Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
#!/bin/bash
# _____ _ _
# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
# | __| _| -_| -_| . | . | | . | . | | -_|
# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___|
#
# Freedom in the Cloud
#
# Performs a factory reset
#
# License
# =======
#
# Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
PROJECT_NAME='freedombone'
export TEXTDOMAIN=${PROJECT_NAME}-factory-reset
export TEXTDOMAINDIR="/usr/share/locale"
CONFIGURATION_FILE="/root/${PROJECT_NAME}.cfg"
COMPLETION_FILE="/root/${PROJECT_NAME}-completed.txt"
# Start including files
source /usr/local/bin/${PROJECT_NAME}-vars
UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
for f in $UTILS_FILES
do
source "$f"
done
APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
for f in $APP_FILES
do
source "$f"
done
# End including files
FACTORY_RESET_OPTIONS=$1
if [[ "$FACTORY_RESET_OPTIONS" != '-f' && "$FACTORY_RESET_OPTIONS" != '-y' && "$FACTORY_RESET_OPTIONS" != '--force' ]]; then
echo $'>>> FACTORY RESET <<<'
read -r -p $"Do you really wish to perform a factory reset? This will erase all data. (y/n) ?" yn
if [[ $yn != 'y' && $yn != 'Y' && $yn != 'yes' && $yn != 'Yes' && $yn != 'YES' ]]; then
echo $"Factory reset was not performed"
exit 1
fi
else
echo $"Forced factory reset"
fi
web_admin_get_hostname
if [ -f "$webadmin_install_dir/about.html" ]; then
rm "$webadmin_install_dir/about.html"
fi
if [ -f "$webadmin_install_dir/images/webadmin_qrcode.png" ]; then
rm "$webadmin_install_dir/images/webadmin_qrcode.png"
fi
if [ -d "/var/lib/tor/hidden_service_webadmin" ]; then
rm -rf "/var/lib/tor/hidden_service_webadmin"
fi
if [ -f "/etc/searx/searx/settings.yml" ]; then
sed -i "s|secret_key :.*|secret_key : \"$(create_random_string 30)\"|g" "/etc/searx/searx/settings.yml"
fi
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
echo $'Removing installed apps...'
detect_apps
get_apps_installed_names
# shellcheck disable=SC2068
for app_name in ${APPS_INSTALLED_NAMES[@]}
do
if [[ $(function_exists "remove_${app_name}") == "1" ]]; then
echo $"Removing ${app_name}"
app_load_variables "${app_name}"
# call the remove function
"remove_${app_name}"
# ensure that any tor settings are gone
if [ -d "/var/lib/tor/hidden_service_${app_name}" ]; then
rm -rf "/var/lib/tor/hidden_service_${app_name}"
fi
fi
done
if [ -f /etc/nginx/.webadminpasswd ]; then
rm /etc/nginx/.webadminpasswd
fi
if [ -f /root/.temp_webadmin_password ]; then
rm /root/.temp_webadmin_password
fi
if [ ! -f /root/.initial_setup ]; then
touch /root/.initial_setup
fi
if [ -f "$COMPLETION_FILE" ]; then
rm "$COMPLETION_FILE"
fi
# create an fbone user
MY_USERNAME=fbone
if [ ! -d /home/$MY_USERNAME ]; then
adduser --gecos "$MY_USERNAME" --disabled-password "$MY_USERNAME"
echo -n "$MY_USERNAME:${PROJECT_NAME}" | /usr/sbin/chpasswd
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
adduser "$MY_USERNAME" sudo
cat >> "/home/$MY_USERNAME/.bashrc" <<EOF
# initial setup of the system
if [ -f ~/.initial_setup ]; then
clear
echo "
.---. . .
| | |
|--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
| | (.-' (.-' ( | ( )| | | | )( )| | (.-'
' ' --' --' -' - -' ' ' -' -' -' ' - --'
Initial setup process
Please enter your password a second time.
"
sudo su
fi
EOF
touch "/home/$MY_USERNAME/.initial_setup"
/bin/chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.initial_setup"
fi
# remove existing admin user
if grep -q "MY_USERNAME=" "$CONFIGURATION_FILE"; then
MY_USERNAME=$(grep "MY_USERNAME=" "$CONFIGURATION_FILE" | awk -F '=' '{print $2}')
if [ "$MY_USERNAME" ]; then
if [[ "$MY_USERNAME" != 'fbone' ]]; then
if [ -d "/home/$MY_USERNAME" ]; then
chmod 600 /etc/shadow
chmod 600 /etc/gshadow
userdel -r "$MY_USERNAME"
groupdel "$MY_USERNAME"
chmod 0000 /etc/shadow
chmod 0000 /etc/gshadow
fi
fi
fi
fi
# ssh
rm -f /etc/ssh/ssh_host_*
dpkg-reconfigure openssh-server
echo $'ssh host keys regenerated'
# remove small moduli
awk '$5 > 2000' /etc/ssh/moduli > ~/moduli
mv ~/moduli /etc/ssh/moduli
echo $'ssh small moduli removed'
# remove icecast stream if it exists
if [ -d /icestream ]; then
rm -rf /icestream
fi
# remove music if it exists
if [ -d /music ]; then
rm -rf /music
fi
$REMOVE_UNUSED_PACKAGES
$CLEAN_PACKAGES
/bin/rm -rf /var/lib/apt/lists/*
# remove master password for the password manager
if [ -f /root/.passwords/root/master ]; then
rm /root/.passwords/root/master
fi
if [ -d /var/local/squirrelmail/attach ]; then
rm -rf /var/local/squirrelmail/attach/*
fi
if [ -d /var/local/squirrelmail/data ]; then
rm -rf /var/local/squirrelmail/data/*
fi
if [ -d /var/local/squirrelmail/temp ]; then
rm -rf /var/local/squirrelmail/temp/*
fi
if [ -d /var/www/uploads ]; then
rm -rf /var/www/upload/*
fi