prepare new release 0.2.1

2005-10-17 11:59:08 +00:00 · 2005-10-17 11:59:08 +00:00 · 3cad3c5ae8
commit 3cad3c5ae8
parent 3b5a729834
351 changed files with 19614 additions and 0 deletions
--- a/v0.2.1/cbox-tree.d/usr/lib/cryptobox/cbox-manage.sh
+++ b/v0.2.1/cbox-tree.d/usr/lib/cryptobox/cbox-manage.sh
@ -0,0 +1,481 @@
+#!/bin/sh
+#
+# this script does EVERYTHING
+# all other scripts are only frontends :)
+#
+# called by:
+#	- some rc-scripts
+#	- the web frontend cgi
+#
+
+set -eu
+
+# parse config file
+. /etc/cryptobox/cryptobox.conf
+
+## configuration
+CONFIG_MARKER="$CONFIG_DIR/cryptobox.marker"
+CERT_TEMP=/tmp/stunnel.pem
+
+#####
+
+function log_msg()
+{
+	# the log file is not writable during boot - try before writing ...
+	[ -w "$LOG_FILE" ] || return 0
+	echo >>"$LOG_FILE"
+	echo "##### `date` #####" >>"$LOG_FILE"
+	echo "$1" >>"$LOG_FILE"
+}
+
+
+function error_msg()
+# parameters: ExitCode ErrorMessage
+{
+	echo "[`date`] - $2" | tee -a "$LOG_FILE" >&2
+	# print the execution stack - not usable with busybox
+	#caller | sed 's/^/\t/' >&2
+	exit "$1"
+}
+
+
+function initial_checks()
+# Parameter: device
+{
+	local device="$1"
+	[ ! -b "$device" ] && log_msg "blockdevice $device does not exist" && return 1
+	[ ! -x "$WIPE" ] && log_msg "$WIPE not found" && return 1
+	[ ! -x "$SFDISK" ] && log_msg "$SFDISK not found" && return 1
+	for a in $ALGO $HASH
+		do	grep -q "^name *: $a$" /proc/crypto || modprobe "$a"
+			grep -q "^name *: $a$" /proc/crypto || { log_msg "$a is not supported by kernel" && return 1; }
+	  done
+	log_msg "inital checks successful"
+	return 0
+}
+
+
+function create_partitions()
+# Parameter: device
+{
+	local device="$1"
+	# first partition size is 1 sector, second goes til end
+	# sfdisk -n doesn't actually write (for testing purpose)
+	echo -e "0,1,L \n,,L\n" | $SFDISK "$device"
+}
+
+
+function config_set_value()
+# parameters: SettingName SettingValue
+{
+	mount -o rw,remount "$CONFIG_DIR"
+	echo -n "$2" > "$CONFIG_DIR/$1"
+	mount -o ro,remount "$CONFIG_DIR"
+}
+
+
+function config_get_value()
+# parameters: SettingName
+{
+	# use mounted config, if it exists - otherwise use defaults
+	local conf_dir
+	if is_config_mounted
+		then	conf_dir=$CONFIG_DIR
+		else	conf_dir=$CONFIG_DEFAULTS_DIR
+	  fi
+	[ -z "$1" ] && error_msg 1 "empty setting name"
+	[ ! -e "$conf_dir/$1" ] && error_msg 2 "unknown configuration value ($1)"
+	# remove trailing line break
+	echo -n $(cat "$conf_dir/$1")
+}
+
+
+function create_config()
+# Parameter: device
+{
+	local device="${1}1"
+	log_msg "Creating config filesystem ..."
+	# filter output through 'tr' to replace tabs
+	$MKFS_CONFIG "$device" | tr '\010' ' '
+	# mount the config partition rw
+	log_msg "Mounting config partition ..."
+	mount "$device" "$CONFIG_DIR"
+	# create a marker to recognize a cryptobox partition
+	date -I >"$CONFIG_MARKER" 
+	log_msg "Copying configuration defaults ..."
+	cp -a "$CONFIG_DEFAULTS_DIR/." "$CONFIG_DIR"
+
+	log_msg "Copying temporary cerificate file to config filesystem ..."
+	# beware: the temp file should always be there - even after reboot - see "mount_config"
+	cp -p "$CERT_TEMP" "$CERT_FILE"
+
+	log_msg "Setting inital values ..."
