
- show_tor_bridges
|
587
|
|
- show_ssh_public_key
|
|
393
|
+ #clear
|
|
394
|
+ #echo "==== ${PROJECT_NAME} version ${VERSION} ($DEBIAN_VERSION) ===="
|
|
395
|
+ #echo ''
|
|
396
|
+ #show_ip_addresses
|
|
397
|
+ #show_ssh_public_key
|
588
|
398
|
show_domains
|
589
|
|
- show_tahoelafs
|
590
|
|
- show_users
|
591
|
|
- any_key
|
|
399
|
+ #show_users
|
|
400
|
+ #any_key
|
592
|
401
|
}
|
593
|
402
|
|
594
|
403
|
function select_user {
|
|
@@ -1265,30 +1074,6 @@ function restore_data_remote {
|
1265
|
1074
|
rm -f "$data"
|
1266
|
1075
|
}
|
1267
|
1076
|
|
1268
|
|
-function ping_enable_disable {
|
1269
|
|
- ping_str=$"\\nDo you want to enable other systems to ping this machine?\\n\\nPing may be useful for diagnostic purposes, but for added security you may not want to enable it."
|
1270
|
|
- enable_ping="no"
|
1271
|
|
- dialog --title $"Enable Ping / ICMP" \
|
1272
|
|
- --backtitle $"Freedombone Control Panel" \
|
1273
|
|
- --defaultno \
|
1274
|
|
- --yesno "$ping_str" 10 60
|
1275
|
|
- sel=$?
|
1276
|
|
- case $sel in
|
1277
|
|
- 0) enable_ping="yes";;
|
1278
|
|
- 255) return;;
|
1279
|
|
- esac
|
1280
|
|
-
|
1281
|
|
- if [[ $enable_ping == "yes" ]]; then
|
1282
|
|
- iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
|
1283
|
|
- iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
|
1284
|
|
- echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_all
|
1285
|
|
- else
|
1286
|
|
- iptables -D INPUT -p icmp --icmp-type echo-request -j ACCEPT
|
1287
|
|
- iptables -D OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
|
1288
|
|
- echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
|
1289
|
|
- fi
|
1290
|
|
-}
|
1291
|
|
-
|
1292
|
1077
|
function logging_on_off {
|
1293
|
1078
|
logging="no"
|
1294
|
1079
|
dialog --title $"Logging" \
|
|
@@ -1326,82 +1111,6 @@ function restore_gpg_key {
|
1326
|
1111
|
|
1327
|
1112
|
function security_settings {
|
1328
|
1113
|
"${PROJECT_NAME}-sec"
|
1329
|
|
- any_key
|
1330
|
|
-}
|
1331
|
|
-
|
1332
|
|
-function show_tripwire_verification_code {
|
1333
|
|
- if [ ! -f "/var/lib/tripwire/${HOSTNAME}.twd" ]; then
|
1334
|
|
- return
|
1335
|
|
- fi
|
1336
|
|
- clear
|
1337
|
|
- echo ''
|
1338
|
|
- echo $'Tripwire Verification Code'
|
1339
|
|
- echo ''
|
1340
|
|
- DBHASH=$(sha512sum "/var/lib/tripwire/${HOSTNAME}.twd")
|
1341
|
|
- echo -n "$DBHASH" | qrencode -t UTF8
|
1342
|
|
- echo ''
|
1343
|
|
- echo "$DBHASH"
|
1344
|
|
- echo ''
|
1345
|
|
-}
|
1346
|
|
-
|
1347
|
|
-function reset_tripwire {
|
1348
|
|
- if [ ! -f /usr/bin/reset-tripwire ]; then
|
1349
|
|
- echo $'Missing /usr/bin/reset-tripwire'
|
1350
|
|
- any_key
|
1351
|
|
- return
|
1352
|
|
- fi
|
1353
|
|
- if [ ! -f "/etc/tripwire/${HOSTNAME}-local.key" ]; then
|
1354
|
|
- if [ -f "/etc/tripwire/${PROJECT_NAME}-local.key" ]; then
|
1355
|
|
- # shellcheck disable=SC2086
|
1356
|
|
- mv /etc/tripwire/${PROJECT_NAME}-local.key /etc/tripwire/${HOSTNAME}-local.key
|
1357
|
|
- # shellcheck disable=SC2086
|
1358
|
|
- mv /etc/tripwire/${PROJECT_NAME}-site.key /etc/tripwire/${HOSTNAME}-site.key
|
1359
|
|
- else
|
1360
|
|
- echo $'Error: missing local key'
|
1361
|
|
- any_key
|
1362
|
|
- return
|
1363
|
|
- fi
|
1364
|
|
- fi
|
1365
|
|
- clear
|
1366
|
|
- echo $'Turing off logging...'
