mirrors/vm
2
0
Fork 0
mirror of https://github.com/nextcloud/vm.git synced 2025-10-26 11:27:32 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,626 Commits 13 Branches 80 Tags 68 MiB
40f0348807
Commit Graph

1626 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel Hansson
40f0348807
add menus for Talk and Fail2ban (#1443) 
Signed-off-by: enoch85 <github@hanssonit.se>
 2020-09-12 07:55:30 +02:00
Daniel Hansson
b371ad1781
run locaes after fetch_lib is run 
otherwise locales doesn't contain fetch_lib
 2020-09-12 07:11:40 +02:00
szaimen
9adb4e422a
some small fixes and enhancements (#1440) 2020-09-10 21:31:43 +02:00
szaimen
665c769831
some things to discuss after chain libraries (#1438) 
Co-authored-by: Daniel Hansson <github@hanssonit.se>
 2020-09-10 18:58:33 +02:00
Daniel Hansson
d20170b2cd
don't install imagick by default 2020-09-10 14:19:10 +02:00
Daniel Hansson
85f0e949d3
travis 2020-09-10 02:21:46 +02:00
Daniel Hansson
c631cfb87b
follow the standard sed 2020-09-10 01:47:28 +02:00
szaimen
f2f0a457a3
reimagine the UX of app-scripts, exemplarily on adminer.sh (#1435) 
Co-authored-by: Daniel Hansson <github@hanssonit.se>
 2020-09-10 01:27:58 +02:00
Daniel Hansson
c2e9fd2edf
fix bug in timezone 
timezone would come up as changed even if you answered "no"
 2020-09-10 01:24:53 +02:00
Daniel Hansson
8148810158
remove legacy code 2020-09-10 01:14:47 +02:00
Daniel Hansson
5080034867
use fetch_lib in menu as well 2020-09-10 01:06:31 +02:00
szaimen
d59b069506
chain libraries (#1414) 
Co-authored-by: Daniel Hansson <github@hanssonit.se>
 2020-09-10 00:54:09 +02:00
szaimen
382c368252
readd some subtitles that were mistakenly removed (#1434) 2020-09-09 22:25:59 +02:00
szaimen
6ea84f934e
always run the locales script directly after changing the keyboard configuration (#1432) 
* move startup_configuration above server_configuration

Co-authored-by: Daniel Hansson <github@hanssonit.se>
 2020-09-09 20:52:19 +02:00
szaimen
a3932b0728
add a SUBTITLE to sensible places and other small fixes (#1429) 
Co-authored-by: Daniel Hansson <github@hanssonit.se>
 2020-09-09 20:05:10 +02:00
szaimen
5b45ba36a8
rewrite webmin from http to https (#1433) 
Co-authored-by: Daniel Hansson <github@hanssonit.se>
 2020-09-09 20:00:19 +02:00
Daniel Hansson
ffc1230a61
travis 2020-09-09 17:26:07 +02:00
Daniel Hansson
d4d8b537c1
add info about success 2020-09-09 17:18:30 +02:00
Daniel Hansson
145bd2e4c2
change color 2020-09-09 15:13:42 +02:00
Daniel Hansson
0b41594818
use exiisting function 
@szaimen this works since we load the function in the top of the script
 2020-09-09 15:13:02 +02:00
szaimen
46f219971c
create startup_configuration.sh (#1423) 2020-09-09 13:59:22 +02:00
szaimen
941e6e7ba3
move WHATEVER=1 to functions (#1425) 2020-09-09 13:50:58 +02:00
szaimen
aba232642f
create a STARTUP_SWITCH (#1427) 2020-09-09 13:39:24 +02:00
szaimen
abc39f3a4e
change order of server_configuration and automatically set the activate_tls_switch (#1422) 
* address review

