AniNIX/Kapisi
3
0
Fork 0
Code Issues 27 Pull Requests Projects 1 Releases Wiki Activity

Updating some SSH config

Browse Source
This commit is contained in:
DarkFeather
2023-07-19 15:41:27 -05:00
parent 60f848b55d
commit 5ab88dc387
5 changed files with 63 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
precommit-hooks/find-passwords-in-files
View File

@@ -18,8 +18,10 @@ saferegex="$saferegex"'|\s+=\s*$|\s+yes$|\s+no$'
saferegex="$saferegex"'|pwpolicies|pwdLastSuccess|pwdAttribute|pwdMaxAge|pwdExpireWarning|pwdInHistory|pwdCheckQuality|pwdMaxFailure|pwdLockout|pwdLockoutDuration|pwdGraceAuthNLimit|pwdFailureCountInterval|pwdMustChange|pwdMinLength|pwdAllowUserChange|pwdSafeModify|pwdChangedTime|pwdPolicy|last changed their password on|/root/.ldappass'
# Ignore IRC Modules
saferegex="$saferegex"'|m_password_hash.so|/quote ns identify|SELECT|password_attribute|SET PASS|SASET PASS'
# Ignore SSH known hosts
saferegex="$saferegex""|ssh_known_hosts:|"
grep -irE 'secret|password|pw|passphrase|pass=' roles/*/{files,templates} 2>&1 | grep -vE "$saferegex"
git ls-files roles/*/{files,templates} | xargs grep -irE 'secret|password|pw|passphrase|pass=' | grep -vE "$saferegex"
if [ $? -ne 1 ]; then
echo
echo If these are false positives, you need to add the signature to the whitelist in $0.