From 121c1ce840553cd05150e7173b79e9e67bb3d227 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Viktor=20Sz=C3=A9pe?= Date: Fri, 30 Jan 2015 17:39:34 +0100 Subject: [PATCH] add-mailaccount.sh --- backup/wetransfer | 2 +- install-cron.sh | 3 +- mail/add-mailaccount.sh | 73 ++++++++++++------- .../save_all_attachments.py | 8 +- mysql/mysqltuner | 2 +- security/README.md | 4 + security/password2remember.sh | 43 ++++++++--- 7 files changed, 90 insertions(+), 45 deletions(-) diff --git a/backup/wetransfer b/backup/wetransfer index 3aa192ca..63520a8a 160000 --- a/backup/wetransfer +++ b/backup/wetransfer @@ -1 +1 @@ -Subproject commit 3aa192cada0452ab017bee53cab4cf3250bda92a +Subproject commit 63520a8a2fef11c6e0aecd7a6a57ba3ed1693d0a diff --git a/install-cron.sh b/install-cron.sh index ad6984a6..09fb20eb 100755 --- a/install-cron.sh +++ b/install-cron.sh @@ -1,8 +1,9 @@ #!/bin/bash # # Install cron jobs from the script header. +# # E.g. "# CRON-HOURLY :/usr/local/bin/example.sh" -# In cron syntax "# CRON-D :09,39 * * * * root /usr/local/bin/example.sh" +# Cron syntax: "# CRON-D :09,39 * * * * root /usr/local/bin/example.sh" # See: man 5 crontab # # VERSION :0.2 diff --git a/mail/add-mailaccount.sh b/mail/add-mailaccount.sh index f4fa47d2..2503fdd5 100755 --- a/mail/add-mailaccount.sh +++ b/mail/add-mailaccount.sh @@ -2,30 +2,31 @@ # # Add a virtual mail account to courier-mta. # -# VERSION :0.2 -# DATE :2014-12-25 +# VERSION :0.3 +# DATE :2015-01-30 # AUTHOR :Viktor Szépe # LICENSE :The MIT License (MIT) # URL :https://github.com/szepeviktor/debian-server-tools # BASH-VERSION :4.2+ # LOCATION :/usr/local/sbin/add-mailaccount.sh -# DEPENDS :apt-get install courier-authdaemon courier-mta-ssl +# DEPENDS :apt-get install courier-authdaemon courier-mta-ssl pwgen +# DEPENDS :security/password2remember.sh -ACCOUNT="$1" -MAILROOT="/var/mail" VIRTUAL_UID="1999" COURIER_AUTH_DBNAME="horde4" -CA_CERTIFICATES="/etc/ssl/certs/ca-certificates.crt" Error() { echo "ERROR: $*" exit $1 } -[ -z "$ACCOUNT" ] && Error 1 "No account given." -[ -d "$MAILROOT" ] || Error 1 "Mail root (${MAILROOT}) does not exist." +ACCOUNT="$1" +MAILROOT="/var/mail" +CA_CERTIFICATES="/etc/ssl/certs/ca-certificates.crt" [ "$(id --user)" == 0 ] || Error 1 "Only root is allowed to add mail accounts." +[ -z "$ACCOUNT" ] && Error 1 "No account given." +[ -d "$MAILROOT" ] || Error 1 "Mail root (${MAILROOT}) does not exist." # inputs for V in EMAIL PASS DESC HOMEDIR; do @@ -34,8 +35,11 @@ for V in EMAIL PASS DESC HOMEDIR; do DEFAULT="$ACCOUNT" ;; PASS) - #TODO: xkcd-style password DEFAULT="$(pwgen 8 1)$((RANDOM % 10))" + # xkcd-style password + WORDLIST_HU="/usr/local/share/password2remember/password2remember_hu.txt" + [ -f "$WORDLIST_HU" ] \ + && DEFAULT="$(xkcdpass -d . -w "$WORDLIST_HU" -n 4)" ;; HOMEDIR) DEFAULT="${MAILROOT}/${EMAIL##*@}/${EMAIL%%@*}" @@ -45,8 +49,6 @@ for V in EMAIL PASS DESC HOMEDIR; do ;; esac - #read -e -p "${V}? " -i "$DEFAULT" VALUE - #eval "$V"="'$VALUE'" read -e -p "${V}? " -i "$DEFAULT" "$V" done @@ -59,47 +61,62 @@ if ! getent passwd "$VIRTUAL_UID" &> /dev/null; then getent passwd "$VIRTUAL_UID" fi -# check domain +# check email format +# https://fightingforalostcause.net/content/misc/2006/compare-email-regex.php +grep -qE '^[-a-z0-9_]+(\.[-a-z0-9_]+)*@([a-z0-9_][-a-z0-9_])*(\.[-a-z0-9_]+)+$' <<< "$EMAIL" || Error 8 'Non-regular email address' + NEW_DOMAIN="${EMAIL##*@}" -grep -qr "^${NEW_DOMAIN//./\\.}$" /etc/courier/locals /etc/courier/esmtpacceptmailfor.dir || Error 10 "This domain is not accepted here (${NEW_DOMAIN})" -grep -qr "^${NEW_DOMAIN//./\\.