Co-authored-by: Daniel Hansson <github@hanssonit.se>
 2020-09-09 10:09:19 +02:00
szaimen
dc94865d18
switch onlyoffice_docker and collabora_docker to TLSv1.2 (#1426) 
fix 34002c7589 (commitcomment-42135863)
 2020-09-09 09:54:39 +02:00
Daniel Hansson
34002c7589
only allow tls1.2 
```
Configuration
Protocols
TLS 1.3 	No
TLS 1.2 	Yes
TLS 1.1 	No
TLS 1.0 	No
SSL 3 	No
SSL 2 	No


Cipher Suites
# TLS 1.2 (suites in server-preferred order)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)   ECDH x25519 (eq. 3072 bits RSA)   FS 	128
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   ECDH x25519 (eq. 3072 bits RSA)   FS 	256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)   ECDH x25519 (eq. 3072 bits RSA)   FS 	256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)   DH 4096 bits   FS 	128
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)   DH 4096 bits   FS 	256


Handshake Simulation
Android 4.4.2 	RSA 4096 (SHA256)   	TLS 1.2 	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Android 5.0.0 	RSA 4096 (SHA256)   	TLS 1.2 	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Android 6.0 	RSA 4096 (SHA256)   	TLS 1.2 > http/1.1   	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Android 7.0 	RSA 4096 (SHA256)   	TLS 1.2 > h2   	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH x25519  FS
Android 8.0 	RSA 4096 (SHA256)   	TLS 1.2 > h2   	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH x25519  FS
Android 8.1 	RSA 4096 (SHA256)   	TLS 1.2 > h2   	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH x25519  FS
Android 9.0 	RSA 4096 (SHA256)   	TLS 1.2 > h2   	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH x25519  FS
BingPreview Jan 2015 	RSA 4096 (SHA256)   	TLS 1.2 	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Chrome 49 / XP SP3 	RSA 4096 (SHA256)   	TLS 1.2 > h2   	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Chrome 69 / Win 7  R		RSA 4096 (SHA256)   	TLS 1.2 > h2   	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH x25519  FS
Chrome 70 / Win 10 	RSA 4096 (SHA256)   	TLS 1.2 > h2   	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH x25519  FS
Chrome 80 / Win 10  R		RSA 4096 (SHA256)   	TLS 1.2 > h2   	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH x25519  FS
Firefox 31.3.0 ESR / Win 7 	RSA 4096 (SHA256)   	TLS 1.2 	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Firefox 47 / Win 7  R		RSA 4096 (SHA256)   	TLS 1.2 > h2   	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Firefox 49 / XP SP3 	RSA 4096 (SHA256)   	TLS 1.2 > h2   	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Firefox 62 / Win 7  R		RSA 4096 (SHA256)   	TLS 1.2 > h2   	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH x25519  FS
Firefox 73 / Win 10  R		RSA 4096 (SHA256)   	TLS 1.2 > h2   	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH x25519  FS
Googlebot Feb 2018 	RSA 4096 (SHA256)   	TLS 1.2 	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH x25519  FS
IE 11 / Win 7  R		RSA 4096 (SHA256)   	TLS 1.2 	TLS_DHE_RSA_WITH_AES_128_GCM_SHA256   DH 4096  FS
IE 11 / Win 8.1  R		RSA 4096 (SHA256)   	TLS 1.2 > http/1.1   	TLS_DHE_RSA_WITH_AES_128_GCM_SHA256   DH 4096  FS
IE 11 / Win Phone 8.1  R		Server sent fatal alert: handshake_failure
IE 11 / Win Phone 8.1 Update  R		RSA 4096 (SHA256)   	TLS 1.2 > http/1.1   	TLS_DHE_RSA_WITH_AES_128_GCM_SHA256   DH 4096  FS
IE 11 / Win 10  R		RSA 4096 (SHA256)   	TLS 1.2 > h2   	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Edge 15 / Win 10  R		RSA 4096 (SHA256)   	TLS 1.2 > h2   	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH x25519  FS
Edge 16 / Win 10  R		RSA 4096 (SHA256)   	TLS 1.2 > h2   	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH x25519  FS
Edge 18 / Win 10  R		RSA 4096 (SHA256)   	TLS 1.2 > h2   	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH x25519  FS
Edge 13 / Win Phone 10  R		RSA 4096 (SHA256)   	TLS 1.2 > h2   	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Java 8u161 	RSA 4096 (SHA256)   	TLS 1.2 	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Java 11.0.3 	RSA 4096 (SHA256)   	TLS 1.2 	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Java 12.0.1 	RSA 4096 (SHA256)   	TLS 1.2 	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
