#!/usr/bin/bash if [ $(/usr/bin/id -u) != 0 ]; then echo "only root can do that"; exit 2; fi #*************************************************************************** # This file is part of the CRYPTO BONE # File : external-cryptobone (installed in /usr/bin) # Version : 1.5 (external cryptobone) # License : BSD # Date : 1 March 2023 # Contact : Please send enquiries and bug-reports to innovation@senderek.ie # # # Copyright (c) 2015-2023 # Ralf Senderek, Ireland. All rights reserved. (https://senderek.ie) # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # 3. All advertising materials mentioning features or use of this software # must display the following acknowledgement: # This product includes software developed by Ralf Senderek. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR # IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES # OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. # IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, # PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; # OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. #**************************************************************************** function get_status { /bin/echo -n "database:" if /bin/ls /usr/lib/cryptobone/ext/database > /dev/null 2> /dev/null;then echo "initialised" else echo "missing" fi /bin/echo -n "firewall:" if /bin/ls /usr/lib/cryptobone/ext/init.d/usefirewall > /dev/null 2>/dev/null ; then echo "restrictive" else echo "system" fi /bin/echo -n "sshdconfig:" if /usr/bin/diff /etc/ssh/sshd_config /usr/lib/cryptobone/ext/init.d/sshd_config-external > /dev/null; then echo "hardened" else echo "system" fi } if [[ $# -ge 1 ]]; then if [[ $1 = "enable" ]]; then /usr/bin/systemctl enable cryptoboneexternd /usr/bin/systemctl start cryptoboneexternd fi if [[ $1 = "disable" ]]; then /usr/bin/systemctl stop cryptoboneexternd /usr/bin/systemctl disable cryptoboneexternd fi if [[ $1 = "usefirewall" ]]; then /usr/bin/touch /usr/lib/cryptobone/ext/init.d/usefirewall /usr/bin/systemctl stop firewalld /usr/lib/cryptobone/ext/firewall red fi if [[ $1 = "restorefirewall" ]]; then /bin/rm -f /usr/lib/cryptobone/ext/init.d/usefirewall /usr/bin/systemctl start firewalld fi if [[ $1 = "hardensshd" ]]; then /usr/bin/systemctl stop sshd if ! diff /usr/lib/cryptobone/ext/init.d/sshd_config-external /etc/ssh/sshd_config >/dev/null ; then /bin/echo "Using the CryptoBone ssh configuration file ..." /bin/cp /etc/ssh/sshd_config /usr/lib/cryptobone/ext/init.d/sshd_config-original /bin/echo "Saving original ssh configuration file ..." /bin/cp /usr/lib/cryptobone/ext/init.d/sshd_config-external /etc/ssh/sshd_config /bin/echo "Overwriting the sshd configuration ..." fi /usr/bin/chmod 600 /etc/ssh/sshd_config /usr/bin/systemctl enable sshd /usr/bin/systemctl start sshd fi if [[ $1 = "restoresshd" ]]; then /usr/bin/systemctl stop sshd /bin/cp /usr/lib/cryptobone/ext/init.d/sshd_config-original /etc/ssh/sshd_config /bin/echo "Original ssh configuration file restored." /usr/bin/chmod 600 /etc/ssh/sshd_config /usr/bin/systemctl start sshd fi if [[ $1 = "installsshd" ]]; then /usr/bin/dnf install openssh-server -y /usr/bin/systemctl enable sshd /usr/bin/systemctl start sshd fi if [[ $1 = "reset" ]]; then /bin/echo "yes" | /usr/lib/cryptobone/ext/reset fi get_status else echo "usage: external-cryptobone [ enable | disable | reset | usefirewall " echo " restorefirewall | hardensshd | restoresshd | installsshd ]" fi exit 0