+	# beware: config_set_value remounts the config partition read-only
+	config_set_value "device" "$1"
+	config_set_value "ip" "$(get_current_ip)"
+
+	# reinitialise configuration
+	log_msg "Unmounting config partition ..."
+	umount "$CONFIG_DIR"
+	log_msg "Reload configuration ..."
+	mount_config
+}
+
+
+function get_current_ip()
+# not necessarily the same as configured (necessary for validation)
+{
+	# filter the output of ifconfig and remove trailing line break
+	echo -n $(ifconfig $NET_IFACE | grep "inet" | cut -d ":" -f2 | cut -d " " -f1)
+}
+
+
+function create_crypto()
+# Parameter: device
+{
+	local device="$1"
+	# passphrase may be passed via command line
+	$CRYPTSETUP -h "$HASH" -c "$ALGO" create "`basename $CRYPTMAPPER_DEV`" "${device}2"
+}
+
+
+function mkfs_crypto()
+# split from create_crypto to allow background execution via web interface
+{
+	local device=$(find_harddisk)
+
+	# flood the crypto partition with noise
+	# writing to the real partition is faster
+	# TODO: this takes _much_ too long - maybe add a "secure wipe" switch to the interface?
+	#dd if=/dev/urandom of="${device}2" bs=512
+
+	# filter output through 'tr' to replace tabs
+	$MKFS_DATA "$CRYPTMAPPER_DEV" | tr '\0101' ' '
+}
+
+
+function config_mount_test()
+# Parameter: device
+{
+	local device="${1}"
+	local STATUS=0
+	mount "${device}1" "$CONFIG_DIR" &>/dev/null || true
+	is_config_mounted && STATUS=1
+	umount "$CONFIG_DIR" &>/dev/null || true
+	# return code is the result of this expression
+	[ 1 -eq "$STATUS" ] && return 0
+	return 1
+}
+
+
+function is_config_mounted()
+{
+	mount | grep -q " ${CONFIG_DIR} " && [ -f "$CONFIG_MARKER" ]
+}
+
+
+function is_crypto_mounted()
+{
+	mount | grep -q " ${CRYPTO_DIR} "
+}
+
+
+function is_init_running()
+{
+	check_at_command_queue " box-init-bg"
+}
+
+
+# check if a specified command is in an at-queue
+# Parameter: a regular expression of the commandline
+# Return: the command is part of an at-queue (0) or not (1)
+function check_at_command_queue()
+{
+	# 1) get the available job numbers
+	# 2) remove empty lines (especially the last one)
+	# 3) check every associated command for the regexp
+	at -l | cut -f 1 | while read jobnum
+	  do	at -c $jobnum | sed '/^$/d' | tail -1
+	 done | grep -q "$1"
+}
+
+
+function find_harddisk()
+# look for the harddisk to be partitioned
+{
+	local dev=$(
+		if is_config_mounted
+		  then	config_get_value "device"
+		  else	for a in $SCAN_DEVICES
+			do	grep -q " `basename $a`$" /proc/partitions && echo "$a" && break
+			    done
+		fi )
+	[ -z "$dev" ] && echo "no valid partition for initialisation found!" >>"$LOG_FILE"
+	echo -n "$dev"
+}
+
+
+function mount_config()
+{
+	is_config_mounted && error_msg 3 "configuration directory ($CONFIG_DIR) is already mounted!"
+	local device=$(
+	    for a in $SCAN_DEVICES
+		do	log_msg "Trying to load configuration from $a ..."
+			config_mount_test "$a" && echo "$a" && break
+		  done )
+	if [ -n "$device" ] && mount "${device}1" "$CONFIG_DIR"
+		then	log_msg "configuraton found on $device"
+			config_set_value "device" "$device"
+			# copy certificate to /tmp in case of re-initialization
+			# /tmp should be writable, so tmpfs has to be mounted before (/etc/rcS.d)
+			cp "$CERT_FILE" "$CERT_TEMP"
+			return 0
+		else	log_msg "failed to locate harddisk"
+			return 1
+	fi
+}
+
+
+function mount_crypto()
+{
+	is_crypto_mounted && echo "Das Crypto-Dateisystem ist bereits aktiv!" && return
+	local device=`find_harddisk`
+	[ -z "$device" ] && error_msg 4 'no valid harddisk found!'
