Mirrors
/
aredn
mirror of https://github.com/aredn/aredn.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

security feature: Enhance HTTPD password security 

Move httpd.conf to not store password and instead depend on the shadow password file.

Also tag the 40_aredn_migrate-httpdconf script to be +x. Not strictly necessary but wish to have this standard

Change-Id: I018d9a3294e45af2316b3c3947ef2a7d8081268b
This commit is contained in:
Conrad Lara - KG6JEI 2016-06-10 19:21:06 -07:00
parent 6e2a56b106
commit 8f91ad1e0e
4 changed files with 14 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
files/etc/arednsysupgrade.conf
View File

@ -26,7 +26,6 @@
/etc/firewall.user
/etc/group
/etc/hosts
/etc/httpd.conf
/etc/gridsquare
/etc/latlon
/etc/local/services

12
files/etc/httpd.conf
View File

@ -1,6 +1,6 @@
/cgi-bin/setup:root:hsmm
/cgi-bin/ports:root:hsmm
/cgi-bin/admin:root:hsmm
/cgi-bin/vpn:root:hsmm
/cgi-bin/vpnc:root:hsmm
/cgi-bin/supporttool:root:hsmm
/cgi-bin/setup:root:$p$root
/cgi-bin/ports:root:$p$root
/cgi-bin/admin:root:$p$root
/cgi-bin/vpn:root:$p$root
/cgi-bin/vpnc:root:$p$root
/cgi-bin/supporttool:root:$p$root

26
files/etc/uci-defaults/40_aredn_migrate-httpdconf Normal file → Executable file
View File

@ -1,20 +1,10 @@
#!/bin/sh
IFS="
"
addedpaths="/cgi-bin/vpn
/cgi-bin/vpnc
/cgi-bin/supporttool
"
currentpwd=$(grep "/cgi-bin/setup" /etc/httpd.conf |cut -d ':' -f 3)
for protectedpath in $addedpaths
do
if grep -q "$protectedpath" "/etc/httpd.conf"; then
continue
fi
echo "$protectedpath:root:$currentpwd" >> /etc/httpd.conf
done
cat > /etc/httpd.conf <<'EOF'
/cgi-bin/setup:root:$p$root
/cgi-bin/ports:root:$p$root
/cgi-bin/admin:root:$p$root
/cgi-bin/vpn:root:$p$root
/cgi-bin/vpnc:root:$p$root
/cgi-bin/supporttool:root:$p$root
EOF

9
files/usr/local/bin/setpasswd
View File

@ -47,13 +47,4 @@ $pw2 = $pw;
$pw2 =~ s/'/'\\''/g;
system "{ echo '$pw2'; sleep 1; echo '$pw2'; } | passwd > /dev/null\n";
@web = `cat /etc/httpd.conf`;
open(FILE, ">/etc/httpd.conf") or die;
foreach(@web)
{
s/^(.*:root:)(.*)$/$1$pw/;
print FILE $_;
}
close(FILE);
print STDERR "passwords changed.\n";