From: mhoellein Date: Fri, 21 Jan 2022 08:21:47 +0000 (+0100) Subject: committing changes in /etc made by "apt-get install dropbear" X-Git-Url: https://git.hoellein.online/?a=commitdiff_plain;h=052754351a114160aea9d3028ff0f17d489ecacd;p=vserver2 committing changes in /etc made by "apt-get install dropbear" Package changes: +cryptsetup 2:2.2.2-3ubuntu2.3 amd64 +cryptsetup-bin 2:2.2.2-3ubuntu2.3 amd64 +cryptsetup-initramfs 2:2.2.2-3ubuntu2.3 all +cryptsetup-run 2:2.2.2-3ubuntu2.3 all +dropbear 2019.78-2build1 all +dropbear-bin 2019.78-2build1 amd64 +dropbear-initramfs 2019.78-2build1 all +libtomcrypt1 1.18.2-3 amd64 +libtommath1 1.2.0-3 amd64 --- diff --git a/.etckeeper b/.etckeeper index 1c4acf9..824d58d 100755 --- a/.etckeeper +++ b/.etckeeper @@ -510,6 +510,9 @@ maybe chmod 0644 'crontab' maybe chmod 0755 'cruft' maybe chmod 0755 'cruft/filters-unex' maybe chmod 0644 'cruft/filters-unex/etckeeper' +maybe chmod 0755 'cryptsetup-initramfs' +maybe chmod 0644 'cryptsetup-initramfs/conf-hook' +maybe chmod 0644 'crypttab' maybe chmod 0755 'dbconfig-common' maybe chmod 0600 'dbconfig-common/config' maybe chmod 0755 'dbus-1' @@ -528,8 +531,10 @@ maybe chmod 0644 'default/bsdmainutils' maybe chmod 0644 'default/console-setup' maybe chmod 0644 'default/crda' maybe chmod 0644 'default/cron' +maybe chmod 0644 'default/cryptdisks' maybe chmod 0644 'default/dbus' maybe chmod 0644 'default/dovecot' +maybe chmod 0644 'default/dropbear' maybe chmod 0644 'default/grub' maybe chmod 0755 'default/grub.d' maybe chmod 0644 'default/grub.d/init-select.cfg' @@ -599,6 +604,18 @@ maybe chmod 0755 'dpkg/dpkg.cfg.d' maybe chmod 0755 'dpkg/origins' maybe chmod 0644 'dpkg/origins/debian' maybe chmod 0644 'dpkg/origins/ubuntu' +maybe chmod 0755 'dropbear' +maybe chmod 0755 'dropbear-initramfs' +maybe chmod 0644 'dropbear-initramfs/config' +maybe chmod 0600 'dropbear-initramfs/dropbear_dss_host_key' +maybe chmod 0600 'dropbear-initramfs/dropbear_ecdsa_host_key' +maybe chmod 0600 'dropbear-initramfs/dropbear_rsa_host_key' +maybe chmod 0600 'dropbear/dropbear_dss_host_key' +maybe chmod 0600 'dropbear/dropbear_ecdsa_host_key' +maybe chmod 0600 'dropbear/dropbear_rsa_host_key' +maybe chmod 0755 'dropbear/log' +maybe chmod 0755 'dropbear/log/run' +maybe chmod 0755 'dropbear/run' maybe chmod 0644 'e2scrub.conf' maybe chmod 0755 'emacs' maybe chmod 0755 'emacs/site-start.d' @@ -805,8 +822,11 @@ maybe chmod 0755 'init.d/apache2' maybe chmod 0755 'init.d/apparmor' maybe chmod 0755 'init.d/console-setup.sh' maybe chmod 0755 'init.d/cron' +maybe chmod 0755 'init.d/cryptdisks' +maybe chmod 0755 'init.d/cryptdisks-early' maybe chmod 0755 'init.d/dbus' maybe chmod 0755 'init.d/dovecot' +maybe chmod 0755 'init.d/dropbear' maybe chmod 0755 'init.d/grub-common' maybe chmod 0755 'init.d/hwclock.sh' maybe chmod 0755 'init.d/icinga2' diff --git a/cryptsetup-initramfs/conf-hook b/cryptsetup-initramfs/conf-hook new file mode 100644 index 0000000..81de87e --- /dev/null +++ b/cryptsetup-initramfs/conf-hook @@ -0,0 +1,28 @@ +# +# Configuration file for the cryptroot initramfs hook. +# + +# +# KEYFILE_PATTERN: ... +# +# The value of this variable is interpreted as a shell