+	# passphrase is read from stdin
+	log_msg "Mounting crypto partition ..."
+	$CRYPTSETUP -h "$HASH" -c "$ALGO" create "`basename $CRYPTMAPPER_DEV`" "${device}2"
+	if mount "$CRYPTMAPPER_DEV" "$CRYPTO_DIR"
+		then	log_msg "Mount succeded - now starting samba ..."
+			/etc/init.d/samba start
+		else	log_msg "Mount failed - removing dev-mapper ..."
+			dmsetup remove $(basename $CRYPTMAPPER_DEV)
+			return 1
+	fi
+}
+
+
+function umount_crypto()
+{
+	# do not break on error
+	set +e
+	if ps -e | grep -q " [sn]mbd$" 
+		then	log_msg "Stopping samba ..."
+			/etc/init.d/samba stop
+			ps -e | grep -q " smbd$" && killall smbd
+			ps -e | grep -q " nmbd$" && killall nmbd
+			ps -e | grep -q " smbd$" && killall -9 smbd
+			ps -e | grep -q " nmbd$" && killall -9 nmbd
+	  fi
+	if mount | grep -q " $CRYPTO_DIR "
+		then	log_msg "Unmounting crypto partition ..."
+			umount "$CRYPTO_DIR"
+	  fi
+	if [ -e "$CRYPTMAPPER_DEV" ]
+		then	log_msg "Removing dev-mapper ..."
+			$CRYPTSETUP remove $(basename $CRYPTMAPPER_DEV)
+	  fi
+	set -e
+}
+
+		
+function init_cryptobox_part1()
+# this is only the first part of initialisation that takes no time - good for a smooth web interface
+{
+	local device=$(find_harddisk)
+	[ -z "$device" ] && log_msg 'no valid harddisk found!' && return 1
+	(
+		log_msg "Initializing crypto partition on $device ..."
+		umount_crypto || true
+		mount | grep -q " $CONFIG_DIR " && umount "$CONFIG_DIR" || true
+		initial_checks "$device" || return 1
+		create_partitions "$device"
+		create_config "$device"
+	) >>"$LOG_FILE" 2>&1
+	# the output of create_crypto may NOT be redirected - this would prevent cryptsetup from
+	# reading the passphrase from stdin
+	log_msg "Creating the crypto partition ..."
+	create_crypto "$device"
+}
+
+
+function init_cryptobox_part2()
+# some things to be done in the background
+# these are the final steps of initialisation
+# the uid must be changed initially, therfore it needs to be mounted
+{
+	mkfs_crypto
+	mount "$CRYPTMAPPER_DEV" "$CRYPTO_DIR"
+	chown $SAMBA_USER "$CRYPTO_DIR"
+	umount_crypto
+}
+
+
+function init_cryptobox_complete()
+{
+	init_cryptobox_part1
+	init_cryptobox_part2
+}
+
+### main ###
+
+# set PATH because thttpd removes /sbin and /usr/sbin for cgis
+export PATH=/usr/sbin:/usr/bin:/sbin:/bin
+
+
+ACTION=help
+[ $# -gt 0 ] && ACTION="$1"
+
+case "$ACTION" in
+	config-up )
+		if mount_config
+		  then	echo "Cryptobox configuration successfully loaded"
+		  else	error_msg 3 "Could not find a configuration partition!"
+		 fi
+		;;
+	config-down )
+		umount "$CONFIG_DIR" || error_msg 4 "Could not unmount configuration partition"
+		;;
+	network-up )
+		kudzu -s -q --class network
+		conf_ip=$(config_get_value "ip")
+		ifconfig $NET_IFACE "$conf_ip"
+		log_msg "Configured $NET_IFACE for $conf_ip ..."
+		echo "Configured network interface for $NET_IFACE: $conf_ip"
+		log_msg "Starting the firewall ..."
+		"$FIREWALL_SCRIPT" start
+		# start stunnel
+		if [ -f "$CERT_FILE" ] 
+		   then	USE_CERT=$CERT_FILE
+		   else USE_CERT=$CERT_TEMP
+			$MAKE_CERT_SCRIPT "$CERT_TEMP" >>"$LOG_FILE" 2>&1
+		  fi
+		log_msg "Starting stunnel ..."
