Browse Source

Configuration Generator and setup aide

tags/0.3.0
Bandie 1 year ago
parent
commit
70089b7bf1
Signed by: Bandie <bandie@chaospott.de> GPG Key ID: C1E133BC65A822DD
4 changed files with 253 additions and 1 deletions
  1. 1
    1
      Makefile.am
  2. 1
    0
      configure.ac
  3. 1
    0
      src/pam_panic_config/Makefile.am
  4. 250
    0
      src/pam_panic_config/pam_panic_config

+ 1
- 1
Makefile.am View File

@@ -2,7 +2,7 @@ ACLOCAL_AMFLAGS = -I m4
2 2
 
3 3
 AM_CPPFLAGS = -I src
4 4
 
5
-SUBDIRS = po po4a src/pam_panic src/pam_panic_pw
5
+SUBDIRS = po po4a src/pam_panic src/pam_panic_pw src/pam_panic_config
6 6
 
7 7
 .PHONY: all test clean
8 8
 

+ 1
- 0
configure.ac View File

@@ -70,6 +70,7 @@ AC_CONFIG_FILES([
70 70
     src/pam_panic/man/Makefile
71 71
     src/pam_panic_pw/Makefile
72 72
     src/pam_panic_pw/man/Makefile
73
+    src/pam_panic_config/Makefile
73 74
     test/Makefile
74 75
 ])
75 76
 

