diff options
| author | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2018-07-20 15:44:46 +0200 |
|---|---|---|
| committer | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2018-07-20 15:44:46 +0200 |
| commit | 78f15abb447d873d74c08c5bf1ff59b0f35144fb (patch) | |
| tree | 7a2a92e76abce775afe1bfc0bf7a80127fbf1a4a | |
| parent | af389092b0342a60516c46caf581da0715fbff83 (diff) | |
| download | itzks-systems-78f15abb447d873d74c08c5bf1ff59b0f35144fb.tar.gz itzks-systems-78f15abb447d873d74c08c5bf1ff59b0f35144fb.tar.bz2 itzks-systems-78f15abb447d873d74c08c5bf1ff59b0f35144fb.zip | |
sbin/e2guardian-setup-sslmitm: Add script to setup certificates for E2Guardian with SSL-MitM.
| -rwxr-xr-x | sbin/e2guardian-setup-sslmitm | 84 |
1 files changed, 84 insertions, 0 deletions
diff --git a/sbin/e2guardian-setup-sslmitm b/sbin/e2guardian-setup-sslmitm new file mode 100755 index 0000000..d9a1254 --- /dev/null +++ b/sbin/e2guardian-setup-sslmitm @@ -0,0 +1,84 @@ +#!/bin/bash + +# Copyright (C) 2018 by Mike Gabriel <mike.gabriel@it-zukunft-schule.de> + +# This script is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This script is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the +# Free Software Foundation, Inc., +# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. + +set -e + +NULL="" +E2G_SSLDIR=/etc/e2guardian/ssl/ + +mkdir -p ${E2G_SSLDIR} +chmod 0755 ${E2G_SSLDIR} +chown root:root ${E2G_SSLDIR} + +# Create fake CA +openssl genrsa 4096 > ${E2G_SSLDIR}/ca.key +chmod o-rwx ${E2G_SSLDIR}/ca.key +chown root:e2guardian ${E2G_SSLDIR}/ca.key + +openssl req -new \ + -x509 \ + -days 3650 \ + -sha256 \ + -key ${E2G_SSLDIR}/ca.key \ + -out ${E2G_SSLDIR}/ca.crt \ + ${NULL} + +# Convert to DER format +openssl x509 -in ${E2G_SSLDIR}/ca.crt \ + -outform DER \ + -out ${E2G_SSLDIR}/ca.der \ + ${NULL} + +# create e2guardian's secret key +openssl genrsa 4096 > ${E2G_SSLDIR}/e2guardian.key +chmod o-rwx ${E2G_SSLDIR}/e2guardian.key +chown root:e2guardian ${E2G_SSLDIR}/e2guardian.key + + +# Create generatedcerts dir... +mkdir -p /var/lib/e2guardian/generatedcerts +chown e2guardian:e2guardian /var/lib/e2guardian/generatedcerts +chmod go-rwx /var/lib/e2guardian/generatedcerts -Rfv + +echo "###" +echo "### All preparations done..." +echo "###" +echo "### Now read /usr/share/doc/e2guardian/ssl_mitm ..." +echo "###" +echo "### and set..." +echo +echo "/etc/e2guardian/e2guardian.conf:" +echo +echo '```' +echo "enablessl = on" +echo "cacertificatepath = '/etc/e2guardian/ssl/ca.crt'" +echo "caprivatekeypath = '/etc/e2guardian/ssl/ca.key'" +echo "certprivatekeypath = '/etc/e2guardian/ssl/e2guardian.key'" +echo "generatedcertpath = '/var/lib/e2guardian/generatedcerts'" +echo '```' +echo +echo "###" +echo "### and set..." +echo +echo "/etc/e2guardian/e2guardianf1.conf:" +echo +echo '```' +echo "sslmitm = on" +echo '```' +echo |