+		stunnel -p "$USE_CERT" -r localhost:80 -d 443 \
+			|| echo "$USE_CERT not found - not starting stunnel"
+		# this ping allows other hosts to get the IP of
+		# the box, in case of misconfiguration
+		ping -b -c 1 $(ifconfig $NET_IFACE | grep Bcast | cut -d ":" -f 3 | cut -d " " -f 1) &>/dev/null
+		;;
+	network-down )
+		log_msg "Stopping the firewall ..."
+		"$FIREWALL_SCRIPT" stop
+		log_msg "Stopping stunnel ..."
+		killall stunnel
+		log_msg "Shutting the network interface down ..."
+		ifconfig $NET_IFACE down
+		;;
+	services-up )
+		# is something special necessary?
+		;;
+	services-down )
+		/etc/init.d/samba stop
+		/etc/init.d/thttpd stop
+		;;
+	crypto-up )
+		mount_crypto
+		;;
+	crypto-down )
+		umount_crypto
+		;;
+	box-init )
+		# do complete initialization
+		"$0" box-init-fg
+		# the background part will recall itself as an at-command
+		"$0" box-init-bg
+		;;
+	box-init-fg )
+		# only partitioning and configuration
+		# this is nice for the web interface, as it is fast
+		# output redirection does not work, as it prevents cryptsetup from asking
+		# for a password
+		init_cryptobox_part1
+		;;
+	box-init-bg )
+		# do it in the background to provide a smoother web interface
+		# messages and errors get written to $LOG_FILE
+
+		# make sure, that this is always called via 'at':
+		if check_at_command_queue " box-init-bg"
+		  then	init_cryptobox_part2 </dev/null >>"$LOG_FILE" 2>&1
+		  else	echo -n "'$0' box-init-bg" | at now
+		 fi
+		;;
+	is_crypto_mounted )
+		is_crypto_mounted
+		;;
+	is_config_mounted )
+		is_config_mounted
+		;;
+	is_init_running )
+		is_init_running
+		;;
+	is_harddisk_available )
+		[ -z "$(find_harddisk)" ] && exit 1
+		exit 0
+		;;
+	update_ip_address )
+		# reconfigure the network interface to a new IP address
+		# wait for 5 seconds to finish present http requests
+		echo -n "sleep 5; ifconfig $NET_IFACE `config_get_value ip`" | at now
+		;;
+	get_current_ip )
+		get_current_ip
+		;;
+	set_config )
+		[ $# -ne 3 ] && error_msg 7 "'set_config' requires two parameters"
+		config_set_value "$2" "$3"
+		;;
+	get_config )
+		[ $# -ne 2 ] && error_msg 6 "'get_config' requires exactly one parameter"
+		config_get_value "$2"
+		;;
+	diskinfo )
+		$SFDISK -L -q -l `find_harddisk`
+		;;
+	poweroff )
+		is_crypto_mounted && umount_crypto
+		log_msg "Turning off the CryptoBox ..."
+		echo "poweroff" | at now
+		;;
+	reboot )
+		is_crypto_mounted && umount_crypto
+		log_msg "Rebooting the CryptoBox ..."
+		echo "reboot" | at now
+		;;
+	clean )
+		# only for development
+		log_msg "Cleaning the CryptoBox ..."
+		device=$(find_harddisk)
+		$0 crypto-down
+		$0 config-down
+		# TODO: test this!
