commit
f14351710c
160 changed files with 4781 additions and 0 deletions
@ -0,0 +1,45 @@
|
||||
# this file is directly sourced by some bash scripts |
||||
# so there should be no space around the "=" |
||||
|
||||
LANGUAGE=de |
||||
NET_IFACE=eth0 |
||||
SAMBA_USER=nobody |
||||
SCAN_DEVICES="/dev/hda /dev/hdb /dev/hdc /dev/hde /dev/hdf /dev/hdg /dev/scd0 /dev/scd1 /dev/scd2 /dev/scd3" |
||||
|
||||
# directories |
||||
LANGUAGE_DIR=/usr/share/cryptobox/lang |
||||
TEMPLATE_DIR=/usr/share/cryptobox/templates |
||||
DOC_DIR=/usr/share/doc/cryptobox/html |
||||
CONFIG_DEFAULTS_DIR=/usr/share/cryptobox/defaults |
||||
REPORT_DIR=/var/www/report |
||||
CONFIG_DIR=/mnt/cb-etc |
||||
CRYPTO_DIR=/mnt/crypto |
||||
TEST_CASES_DIR=/usr/share/cryptobox/test-cases |
||||
SUMMARY_TEMPLATE_DIR=/usr/share/cryptobox/templates/test-summary |
||||
|
||||
# some files |
||||
CB_SCRIPT=/scripts/cryptobox.sh |
||||
VALIDATE_SCRIPT=/usr/lib/cryptobox/validate.sh |
||||
LOG_FILE=/var/log/cryptobox.log |
||||
DEVELOPMENT_MARKER=/DEVELOPMENT_CRYPTOBOX |
||||
CERT_FILE=/mnt/cb-etc/stunnel.pem |
||||
OPENSSL_CONF_FILE=/etc/cryptobox/openssl.cnf |
||||
|
||||
# crypto settings |
||||
HASH=sha512 |
||||
ALGO=aes |
||||
CRYPTMAPPER_DEV=/dev/mapper/cryptobox-data |
||||
|
||||
# some programs |
||||
SFDISK=/sbin/sfdisk |
||||
WIPE=/usr/bin/wipe |
||||
MKFS_DATA=/sbin/mkfs.ext3 |
||||
MKFS_CONFIG=/sbin/mkfs.ext2 |
||||
CRYPTSETUP=/sbin/cryptsetup |
||||
|
||||
# firewall setings |
||||
# do not use multiports (iptables) as the timeout-script depends on |
||||
# single port rules |
||||
# ssh is allowed too, but the server is not started automatically |
||||
ALLOW_TCP_PORTS="22 80 139 443 445" |
||||
ALLOW_UDP_PORTS="137 138" |
@ -0,0 +1,65 @@
|
||||
# |
||||
# OpenSSL configuration file. |
||||
# |
||||
|
||||
# Establish working directory. |
||||
|
||||
dir = . |
||||
|
||||
[ ca ] |
||||
default_ca = CA_default |
||||
|
||||
[ CA_default ] |
||||
default_days = 3650 |
||||
default_md = md5 |
||||
policy = policy_match |
||||
#serial = $dir/serial |
||||
#database = $dir/index.txt |
||||
#new_certs_dir = $dir/newcert |
||||
#certificate = $dir/cacert.pem |
||||
#private_key = $dir/private/cakey.pem |
||||
#preserve = no |
||||
#email_in_dn = no |
||||
#nameopt = default_ca |
||||
#certopt = default_ca |
||||
|
||||
[ policy_match ] |
||||
countryName = match |
||||
stateOrProvinceName = match |
||||
organizationName = match |
||||
organizationalUnitName = match |
||||
commonName = supplied |
||||
emailAddress = optional |
||||
|
||||
[ req ] |
||||
default_bits = 1024 # Size of keys |
||||
default_keyfile = stunnel.pem # name of generated keys |
||||
default_md = md5 # message digest algorithm |
||||
distinguished_name = req_distinguished_name |
||||
|
||||
[ req_distinguished_name ] |
||||
# Variable name Prompt string |
||||
#---------------------- ---------------------------------- |
||||
0.organizationName = Organization Name (company) |
||||
organizationalUnitName = Organizational Unit Name (department, division) |
||||
emailAddress = Email Address |
||||
emailAddress_max = 40 |
||||
localityName = Locality Name (city, district) |
||||
stateOrProvinceName = State or Province Name (full name) |
||||
#countryName = Country Name (2 letter code) |
||||
#countryName_min = 2 |
||||
#countryName_max = 2 |
||||
#commonName = Common Name (hostname, IP, or your name) |
||||
#commonName_max = 64 |
||||
|
||||
# Default values for the above, for consistency and less typing. |
||||
# Variable name Value |
||||
#------------------------------ ------------------------------ |
||||
0.organizationName_default = CryptoBox |
||||
organizationalUnitName_default = s.l. |
||||
localityName_default = Kugelmugel |
||||
stateOrProvinceName_default = Metropolis |
||||
emailAddress_default = info@systemausfall.org |
||||
|
||||
|
||||
|
@ -0,0 +1,22 @@
|
||||
#!/bin/sh |
||||
|
||||
set -eu |
||||
|
||||
ACTION=help |
||||
[ $# -gt 0 ] && ACTION="$1" |
||||
|
||||
case "$ACTION" in |
||||
start ) |
||||
/scripts/cryptobox.sh services-up |
||||
;; |
||||
stop ) |
||||
/scripts/cryptobox.sh services-down |
||||
;; |
||||
restart ) |
||||
$0 stop |
||||
$0 start |
||||
;; |
||||
* ) |
||||
echo "Syntax: `basename $0` { start | stop | restart }" |
||||
;; |
||||
esac |
@ -0,0 +1,25 @@
|
||||
#!/bin/sh |
||||
# |
||||
# this script looks for the file /DEVELOPMENT_CRYPTOBOX |
||||
# if it exists, the script $DEVEL_SCRIPT be executed - this is |
||||
# ONLY FOR DEVELOPMENT CDs! |
||||
# for production CD the file /DEVELOPMENT_CRYPTOBOX should never exist! |
||||
# |
||||
|
||||
set -eu |
||||
|
||||
MARKER=/DEVELOPMENT_CRYPTOBOX |
||||
|
||||
# return, if it does not exist |
||||
[ ! -e "$MARKER" ] && exit 0 |
||||
|
||||
echo |
||||
echo "#---------------------------------------------------------------#" |
||||
echo "| WARNING: developers features are enabled |" |
||||
echo "| This definitely should NOT happen for production CDs! |" |
||||
echo "| If you are not a developer, then this CD is DANGEROUS, as it |" |
||||
echo "| offers no security at all! |" |
||||
echo "#---------------------------------------------------------------#" |
||||
echo |
||||
|
||||
/scripts/devel-features.sh "$@" |
@ -0,0 +1,23 @@
|
||||
#!/bin/sh |
||||
|
||||
set -eu |
||||
|
||||
ACTION=help |
||||
[ $# -gt 0 ] && ACTION="$1" |
||||
|
||||
case "$ACTION" in |
||||
start ) |
||||
/scripts/cryptobox.sh config-up |
||||
;; |
||||
stop ) |
||||
/scripts/cryptobox.sh config-down |
||||
;; |
||||
restart ) |
||||
$0 stop |
||||
$0 start |
||||
;; |
||||
* ) |
||||
echo "Syntax: `basename $0` { start | stop | restart }" |