|
1367
|
|
- "${PROJECT_NAME}-logging" off
|
1368
|
|
- echo $'Locking down permissions...'
|
1369
|
|
- lockdown_permissions
|
1370
|
|
- echo $'Creating configuration...'
|
1371
|
|
- echo '
|
1372
|
|
-
|
1373
|
|
- ' | twadmin --create-cfgfile -S "/etc/tripwire/${HOSTNAME}-site.key" /etc/tripwire/twcfg.txt
|
1374
|
|
- echo $'Resetting policy...'
|
1375
|
|
- echo '
|
1376
|
|
-
|
1377
|
|
- ' | twadmin --create-polfile -S "/etc/tripwire/${HOSTNAME}-site.key" /etc/tripwire/twpol.txt
|
1378
|
|
- echo $'Creating tripwire database'
|
1379
|
|
- echo '
|
1380
|
|
-
|
1381
|
|
-' | tripwire --init --cfgfile /etc/tripwire/tw.cfg --polfile /etc/tripwire/tw.pol --dbfile "/var/lib/tripwire/${HOSTNAME}.twd"
|
1382
|
|
- echo $'Resetting the Tripwire...'
|
1383
|
|
- echo ''
|
1384
|
|
- echo '
|
1385
|
|
-
|
1386
|
|
- ' | reset-tripwire
|
1387
|
|
- echo ''
|
1388
|
|
-
|
1389
|
|
- # Sometimes nginx fails to restart if matrix is installed
|
1390
|
|
- # Restart matrix first
|
1391
|
|
- if [ -d /etc/matrix ]; then
|
1392
|
|
- systemctl restart matrix
|
1393
|
|
- systemctl restart nginx
|
1394
|
|
- fi
|
1395
|
|
-
|
1396
|
|
- if [ -f "/var/lib/tripwire/${HOSTNAME}.twd" ]; then
|
1397
|
|
- show_tripwire_verification_code
|
1398
|
|
- echo $'Tripwire is now reset. Take a note of the above hash, or record'
|
1399
|
|
- echo $'the QR code using a mobile device. This will enable you to independently'
|
1400
|
|
- echo $'verify the integrity of the tripwire.'
|
1401
|
|
- else
|
1402
|
|
- echo $'ERROR: tripwire database was not created'
|
1403
|
|
- fi
|
1404
|
|
- any_key
|
1405
|
1114
|
}
|
1406
|
1115
|
|
1407
|
1116
|
function format_drive {
|
|
@@ -1775,19 +1484,6 @@ function reinstall_mariadb {
|
1775
|
1484
|
--msgbox $"MariaDB has been reinstalled" 6 40
|
1776
|
1485
|
}
|
1777
|
1486
|
|
1778
|
|
-function show_firewall {
|
1779
|
|
- clear
|
1780
|
|
- echo $"Firewall Settings"
|
1781
|
|
- echo ''
|
1782
|
|
- while read -r line; do
|
1783
|
|
- firewall_name=$(echo "$line" | awk -F '=' '{print $1}')
|
1784
|
|
- firewall_port=$(echo "$line" | awk -F '=' '{print $2}')
|
1785
|
|
- echo -n -e "$(pad_string "${firewall_name}")"
|
1786
|
|
- echo "${firewall_port}"
|
1787
|
|
- done < "$FIREWALL_CONFIG"
|
1788
|
|
- any_key
|
1789
|
|
-}
|
1790
|
|
-
|
1791
|
1487
|
function email_extra_domains {
|
1792
|
1488
|
email_hostnames=$(grep "dc_other_hostnames" /etc/exim4/update-exim4.conf.conf | awk -F "'" '{print $2}')
|
1793
|
1489
|
|
|
@@ -2198,7 +1894,7 @@ function menu_wifi {
|
2198
|
1894
|