+		echo -e ";\n;\n;\n;\n" | $SFDISK "$device"
+		;;
+	* )
+		echo "Syntax: `basename $0` ACTION [PARAMS]"
+		echo "  config-up		- scan for configuration partition and mount it"
+		echo "  config-down		- unmount configuration partition"
+		echo "  network-up		- enable network interface"
+		echo "  network-down		- disable network interface"
+		echo "  services-up		- run some cryptobox specific daemons"
+		echo "  services-down		- stop some cryptobox specific daemons"
+		echo "  crypto-up		- mount crypto partition and start samba"
+		echo "  crypto-down		- unmount crypto partition and stop samba"
+		echo "  box-init		- initialize cryptobox (ALL data is LOST)"
+		echo "  box-init-fg		- the first part of initialization"
+		echo "  box-init-bg		- the last part of initialization (background)"
+		echo "  is_crypto_mounted	- check, if crypto partition is mounted"
+		echo "  is_config_mounted	- check, if configuration partition is mounted"
+		echo "  is_init_running	- check, if initialization is ongoing"
+		echo "  is_harddisk_available	- check, if there is a usable harddisk"
+		echo "  get_current_ip	- get the current IP of the network interface"
+		echo "  update_ip_address	- update the network interface after reconfiguration"
+		echo "  set_config NAME VALUE	- change a configuration setting"
+		echo "  get_config NAME	- retrieve a configuration setting"
+		echo "  diskinfo		- show the partition table of the harddisk"
+		echo "  poweroff		- shutdown the cryptobox"
+		echo "  clean		- remove all partitions [only for development]"
+		echo "  reboot		- reboot the cryptobox"
+		echo
+		;;
+  esac
--- a/v0.2.1/cbox-tree.d/usr/lib/cryptobox/check_smb_idle.sh
+++ b/v0.2.1/cbox-tree.d/usr/lib/cryptobox/check_smb_idle.sh
@ -0,0 +1,77 @@
+#!/bin/sh
+#
+# a simple script to check, if there was no smb traffic for the specified
+# number of minutes - then it unmounts the crypto partition
+#
+# you may want to adjust the function "filter_ipt_rules" according to
+# your setup
+#
+# any Parameter are ignored
+# 
+# this script has to run as root - as it invokes iptables
+#
+# the iptables rules to detect smb traffic could look like the following:
+#   iptables -A INPUT -i eth0 -p udp --dport 138 -j ACCEPT
+#   iptables -A INPUT -i eth0 -p tcp --dport 139 -j ACCEPT
+#
+# called by:
+#	- cron (/etc/cron.d/cryptobox)
+#
+
+set -eu
+
+# parse config file
+. /etc/cryptobox/cryptobox.conf
+
+
+############# some functions ##################
+
+filter_ipt_rules()
+# get the input rules for smb datagram traffic
+{
+	"$IPTABLES" -L INPUT -vnx | grep -E "udp dpt:138|tcp dpt:139"
+}
+
+
+function check_for_traffic()
+{
+	local traffic_yes=0
+	# fallback if no rules were found
+	# extract the number of packets and calculate the sum
+	filter_ipt_rules | sed 's/  */ /g' | cut -d " " -f 3 | while read a
+		do	[ "$a" -gt 0 ] && echo "$a"
+	  done | grep -q "" && traffic_yes=1
+	"$IPTABLES" -Z INPUT
+	[ "$traffic_yes" = "1" ]
+}
+
+
+################### main ######################
+
+# break, if crypto partition is not mounted
+"$CB_SCRIPT" is_crypto_mounted || exit 0
+
+# break, if idle timer is turned off
+MAX_IDLE_COUNTER=$("$CB_SCRIPT" get_config timeout)
+[ "$MAX_IDLE_COUNTER" -eq 0 ] && exit 0
+
+# config test
+[ -z "$(filter_ipt_rules)" ] && echo "[`basename $0`]: Could not find a matching iptables rule!" >>"$LOG_FILE" && exit 1
+
+# read current idle counter
+if [ -e "$IDLE_COUNTER_FILE" ]
+	then	current_count=$(<$IDLE_COUNTER_FILE)
+	else	current_count=0
+  fi
+
+# update counter
+if check_for_traffic
+  then	echo 0
+  else	echo $((current_count + 1))
+ fi >"$IDLE_COUNTER_FILE"
+
+# unmount crypto partition, if the threshold was reached
+if [ "$(<$IDLE_COUNTER_FILE)" -ge "$MAX_IDLE_COUNTER" ]
+	then	"$CB_SCRIPT" crypto-down >>"$LOG_FILE" 2>&1
+		echo "0" >"$IDLE_COUNTER_FILE"
+  fi
--- a/v0.2.1/cbox-tree.d/usr/lib/cryptobox/chroot-start.sh
+++ b/v0.2.1/cbox-tree.d/usr/lib/cryptobox/chroot-start.sh
@ -0,0 +1,47 @@
+#!/bin/sh
+#
+# FOR DEVELOPMENT ONLY!