+ 1
- 0
src/pam_panic_config/Makefile.am View File

@@ -0,0 +1 @@
1
+bin_SCRIPTS = pam_panic_config

+ 250
- 0
src/pam_panic_config/pam_panic_config View File

@@ -0,0 +1,250 @@
1
+#!/bin/bash
2
+#
3
+# Name: pam_panic_config
4
+# Description: Create a pam_panic configuration.
5
+# Author: Bandie <bandie@chaospott.de>
6
+#
7
+
8
+CONFIGFILE="/etc/pam.d/pampanic"
9
+LHBU="$HOME/LUKSHeaderBackup"
10
+
11
+if [ $EUID -ne 0 ]; then
12
+  echo "Please run this script as root or using sudo."
13
+  exit 1
14
+fi
15
+
16
+
17
+
18
+function cancel(){
19
+  clear
20
+  echo "Bye! :)"
21
+  exit 0
22
+}
23
+
24
+trap "cancel" INT
25
+
26
+function checkGPT(){
27
+  blkid $1 -t PTTYPE=gpt >> /dev/null
28
+  return $?
29
+}
30
+
31
+function getPARTUUID(){
32
+  blkid $1 | awk '{print $4;}' | sed 's/PARTUUID="//;s/"//'
33
+}
34
+
35
+function getLUKSDevice(){
36
+  if [ "$1" = "UUID" ]; then
37
+    blkid /dev/sda*[1-9] | grep "crypto_LUKS" | awk '{print $2;}' | sed 's/UUID="//;s/"//'
38
+  fi
39
+  if [ "$1" = "NAME" ]; then
40
+    blkid /dev/sda*[1-9] | grep "crypto_LUKS" | awk '{print $1;}' | sed 's/://'
41
+  fi
42
+}
43
+
44
+function ask(){
45
+
46
+  dialog --backtitle "pam_panic's Configuration Generator" --title "$1"  --yesno "$2" 8 80
47
+  return $?
48
+
49
+}
50
+
51
+msg() {
52
+  dialog --backtitle "pam_panic's Configuration Generator" --msgbox "$1" 8 80
53
+}
54
+
55
+function getMediaDevice(){
56
+  local i=0
57
+  local uuid
58
+  for dev in $(ls /dev/sd[b-z] 2> /dev/null); do
59
+    if $(checkGPT $dev); then
60
+      for part in $(ls $dev*[1-9]); do
61
+        echo -n "$i $part[$(getPARTUUID $part)] "
62
+        (( i++ ))
63
+      done
64
+    fi
65
+  done
66
+}
67
+
68
+declare -g -a mediaArray
69
+
70
+function chooseMediumPre(){
71
+  local title="Removable media: $1 device"
72
+
73
+  dialog --backtitle "pam_panic's Configuration Generator" --title "$title" --yes-label "OK" --no-label "Cancel" --yesno "Please remove all media devices before your continue.\nNote, if you device doesn't show up it might not be a GPT formatted device.\n\nPlease insert the device you want to use as $1 device and press OK." 10 80
74
+  if [ $? -eq 1 ]; then
75
+    cancel
76
+  fi
77
+
78
+}
79
+function chooseMedium(){
80
+  local ans 
81
+  local title="Removable media: $1 device"
82
+
83
+  dialog --backtitle "pam_panic's Configuration Generator" --title "$title" --menu "Choose your device:" 10 80 5 $media 2> .pam_panic_media_choice
84
+  if [ $? -eq 1 ]; then
85
+    cancel
86
+  fi
87
+
88
+  ans=$(cat .pam_panic_media_choice)
89
+  (( ans=(2*ans)+1 ))
90
+  rm -f .pam_panic_media_choice
91
+
92
+  return $ans
93
+}
94
+
95
+function showDetectDev(){
96
+  dialog --backtitle "pam_panic's Configuration Generator" \
97
+    --title "$title" \
98
+    --infobox "Detecting devices..." 3 80
99
+  # Prevention for impatient beings
100
+  sleep 2
101
+}
102
+
103
+dialog --backtitle "pam_panic's Configuration Generator" \
104
+  --title "Welcome" \
105
+  --ok-label "Yip!" \
106
+  --msgbox "Welcome to pam_panic's Configuration Generator.\n\nIt will help you to create a valid pam_panic setup. It will also generate a Linux' PAM configuration file.\n\nAfter you're done with this Configuration Generator, you will see some hints how to integrate the new PAM configuration file in your system." 20 80
107
+
108
+auth_mode=2
109
+while [ $auth_mode -eq 2 ]; do
110
+
111
+  dialog --backtitle "pam_panic's Configuration Generator" \
112
+    --title "Authentication mode" \
113
+    --help-button \
114
+    --extra-button --extra-label "Passwords" \
115
+    --ok-label "Removable Media" \
116
+    --yesno "You can choose between the \"two removable media\" option and the \"two passwords\" option.\nSee \"Help\" to learn what it is.\n\nRemovable media or passwords?" 10 80
117
+
118
+  auth_mode=$?
119
+
120
+  case $auth_mode in
121
+    "0")
122
+
123
+      while [ -z $media ]; do
124
+        chooseMediumPre Authentication
125
+        showDetectDev
126
+        media=$(getMediaDevice)
127
+        read -r -a mediaArray <<< "$media"
128
