From afeec42a009eb6aff4b3f47c2fde5ec960b1ad71 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@robotics.uk.to>
Date: Fri, 14 Oct 2016 10:34:05 +0100
Subject: [PATCH] Use a longer default password for better security
---
src/freedombone-app-blog | 1 -
src/freedombone-image-customise | 6 ++----
src/freedombone-utils-passwords | 17 ++++++++++-------
3 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/src/freedombone-app-blog b/src/freedombone-app-blog
index d3d498b68..31fb8026f 100755
--- a/src/freedombone-app-blog
+++ b/src/freedombone-app-blog
@@ -174,7 +174,6 @@ function install_interactive_blog {
function change_password_blog {
if ! grep -q "blog domain:" $COMPLETION_FILE; then
- return
echo "blog domain:$FULLBLOG_DOMAIN_NAME" >> $COMPLETION_FILE
fi
FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "blog domain" | head -n 1 | awk -F ':' '{print $2}')
diff --git a/src/freedombone-image-customise b/src/freedombone-image-customise
index 141ae9190..a68dc516c 100755
--- a/src/freedombone-image-customise
+++ b/src/freedombone-image-customise
@@ -349,7 +349,7 @@ EOF
echo ' exit' >> $rootdir/root/.bashrc
echo ' fi' >> $rootdir/root/.bashrc
echo -n ' NEW_USER_PASSWORD="$(openssl rand -base64 30 | cut -c1-' >> $rootdir/root/.bashrc
- echo "${MINIMUM_PASSWORD_LENGTH})\"" >> $rootdir/root/.bashrc
+ echo "${DEFAULT_PASSWORD_LENGTH})\"" >> $rootdir/root/.bashrc
echo ' fi' >> $rootdir/root/.bashrc
echo ' echo "${NEW_USER_PASSWORD}" > ~/login.txt' >> $rootdir/root/.bashrc
@@ -361,8 +361,6 @@ EOF
PRESS_KEY_MESSAGE=$'Press any key to continue...'
echo " echo \"${NEW_LOGIN_PASSWORD_MESSAGE1}\"" >> $rootdir/root/.bashrc
echo ' echo ""' >> $rootdir/root/.bashrc
- echo ' toilet "${NEW_USER_PASSWORD}"' >> $rootdir/root/.bashrc
- echo ' echo ""' >> $rootdir/root/.bashrc
echo ' echo " ${NEW_USER_PASSWORD}"' >> $rootdir/root/.bashrc
echo ' echo ""' >> $rootdir/root/.bashrc
echo " echo \"${NEW_LOGIN_PASSWORD_MESSAGE2}\"" >> $rootdir/root/.bashrc
@@ -1015,7 +1013,7 @@ fi
if [[ $VARIANT != "meshclient" && $VARIANT != "meshusb" && $VARIANT != "mesh" ]]; then
chroot "$rootdir" apt-get install -y openssh-server
fi
-chroot "$rootdir" apt-get install -y sudo git dialog toilet build-essential
+chroot "$rootdir" apt-get install -y sudo git dialog build-essential
chroot "$rootdir" apt-get install -y avahi-daemon avahi-utils avahi-discover avahi-autoipd
chroot "$rootdir" apt-get install -y iptables dnsutils net-tools network-manager iputils-ping
chroot "$rootdir" apt-get install -y libnss-mdns libnss-myhostname libnss-gw-name nano man ntp
diff --git a/src/freedombone-utils-passwords b/src/freedombone-utils-passwords
index 1b8620dfc..d096af147 100755
--- a/src/freedombone-utils-passwords
+++ b/src/freedombone-utils-passwords
@@ -36,15 +36,18 @@ IMAGE_PASSWORD_FILE=/root/login.txt
# Minimum number of characters in a password
MINIMUM_PASSWORD_LENGTH=10
+# The default password length used in images
+DEFAULT_PASSWORD_LENGTH=20
+
function enforce_good_passwords {
- # because humans are generally bad at choosing passwords
- if grep -Fxq "enforce_good_passwords" $COMPLETION_FILE; then
- return
- fi
- apt-get -y install libpam-cracklib
+ # because humans are generally bad at choosing passwords
+ if grep -Fxq "enforce_good_passwords" $COMPLETION_FILE; then
+ return
+ fi
+ apt-get -y install libpam-cracklib
- sed -i 's/password.*requisite.*pam_cracklib.so.*/password required pam_cracklib.so retry=2 dcredit=-4 ucredit=-1 ocredit=-1 lcredit=0 minlen=10 reject_username/g' /etc/pam.d/common-password
- echo 'enforce_good_passwords' >> $COMPLETION_FILE
+ sed -i 's/password.*requisite.*pam_cracklib.so.*/password required pam_cracklib.so retry=2 dcredit=-4 ucredit=-1 ocredit=-1 lcredit=0 minlen=10 reject_username/g' /etc/pam.d/common-password
+ echo 'enforce_good_passwords' >> $COMPLETION_FILE
}
function create_password {
--
GitLab