||||
echo |
||||
;; |
||||
esac |
@ -0,0 +1,23 @@
|
||||
#!/bin/sh |
||||
|
||||
set -eu |
||||
|
||||
ACTION=help |
||||
[ $# -gt 0 ] && ACTION="$1" |
||||
|
||||
case "$ACTION" in |
||||
start ) |
||||
/scripts/cryptobox.sh network-up |
||||
;; |
||||
stop ) |
||||
/scripts/cryptobox.sh network-down |
||||
;; |
||||
restart ) |
||||
$0 stop |
||||
$0 start |
||||
;; |
||||
* ) |
||||
echo "Syntax: `basename $0` { start | stop | restart }" |
||||
echo |
||||
;; |
||||
esac |
@ -0,0 +1,237 @@
|
||||
# |
||||
# Sample configuration file for the Samba suite for Debian GNU/Linux. |
||||
# |
||||
# |
||||
# This is the main Samba configuration file. You should read the |
||||
# smb.conf(5) manual page in order to understand the options listed |
||||
# here. Samba has a huge number of configurable options most of which |
||||
# are not shown in this example |
||||
# |
||||
# Any line which starts with a ; (semi-colon) or a # (hash) |
||||
# is a comment and is ignored. In this example we will use a # |
||||
# for commentary and a ; for parts of the config file that you |
||||
# may wish to enable |
||||
# |
||||
# NOTE: Whenever you modify this file you should run the command |
||||
# "testparm" to check that you have not many any basic syntactic |
||||
# errors. |
||||
# |
||||
|
||||
#======================= Global Settings ======================= |
||||
|
||||
[global] |
||||
|
||||
## Browsing/Identification ### |
||||
|
||||
# Change this to the workgroup/NT-domain name your Samba server will part of |
||||
workgroup = CryptoBoxGroup |
||||
|
||||
# server string is the equivalent of the NT Description field |
||||
server string = %h cryptobox (Samba %v) |
||||
|
||||
# Windows Internet Name Serving Support Section: |
||||
# WINS Support - Tells the NMBD component of Samba to enable its WINS Server |
||||
; wins support = no |
||||
|
||||
# WINS Server - Tells the NMBD components of Samba to be a WINS Client |
||||
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both |
||||
; wins server = w.x.y.z |
||||
|
||||
# This will prevent nmbd to search for NetBIOS names through DNS. |
||||
dns proxy = no |
||||
|
||||
# What naming service and in what order should we use to resolve host names |
||||
# to IP addresses |
||||
; name resolve order = lmhosts host wins bcast |
||||
|
||||
|
||||
#### Debugging/Accounting #### |
||||
|
||||
# This tells Samba to use a separate log file for each machine |
||||
# that connects |
||||
log file = /var/log/samba/log.%m |
||||
|
||||
# Put a capping on the size of the log files (in Kb). |
||||
max log size = 1000 |
||||
|
||||
# If you want Samba to only log through syslog then set the following |
||||
# parameter to 'yes'. |
||||
; syslog only = no |
||||
|
||||
# We want Samba to log a minimum amount of information to syslog. Everything |
||||
# should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log |
||||
# through syslog you should set the following parameter to something higher. |
||||
syslog = 0 |
||||
|
||||
# Do something sensible when Samba crashes: mail the admin a backtrace |
||||
panic action = /usr/share/samba/panic-action %d |
||||
|
||||
|
||||
####### Authentication ####### |
||||
|
||||
# "security = user" is always a good idea. This will require a Unix account |
||||
# in this server for every user accessing the server. See |
||||
# /usr/share/doc/samba-doc/htmldocs/ServerType.html in the samba-doc |
||||
# package for details. |
||||
security = share |
||||
|
||||
# You may wish to use password encryption. See the section on |
||||
# 'encrypt passwords' in the smb.conf(5) manpage before enabling. |
||||
encrypt passwords = true |
||||
|
||||
# If you are using encrypted passwords, Samba will need to know what |
||||
# password database type you are using. |
||||
passdb backend = tdbsam guest |
||||
|
||||
obey pam restrictions = yes |
||||
|
||||
guest account = nobody |
||||
; invalid users = root |
||||
|
||||
# This boolean parameter controls whether Samba attempts to sync the Unix |
||||
# password with the SMB password when the encrypted SMB password in the |
||||
# passdb is changed. |
||||
; unix password sync = no |
||||
|
||||
# For Unix password sync to work on a Debian GNU/Linux system, the following |
||||
# parameters must be set (thanks to Augustin Luton <aluton@hybrigenics.fr> for |
||||
# sending the correct chat script for the passwd program in Debian Potato). |
||||
passwd program = /usr/bin/passwd %u |
||||
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . |
||||
|
||||
# This boolean controls whether PAM will be used for password changes |
||||
# when requested by an SMB client instead of the program listed in |
||||
# 'passwd program'. The default is 'no'. |
||||
; pam password change = no |
||||
|
||||
|
||||
########## Printing ########## |
||||
|
||||
# If you want to automatically load your printer list rather |
||||
# than setting them up individually then you'll need this |
||||
; load printers = yes |
||||
|
||||
# lpr(ng) printing. You may wish to override the location of the |
||||
# printcap file |
||||
; printing = bsd |
||||
; printcap name = /etc/printcap |
||||
|
||||
# CUPS printing. See also the cupsaddsmb(8) manpage in the |
||||
# cupsys-client package. |
||||
; printing = cups |
||||
; printcap name = cups |
||||
|
||||
# When using [print$], root is implicitly a 'printer admin', but you can |
||||
# also give this right to other users to add drivers and set printer |
||||
# properties |
||||
; printer admin = @ntadmin |
||||
|
||||
|
||||
######## File sharing ######## |
||||
|
||||