+      done    
129
+      chooseMedium Authentication
130
+      auth_dev=$(echo ${mediaArray[$?]} | sed 's/\/dev\/sd[b-z]*[0-1]\[//;s/\]//')
131
+      msg "Authentication device chosen with UUID $auth_dev."
132
+
133
+
134
+      unset media
135
+      while [ -z $media ]; do
136
+        chooseMediumPre Panic
137
+        showDetectDev
138
+        media=$(getMediaDevice)
139
+        read -r -a mediaArray <<< "$media"
140
+      done
141
+      chooseMedium Panic
142
+      panic_dev=$(echo ${mediaArray[$?]} | sed 's/\/dev\/sd[b-z]*[0-1]\[//;s/\]//')
143
+      msg "Panic device chosen with UUID $panic_dev."
144
+
145
+      ;;
146
+    "3")
147
+      ask "Passwords" "Do you want to set the passwords now?"
148
+      setpw=$?
149
+      case $setpw in
150
+          "0")
151
+            clear
152
+            pam_panic_pw
153
+            if [ $? -ne 0 ]; then
154
+              clear
155
+              echo "Failed to set a password. :("
156
+              exit 1
157
+            fi
158
+            ;;
159
+      esac
160
+      ;;
161
+    "2")
162
+      man pam_panic
163
+      ;;
164
+    "1")
165
+      cancel
166
+      ;;
167
+  esac
168
+done
169
+
170
+
171
+ask "pam_panic's behaviour" "Do you wish to destroy your LUKS header in case of emergency?\nThis means that your encrypted device won't be readable anymore. After this question you will be asked to make a backup of this header."
172
+serious=$?
173
+
174
+if [ $serious -eq 0 ]; then
175
+  serious_dev=$(getLUKSDevice UUID)
176
+  msg "We will destroy $(getLUKSDevice NAME) [$serious_dev] when you trigger the panic function."
177
+
178
+  ask "LUKS Header backup" "Do you want to make a LUKS-Header backup now?\nIt will be saved at \"$LHBU\"."
179
+  bu=$?
180
+  case $bu in 
181
+    "0")
182
+      cryptsetup luksHeaderBackup $(getLUKSDevice NAME) --header-backup-file "$LHBU"
183
+      msg "LUKSHeader backup has been saved here: $LHBU"
184
+      ;;
185
+  esac
186
+fi
187
+
188
+dialog --backtitle "pam_panic's Configuration Generator" \
189
+  --title "pam_panic's behaviour" \
190
+  --ok-label "Reboot" \
191
+  --extra-button --extra-label "Shutdown" \
192
+  --cancel-label "Nothing" \
193
+  --yesno "Do you wish a reboot or a shutdown after issuing the panic function? n for nothing of those? " 10 80
194
+power=$?
195
+
196
+dialog --backtitle "pam_panic's Configuration Generator" \
197
+  --infobox "Generating configuration..." 3 40
198
+config="#%PAM-1.0\nauth       requisite    pam_panic.so"
199
+
200
+case $power in 
201
+  "0")
202
+    config="$config reboot"
203
+    ;;
204
+  "3")
205
+    config="$config poweroff"
206
+    ;;
207
+esac
208
+
209
+case $auth_mode in
210
+  "3")
211
+    config="$config password"
212
+    ;;
213
+  "0")
214
+    config="$config allow=$auth_dev reject=$panic_dev"
215
+    ;;
216
+esac
217
+
218
+case $serious in
219
+  "0")
220
+    config="$config serious=$serious_dev"
221
+    ;;
222
+esac
223
+config="$config\naccount    requisite    pam_panic.so"
224
+
225
+
226
+if [ -f $CONFIGFILE ]; then
227
+  ask "Configfile exist" "$CONFIGFILE exists. Overwrite it?"
228
+  ov=$?
229
+  case $ov in
230
+    "0")
231
+      echo -e "$config" > $CONFIGFILE
232
+      ;;
233
+  esac
234
+else
235
+  echo -e "$config" > $CONFIGFILE
236
+fi
237
+
238
+
239
+clear
240
+[ $ov -eq 0 ] && echo "Done! <3" || echo "Nothing done! </3"
241
+
242
+echo -e "\n"
243
+echo "What now?"
244
+echo "========="
245
+echo "Now we saved our configuration to $CONFIGFILE."
246
+echo "If you want to let them apply to the other modules,"
247
+echo "like in xscreensaver and system-local-login [the system login],"
248
+echo "do as follows:"
249
+echo -e "\t1. Open a module in /etc/pam.d/ (like xscreensaver or system-local-login).\n\t2. After the line \"#%PAM-1.0\" append\n\t\tauth       include    pampanic\n\t\taccount    include    pampanic\nAfter you have saved the file pam_panic will be working at once."
250
+echo "If you got any question, don't hesitate to ask via IRC (chat.freenode.de in room #pampanic) or via mail."

Loading…
Cancel
Save