+#
+# this script is used to prepare a chroot session for testing or configuring
+#
+# called by:
+#	- cbox-build.sh
+#
+# parameter: [commandline]
+#
+# if "commandline" is empty, "bash" will be used
+
+set -eu
+
+MNT_SRC=/opt/dfsruntime/runtimerd
+MNT_DST=/opt/dfsruntime/runtimemnt
+# the directory /tmp/ can not be used, as it is still a broken link, too
+TMP_DIR="/tmp-`basename $0`-$$"
+
+
+cp -a "$MNT_SRC/." "$TMP_DIR"
+mount -n --bind "$TMP_DIR" "$MNT_DST"
+
+[ ! -e /dev/null ] && mknod "/dev/null" c 1 3 && chmod 666 "/dev/null"
+[ ! -e /dev/urandom ] && mknod "/dev/urandom" c 1 9 && chmod 444 "/dev/urandom"
+[ ! -e /dev/console ] && mknod "/dev/console" c 1 5 && chmod 660 "/dev/console"
+
+# remember, if proc was mounted before (e.g. because of a running chroot)
+PROC_WAS_MOUNTED=no
+mount -n -t proc proc /proc 2>/dev/null || PROC_WAS_MOUNTED=yes
+
+# default language setting - prevents dpkg error messages
+export LANG=C
+
+# set default terminal (good if you are running in a screen session)
+export TERM=linux
+
+# execute parameters as commandline
+if [ $# -gt 0 ]
+	then	"$@"
+	else	bash
+  fi
+
+umount -n "$MNT_DST"
+[ "$PROC_WAS_MOUNTED" = "no" ] && umount -n proc
+rm -r "$TMP_DIR"
--- a/v0.2.1/cbox-tree.d/usr/lib/cryptobox/configure-cryptobox.sh
+++ b/v0.2.1/cbox-tree.d/usr/lib/cryptobox/configure-cryptobox.sh
@ -0,0 +1,120 @@
+#!/bin/sh
+#
+# this script is part of the building process of the cryptobox
+# the "normal" action is necessary for every cryptobox (development & release)
+# the "secure" action is mandatory for every release CD
+#
+# called by:
+#	- cbox-build.sh after copying custom files and before creating the iso image
+#
+
+set -eu
+
+# parse config file
+. /etc/cryptobox/cryptobox.conf
+
+RUNTIMEDIR=/opt/dfsruntime/runtimerd
+TUNDEV=$RUNTIMEDIR/dev/net/tun
+
+SECURITY_REMOVE_PACKAGES="ssh strace unzip tar zip wget nvi nano gzip curl bzip2 aptitude tasksel elinks vim vim-common"
+DEVEL_REMOVE_PACKAGES="exim4-daemon-light exim4-config exim4-base netkit-inetd telnet ppp pppconfig pppoe pppoeconf"
+
+# remove rc symlinks for these services
+SERVICES_OFF="ssh samba setserial nviboot mountnfs ntpdate"
+
+function configure_normal()
+# the usual stuff - not optimized for security
+{
+	# set default runlevel to 3
+	sed -i 's/^id:2:initdefault/id:3:initdefault/' /etc/inittab
+	
+	######### devices ##########
+	# create tun device for running under qemu
+	if [ ! -e "$TUNDEV" ]
+		then	mkdir -p `dirname "$TUNDEV"`
+			mknod "$TUNDEV" c 10 200
+	  fi
+
+	######### thttpd ###########
+	# change thttpd's config from 'chroot' to 'nochroot' - otherwise no perl script will run
+	sed -i "s/^chroot$/nochroot/" /etc/thttpd/thttpd.conf
+	# change thttpd-user from www-data to root (permissions for mount, cryptsetup, ...)
+	sed -i "s/^user=.*/user=root/" /etc/thttpd/thttpd.conf
+
+	# the thttpd documentations says "nosymlinkcheck" instead of
+	# "nosymlink" - TODO: "nosymlink" breaks "/cryptobox" URL!!!
+	#sed -i "/symlink/d" /etc/thttpd/thttpd.conf
+	#echo "nosymlink" >>/etc/thttpd/thttpd.conf
+
+	########## sshd ############
+	if [ -e "/etc/ssh" ]; then
+	    # allow empty passwords for ssh
+	    #  the daemon is NOT started automatically, so you have to start it
+	    #  manually in case of need - as the root pw is empty and passwd is ro, you
+	    #  have to allow empty passwords for this rare case
+	    sed -i 's/^PermitEmptyPass.*$/PermitEmptyPasswords yes/' /etc/ssh/sshd_config
+	    # turn off PAM for ssh, as it prevents the use of empty passwords (stange behaviour)
+	    sed -i 's/^UsePAM.*$/UsePAM no/' /etc/ssh/sshd_config
+	    # allow nput of password
+	    sed -i 's/^PasswordAuthentication.*$/PasswordAuthentication yes/' /etc/ssh/sshd_config
+	  fi
+
+	# remove unnecessary packages - return true, if no packages were
+	# removed
+	dpkg --force-all -P $DEVEL_REMOVE_PACKAGES 2>&1 | grep -v "which isn't installed." || true
+
+	# remove symlinks for unwanted services
+	for a in $SERVICES_OFF; do
+	  # echo "Turning off service $a ..."