# Name mangling options |
||||
preserve case = yes |
||||
short preserve case = yes |
||||
|
||||
|
||||
############ Misc ############ |
||||
|
||||
# Using the following line enables you to customise your configuration |
||||
# on a per machine basis. The %m gets replaced with the netbios name |
||||
# of the machine that is connecting |
||||
; include = /home/samba/etc/smb.conf.%m |
||||
|
||||
# Most people will find that this option gives better performance. |
||||
# See smb.conf(5) and /usr/share/doc/samba-doc/htmldocs/speed.html |
||||
# for details |
||||
# You may want to add the following on a Linux system: |
||||
# SO_RCVBUF=8192 SO_SNDBUF=8192 |
||||
socket options = TCP_NODELAY |
||||
|
||||
# The following parameter is useful only if you have the linpopup package |
||||
# installed. The samba maintainer and the linpopup maintainer are |
||||
# working to ease installation and configuration of linpopup and samba. |
||||
; message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' & |
||||
|
||||
# Domain Master specifies Samba to be the Domain Master Browser. If this |
||||
# machine will be configured as a BDC (a secondary logon server), you |
||||
# must set this to 'no'; otherwise, the default behavior is recommended. |
||||
domain master = no |
||||
local master = no |
||||
preferred master = no |
||||
|
||||
# Some defaults for winbind (make sure you're not using the ranges |
||||
# for something else.) |
||||
; idmap uid = 10000-20000 |
||||
; idmap gid = 10000-20000 |
||||
; template shell = /bin/bash |
||||
|
||||
#======================= Share Definitions ======================= |
||||
|
||||
;[homes] |
||||
; comment = Home Directories |
||||
; browseable = no |
||||
|
||||
[public] |
||||
comment = public share |
||||
path = /mnt/crypto |
||||
public = yes |
||||
guest ok = yes |
||||
|
||||
# By default, the home directories are exported read-only. Change next |
||||
# parameter to 'yes' if you want to be able to write to them. |
||||
writable = yes |
||||
|
||||
# File creation mask is set to 0700 for security reasons. If you want to |
||||
# create files with group=rw permissions, set next parameter to 0775. |
||||
create mask = 0700 |
||||
|
||||
# Directory creation mask is set to 0700 for security reasons. If you want to |
||||
# create dirs. with group=rw permissions, set next parameter to 0775. |
||||
directory mask = 0700 |
||||
|
||||
# Un-comment the following and create the netlogon directory for Domain Logons |
||||
# (you need to configure Samba to act as a domain controller too.) |
||||
;[netlogon] |
||||
; comment = Network Logon Service |
||||
; path = /home/samba/netlogon |
||||
; guest ok = yes |
||||
; writable = no |
||||
; share modes = no |
||||
|
||||
;[printers] |
||||
; comment = All Printers |
||||
; browseable = no |
||||
; path = /tmp |
||||
; printable = yes |
||||
; public = no |
||||
; writable = no |
||||
; create mode = 0700 |
||||
|
||||
# Windows clients look for this share name as a source of downloadable |
||||
# printer drivers |
||||
#[print$] |
||||
# comment = Printer Drivers |
||||
# path = /var/lib/samba/printers |
||||
# browseable = yes |
||||
# read only = yes |
||||
# guest ok = no |
||||
# Uncomment to allow remote administration of Windows print drivers. |
||||
# Replace 'ntadmin' with the name of the group your admin users are |
||||
# members of. |
||||
; write list = root, @ntadmin |
||||
|
||||
# The next two parameters show how to auto-mount a CD-ROM when the |
||||
# cdrom share is accesed. For this to work /etc/fstab must contain |
||||
# an entry like this: |
||||
# |
||||
# /dev/scd0 /cdrom iso9660 defaults,noauto,ro,user 0 0 |
||||
# |
||||
# The CD-ROM gets unmounted automatically after the connection to the |
||||
# |
||||
# If you don't want to use auto-mounting/unmounting make sure the CD |
||||
# is mounted on /cdrom |
||||
# |
||||
; preexec = /bin/mount /cdrom |
||||
; postexec = /bin/umount /cdrom |
||||
|
@ -0,0 +1,51 @@
|
||||
#!/bin/sh |
||||
# |
||||
# a simple script to check, if there was smb traffic since the last test |
||||
# |
||||
# you may want to adjust the function "filter_ipt_rules" according to your setup |
||||
# |
||||
# any Parameter are ignored |
||||
# |
||||
# this script has to run as root - as it invokes iptables |
||||
# |
||||
# possible deployment in crontab: |
||||
# smb_timeout.sh && (/etc/init.d/samba stop; umount /mnt/crypto) |
||||
# |
||||
# the iptables rules you need to detect smb traffic could look like the following: |
||||
# iptables -A INPUT -i eth0 -p udp --dport 138 -j ACCEPT |
||||
# iptables -A INPUT -i eth0 -p tcp --dport 139 -j ACCEPT |
||||
# |
||||
|
||||
set -eu |
||||
|
||||
# parse config file |
||||
. /etc/cryptobox/cryptobox.conf |
||||
|
||||
|
||||
filter_ipt_rules() |
||||
# get the input rules for smb datagram traffic |
||||
{ |
||||
iptables -L INPUT -vnx | grep -E "tcp upt:138|udp dpt:139" |
||||
} |
||||
|
||||
|
||||
function count_traffic() |
||||
{ |
||||
local sum=0 |
||||
# fallback if no rules were found |
||||
echo "$sum" |
||||
# extract the number of packets and calculate the sum |
||||
filter_ipt_rules | sed 's/ */ /g' | cut -d " " -f 3 | while read a |
||||
do sum=$((sum+a)) |
||||
echo "$sum" |
||||
done | tail -1 |
||||
# sorry for the echo-tail-voodoo - i did not know it better :) |
||||
iptables -Z INPUT |
||||
} |
||||
|
||||
# config test |
||||
[ -z "`filter_ipt_rules`" ] && echo "[`basename $0`]: Could not find a matching iptables rule!" >&2 && exit 1 |
||||
|
||||
# return true if it was idle |
||||
test "`count_traffic`" -eq 0 |
||||
exit $? |
@ -0,0 +1,23 @@
