From 8add03fadb3dc7911f2af8e197d2666d886397f9 Mon Sep 17 00:00:00 2001 From: brent s Date: Tue, 10 Oct 2017 21:09:15 -0400 Subject: [PATCH] need to be able to idempotently only change the config files --- TODO | 9 ++++++++- aif/scripts/post/sshsecure.py | 16 +++++++++++----- 2 files changed, 19 insertions(+), 6 deletions(-) diff --git a/TODO b/TODO index 44049c4..6001ae7 100644 --- a/TODO +++ b/TODO @@ -1,3 +1,10 @@ -git -net/addr needs DNS/PTR/allocation stuff etc. --net/mirroring \ No newline at end of file +-net/mirroring + +-storage, see if we can access lvm and cryptsetup functions via https://github.com/storaged-project/libblockdev/issues/41 +--http://storaged.org/doc/udisks2-api/latest/gdbus-org.freedesktop.UDisks2.MDRaid.html +--http://storaged.org/doc/udisks2-api/latest/gdbus-org.freedesktop.UDisks2.Encrypted.html +--http://mindbending.org/en/python-and-udisks-part-2 +--http://storaged.org/doc/udisks2-api/2.6.5/gdbus-org.freedesktop.UDisks2.Block.html +--https://dbus.freedesktop.org/doc/dbus-python/doc/tutorial.html \ No newline at end of file diff --git a/aif/scripts/post/sshsecure.py b/aif/scripts/post/sshsecure.py index fc4e480..c6c307d 100644 --- a/aif/scripts/post/sshsecure.py +++ b/aif/scripts/post/sshsecure.py @@ -20,8 +20,8 @@ conf_options['sshd'] = {'KexAlgorithms': 'curve25519-sha256@libssh.org,diffie-he 'ChallengeResponseAuthentication': 'no', 'PubkeyAuthentication': 'yes', 'Ciphers': 'chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr', - 'MACs': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,' + - 'umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com'} + 'MACs': ('hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,' + + 'hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com')} # Uncomment if this is further configured #conf_options['sshd']['AllowGroups'] = 'ssh-user' @@ -177,12 +177,18 @@ def clientKeys(user = 'root'): return(pubkeys) def main(): - #Warning: The moduli stuff takes a LONG time to run. Hours. - buildmoduli = True - hostKeys(buildmoduli) + _chkfile = '/etc/ssh/.aif-generated' + if not os.path.isfile(_chkfile): + #Warning: The moduli stuff takes a LONG time to run. Hours. + buildmoduli = True + hostKeys(buildmoduli) for t in ('sshd', 'ssh'): config(conf_options[t], t) clientKeys() + with open(_chkfile, 'w') as f: + f.write(('ssh, sshd, and hostkey configurations/keys have been ' + + 'modified by sshsecure.py from OpTools.\nhttps://git.square-r00t.net/OpTools/\n')) + return() if __name__ == '__main__': main()