+	  find /etc/rc?.d/ -type l -name "[SK][0-9][0-9]$a" | while read b
+	    do	rm "$b"
+	   done
+	 done
+
+	# remove deb-files, that were left by dfsbuild
+	test -d /opt/packages && rm -r /opt/packages
+
+	return 0
+}
+
+
+function configure_secure()
+# remove everything that could weaken security
+# configure_normal should be called too!
+{
+	# disable keyboard login
+	sed -i '/getty/d' /etc/inittab
+	
+	# remove unnecessary packages
+	dpkg --force-all -P $SECURITY_REMOVE_PACKAGES 2>&1 | grep -v "which isn't installed." || true
+
+	# remove the development features script
+	[ -e "$DEV_FEATURES_SCRIPT" ] && rm -f "$DEV_FEATURES_SCRIPT"
+
+	# maybe an authorized_keys file was created - but it is not dangerous,
+	# as the openssh package was removed anyway
+	[ -d /root/.ssh ] && rm -rf /root/.ssh
+
+	return 0
+}
+
+
+################ main ####################
+
+
+ACTION=help
+[ $# -gt 0 ] && ACTION=$1
+
+case "$ACTION" in
+	normal )
+		configure_normal
+		;;
+	secure )
+		configure_secure
+		;;
+	* )
+		echo "Syntax: `basename $0` { normal | secure }"
+		echo
+		;;
+  esac
+
--- a/v0.2.1/cbox-tree.d/usr/lib/cryptobox/devel-features.sh
+++ b/v0.2.1/cbox-tree.d/usr/lib/cryptobox/devel-features.sh
@ -0,0 +1,70 @@
+#!/bin/sh
+#
+# this script is part of the boot process of a developer's cryptobox
+#
+# it should really NEVER be found on a release CD
+# 
+# called by:
+#	- /etc/rc2.d/S99cb-devel-features
+#
+
+set -eu
+
+# parse config file
+. /etc/cryptobox/cryptobox.conf
+
+MIRROR_DIR=/tmp/mirror
+MIRROR_ORIG_DIR=/tmp/mirror.orig
+WRITE_DIRS="/usr/share/cryptobox /var/www /usr/lib/cryptobox"
+
+ACTION="--help"
+[ $# -gt 0 ] && ACTION="$1"
+
+case "$ACTION" in
+	start )
+		# copy cryptobox files to tmpfs
+		for a in $WRITE_DIRS
+			do	mkdir -p "$MIRROR_DIR/$a"
+				cp -a "$a/." "$MIRROR_DIR/$a"
+				mount --bind "$MIRROR_DIR/$a" "$a"
+		  done
+		$0 set_diff_base
+
+		# thttpd needs to be restarted to reopen its files
+		/etc/init.d/thttpd restart
+
+		# start ssh daemon
+		[ -x /etc/init.d/ssh ] && /etc/init.d/ssh start
+		;;
+	set_diff_base )
+		# the present content of the tmpfs mirror get copied to
+		# MIRROR_ORIG_DIR for later diffs
+		# whenever you merged a diff, you should call this function
+		[ -e "$MIRROR_ORIG_DIR" ] && rm -rf "$MIRROR_ORIG_DIR"
+		cp -a "$MIRROR_DIR" "$MIRROR_ORIG_DIR"
+		;;
+	diff )
+		cd "`dirname \"$MIRROR_ORIG_DIR\"`" 
+		# diff and remove "binary files differ"-warnings (vi-swap-files)
+		# ignore generated reports
+		# ignore cryptobox.pl and index.html, as those are the same as
+		# /var/www/cryptobox (symbilic links)
+		# replace the link name (/var/www/cryptobox) by its destination
+		# UGLY!
