need to be able to idempotently only change the config files

This commit is contained in:
brent s 2017-10-10 21:09:15 -04:00
parent f904052111
commit 8add03fadb
2 changed files with 19 additions and 6 deletions

9
TODO
View File

@ -1,3 +1,10 @@
-git -git
-net/addr needs DNS/PTR/allocation stuff etc. -net/addr needs DNS/PTR/allocation stuff etc.
-net/mirroring -net/mirroring

-storage, see if we can access lvm and cryptsetup functions via https://github.com/storaged-project/libblockdev/issues/41
--http://storaged.org/doc/udisks2-api/latest/gdbus-org.freedesktop.UDisks2.MDRaid.html
--http://storaged.org/doc/udisks2-api/latest/gdbus-org.freedesktop.UDisks2.Encrypted.html
--http://mindbending.org/en/python-and-udisks-part-2
--http://storaged.org/doc/udisks2-api/2.6.5/gdbus-org.freedesktop.UDisks2.Block.html
--https://dbus.freedesktop.org/doc/dbus-python/doc/tutorial.html

View File

@ -20,8 +20,8 @@ conf_options['sshd'] = {'KexAlgorithms': 'curve25519-sha256@libssh.org,diffie-he
'ChallengeResponseAuthentication': 'no', 'ChallengeResponseAuthentication': 'no',
'PubkeyAuthentication': 'yes', 'PubkeyAuthentication': 'yes',
'Ciphers': 'chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr', 'Ciphers': 'chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr',
'MACs': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,' + 'MACs': ('hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,' +
'umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com'} 'hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com')}
# Uncomment if this is further configured # Uncomment if this is further configured
#conf_options['sshd']['AllowGroups'] = 'ssh-user' #conf_options['sshd']['AllowGroups'] = 'ssh-user'


@ -177,12 +177,18 @@ def clientKeys(user = 'root'):
return(pubkeys) return(pubkeys)
def main(): def main():
#Warning: The moduli stuff takes a LONG time to run. Hours. _chkfile = '/etc/ssh/.aif-generated'
buildmoduli = True if not os.path.isfile(_chkfile):
hostKeys(buildmoduli) #Warning: The moduli stuff takes a LONG time to run. Hours.
buildmoduli = True
hostKeys(buildmoduli)
for t in ('sshd', 'ssh'): for t in ('sshd', 'ssh'):
config(conf_options[t], t) config(conf_options[t], t)
clientKeys() clientKeys()
with open(_chkfile, 'w') as f:
f.write(('ssh, sshd, and hostkey configurations/keys have been ' +
'modified by sshsecure.py from OpTools.\nhttps://git.square-r00t.net/OpTools/\n'))
return()


if __name__ == '__main__': if __name__ == '__main__':
main() main()