|
||||
#!/bin/sh |
||||
|
||||
set -eu |
||||
|
||||
TMPDIRS="var/run tmp root dev var/log" |
||||
TMPROOT="/opt/dfsruntime/runtimemnt" |
||||
|
||||
|
||||
for a in $TMPDIRS |
||||
do mkdir -p "$TMPROOT/$a" |
||||
done |
||||
|
||||
[ ! -e /dev/null ] && mknod "/dev/null" c 1 3 && chmod 666 "/dev/null" |
||||
[ ! -e /dev/urandom ] && mknod "/dev/urandom" c 1 9 && chmod 444 "/dev/urandom" |
||||
[ ! -e /dev/console ] && mknod "/dev/console" c 1 5 && chmod 660 "/dev/console" |
||||
|
||||
[ ! -e /proc/mounts ] && mount -t proc proc /proc |
||||
|
||||
bash |
||||
|
||||
umount proc |
||||
rm -r "$TMPROOT" |
||||
mkdir "$TMPROOT" |
@ -0,0 +1,44 @@
|
||||
#!/bin/sh |
||||
# |
||||
# this script is only called during the making of the cryptobox cd |
||||
# |
||||
|
||||
set -eu |
||||
|
||||
# parse config file |
||||
. /etc/cryptobox/cryptobox.conf |
||||
|
||||
RUNTIMEDIR=/opt/dfsruntime/runtimerd |
||||
TUNDEV=$RUNTIMEDIR/dev/net/tun |
||||
|
||||
[ ! -e "/proc/mounts" ] && mount -t proc proc /proc |
||||
|
||||
######### devices ########## |
||||
# create tun device for running under qemu |
||||
if [ ! -e "$TUNDEV" ] |
||||
then mkdir -p `dirname "$TUNDEV"` |
||||
mknod "$TUNDEV" c 10 200 |
||||
fi |
||||
|
||||
######### thttpd ########### |
||||
# change thttpd's config from 'chroot' to 'nochroot' - otherwise no perl script will run |
||||
sed -i "s/^chroot$/nochroot/" /etc/thttpd/thttpd.conf |
||||
# change thttpd-user from www-data to root (permissions for mount, cryptsetup, ...) |
||||
sed -i "s/^user=.*/user=root/" /etc/thttpd/thttpd.conf |
||||
|
||||
######### bashrc ########### |
||||
# remove dfshints from bashrc |
||||
sed -i "/^dfshints$/d" $RUNTIMEDIR/root/.bashrc |
||||
|
||||
########## sshd ############ |
||||
# allow empty passwords for ssh |
||||
# the daemon is NOT started automatically, so you have to start it |
||||
# manually in case of need - as the root pw is empty and passwd is ro, you |
||||
# have to allow empty passwords for this rare case |
||||
sed -i 's/^PermitEmptyPass.*$/PermitEmptyPasswords yes/' /etc/ssh/sshd_config |
||||
# turn off PAM for ssh, as it prevents the use of empty passwords (stange behaviour) |
||||
sed -i 's/^UsePAM.*$/UsePAM no/' /etc/ssh/sshd_config |
||||
# allow nput of password |
||||
sed -i 's/^PasswordAuthentication.*$/PasswordAuthentication yes/' /etc/ssh/sshd_config |
||||
|
||||
umount /proc |
@ -0,0 +1,362 @@
|
||||
#!/bin/sh |
||||
# |
||||
# this script does EVERYTHING |
||||
# all other scripts are only frontends :) |
||||
# |
||||
|
||||
set -eu |
||||
|
||||
# parse config file |
||||
. /etc/cryptobox/cryptobox.conf |
||||
|
||||
## configuration |
||||
MARKER="$CONFIG_DIR/cryptobox.marker" |
||||
CERT_TEMP=/tmp/stunnel.pem |
||||
|
||||
##### |
||||
|
||||
function error_msg() |
||||
# parameters: ExitCode ErrorMessage |
||||
{ |
||||
echo "[`date`] - $2" | tee -a "$LOG_FILE" >&2 |
||||
# print the execution stack - not usable with busybox |
||||
#caller | sed 's/^/\t/' >&2 |
||||
exit "$1" |
||||
} |
||||
|
||||
|
||||
function initial_checks() |
||||
# Parameter: device |
||||
{ |
||||
local device="$1" |
||||
[ ! -b "$device" ] && echo "blockdevice $device does not exist" && return 1 |
||||
## check if we have an existing configpartition |
||||
## TODO: why this config_mount_test? |
||||
# config_mount_test "$device" |
||||
[ ! -x "$WIPE" ] && echo "$WIPE not found" && return 1 |
||||
[ ! -x "$SFDISK" ] && echo "$SFDISK not found" && return 1 |
||||
for a in $ALGO $HASH |
||||
do grep -q "^name *: $a$" /proc/crypto || modprobe "$a" |
||||
grep -q "^name *: $a$" /proc/crypto || { echo "$a is not supported by kernel" && return 1; } |
||||
done |
||||
mount | grep -q "^$device[ 1-9] " && echo "$device is mounted" && return 1 |
||||
return 0 |
||||
} |
||||
|
||||
|
||||
function create_partitions() |
||||
# Parameter: device |
||||
{ |
||||
local device="$1" |
||||
# first partition size is 1 sector, second goes til end |
||||
# sfdisk -n doesn't actually write (for testing purpose) |
||||
echo -e "0,1,L \n,,L\n" | $SFDISK "$device" |
||||
} |
||||
|
||||
|
||||
function config_set_value() |
||||
# parameters: SettingName SettingValue |
||||
{ |
||||
mount -o rw,remount "$CONFIG_DIR" |
||||
echo "$2" > "$CONFIG_DIR/$1" |
||||
mount -o ro,remount "$CONFIG_DIR" |
||||
} |
||||
|
||||
|
||||
function config_get_value() |
||||
# parameters: SettingName |
||||
{ |
||||
# use mounted config, if it exists - otherwise use defaults |
||||
local conf_dir |
||||
if is_config_mounted |
||||
then conf_dir=$CONFIG_DIR |
||||
else conf_dir=$CONFIG_DEFAULTS_DIR |
||||
fi |
||||
[ -z "$1" ] && error_msg 1 "empty setting name" |
||||
[ ! -e "$conf_dir/$1" ] && error_msg 2 "unknown configuration value ($1)" |
||||
cat "$conf_dir/$1" |
||||
} |
||||
|
||||
|
||||
function create_config() |
||||
# Parameter: device |
||||
{ |
||||
local device="${1}1" |
||||
$MKFS_CONFIG "$device" |
||||
# mount the config partition rw |
||||
mount "$device" "$CONFIG_DIR" |
||||
# create a marker to recognize a cryptobox partition |
||||
date -I >"$MARKER" |
||||
## write (network) interfaces |
||||
cp -a "$CONFIG_DEFAULTS_DIR/." "$CONFIG_DIR" |
||||
|
||||
# copy stunnel cert |
||||
cp -p "$CERT_TEMP" "$CERT_FILE" |
||||
|
||||
# beware: config_set_value remounts the config partition read-only |
||||
config_set_value "device" "$1" |
||||
|
||||
config_set_value "ip" "$(get_current_ip)" |
||||
|
||||
# reinitialise configuration |
||||
umount "$CONFIG_DIR" |
||||
mount_config |
||||
} |
||||
|
||||
|
||||
function get_current_ip() |
||||
# not necessarily the same as configured (necessary for validation) |
||||