+		diff -ruN --exclude=report --exclude=cryptobox.pl --exclude=index.html "`basename \"$MIRROR_ORIG_DIR\"`" "`basename \"$MIRROR_DIR\"`" | grep -v "^Binary files" | sed 's#/var/www/cryptobox\t#/var/www/cgi-bin/cryptobox.pl\t#'
+		;;
+	stop )
+		[ -x /etc/init.d/ssh ] && /etc/init.d/ssh stop
+		for a in $WRITE_DIRS
+			do	umount "$MIRROR_DIR/$a"
+		  done
+		rm -rf "$MIRROR_DIR"
+		;;
+	restart )
+		$0 stop
+		$0 start
+		;;
+	* )
+		echo "Syntax: `basename $0` { start | stop | restart }"
+		;;
+  esac
--- a/v0.2.1/cbox-tree.d/usr/lib/cryptobox/firewall.sh
+++ b/v0.2.1/cbox-tree.d/usr/lib/cryptobox/firewall.sh
@ -0,0 +1,55 @@
+#!/bin/sh
+#
+# set up the firewall of the cryptobox
+#
+# called by:
+#	- cbox-manage.sh during network-up
+#
+
+set -u
+
+# parse config file
+. /etc/cryptobox/cryptobox.conf
+
+
+ACTION="help"
+[ $# -gt 0 ] && ACTION=$1
+
+case "$ACTION" in 
+	start)
+		iptables -P INPUT DROP
+		iptables -P FORWARD DROP
+		iptables -P OUTPUT ACCEPT
+
+		OFILE=/proc/sys/net/ipv4/tcp_syncookies
+		[ -e "$OFILE" ] && echo 1 >"$OFILE"
+
+		iptables -F
+		iptables -X 
+		iptables -Z
+
+		iptables -A INPUT -i lo -j ACCEPT
+
+		for a in $ALLOW_TCP_PORTS
+		    do	iptables -A INPUT -i $NET_IFACE -p tcp --dport $a -j ACCEPT
+		  done
+		
+		for a in $ALLOW_UDP_PORTS
+		    do	iptables -A INPUT -i $NET_IFACE -p udp --dport $a -j ACCEPT
+		  done
+		
+		iptables -A INPUT -i $NET_IFACE -p icmp -j ACCEPT
+	;;
+	stop)
+		iptables -P INPUT ACCEPT
+		iptables -P FORWARD ACCEPT
+		iptables -P OUTPUT ACCEPT
+		iptables -F
+		iptables -X 
+		iptables -Z
+	;;
+	*)
+		echo "usage $0 start | stop"
+	;;
+esac
+
--- a/v0.2.1/cbox-tree.d/usr/lib/cryptobox/make_stunnel_cert.sh
+++ b/v0.2.1/cbox-tree.d/usr/lib/cryptobox/make_stunnel_cert.sh
@ -0,0 +1,35 @@
+#!/bin/sh
+#
+# this script creates the stunnel certificate for https
+#
+# parameter: "destination file"
+#
+# called by:
+#	- cbox-manage.sh during network-up if no certificate was found on the config partition
+#
+
+set -eu
+
+# parse config file
+. /etc/cryptobox/cryptobox.conf
+
+
+## vcert values are in openssl.conf
+CERTFILE="$1"
+TMP_FILE=/tmp/cryptobox-cert.tmp
+
+[ ! -f "$OPENSSL_CONF_FILE" ] && echo "`basename $0`: $OPENSSL_CONF_FILE not found" && exit 2
+# this command creates the certificate
+# this is required, because the certbuilding asks for 5 returns
+echo -ne "\n\n\n\n\n" | openssl req -new -x509 -nodes -days 3650 -config "$OPENSSL_CONF_FILE" -out "$CERTFILE" -keyout "$CERTFILE"
+chmod 600 "$CERTFILE"
+
+# next step needs a lot of randomdata
+dd if=/dev/urandom of="$TMP_FILE" bs=1024 count=1024
+openssl dhparam -rand "$TMP_FILE" 512 >> "$CERTFILE"
+rm "$TMP_FILE"
+
+#ln -sf ${CERTPATH}stunnel.pem ${CERTPATH}`openssl x509 -noout -hash < "${CERTPATH}stunnel.pem"`.0
+
+## print out cert values
+#openssl x509 -subject -dates -fingerprint -in stunnel.pem