pattern. +# Matching key files from the crypttab(5) are included in the initramfs +# image. The associated devices can then be unlocked without manual +# intervention. (For instance if /etc/crypttab lists two key files +# /etc/keys/{root,swap}.key, you can set KEYFILE_PATTERN="/etc/keys/*.key" +# to add them to the initrd.) +# +# If KEYFILE_PATTERN if null or unset (default) then no key file is +# copied to the initramfs image. +# +# Note that the glob(7) is not expanded for crypttab(5) entries with a +# 'keyscript=' option. In that case, the field is not treated as a file +# name but given as argument to the keyscript. +# +# WARNING: If the initramfs image is to include private key material, +# you'll want to create it with a restrictive umask in order to keep +# non-privileged users at bay. For instance, set UMASK=0077 in +# /etc/initramfs-tools/initramfs.conf +# + +#KEYFILE_PATTERN= diff --git a/crypttab b/crypttab new file mode 100644 index 0000000..8320514 --- /dev/null +++ b/crypttab @@ -0,0 +1 @@ +# diff --git a/default/cryptdisks b/default/cryptdisks new file mode 100644 index 0000000..c1f837c --- /dev/null +++ b/default/cryptdisks @@ -0,0 +1,12 @@ +# Run cryptdisks initscripts at startup? Default is Yes. +CRYPTDISKS_ENABLE=Yes + +# Mountpoints to mount, before cryptsetup is invoked at initscripts. Takes +# mountpoins which are configured in /etc/fstab as arguments. Separate +# mountpoints by space. +# This is useful for keyfiles on removable media. Default is unset. +CRYPTDISKS_MOUNT="" + +# Default check script. Takes effect, if the 'check' option is set in crypttab +# without a value. +CRYPTDISKS_CHECK=blkid diff --git a/default/dropbear b/default/dropbear new file mode 100644 index 0000000..b1e09ae --- /dev/null +++ b/default/dropbear @@ -0,0 +1,25 @@ +# disabled because OpenSSH is installed +# change to NO_START=0 to enable Dropbear +NO_START=1 +# the TCP port that Dropbear listens on +DROPBEAR_PORT=22 + +# any additional arguments for Dropbear +DROPBEAR_EXTRA_ARGS= + +# specify an optional banner file containing a message to be +# sent to clients before they connect, such as "/etc/issue.net" +DROPBEAR_BANNER="" + +# RSA hostkey file (default: /etc/dropbear/dropbear_rsa_host_key) +#DROPBEAR_RSAKEY="/etc/dropbear/dropbear_rsa_host_key" + +# DSS hostkey file (default: /etc/dropbear/dropbear_dss_host_key) +#DROPBEAR_DSSKEY="/etc/dropbear/dropbear_dss_host_key" + +# ECDSA hostkey file (default: /etc/dropbear/dropbear_ecdsa_host_key) +#DROPBEAR_ECDSAKEY="/etc/dropbear/dropbear_ecdsa_host_key" + +# Receive window size - this is a tradeoff between memory and +# network performance +DROPBEAR_RECEIVE_WINDOW=65536 diff --git a/dropbear-initramfs/config b/dropbear-initramfs/config new file mode 100644 index 0000000..8dcf5c0 --- /dev/null +++ b/dropbear-initramfs/config @@ -0,0 +1,18 @@ +# +# Configuration options for the dropbear-initramfs boot scripts. +# You must run update-initramfs(8) to effect changes to this file (like +# for other files under the '/etc/dropbear-initramfs' directory). + +# +# Command line options to pass to dropbear(8) +# +#DROPBEAR_OPTIONS= + +# +# On local (non-NFS) mounts, interfaces matching this pattern are +# brought down before exiting the ramdisk to avoid dirty network +# configuration in the normal kernel. +# The special value 'none' keeps all interfaces up and preserves routing +# tables and addresses. +# +#IFDOWN=* diff --git a/dropbear-initramfs/dropbear_dss_host_key b/dropbear-initramfs/dropbear_dss_host_key new file mode 100644 index 0000000..5126d65 Binary files /dev/null and b/dropbear-initramfs/dropbear_dss_host_key differ diff --git a/dropbear-initramfs/dropbear_ecdsa_host_key b/dropbear-initramfs/dropbear_ecdsa_host_key new file mode 100644 index 0000000..7b21ac1 Binary files /dev/null and b/dropbear-initramfs/dropbear_ecdsa_host_key differ diff --git a/dropbear-initramfs/dropbear_rsa_host_key b/dropbear-initramfs/dropbear_rsa_host_key new file mode 100644 index 0000000..69720f2 Binary files /dev/null and b/dropbear-initramfs/dropbear_rsa_host_key differ diff --git a/dropbear/dropbear_dss_host_key b/dropbear/dropbear_dss_host_key new file mode 100644 index 0000000..1586b2f Binary files /dev/null and b/dropbear/dropbear_dss_host_key differ diff --git a/dropbear/dropbear_ecdsa_host_key b/dropbear/dropbear_ecdsa_host_key new file mode 100644 index 0000000..6d83cc2 Binary files /dev/null and b/dropbear/dropbear_ecdsa_host_key differ diff --git a/dropbear/dropbear_rsa_host_key b/dropbear/dropbear_rsa_host_key new file mode 100644 index 0000000..e197933 Binary files /dev/null and b/dropbear/dropbear_rsa_host_key differ diff --git a/dropbear/log/main b/dropbear/log/main new file mode 120000 index 0000000..d1077ca --- /dev/null +++ b/dropbear/log/main @@ -0,0 +1 @@ +/var/log/dropbear \ No newline at end of file diff --git a/dropbear/log/run b/dropbear/log/run new file mode 100755 index 0000000..2ffb13d --- /dev/null +++ b/dropbear/log/run @@ -0,0 +1,2 @@ +#!/bin/sh +exec chpst -udropbearlog svlogd -tt ./main diff --git a/dropbear/run b/dropbear/run new file mode 100755 index 0000000..f208085 --- /dev/null +++ b/dropbear/run @@ -0,0 +1,3 @@ +#!/bin/sh +exec 2>&1 +exec dropbear -d ./dropbear_dss_host_key -r ./dropbear_rsa_host_key -F -E -p 22 diff --git a/init.d/cryptdisks b/init.d/cryptdisks new file mode 100755 index 0000000..0cd4a83 --- /dev/null +++ b/init.d/cryptdisks @@ -0,0 +1,53 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: cryptdisks +# Required-Start: checkroot cryptdisks-early +# Required-Stop: umountroot cryptdisks-early +# Should-Start: udev mdadm-raid lvm2 +# Should-Stop: udev mdadm-raid lvm2 +# X-Start-Before: checkfs +# X-Stop-After: umountfs +# X-Interactive: true +# Default-Start: S +# Default-Stop: 0 6 +# Short-Description: Setup remaining encrypted block devices. +# Description: +### END INIT INFO + +set -e + +if [ -r /lib/cryptsetup/cryptdisks-functions ]; then + . /lib/cryptsetup/cryptdisks-functions +else + exit 0 +fi + +INITSTATE="remaining" +DEFAULT_LOUD="yes" + +case "$CRYPTDISKS_ENABLE" in +[Nn]*) + exit 0 + ;; +esac + +case "$1" in +start) + do_start + ;; +stop) + do_stop + ;; +restart|reload|force-reload) + do_stop + do_start + ;; +force-start) + FORCE_START="yes" + do_start + ;; +*) + echo "Usage: cryptdisks {start|stop|restart|reload|force-reload|force-start}" + exit 1 + ;; +esac diff --git a/init.d/cryptdisks-early b/init.d/cryptdisks-early new file mode 100755 index 0000000..6498431 --- /dev/null +++ b/init.d/cryptdisks-early @@ -0,0 +1,53 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: cryptdisks-early +# Required-Start: checkroot +# Required-Stop: umountroot +# Should-Start: udev mdadm-raid +# Should-Stop: udev mdadm-raid +# X-Start-Before: lvm2 +# X-Stop-After: lvm2 umountfs +# X-Interactive: true +# Default-Start: S +# Default-Stop: 0 6 +# Short-Description: Setup early encrypted block devices. +# Description: +### END INIT INFO + +set -e + +if [ -r /lib/cryptsetup/cryptdisks-functions ]; then + . /lib/cryptsetup/cryptdisks-functions +else + exit 0 +fi + +INITSTATE="early" +DEFAULT_LOUD="" + +case "$CRYPTDISKS_ENABLE" in +[Nn]*) + exit 0 + ;; +esac + +case "$1" in +start) + do_start + ;; +stop) + do_stop + ;; +restart|reload|force-reload) + do_stop + do_start + ;; +force-start) + FORCE_START="yes" + do_start + ;; +*) + echo "Usage: cryptdisks-early {start|stop|restart|reload|force-reload|force-start}" + exit 1 + ;; +esac diff --git a/init.d/dropbear b/init.d/dropbear new file mode 100755 index 0000000..ccd758d --- /dev/null +++ b/init.d/dropbear @@ -0,0 +1,79 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: dropbear +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Lightweight SSH server +# Description: Init script for drobpear SSH server. Edit +# /etc/default/dropbear to configure the server. +### END INIT INFO +# +# Do not configure this file. Edit /etc/default/dropbear instead! +# + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/dropbear +NAME=dropbear +DESC="Dropbear SSH server" +DEFAULTCFG=/etc/default/dropbear + +DROPBEAR_PORT=22 +DROPBEAR_EXTRA_ARGS= +NO_START=0 + +set -e + +. /lib/lsb/init-functions + +cancel() { echo "$1" >&2; exit 0; }; +test ! -r $DEFAULTCFG || . $DEFAULTCFG +test -x "$DAEMON" || cancel "$DAEMON does not exist or is not executable." +test ! -x /usr/sbin/update-service || ! update-service --check dropbear || + cancel 'The dropbear service is controlled through runit, use the sv(8) program' + +[ ! "$DROPBEAR_BANNER" ] || DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER" +[ ! -f "$DROPBEAR_RSAKEY" ] || DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -r $DROPBEAR_RSAKEY" +[ ! -f "$DROPBEAR_DSSKEY" ] || DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -r $DROPBEAR_DSSKEY" +[ ! -f "$DROPBEAR_ECDSAKEY" ] || DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -r $DROPBEAR_ECDSAKEY" +test -n "$DROPBEAR_RECEIVE_WINDOW" || \ + DROPBEAR_RECEIVE_WINDOW="65536" + +case "$1" in + start) + test "$NO_START" = "0" || + cancel "Starting $DESC: [abort] NO_START is not set to zero in $DEFAULTCFG" + + echo -n "Starting $DESC: " + start-stop-daemon --start --quiet --pidfile /var/run/"$NAME".pid \ + --exec "$DAEMON" -- -p "$DROPBEAR_PORT" -W "$DROPBEAR_RECEIVE_WINDOW" $DROPBEAR_EXTRA_ARGS + echo "$NAME." + ;; + stop) + echo -n "Stopping $DESC: " + start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/"$NAME".pid + echo "$NAME." + ;; + restart|force-reload) + test "$NO_START" = "0" || + cancel "Restarting $DESC: [abort] NO_START is not set to zero in $DEFAULTCFG" + + echo -n "Restarting $DESC: " + start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/"$NAME".pid + sleep 1 + start-stop-daemon --start --quiet --pidfile /var/run/"$NAME".pid \ + --exec "$DAEMON" -- $DROPBEAR_KEYS -p "$DROPBEAR_PORT" -W "$DROPBEAR_RECEIVE_WINDOW" $DROPBEAR_EXTRA_ARGS + echo "$NAME." + ;; + status) + status_of_proc -p /var/run/"$NAME".pid $DAEMON $NAME && exit 0 || exit $? + ;; + *) + N=/etc/init.d/$NAME + echo "Usage: $N {start|stop|status|restart|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/rc0.d/K01cryptdisks b/rc0.d/K01cryptdisks new file mode 120000 index 0000000..6202e26 --- /dev/null +++ b/rc0.d/K01cryptdisks @@ -0,0 +1 @@ +../init.d/cryptdisks \ No newline at end of file diff --git a/rc0.d/K01cryptdisks-early b/rc0.d/K01cryptdisks-early new file mode 120000 index 0000000..caf5ed0 --- /dev/null +++ b/rc0.d/K01cryptdisks-early @@ -0,0 +1 @@ +../init.d/cryptdisks-early \ No newline at end of file diff --git a/rc0.d/K01dropbear b/rc0.d/K01dropbear new file mode 120000 index 0000000..44af88d --- /dev/null +++ b/rc0.d/K01dropbear @@ -0,0 +1 @@ +../init.d/dropbear \ No newline at end of file diff --git a/rc1.d/K01dropbear b/rc1.d/K01dropbear new file mode 120000 index 0000000..44af88d --- /dev/null +++ b/rc1.d/K01dropbear @@ -0,0 +1 @@ +../init.d/dropbear \ No newline at end of file diff --git a/rc2.d/S01dropbear b/rc2.d/S01dropbear new file mode 120000 index 0000000..44af88d --- /dev/null +++ b/rc2.d/S01dropbear @@ -0,0 +1 @@ +../init.d/dropbear \ No newline at end of file diff --git a/rc3.d/S01dropbear b/rc3.d/S01dropbear new file mode 120000 index 0000000..44af88d --- /dev/null +++ b/rc3.d/S01dropbear @@ -0,0 +1 @@ +../init.d/dropbear \ No newline at end of file diff --git a/rc4.d/S01dropbear b/rc4.d/S01dropbear new file mode 120000 index 0000000..44af88d --- /dev/null +++ b/rc4.d/S01dropbear @@ -0,0 +1 @@ +../init.d/dropbear \ No newline at end of file diff --git a/rc5.d/S01dropbear b/rc5.d/S01dropbear new file mode 120000 index 0000000..44af88d --- /dev/null +++ b/rc5.d/S01dropbear @@ -0,0 +1 @@ +../init.d/dropbear \ No newline at end of file diff --git a/rc6.d/K01cryptdisks b/rc6.d/K01cryptdisks new file mode 120000 index 0000000..6202e26 --- /dev/null +++ b/rc6.d/K01cryptdisks @@ -0,0 +1 @@ +../init.d/cryptdisks \ No newline at end of file diff --git a/rc6.d/K01cryptdisks-early b/rc6.d/K01cryptdisks-early new file mode 120000 index 0000000..caf5ed0 --- /dev/null +++ b/rc6.d/K01cryptdisks-early @@ -0,0 +1 @@ +../init.d/cryptdisks-early \ No newline at end of file diff --git a/rc6.d/K01dropbear b/rc6.d/K01dropbear new file mode 120000 index 0000000..44af88d --- /dev/null +++ b/rc6.d/K01dropbear @@ -0,0 +1 @@ +../init.d/dropbear \ No newline at end of file diff --git a/rcS.d/S01cryptdisks b/rcS.d/S01cryptdisks new file mode 120000 index 0000000..6202e26 --- /dev/null +++ b/rcS.d/S01cryptdisks @@ -0,0 +1 @@ +../init.d/cryptdisks \ No newline at end of file diff --git a/rcS.d/S01cryptdisks-early b/rcS.d/S01cryptdisks-early new file mode 120000 index 0000000..caf5ed0 --- /dev/null +++ b/rcS.d/S01cryptdisks-early @@ -0,0 +1 @@ +../init.d/cryptdisks-early \ No newline at end of file