{ |
||||
ifconfig $NET_IFACE | grep "inet" | cut -d ":" -f2 | cut -d " " -f1 |
||||
} |
||||
|
||||
|
||||
function create_crypto() |
||||
# Parameter: device |
||||
{ |
||||
local device="$1" |
||||
# flood the crypto partition with noise |
||||
# - not needed - |
||||
#$WIPE -kq -R /dev/urandom "${device}2" |
||||
|
||||
# passphrase may be passed via command line |
||||
$CRYPTSETUP -h "$HASH" -c "$ALGO" create "$CRYPTMAPPER_DEV" "${device}2" |
||||
} |
||||
|
||||
|
||||
function mkfs_crypto() |
||||
# split from create_crypto to allow background execution via web interface |
||||
{ |
||||
$MKFS_DATA "$CRYPTMAPPER_DEV" |
||||
} |
||||
|
||||
|
||||
function config_mount_test() |
||||
# Parameter: device |
||||
{ |
||||
local device="${1}" |
||||
local STATUS=0 |
||||
mount "${device}1" "$CONFIG_DIR" &>/dev/null || true |
||||
is_config_mounted && STATUS=1 |
||||
umount "$CONFIG_DIR" &>/dev/null || true |
||||
# return code is the result of this expression |
||||
[ 1 -eq "$STATUS" ] && return 0 |
||||
return 1 |
||||
} |
||||
|
||||
|
||||
function is_config_mounted() |
||||
{ |
||||
mount | grep -q " ${CONFIG_DIR} " && [ -f "$MARKER" ] |
||||
} |
||||
|
||||
|
||||
function is_crypto_mounted() |
||||
{ |
||||
mount | grep -q " ${CRYPTO_DIR} " |
||||
} |
||||
|
||||
|
||||
function is_init_running() |
||||
{ |
||||
ps -e | grep -q -E "$MKFS_DATA|$WIPE" |
||||
} |
||||
|
||||
|
||||
function find_harddisk() |
||||
# look for the harddisk to be partitioned |
||||
{ |
||||
local dev=$( |
||||
if is_config_mounted |
||||
then config_get_value "device" |
||||
else for a in $SCAN_DEVICES |
||||
do grep -q " `basename $a`$" /proc/partitions && echo "$a" && break |
||||
done |
||||
fi ) |
||||
[ -z "$dev" ] && error_msg 4 "no valid partition for initialisation found!" |
||||
echo -n "$dev" |
||||
} |
||||
|
||||
|
||||
function mount_config() |
||||
{ |
||||
is_config_mounted && error_msg 3 "configuration directory ($CONFIG_DIR) is already mounted!" |
||||
local device=$( |
||||
for a in $SCAN_DEVICES |
||||
do echo "Trying to load configuration from $a ..." >&2 |
||||
config_mount_test "$a" && echo "$a" && break |
||||
done ) |
||||
if [ -n "$device" ] && mount "${device}1" "$CONFIG_DIR" |
||||
then echo "configuraton found on $device" >&2 |
||||
config_set_value "device" "$device" |
||||
return 0 |
||||
else echo "failed to locate harddisk" >&2 |
||||
return 1 |
||||
fi |
||||
} |
||||
|
||||
|
||||
function mount_crypto() |
||||
{ |
||||
is_crypto_mounted && echo "Das Crypto-Dateisystem ist bereits aktiv!" |
||||
local device=`find_harddisk` |
||||
# passphrase is read from stdin |
||||
$CRYPTSETUP -h "$HASH" -c "$ALGO" create "$CRYPTMAPPER_DEV" "${device}2" |
||||
if mount "$CRYPTMAPPER_DEV" "$CRYPTO_DIR" |
||||
then /etc/init.d/samba start |
||||
else dmsetup remove "$CRYPTMAPPER_DEV" |
||||
return 1 |
||||
fi |
||||
} |
||||
|
||||
|
||||
function umount_crypto() |
||||
{ |
||||
# do not break on error |
||||
set +e |
||||
# thttpd removes PATH for cgis |
||||
/etc/init.d/samba stop |
||||
ps -e | grep -q " samba$" && killall samba |
||||
ps -e | grep -q " samba$" && killall -9 samba |
||||
umount "$CRYPTO_DIR" |
||||
$CRYPTSETUP remove "$CRYPTMAPPER_DEV" |
||||
set -e |
||||
} |
||||
|
||||
|
||||
function init_cryptobox_part1() |
||||
# this is only the first part of initialisation that takes no time - good for a smooth web interface |
||||
{ |
||||
umount_crypto || true |
||||
umount "$CONFIG_DIR" || true |
||||
local device=`find_harddisk` |
||||
initial_checks "$device" || error_msg 5 "Failure during initialisation - bye, bye" |
||||
create_partitions "$device" |
||||
create_config "$device" |
||||
create_crypto "$device" |
||||
} |
||||
|
||||
|
||||
function init_cryptobox_part2() |
||||
# some things to be done in the background |
||||
# these are the final steps of initialisation |
||||
# thuid must be changed at the first time, therfore it needs to be |
||||
# mounted |
||||
{ |
||||
mkfs_crypto |
||||
mount "$CRYPTMAPPER_DEV" "$CRYPTO_DIR" |
||||
chown $SAMBA_USER "$CRYPTO_DIR" |
||||
umount_crypto |
||||
} |
||||
|
||||
|
||||
function init_cryptobox_complete() |
||||
{ |
||||
init_cryptobox_part1 |
||||
init_cryptobox_part2 |
||||
} |
||||
|
||||
### main ### |
||||
|
||||
# set PATH because thttpd removes /sbin and /usr/sbin for cgis |
||||
export PATH=/usr/sbin:/usr/bin:/sbin:/bin |
||||
|
||||
|
||||
ACTION=help |
||||
[ $# -gt 0 ] && ACTION="$1" |
||||
|
||||
case "$ACTION" in |
||||
config-up ) |
||||
# die cruft option hilft vielleicht bei dem Fehler "interleaved files not (yet) supported" |
||||
mount -o remount,cruft / |
||||
if mount_config |
||||
then echo "Cryptobox configuration successfully loaded" |
||||
else error_msg 3 "Could not find a configuration partition!" |
||||
fi |
||||
;; |
||||
config-down ) |
||||
umount "$CONFIG_DIR" |
||||
;; |
||||
network-up ) |
||||
kudzu -s -q --class network |
||||
conf_ip=$(config_get_value "ip") |
||||
ifconfig $NET_IFACE "$conf_ip" |
||||
echo "Configured network interface for $NET_IFACE: $conf_ip" |
||||
/scripts/firewall.sh start |
||||
# start stunnel |
||||
if [ -f "$CERT_FILE" ] |
||||
then USE_CERT=$CERT_FILE |
||||
else USE_CERT=$CERT_TEMP |
||||
/scripts/make_stunnel_cert.sh "$CERT_TEMP" >>"$LOG_FILE" 2>&1 |
||||
fi |
||||
stunnel -p "$USE_CERT" -r localhost:80 -d 443 \ |
||||
|| echo "$USE_CERT not found - not starting stunnel" |
||||
# this ping allows other hosts to get the IP of |
||||
# the box, in case of misconfiguration |
||||
ping -b -c 1 $(ifconfig $NET_IFACE | grep Bcast | cut -d ":" -f 3 | cut -d " " -f 1) &>/dev/null |