function menu_app_settings {
|
2199
|
1895
|
detect_installable_apps
|
2200
|
1896
|
|
2201
|
|
- applist=""
|
|
1897
|
+ W=()
|
2202
|
1898
|
appnames=()
|
2203
|
1899
|
n=1
|
2204
|
1900
|
app_index=0
|
|
@@ -2207,7 +1903,7 @@ function menu_app_settings {
|
2207
|
1903
|
do
|
2208
|
1904
|
if [[ ${APPS_INSTALLED[$app_index]} != "0" ]]; then
|
2209
|
1905
|
if [[ $(function_exists "configure_interactive_${a}") == "1" ]]; then
|
2210
|
|
- applist="$applist $n $a off"
|
|
1906
|
+ W+=("$n" "$a")
|
2211
|
1907
|
n=$((n+1))
|
2212
|
1908
|
appnames+=("$a")
|
2213
|
1909
|
fi
|
|
@@ -2217,23 +1913,18 @@ function menu_app_settings {
|
2217
|
1913
|
if [ $n -le 1 ]; then
|
2218
|
1914
|
return
|
2219
|
1915
|
fi
|
2220
|
|
- backstr=$'Exit'
|
2221
|
|
- applist="$applist $n $backstr on"
|
2222
|
|
- appnames+=("Exit")
|
2223
|
1916
|
|
2224
|
1917
|
# shellcheck disable=SC2086
|
2225
|
|
- choice=$(dialog --stdout --backtitle $"Freedombone" \
|
|
1918
|
+ choice=$(dialog --backtitle $"Freedombone" \
|
2226
|
1919
|
--title $"Change settings for an App" \
|
2227
|
|
- --radiolist $'Choose:' \
|
2228
|
|
- 26 40 30 $applist)
|
|
1920
|
+ --menu $'Choose:' \
|
|
1921
|
+ 26 40 30 "${W[@]}" 3>&2 2>&1 1>&3)
|
2229
|
1922
|
|
2230
|
1923
|
# shellcheck disable=SC2181
|
2231
|
|
- if [ $? -eq 0 ]; then
|
|
1924
|
+ if [ "$choice" ]; then
|
2232
|
1925
|
app_index=$((choice-1))
|
2233
|
1926
|
chosen_app=${appnames[$app_index]}
|
2234
|
|
- if [[ $chosen_app != "Exit" ]]; then
|
2235
|
|
- "configure_interactive_${chosen_app}"
|
2236
|
|
- fi
|
|
1927
|
+ "configure_interactive_${chosen_app}"
|
2237
|
1928
|
fi
|
2238
|
1929
|
}
|
2239
|
1930
|
|
|
@@ -2241,29 +1932,24 @@ function menu_top_level {
|
2241
|
1932
|
while true
|
2242
|
1933
|
do
|
2243
|
1934
|
W=(1 $"About this system"
|
2244
|
|
- 2 $"Passwords"
|
2245
|
|
- 3 $"Backup and Restore"
|
2246
|
|
- 4 $"Show Firewall"
|
2247
|
|
- 5 $"Verify Tripwire Code"
|
2248
|
|
- 6 $"Reset Tripwire"
|
2249
|
|
- 7 $"App Settings"
|
2250
|
|
- 8 $"Add/Remove Apps"
|
2251
|
|
- 9 $"Logging on/off"
|
2252
|
|
- 10 $"Ping enable/disable"
|
2253
|
|
- 11 $"Manage Users"
|
2254
|
|
- 12 $"Email Menu"
|
2255
|
|
- 13 $"Domain or User Blocking"
|
2256
|
|
- 14 $"Security Settings"
|
2257
|
|
- 15 $"Change the name of this system"
|
2258
|
|
- 16 $"Set a static local IP address"
|
2259
|
|
- 17 $"Wifi menu"
|
2260
|
|
- 18 $"Add Clacks"
|
2261
|
|
- 19 $"Check for updates"
|
2262
|
|
- 20 $"Power off the system"
|
2263
|
|
- 21 $"Restart the system")
|
|
1935
|
+ 2 $"Backup and Restore"