OpenSSL 1.0.1l  R		RSA 4096 (SHA256)   	TLS 1.2 	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
OpenSSL 1.0.2s  R		RSA 4096 (SHA256)   	TLS 1.2 	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
OpenSSL 1.1.0k  R		RSA 4096 (SHA256)   	TLS 1.2 	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH x25519  FS
OpenSSL 1.1.1c  R		RSA 4096 (SHA256)   	TLS 1.2 	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH x25519  FS
Safari 6 / iOS 6.0.1 	Server sent fatal alert: handshake_failure
Safari 7 / iOS 7.1  R		Server sent fatal alert: handshake_failure
Safari 7 / OS X 10.9  R		Server sent fatal alert: handshake_failure
Safari 8 / iOS 8.4  R		Server sent fatal alert: handshake_failure
Safari 8 / OS X 10.10  R		Server sent fatal alert: handshake_failure
Safari 9 / iOS 9  R		RSA 4096 (SHA256)   	TLS 1.2 > h2   	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Safari 9 / OS X 10.11  R		RSA 4096 (SHA256)   	TLS 1.2 > h2   	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Safari 10 / iOS 10  R		RSA 4096 (SHA256)   	TLS 1.2 > h2   	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Safari 10 / OS X 10.12  R		RSA 4096 (SHA256)   	TLS 1.2 > h2   	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Safari 12.1.2 / MacOS 10.14.6 Beta  R		RSA 4096 (SHA256)   	TLS 1.2 > h2   	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH x25519  FS
Safari 12.1.1 / iOS 12.3.1  R		RSA 4096 (SHA256)   	TLS 1.2 > h2   	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH x25519  FS
Apple ATS 9 / iOS 9  R		RSA 4096 (SHA256)   	TLS 1.2 > h2   	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Yahoo Slurp Jan 2015 	RSA 4096 (SHA256)   	TLS 1.2 	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
YandexBot Jan 2015 	RSA 4096 (SHA256)   	TLS 1.2 	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
# Not simulated clients (Protocol mismatch)

Click here to expand
(1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it.
(2) No support for virtual SSL hosting (SNI). Connects to the default site if the server uses SNI.
(3) Only first connection attempt simulated. Browsers sometimes retry with a lower protocol version.
(R) Denotes a reference browser or client, with which we expect better effective security.
(All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE).
(All) Certificate trust is not checked in handshake simulation, we only perform TLS handshake.


Protocol Details
DROWN 	No, server keys and hostname not seen elsewhere with SSLv2
(1) For a better understanding of this test, please read this longer explanation
(2) Key usage data kindly provided by the Censys network search engine; original DROWN website here
(3) Censys data is only indicative of possible key and certificate reuse; possibly out-of-date and not complete
Secure Renegotiation 	Supported
Secure Client-Initiated Renegotiation 	No
Insecure Client-Initiated Renegotiation 	No
BEAST attack 	Mitigated server-side (more info)  
POODLE (SSLv3) 	No, SSL 3 not supported (more info)
POODLE (TLS) 	No (more info)
Zombie POODLE 	No (more info)  
GOLDENDOODLE 	No (more info)  
OpenSSL 0-Length 	No (more info)  
Sleeping POODLE 	No (more info)  
Downgrade attack prevention 	Unknown (requires support for at least two protocols, excl. SSL2)
SSL/TLS compression 	No
RC4 	No
Heartbeat (extension) 	No
Heartbleed (vulnerability) 	No (more info)
Ticketbleed (vulnerability) 	No (more info)
OpenSSL CCS vuln. (CVE-2014-0224) 	No (more info)
OpenSSL Padding Oracle vuln.
(CVE-2016-2107) 	No (more info)
ROBOT (vulnerability) 	No (more info)
Forward Secrecy 	Yes (with most browsers)   ROBUST (more info)
ALPN 	Yes   h2 http/1.1
NPN 	No
Session resumption (caching) 	Yes
Session resumption (tickets) 	No
OCSP stapling 	Yes
Strict Transport Security (HSTS) 	Yes
max-age=15768000;includeSubdomains
HSTS Preloading 	Not in: Chrome  Edge  Firefox  IE 
Public Key Pinning (HPKP) 	No (more info)
Public Key Pinning Report-Only 	No
Public Key Pinning (Static) 	No (more info)
Long handshake intolerance 	No
TLS extension intolerance 	No
TLS version intolerance 	No
Incorrect SNI alerts 	No
Uses common DH primes 	No
DH public server param (Ys) reuse 	No
ECDH public server param reuse 	No
Supported Named Groups 	x25519, secp256r1, x448, secp521r1, secp384r1 (server preferred order)
SSL 2 handshake compatibility 	Yes