||||
;; |
||||
network-down ) |
||||
/scripts/firewall.sh stop |
||||
killall stunnel |
||||
ifconfig $NET_IFACE down |
||||
;; |
||||
services-up ) |
||||
/etc/init.d/thttpd start |
||||
;; |
||||
services-down ) |
||||
/etc/init.d/samba stop |
||||
/etc/init.d/thttpd stop |
||||
;; |
||||
box-init ) |
||||
# this is good for commandline only, as it takes a lot of time |
||||
init_cryptobox_complete >>"$LOG_FILE" 2>&1 |
||||
;; |
||||
box-init-fg ) |
||||
# only partitioning and configuration |
||||
# this is nice for the web interface, as it is fast |
||||
# output redirection does not work, as it prevents cryptsetup from asking |
||||
# for a password |
||||
init_cryptobox_part1 >>"$LOG_FILE" 2>&1 |
||||
;; |
||||
box-init-bg ) |
||||
# do it in the background to provide a smoother web interface |
||||
# messages and errors get written to $LOG_FILE |
||||
# the 'exec' output redirection does not work, if called by a cgi, so |
||||
# redirect it as usual |
||||
init_cryptobox_part2 </dev/null >>"$LOG_FILE" 2>&1 & |
||||
;; |
||||
is_crypto_mounted ) |
||||
is_crypto_mounted |
||||
;; |
||||
is_config_mounted ) |
||||
is_config_mounted |
||||
;; |
||||
is_init_running ) |
||||
is_init_running |
||||
;; |
||||
crypto-mount ) |
||||
mount_crypto |
||||
;; |
||||
crypto-umount ) |
||||
umount_crypto |
||||
;; |
||||
set_config ) |
||||
[ $# -ne 3 ] && error_msg 7 "'set_config' requires two parameters" |
||||
config_set_value "$2" "$3" |
||||
;; |
||||
get_config ) |
||||
[ $# -ne 2 ] && error_msg 6 "'get_config' requires exactly one parameter" |
||||
config_get_value "$2" |
||||
;; |
||||
diskinfo ) |
||||
$SFDISK -L -q -l `find_harddisk` |
||||
;; |
||||
get_current_ip ) |
||||
get_current_ip |
||||
;; |
||||
* ) |
||||
# TODO: update this! |
||||
echo "Syntax: `basename $0` { mount_config | umount_config | init }" |
||||
echo |
||||
;; |
||||
esac |
@ -0,0 +1,62 @@
|
||||
#!/bin/sh |
||||
# |
||||
# this script is part of the boot process of a developer's cryptobox |
||||
# |
||||
# it should really NEVER be executed on a production system |
||||
# |
||||
|
||||
set -eu |
||||
|
||||
# parse config file |
||||
. /etc/cryptobox/cryptobox.conf |
||||
|
||||
MIRROR_DIR=/tmp/mirror |
||||
MIRROR_ORIG_DIR=/tmp/mirror.orig |
||||
WRITE_DIRS="/usr/share/cryptobox /var/www /scripts /usr/lib/cryptobox" |
||||
|
||||
ACTION="--help" |
||||
[ $# -gt 0 ] && ACTION="$1" |
||||
|
||||
case "$ACTION" in |
||||
start ) |
||||
# start ssh daemon |
||||
/etc/init.d/ssh start |
||||
|
||||
# copy cryptobox files to tmpfs |
||||
for a in $WRITE_DIRS |
||||
do mkdir -p "$MIRROR_DIR/$a" |
||||
cp -a "$a/." "$MIRROR_DIR/$a" |
||||
mount --bind "$MIRROR_DIR/$a" "$a" |
||||
done |
||||
$0 set_diff_base |
||||
|
||||
# thttpd needs to be restarted to reopen its files |
||||
/etc/init.d/thttpd restart |
||||
;; |
||||
set_diff_base ) |
||||
# the present content of the tmpfs mirror get copied to |
||||
# MIRROR_ORIG_DIR for later diffs |
||||
# whenever you merged a diff, you should call this function |
||||
[ -e "$MIRROR_ORIG_DIR" ] && rm -rf "$MIRROR_ORIG_DIR" |
||||
cp -a "$MIRROR_DIR" "$MIRROR_ORIG_DIR" |
||||
;; |
||||
diff ) |
||||
cd "`dirname \"$MIRROR_ORIG_DIR\"`" |
||||
# diff and remove "binary files differ"-warnings (vi-swap-files) |
||||
diff -ruN "`basename \"$MIRROR_ORIG_DIR\"`" "`basename \"$MIRROR_DIR\"`" | grep -v "^Binary files" |
||||
;; |
||||
stop ) |
||||
/etc/init.d/ssh stop |
||||
for a in $WRITE_DIRS |
||||
do umount "$MIRROR_DIR/$a" |
||||
done |
||||
rm -rf "$MIRROR_DIR" |
||||
;; |
||||
restart ) |
||||
$0 stop |
||||
$0 start |
||||
;; |
||||
* ) |
||||
echo "Syntax: `basename $0` { start | stop | restart }" |
||||
;; |
||||
esac |
@ -0,0 +1,52 @@
|
||||
#!/bin/sh |
||||
# |
||||
# set up the firewall of the cryptobox |
||||
# |
||||
|
||||
set -u |
||||
|
||||
# parse config file |
||||
. /etc/cryptobox/cryptobox.conf |
||||
|
||||
|
||||
ACTION="help" |
||||
[ $# -gt 0 ] && ACTION=$1 |
||||
|
||||
case "$ACTION" in |
||||
start) |
||||
iptables -P INPUT DROP |
||||
iptables -P FORWARD DROP |
||||
iptables -P OUTPUT ACCEPT |
||||
|
||||
OFILE=/proc/sys/net/ipv4/tcp_syncookies |
||||
[ -e "$OFILE" ] && echo 1 >"$OFILE" |
||||
|
||||
iptables -F |
||||
iptables -X |
||||
iptables -Z |
||||
|
||||
iptables -A INPUT -i lo -j ACCEPT |
||||
|
||||
for a in $ALLOW_TCP_PORTS |
||||
do iptables -A INPUT -i $NET_IFACE -p tcp --dport $a -j ACCEPT |
||||
done |
||||
|
||||
for a in $ALLOW_UDP_PORTS |
||||
do iptables -A INPUT -i $NET_IFACE -p udp --dport $a -j ACCEPT |
||||
done |
||||
|
||||
iptables -A INPUT -i $NET_IFACE -p icmp -j ACCEPT |
||||
;; |
||||
stop) |
||||
iptables -P INPUT ACCEPT |
||||
iptables -P FORWARD ACCEPT |
||||
iptables -P OUTPUT ACCEPT |
||||
iptables -F |
||||
iptables -X |
||||
iptables -Z |
||||
;; |
||||
*) |
||||
echo "usage $0 start | stop" |
||||
;; |
||||
esac |
||||
|
@ -0,0 +1,32 @@
|
||||
#!/bin/sh |
||||
# |
||||
# this script creates the stunnel certificate for https |
||||
# |
||||
# parameter: "destination file" |
||||
# |
||||
|
||||
set -eu |
||||
|
||||
# parse config file |
||||
. /etc/cryptobox/cryptobox.conf |
||||
|
||||
|
||||
## vcert values are in openssl.conf |
||||
CERTFILE="$1" |
||||
TMP_FILE=/tmp/cryptobox-cert.tmp |
||||
|
||||
[ ! -f "$CONF_FILE" ] && echo "`basename $0`: $CONF_FILE not found" && exit 2 |
||||
# this command creates the certificate |
||||
# this is required, because the certbuilding asks for 5 returns |
||||
echo -ne "\n\n\n\n\n" | openssl req -new -x509 -nodes -days 3650 -config "$OPENSSL_CONF_FILE" -out "$CERTFILE" -keyout "$CERTFILE" |
||||
