migrate to luks

-- diese und die folgenden Zeilen werden ignoriert --

A    https://svn.systemausfall.org/svn/cryptobox/branches/luks

luks/cbox-tree.d/etc/cryptobox/cryptobox.conf

@@ -0,0 +1,43 @@
+# this file is directly sourced by some bash scripts
+# so there should be no space around the "="
+
+LANGUAGE=de
+NET_IFACE=eth0
+SAMBA_USER=nobody
+SCAN_DEVICES="/dev/hda /dev/hdb /dev/hdc /dev/hde /dev/hdf /dev/hdg /dev/scd0 /dev/scd1 /dev/scd2 /dev/scd3 /dev/sg /dev/sda /dev/sdb /dev/sdc /dev/sdd"
+
+# directories
+LANGUAGE_DIR=/usr/share/cryptobox/lang
+HTML_TEMPLATE_DIR=/usr/share/cryptobox/templates
+DOC_DIR=/usr/share/doc/cryptobox/html
+CONFIG_DEFAULTS_DIR=/usr/share/cryptobox/defaults
+CONFIG_DIR=/mnt/cb-etc
+CRYPTO_DIR=/mnt/crypto
+
+# some files
+CB_SCRIPT=/usr/lib/cryptobox/cbox-manage.sh
+DEV_FEATURES_SCRIPT=/usr/lib/cryptobox/devel-features.sh
+FIREWALL_SCRIPT=/usr/lib/cryptobox/firewall.sh
+MAKE_CERT_SCRIPT=/usr/lib/cryptobox/make_stunnel_cert.sh
+LOG_FILE=/var/log/cryptobox.log
+CERT_FILE=/mnt/cb-etc/stunnel.pem
+OPENSSL_CONF_FILE=/etc/cryptobox/openssl.cnf
+IDLE_COUNTER_FILE=/tmp/cbox-idle-counter
+
+# crypto settings
+# since 0.2.1 you find the default crypto settings in /usr/share/cryptobox/defaults
+CRYPTMAPPER_DEV=/dev/mapper/cryptobox-data
+
+# some programs
+SFDISK=/sbin/sfdisk
+MKFS_DATA=/sbin/mkfs.ext3
+MKFS_CONFIG=/sbin/mkfs.ext2
+CRYPTSETUP=/sbin/cryptsetup
+IPTABLES=/sbin/iptables
+
+# firewall setings
+# do not use multiports (iptables) as the timeout-script depends on
+# single port rules
+# ssh is allowed too, but the server is not started automatically
+ALLOW_TCP_PORTS="22 80 139 443 445"
+ALLOW_UDP_PORTS="137 138"

luks/cbox-tree.d/etc/cryptobox/openssl.cnf

@@ -0,0 +1,65 @@
+#
+# OpenSSL configuration file.
+#
+
+# Establish working directory.
+
+dir = . 
+
+[ ca ]
+default_ca = CA_default
+
+[ CA_default ]
+default_days = 3650
+default_md = md5
+policy = policy_match
+#serial = $dir/serial
+#database = $dir/index.txt
+#new_certs_dir = $dir/newcert
+#certificate = $dir/cacert.pem
+#private_key = $dir/private/cakey.pem
+#preserve = no
+#email_in_dn = no
+#nameopt = default_ca
+#certopt = default_ca
+
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = match
+commonName = supplied
+emailAddress = optional
+
+[ req ]
+default_bits = 1024 # Size of keys
+default_keyfile = stunnel.pem # name of generated keys
+default_md = md5 # message digest algorithm
+distinguished_name = req_distinguished_name
+
+[ req_distinguished_name ]
+# Variable name   Prompt string
+#----------------------   ----------------------------------
+0.organizationName = Organization Name (company)
+organizationalUnitName = Organizational Unit Name (department, division)
+emailAddress = Email Address
+emailAddress_max = 40
+localityName = Locality Name (city, district)
+stateOrProvinceName = State or Province Name (full name)
+#countryName = Country Name (2 letter code)
+#countryName_min = 2
+#countryName_max = 2
+#commonName = Common Name (hostname, IP, or your name)
+#commonName_max = 64
+
+# Default values for the above, for consistency and less typing.
+# Variable name   Value
+#------------------------------   ------------------------------
+0.organizationName_default = CryptoBox
+organizationalUnitName_default = s.l.
+localityName_default = Kugelmugel
+stateOrProvinceName_default = Metropolis
+emailAddress_default = info@systemausfall.org
+
+
+

luks/cbox-tree.d/etc/cryptobox/revision

@@ -0,0 +1 @@
+$Revision$