AniNIX/Kapisi
3
0
Fork 0
Code Issues 27 Pull Requests Projects 1 Releases Wiki Activity

Removing large files; adding hook to watch for them

Browse Source
This commit is contained in:
DarkFeather
2022-12-18 22:14:25 -06:00
parent a34c96df6b
commit 0626c66413
29 changed files with 19 additions and 1740 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
precommit-hooks/find-passwords-in-files
View File

@@ -1,11 +1,9 @@
#!/bin/bash
# Ignore Ansibilized templates.
saferegex='\s+}}"?\s*$'
saferegex='\{\{.+\}\}'
# Ignore comments
saferegex="$saferegex"'|^[a-z,A-Z,0-9,_,-,/,.]+:\s*;|^[a-z,A-Z,0-9,_,-,/,.]+:\s*#|^[a-z,A-Z,0-9,_,-,/,.]+:\s*//'
# Ignore binary file matches.
saferegex="$saferegex"'|binary\ file\ matches'
saferegex="$saferegex"'|^[a-z,A-Z,0-9,_,-,/,.]+:\s*;|^[a-z,A-Z,0-9,_,-,/,.]+:\s*#|^[a-z,A-Z,0-9,_,-,/,.]+:\s*//|\s+[/]?[*][/]?\s+'
# AniNIX Constructs
saferegex="$saferegex"'|password.aninix.net|aur.list'
# Web constructs
@@ -18,8 +16,10 @@ saferegex="$saferegex"'|haveibeenpwned'
saferegex="$saferegex"'|\s+=\s*$|\s+yes$|\s+no$'
# Ignore LDAP attributes
saferegex="$saferegex"'|pwpolicies|pwdLastSuccess|pwdAttribute|pwdMaxAge|pwdExpireWarning|pwdInHistory|pwdCheckQuality|pwdMaxFailure|pwdLockout|pwdLockoutDuration|pwdGraceAuthNLimit|pwdFailureCountInterval|pwdMustChange|pwdMinLength|pwdAllowUserChange|pwdSafeModify|pwdChangedTime|pwdPolicy|last changed their password on|/root/.ldappass'
# Ignore IRC Modules
saferegex="$saferegex"'|m_password_hash.so|/quote ns identify|SELECT|password_attribute|SET PASS|SASET PASS'
egrep -ir 'secret|password|pw|passphrase' roles/*/{files,templates} 2>&1 | egrep -v "$saferegex"
grep -iEr 'secret|password|pw|passphrase|pass=' roles/*/{files,templates} 2>&1 | egrep -v "$saferegex"
if [ $? -ne 1 ]; then
echo
echo If these are false positives, you need to add the signature to the whitelist in $0.