chmod 600 "$CERTFILE" |
||||
|
||||
# next step needs a lot of randomdata |
||||
dd if=/dev/urandom of="$TMP_FILE" bs=1024 count=1024 |
||||
openssl dhparam -rand "$TMP_FILE" 512 >> "$CERTFILE" |
||||
rm "$TMP_FILE" |
||||
|
||||
#ln -sf ${CERTPATH}stunnel.pem ${CERTPATH}`openssl x509 -noout -hash < "${CERTPATH}stunnel.pem"`.0 |
||||
|
||||
## print out cert values |
||||
#openssl x509 -subject -dates -fingerprint -in stunnel.pem |
@ -0,0 +1,93 @@
|
||||
#!/bin/sh |
||||
# |
||||
# do a validation |
||||
# |
||||
# use "--help" for a list of possible actions |
||||
# |
||||
|
||||
set -eu |
||||
|
||||
# parse config file |
||||
. /etc/cryptobox/cryptobox.conf |
||||
|
||||
|
||||
function error_die() |
||||
{ |
||||
echo "$2" >&2 |
||||
exit $1 |
||||
} |
||||
|
||||
|
||||
function do_single() |
||||
# Parameter: "test case dir" "output directory for results" |
||||
{ |
||||
local TESTNAME=$(basename $1) |
||||
curl --insecure --silent --output "${2}/${TESTNAME}.html" --config "$1/input.curl" |
||||
[ -e "${2}/${TESTNAME}.html" ] && sed "1,/CBOX-STATUS-begin/d; /CBOX-STATUS-end/,\$d" "${2}/${TESTNAME}.html" >"${2}/${TESTNAME}.status" |
||||
# the diff option "-B" is required, because the status output of |
||||
# the cryptobox.pl script contains some blank lines |
||||
diff -NB "${2}/${TESTNAME}.status" "$1/output" >"${2}/${TESTNAME}.diff" || true |
||||
rm "${2}/${TESTNAME}.status" |
||||
cp "$1/description" "${2}/${TESTNAME}.desc" |
||||
} |
||||
|
||||
|
||||
function do_series() |
||||
# parameter: name of the test case |
||||
{ |
||||
[ -d "$REPORT_DIR/$1" ] && rm -r "$REPORT_DIR/$1" |
||||
mkdir -p "$REPORT_DIR/$1" |
||||
find "$TEST_CASES_DIR/$1" -type d -maxdepth 1 -mindepth 1 | grep -v "/\.\.*$" | sort | while read a |
||||
do do_single "$a" "$REPORT_DIR/$1" |
||||
done |
||||
create_summary "$REPORT_DIR/$1" >"$REPORT_DIR/$1/summary.html" |
||||
tar czf "$REPORT_DIR/${1}-results.tar.gz" -C "$REPORT_DIR" "$1" |
||||
echo "$REPORT_DIR/${1}-results.tar.gz" |
||||
} |
||||
|
||||
|
||||
create_summary() |
||||
# parameter: directory of results |
||||
{ |
||||
cat "$SUMMARY_TEMPLATE_DIR/header" |
||||
find "$1" -type f -name \*.desc -maxdepth 1 | sort | while read a |
||||
do TESTNAME=$(basename ${a%.desc}) |
||||
TESTDESCRIPTION=$(cat $a) |
||||
sed "s#_TESTNAME_#$TESTNAME#g; s/_TESTDESCRIPTION_/$TESTDESCRIPTION/" "$SUMMARY_TEMPLATE_DIR/single_header" |
||||
local DIFF_FILE=${a%.desc}.diff |
||||
if [ -s "$DIFF_FILE" ] |
||||
then cat "$SUMMARY_TEMPLATE_DIR/result-error" |
||||
cat "$DIFF_FILE" |
||||
else cat "$SUMMARY_TEMPLATE_DIR/result-ok" |
||||
echo "no differences found" |
||||
fi |
||||
cat "$SUMMARY_TEMPLATE_DIR/single_footer" |
||||
rm "$DIFF_FILE" "$a" |
||||
done |
||||
cat "$SUMMARY_TEMPLATE_DIR/footer" |
||||
} |
||||
|
||||
|
||||
ACTION="--help" |
||||
[ $# -gt 0 ] && ACTION=$1 |
||||
|
||||
case "$ACTION" in |
||||
list ) |
||||
find "$TEST_CASES_DIR" -type d -maxdepth 1 -mindepth 1 | grep -v "/\.\.*$" | sort | while read a |
||||
do echo $(basename "$a") |
||||
done |
||||
;; |
||||
check ) |
||||
[ $# -ne 2 ] && error_die 1 "Syntax: $(basename $0) check NAME" |
||||
CASE_DIR="$TEST_CASES_DIR/$2" |
||||
[ ! -d "$CASE_DIR" ] && error_die 2 "the test case was not found ($CASE_DIR)!" |
||||
do_series "$2" |
||||
;; |
||||
* ) |
||||
echo "Syntax of $(basename $0)" |
||||
echo -e "\t list \t\t - show a list of available test cases" |
||||
echo -e "\t check NAME \t - execute a test case - if successful the filename of the report is printed" |
||||
echo -e "\t help \t\t - this syntax information" |
||||
echo |
||||
;; |
||||
esac |
@ -0,0 +1,68 @@
|
||||
package ClearSilver; |
||||
|
||||
use 5.006; |
||||
use strict; |
||||
use warnings; |
||||
|
||||
require Exporter; |
||||
require DynaLoader; |
||||
|
||||
our @ISA = qw(Exporter DynaLoader); |
||||
|
||||
# Items to export into callers namespace by default. Note: do not export |
||||
# names by default without a very good reason. Use EXPORT_OK instead. |
||||
# Do not simply export all your public functions/methods/constants. |
||||
|
||||
# This allows declaration use ClearSilver ':all'; |
||||
# If you do not need this, moving things directly into @EXPORT or @EXPORT_OK |
||||
# will save memory. |
||||
our %EXPORT_TAGS = ( 'all' => [ qw( |
||||
|
||||
) ] ); |
||||
|
||||
our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } ); |
||||
|
||||
our @EXPORT = qw( |
||||
|
||||
); |
||||
our $VERSION = '0.01'; |
||||
|
||||
bootstrap ClearSilver $VERSION; |
||||
|
||||
# Preloaded methods go here. |
||||
|
||||
1; |
||||
__END__ |
||||
# Below is stub documentation for your module. You better edit it! |
||||
|
||||
=head1 NAME |
||||
|
||||
ClearSilver - Perl extension for blah blah blah |
||||
|
||||
=head1 SYNOPSIS |
||||
|
||||
use ClearSilver; |
||||
blah blah blah |
||||
|
||||
=head1 DESCRIPTION |
||||
|
||||
Stub documentation for ClearSilver, created by h2xs. It looks like the |
||||
author of the extension was negligent enough to leave the stub |
||||
unedited. |
||||
|
||||
Blah blah blah. |
||||
|
||||
=head2 EXPORT |
||||
|
||||
None by default. |
||||
|
||||
|
||||
=head1 AUTHOR |
||||
|
||||
A. U. Thor, E<lt>a.u.thor@a.galaxy.far.far.awayE<gt> |
||||
|
||||
=head1 SEE ALSO |
||||
|
||||
L<perl>. |
||||
|
||||
=cut |
@ -0,0 +1,4 @@
|
||||
/tmp/clearsilver-perl/local/lib/perl/5.8.7/ClearSilver.pm |
||||
/tmp/clearsilver-perl/local/lib/perl/5.8.7/auto/ClearSilver/ClearSilver.bs |
||||
/tmp/clearsilver-perl/local/lib/perl/5.8.7/auto/ClearSilver/ClearSilver.so |
||||
/tmp/clearsilver-perl/local/man/man3/ClearSilver.3pm |
Binary file not shown.