```
 2020-09-08 16:48:27 +02:00
szaimen
3e5947b755
remove TLS_INSTALL from the lib (#1424) 2020-09-08 10:34:31 +02:00
szaimen
4a6402ebfd
fix last subdomain occurences and remove print_text_in_color before a yesno_box (#1421) 2020-09-07 22:10:43 +02:00
Daniel Hansson
cf051abb66
fix yesno on some questions (#1419) 
Signed-off-by: enoch85 <github@hanssonit.se>
 2020-09-07 19:24:32 +02:00
Daniel Hansson
1857c63ec5
ask if the domain is correct (#1418) 2020-09-07 16:06:19 +02:00
Daniel Hansson
20dd9543c3
fix collabora 2020-09-07 15:13:27 +02:00
szaimen
cbc20d1881
add yesno_box_no and yesno_box_yes (#1409) 
Co-authored-by: Daniel Hansson <github@hanssonit.se>
 2020-09-07 11:44:43 +02:00
szaimen
3c8d188cac
get the correct NCDOMAIN from overwrite.cli.url (#1411) 
* fix double escaping

* address review

Co-authored-by: Daniel Hansson <github@hanssonit.se>
 2020-09-06 22:50:37 +02:00
szaimen
1817fec8e9
fix first internet check on startup-script and static_ip and remove it from server_configuration (#1412) 2020-09-06 22:44:43 +02:00
szaimen
e255051d96
standardize checklist-instructions and menu-instructions (#1410) 2020-09-05 11:58:37 +02:00
Daniel Hansson
cb9a4a4400
use msg_box instead 2020-09-04 21:21:58 +02:00
szaimen
2cc0f8a17a
change all whiptail-radiolists to whiptail-menus (#1408) 2020-09-04 20:07:58 +02:00
szaimen
ecf2191029
substitute all read -r in static_ip through input_box (#1406) 2020-09-04 12:17:56 +02:00
Daniel Hansson
cf6363494f
make sure to set proper domain 2020-09-04 10:11:33 +02:00
Daniel Hansson
c63b9b4792
be very clear about rebooting 2020-09-04 10:08:56 +02:00
Daniel Hansson
91869f326a
add clear 2020-09-04 10:07:21 +02:00
Daniel Hansson
6f53f8bb12
remove the part stuff (#1404) 2020-09-04 09:58:34 +02:00
szaimen
2e51706d73
create input_box for TURN_PORT (#1403) 
Co-authored-by: Daniel Hansson <github@hanssonit.se>
 2020-09-04 09:30:33 +02:00
szaimen
edc52b2a12
change all inputboxes to input_box (#1402) 
Signed-off-by: enoch85 <github@hanssonit.se>

Co-authored-by: enoch85 <github@hanssonit.se>
 2020-09-04 09:26:24 +02:00
szaimen
c42ec1d992
add SCRIPT_NAME to all scripts and standardize whiptail-titles (#1400) 
Signed-off-by: enoch85 <github@hanssonit.se>

Co-authored-by: enoch85 <github@hanssonit.se>
 2020-09-04 09:05:47 +02:00
szaimen
80dc7b6293
substitute ask_yes_or_no through yesno_box (#1401) 2020-09-03 23:15:42 +02:00
szaimen
2ac3755ad1
introduce title-system, yesno_box, input_box, update smbmount (#1396) 2020-09-03 17:18:15 +02:00
Daniel Hansson
6bfdd693bc
change message for backwards compatibility msg (#1395) 2020-09-01 20:19:06 +02:00
Daniel Hansson
597188acfc
Create activate-ssl.sh 2020-09-01 19:41:46 +02:00
Daniel Hansson
3918449e1f
Create test_connection.sh 2020-09-01 19:39:43 +02:00