}$" /etc/courier/hosteddomains || echo "[WARNING] This domain is not hosted here (${NEW_DOMAIN})" >&2 +NEW_MAILDIR="${MAILROOT}/${NEW_DOMAIN}/${EMAIL%%@*}/Maildir" +#? + +# check home +[ -d "$HOMEDIR" ] && Error 9 "This home ($HOMEDIR) already exists." + +# check domain +grep -qFxr "${NEW_DOMAIN}" /etc/courier/locals /etc/courier/esmtpacceptmailfor.dir || Error 10 "This domain is not accepted here (${NEW_DOMAIN})" +grep -qFxr "${NEW_DOMAIN}" /etc/courier/hosteddomains || echo "[WARNING] This domain is not hosted here (${NEW_DOMAIN})" >&2 # account folder and maildir -NEW_MAILDIR="${MAILROOT}/${NEW_DOMAIN}/${EMAIL%%@*}" -mkdir -v -p "${MAILROOT}/${NEW_DOMAIN}" || Error 12 "Failed to create dir: (${MAILROOT}/${NEW_DOMAIN})" -chown -v "$VIRTUAL_UID":"$VIRTUAL_UID" "${MAILROOT}/${NEW_DOMAIN}" || Error 13 "Cannot chown (${MAILROOT}/${NEW_DOMAIN})" -chmod -v o-rx "${MAILROOT}/${NEW_DOMAIN}" || Error 14 "Cannot chmod (${MAILROOT}/${NEW_DOMAIN})" -sudo -u virtual maildirmake "$NEW_MAILDIR" && echo "Maildir OK." || Error 15 "Cannot create maildir (${NEW_MAILDIR})" +install -o "$VIRTUAL_UID" -g "$VIRTUAL_UID" -m "u=rwx" -d "${MAILROOT}/${NEW_DOMAIN}/${EMAIL%%@*}" || Error 12 "Failed to install dir: (${MAILROOT}/${NEW_DOMAIN})" +#? +sudo -u virtual -- maildirmake "$NEW_MAILDIR" && echo "Maildir OK." || Error 15 "Cannot create maildir (${NEW_MAILDIR})" # special folders -sudo -u virtual maildirmake -f Drafts "$NEW_MAILDIR" && echo "Drafts OK." || Error 20 "Cannot create Drafts folder" -sudo -u virtual maildirmake -f Sent "$NEW_MAILDIR" && echo "Sent OK." || Error 21 "Cannot create Sent folder" -sudo -u virtual maildirmake -f Trash "$NEW_MAILDIR" && echo "Trash OK." || Error 22 "Cannot create Trash folder" +sudo -u virtual -- maildirmake -f Drafts "$NEW_MAILDIR" && echo "Drafts OK." || Error 20 "Cannot create Drafts folder" +sudo -u virtual -- maildirmake -f Sent "$NEW_MAILDIR" && echo "Sent OK." || Error 21 "Cannot create Sent folder" +sudo -u virtual -- maildirmake -f Trash "$NEW_MAILDIR" && echo "Trash OK." || Error 22 "Cannot create Trash folder" +# removal instruction +echo "Remove home: rm -rf '${HOMEDIR}'" -# MySQL output +# MySQL authentication if which mysql &> /dev/null \ && grep -q "^authmodulelist=.*\bauthmysql\b" /etc/courier/authdaemonrc; then - mysql "$COURIER_AUTH_DBNAME" < /dev/null \ && [ -r /etc/courier/userdb ] \ && grep -q "^authmodulelist=.*\bauthuserdb\b" /etc/courier/authdaemonrc; then - userdb "$EMAIL" set "home=${NEW_MAILDIR}" || Error 30 "Failed to add to userdb" + userdb "$EMAIL" set "home=${HOMEDIR}" || Error 30 "Failed to add to userdb" userdb "$EMAIL" set "mail=${NEW_MAILDIR}" || Error 31 "Failed to add to userdb" - # man makeuserdb + # 'maildir' is not necessary, see: man makeuserdb #userdb "$EMAIL" set "maildir=${NEW_MAILDIR}" || Error 32 "Failed to add to userdb" userdb "$EMAIL" set "uid=${VIRTUAL_UID}" || Error 33 "Failed to add to userdb" userdb "$EMAIL" set "gid=${VIRTUAL_UID}" || Error 34 "Failed to add to userdb" echo "$PASS" | userdbpw -md5 | userdb "$EMAIL" set systempw || Error 35 "Failed to add to userdb" [ -z "$DESC" ] || userdb "$EMAIL" set "fullname=${DESC}" || Error 36 "Failed to add to userdb" makeuserdb || Error 37 "Failed to make userdb" + # removal instruction + echo "Remove user: userdb '$EMAIL' del" fi # SMTP authentication test diff --git a/mail/extract-attachments/save_all_attachments.py b/mail/extract-attachments/save_all_attachments.py index 6deb8f16..3681932b 100755 --- a/mail/extract-attachments/save_all_attachments.py +++ b/mail/extract-attachments/save_all_attachments.py @@ -131,10 +131,11 @@ def gen_filename(name, part, addr, date, n): pre = '%s.