|
|
1936
|
+ 3 $"App Settings"
|
|
1937
|
+ 4 $"Add/Remove Apps"
|
|
1938
|
+ 5 $"Logging on/off"
|
|
1939
|
+ 6 $"Manage Users"
|
|
1940
|
+ 7 $"Email Menu"
|
|
1941
|
+ 8 $"Domain or User Blocking"
|
|
1942
|
+ 9 $"Security Settings"
|
|
1943
|
+ 10 $"Change the name of this system"
|
|
1944
|
+ 11 $"Set a static local IP address"
|
|
1945
|
+ 12 $"Wifi menu"
|
|
1946
|
+ 13 $"Add Clacks"
|
|
1947
|
+ 14 $"Check for updates"
|
|
1948
|
+ 15 $"Power off the system"
|
|
1949
|
+ 16 $"Restart the system")
|
2264
|
1950
|
|
2265
|
1951
|
# shellcheck disable=SC2068
|
2266
|
|
- selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Administrator Control Panel" --menu $"Choose an operation, or ESC to exit:" 28 60 28 "${W[@]}" 3>&2 2>&1 1>&3)
|
|
1952
|
+ selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Administrator Control Panel" --menu $"Choose an operation, or ESC to exit:" 24 60 24 "${W[@]}" 3>&2 2>&1 1>&3)
|
2267
|
1953
|
|
2268
|
1954
|
if [ ! "$selection" ]; then
|
2269
|
1955
|
break
|
|
@@ -2273,30 +1959,24 @@ function menu_top_level {
|
2273
|
1959
|
|
2274
|
1960
|
case $selection in
|
2275
|
1961
|
1) show_about;;
|
2276
|
|
- 2) view_or_change_passwords;;
|
2277
|
|
- 3) menu_backup_restore;;
|
2278
|
|
- 4) show_firewall;;
|
2279
|
|
- 5) show_tripwire_verification_code
|
2280
|
|
- any_key_verify;;
|
2281
|
|
- 6) reset_tripwire;;
|
2282
|
|
- 7) menu_app_settings;;
|
2283
|
|
- 8) if ! /usr/local/bin/addremove; then
|
|
1962
|
+ 2) menu_backup_restore;;
|
|
1963
|
+ 3) menu_app_settings;;
|
|
1964
|
+ 4) if ! /usr/local/bin/addremove; then
|
2284
|
1965
|
any_key
|
2285
|
1966
|
fi
|
2286
|
1967
|
;;
|
2287
|
|
- 9) logging_on_off;;
|
2288
|
|
- 10) ping_enable_disable;;
|
2289
|
|
- 11) menu_users;;
|
2290
|
|
- 12) menu_email;;
|
2291
|
|
- 13) domain_blocking;;
|
2292
|
|
- 14) security_settings;;
|
2293
|
|
- 15) change_system_name;;
|
2294
|
|
- 16) set_static_IP;;
|
2295
|
|
- 17) menu_wifi;;
|
2296
|
|
- 18) add_clacks;;
|
2297
|
|
- 19) check_for_updates;;
|
2298
|
|
- 20) shut_down_system;;
|
2299
|
|
- 21) restart_system;;
|
|
1968
|
+ 5) logging_on_off;;
|
|
1969
|
+ 6) menu_users;;
|
|
1970
|
+ 7) menu_email;;
|
|
1971
|
+ 8) domain_blocking;;
|
|
1972
|
+ 9) security_settings;;
|
|
1973
|
+ 10) change_system_name;;
|
|
1974
|
+ 11) set_static_IP;;
|
|
1975
|
+ 12) menu_wifi;;
|
|
1976
|
+ 13) add_clacks;;
|
|
1977
|
+ 14) check_for_updates;;
|
|
1978
|
+ 15) shut_down_system;;
|
|
1979
|
+ 16) restart_system;;
|
2300
|
1980
|
esac
|
2301
|
1981
|
done
|
2302
|
1982
|
}
|