@ -0,0 +1,113 @@
|
||||
Lang { |
||||
|
||||
Menu { |
||||
|
||||
} |
||||
|
||||
|
||||
Title { |
||||
Init = Initialisierung der CryptoBox |
||||
Mount = Aktivierung der Cryptodaten |
||||
Umount = Deaktivierung der Cryptodaten |
||||
Config = Konfiguration der CryptoBox |
||||
Log = Protokoll der CryptoBox |
||||
} |
||||
|
||||
|
||||
Text { |
||||
EnterNewPassword = Das neue Passwort eingeben: |
||||
EnterSamePassword = Das neue Passwort wiederholen: |
||||
InitWarning = Bei der Initialisierung werden ALLE DATEN auf der Festplatte GELÖSCHT! |
||||
InitDescription = Schritt ist nur einmalig vor der ersten Nutzung notwendig.<br>Für den täglichen Gebrauch musst du das verschlüsselte Dateisystem lediglich aktivieren und deaktivieren |
||||
ConfirmInitHint = Um zu bestätigen, dass du weisst, was du tust, tippe hier bitte exakt Folgendes ein: |
||||
ConfirmInit = ja, loesche alle Daten! |
||||
PartitionInfo = Derzeitige Partitionierung der Festplatte: |
||||
IPAddress = Netwerk-Adresse (IP) der CryptoBox: |
||||
TimeOut = Zeitabschaltung des Crypto-Dateisystems (in Minuten): |
||||
EmptyLog = Das Logbuch der CryptoBox ist leer. |
||||
SelectLanguage = Spracheinstellung: |
||||
} |
||||
|
||||
|
||||
Button { |
||||
DoInit = CryptoBox initialisieren |
||||
SaveConfig = Speichere Konfiguration |
||||
Update = Aktualisieren |
||||
Mount = CryptoDaten aktivieren |
||||
Umount = CryptoDaten deaktivieren |
||||
} |
||||
|
||||
|
||||
Warning { |
||||
InitNotConfirmed { |
||||
Title = Bestätigung schlug fehl |
||||
Text = Der Bestätigungssatz muss exakt eingegeben werden! |
||||
} |
||||
|
||||
EmptyPassword { |
||||
Title = Ungültige Eingabe |
||||
Text = Das Passwort darf nicht leer sein! |
||||
} |
||||
|
||||
DifferentPasswords { |
||||
Title = Ungleiche Passworte |
||||
Text = Die beiden Passworte müssen identisch sein, um sicherzustellen, dass dies das gewünschte Passwort ist. |
||||
} |
||||
|
||||
MountFailed { |
||||
Title = Aktivierung schlug fehl |
||||
Text = Das verschlüsselte Dateisystem konnte nicht aktiviert werden. Wahrscheinlich war das Passwort falsch. |
||||
} |
||||
|
||||
UmountFailed { |
||||
Title = Deaktivierung schlug fehl |
||||
Text = Das verschlüsselte Dateisystem konnte nicht abgeschaltet werden. Wahrscheinlich sind noch Dateien geöffnet. Also schließe alle potentiell unsauberen Programme (beispielsweise die weitverbreitete Textverarbeitung). Notfalls ziehe einfach den Stromstecker! |
||||
} |
||||
|
||||
NotConfigured { |
||||
Title = Keine Konfiguration gefunden |
||||
Text = Die CryptoBox wurde noch nicht eingerichtet. |
||||
} |
||||
|
||||
InitNotFinished { |
||||
Title = Initalisierung noch nicht abgeschlossen |
||||
Text = Die Initialisierung wird in wenigen Minuten beendet sein. Erst danach ist diese Aktion möglich. |
||||
} |
||||
|
||||
IsMounted { |
||||
Title = Bereits aktiv |
||||
Text = Das verschlüsselte Dateisystem ist bereits aktiv. |
||||
} |
||||
|
||||
NotMounted { |
||||
Title = Nicht aktiv |
||||
Text = Das verschlüsselte Dateisystem ist derzeit nicht aktiv. |
||||
} |
||||
|
||||
AlreadyConfigured { |
||||
Title = Konfiguration gefunden |
||||
Text = Die CryptoBox wurde bereits eingerichtet. Bei einer erneuten Initialisierung werden alle Daten gelöscht! |
||||
} |
||||
} |
||||
|
||||
|
||||
Error { |
||||
|
||||
UnknownAction { |
||||
Title = Unbekannte Aktion |
||||
Text = Du hast eine undefinierte Aktion angefordert. Falls du dies nicht bewusst getan hast, solltest du es deinem Administrator mitteilen, damit er das Problem an die Entwickler der CryptoBox weiterleiten kann. |
||||
} |
||||
|
||||
MountUnavailableInitRunning { |
||||
Title = Die Initialisierung der CryptoBox läuft noch ... |
||||
Text = Solange die Einrichtung der Crypto-Partition nicht abgeschlossen ist, kannst du die CryptoBox nicht aktivieren. Versuche es in ein paar Minuten noch einmal</a>. |
||||
} |
||||
|
||||
MountUnavailableNotInitialized { |
||||
Title = Die CryptoBox wurde noch nicht initialisiert |
||||
Text = Nach dem Abschluss der einmaligen <a href="/cgi-bin/init-cryptobox.pl" title="Initialisierung">Neueinrichtung</a> kannst du die Crypto-Partition nutzen. |
||||
} |
||||
|
||||
} |
||||
|
||||
} |
@ -0,0 +1,23 @@
|
||||
<div id="config"> |
||||
<h1><?cs var:Lang.Title.Config ?></h1> |
||||
|
||||
<form action="<?cs var:ScriptName ?>" method="post" |
||||
enctype="application/x-www-form-urlencoded"> |
||||
<table class="form"> |
||||
<tr><td><?cs var:Lang.Text.IPAddress ?></td><td> |
||||
<input type="text" size="16" maxsize="15" name="ip" |
||||
value="<?cs var:Data.Config.IP ?>" /></td></tr> |
||||
<tr><td><?cs var:Lang.Text.TimeOut ?></td><td> |
||||
<input type="text" size="16" maxsize="5" name="timeout" |
||||
value="<?cs var:Data.Config.TimeOut ?>" /></td></tr> |
||||
<tr><td><?cs var:Lang.Text.SelectLanguage ?></td><td> |
||||
<select name="language"> |
||||
<option value="de">Deutsch</option> |
||||
<option value="en">English</option> |
||||
</select></td></tr> |
||||
<tr><td colspan="2"> |
||||
<button type="submit" name="action" value="config_do"> |
||||
<?cs var:Lang.Button.SaveConfig ?></button></td></tr> |
||||
</table> |
||||
</form> |
||||
</div> |
@ -0,0 +1,5 @@
|
||||
<div class="doc"> |
||||
|
||||
<?cs include:DocDir + '/' + Data.Doc.Page ?> |
||||
|
||||
</div> |
@ -0,0 +1 @@
|
||||
<?cs call:error(Data.Error) ?> |
@ -0,0 +1,21 @@
|
||||
</div><!-- end of 'words' --> |
||||
|
||||
<div id="footer"> |
||||
<a href="https://systemausfall.org/prj/cryptobox" title="Projekt-Seite">CryptoBox-Home</a> Die CryptoBox ist ein Projekt von <a href="https://systemausfall.org/senselab" title="systemausfall.org">sense.lab</a> |
||||
</div> |
||||
|
||||
</div> |
||||
</div> |
||||
|
||||
<!-- CBOX-STATUS-begin - necessary for validation - do not touch! |
||||
Data.Config.IP=<?cs var:Data.Config.IP ?> |
||||
Data.Config.Language=<?cs var:Data.Config.Language ?> |
||||
Data.Config.TimeOut=<?cs var:Data.Config.TimeOut ?> |
||||
Data.Status.Config=<?cs var:Data.Status.Config ?> |
||||
Data.Status.InitRunning=<?cs var:Data.Status.InitRunning ?> |
||||
Data.Status.IP=<?cs var:Data.Status.IP ?> |
||||
Data.Status.Mounted=<?cs var:Data.Status.Mounted ?> |
||||
CBOX-STATUS-end --> |
||||
|
||||
</body> |
||||
</html> |
@ -0,0 +1,25 @@
|
||||
<?xml version="1.0" encoding="utf-8"?> |
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
||||
<html xmlns="http://www.w3.org/1999/xhtml"> |
||||
<head> |
||||
<title>CryptoBox</title> |
||||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> |
||||
<meta http-equiv="pragma" content="no-cache" /> |
||||
<meta http-equiv="cache-control" content="no-cache" /> |
||||
<meta http-equiv="expires" content="0" /> |
||||
<link rel="stylesheet" media="screen" href="/cryptobox.css" type="text/css" /> |
||||
</head> |
||||
<body> |
||||
|
||||
<div id="main"> |
||||
<div id="head"> |
||||
<h1>Die CryptoBox</h1> |
||||
<h2>und zwar umsonst!</h2> |
||||
</div> |
||||
|
||||
<div id="content"> |
||||
<div id="menu"> |
||||
<?cs include:TemplateDir + '/nav.cs' ?> |
||||
</div> |
||||
|
||||
<div id="words"> |