%s.%d' % (date, addr, n) file = ''.join((pre, ext)) else: - #file = email.Header.decode_header(name)[0][0] file = part.get_filename() - if email.Header.decode_header(file)[0][1] is not None: - file = str(email.Header.decode_header(file)[0][0]).decode(email.Header.decode_header(file)[0][1]) + # no need to decode + #file = email.Header.decode_header(name)[0][0] + #if email.Header.decode_header(file)[0][1] is not None: + # file = str(email.Header.decode_header(file)[0][0]).decode(email.Header.decode_header(file)[0][1]) file = file.replace(' ', '_') if type(file) is not type('') and type(file) is not unicode: @@ -180,6 +181,7 @@ def walk_parts(msg, addr, date, dtime, count, msgnum): else: continue else: + Debug(3, '''"dtypes=%s" % `dtypes`''') attachment,filename = None,None for key,val in dtypes: key = key.lower() diff --git a/mysql/mysqltuner b/mysql/mysqltuner index 633b596d..2c69d953 160000 --- a/mysql/mysqltuner +++ b/mysql/mysqltuner @@ -1 +1 @@ -Subproject commit 633b596dabcd788d7696852bdb56c80e16379da3 +Subproject commit 2c69d953f84a9f74dec7f73eb31f56f45a2a787d diff --git a/security/README.md b/security/README.md index add56872..1ea0ef89 100644 --- a/security/README.md +++ b/security/README.md @@ -1,3 +1,7 @@ +### Custom certificate installation + +/usr/local/share/ca-certificates + ### Store secret data in shares #### gfshare diff --git a/security/password2remember.sh b/security/password2remember.sh index 8581f9ce..d280b644 100755 --- a/security/password2remember.sh +++ b/security/password2remember.sh @@ -2,40 +2,61 @@ # # Generate 8 easy to remember passwords. # First option is the acrostic word, second is a number to append. -# Set P2R_LANG to any language name after you added the corresponding wordlist file. -# The fixed delimiter is period (the `-d` option of xkcdpass) # -# VERSION :0.2 -# DATE :2014-08-27 +# Set P2R_LANG to any language code after you added the corresponding wordlist file (password2remember_.txt). +# +# VERSION :0.3 +# DATE :2015-01-30 # AUTHOR :Viktor Szépe # LICENSE :The MIT License (MIT) # URL :https://github.com/szepeviktor/debian-server-tools # BASH-VERSION :4.2+ # DEPENDS :pip install xkcdpass +# LOCATION :/usr/local/bin/password2remember.sh # WORDLIST_HU :http://packetstormsecurity.com/files/32010/hungarian.gz.html # WORDLIST_HU2 :http://sourceforge.net/projects/wordlist-hu/ P2R_LANG="hu" - +DELIMITER="." ACROSTIC="$1" NUMBER="$2" # capitalize the first letter -capitalize() { +Capitalize() { local LOWERCASE="$1" echo -n "${LOWERCASE:0:1}" | tr '[:lower:]' '[:upper:]' echo -n "${LOWERCASE:1}" } +# add the number +Append_number() { + echo "$NUMBER" +} + +# locate the word list file +Find_wordlist() { + local WL="password2remember_${P2R_LANG}.txt" + + [ -r "/usr/local/share/password2remember/${WL}" ] \ + && WL="/usr/local/share/password2remember/${WL}" + + echo "$WL" +} + + [ -z "$ACROSTIC" ] || echo "a.c.r.o.s.t.i.c.: '${ACROSTIC}'" [ -z "$NUMBER" ] || echo "number: '${NUMBER}'" -# generate 8 passwords +# generate 8 passwords choices for N in $(seq 1 8); do - XKCDPASS="$(xkcdpass -d . -w "password2remember_${P2R_LANG}.txt" -n 4 --max=7 -a "$ACROSTIC")" - - capitalize "$XKCDPASS" - echo "$NUMBER" + XKCDPASS="$(xkcdpass -d "$DELIMITER" -w "$(Find_wordlist)" -n 4 --max=7 -a "$ACROSTIC")" + + if [ -z "$NUMBER" ]; then + echo "$XKCDPASS" + else + Capitalize "$XKCDPASS" + Append_number + fi done