diff --git a/app/neato.php b/app/neato.php index 3fc9b06..3f1417d 100644 --- a/app/neato.php +++ b/app/neato.php @@ -94,7 +94,7 @@ if (isStringFound($argv[1], 'http://') || isStringFound($argv[1], 'https://')) { */ function Save_sha($shasum): void { - $xor = xor_encrypt($shasum, $GLOBALS['pk']); + $xor = xorEncrypt($shasum, $GLOBALS['pk']); file_put_contents($GLOBALS['cwd'] . '/sums/deploy_' . $GLOBALS['file'].'.sum', $xor); } /** @@ -121,7 +121,7 @@ function Do_Harm_checker(): void /* Keep as last lines */ if (file_exists($cwd . '/deploy_files/deploy_' . $file.'.php')) { $check_for_harm = true; - $shasum = shasum($cwd . '/deploy_files/deploy_' . $file.'.php'); + $shasum = shaSum($cwd . '/deploy_files/deploy_' . $file.'.php'); if ($shasum === false) { echo "Unable to SHA sum script!"; exit(1); @@ -131,8 +131,13 @@ if (file_exists($cwd . '/deploy_files/deploy_' . $file.'.php')) { if ($skipdeploy) { unlink($cwd . '/sums/deploy_' . $file.'.sum'); } else { - $sum = read_file($cwd . '/sums/deploy_' . $file.'.sum'); - if ($shasum === xor_encrypt($sum, $pk)) { + $sum = readMyFile($cwd . '/sums/deploy_' . $file.'.sum'); + if ($sum === false) { + echo "Bad sum file, Aborting..."; + exit(1); + } + $xor = xorEncrypt($sum, $pk); + if ($shasum === $xor) { $check_for_harm = false; } else { echo "Danger: SUM of Script has been modified!"; diff --git a/app/neato_common.php b/app/neato_common.php index 8219b7c..2d4905d 100644 --- a/app/neato_common.php +++ b/app/neato_common.php @@ -16,7 +16,7 @@ set_time_limit(0); require 'neato_registry.php'; require 'neato_auto_loader.php'; require 'neato_init.php'; -include 'neato_colors.php'; +require 'neato_colors.php'; require 'neato_configure.php'; require 'neato_logger.php'; require 'neato_fns.php'; @@ -31,24 +31,44 @@ Neato_Registry::get('loader')->addNamespace('traits', 'traits'); Neato_Registry::get('loader')->addNamespace('package_managers', 'package_managers'); Neato_Registry::get('loader')->addNamespace('init_systems', 'init_systems'); -function force_root(): void { +/** + * Force script to require being root to run + * + * @return void not ah + */ +function forceRoot(): void +{ if (posix_getuid() > 0) { echo 'Please run as root' . PHP_EOL; exit(1); } } -function force_normal(): void { +/** + * Force script to require being a Regular user to run + * + * @return void not ah + */ +function forceNormal(): void +{ if (posix_getuid() === 0) { echo 'Please run as a normal user' . PHP_EOL; exit(1); } } -function shasum($file) { - if(file_exists($file)) { +/** + * SHA Sum on a file. Make a hash on file. + * + * @param string $file filename to give a SHA256 hash on. + * + * @return string|false Hash Value of File + */ +function shaSum(string $file): string|false +{ + if (file_exists($file)) { $hash = hash_file('sha256', $file, false); - if($hash === false) { + if ($hash === false) { return false; } return (string) $hash; @@ -56,7 +76,16 @@ function shasum($file) { return false; } -function xor_encrypt($text, $key) { +/** + * XOR Encrypt/Decrypt, weak encoding... + * + * @param string $text Message + * @param string $key Password + * + * @return string Results + */ +function xorEncrypt(string $text, string $key): string +{ $result = ''; $textLength = strlen($text); $keyLength = strlen($key); @@ -66,7 +95,15 @@ function xor_encrypt($text, $key) { return $result; } -function read_file($file) { +/** + * Get the contents of a file. + * + * @param string $file file to open and read... + * + * @return string|false Contents of the file are returned + */ +function readMyFile(string $file): string|false +{ $ret = file_get_contents($file); if ($ret === false) { display("Unable to read from file: {$file}"); @@ -74,45 +111,107 @@ function read_file($file) { return $ret; } -function write_file($file, $data) { +/** + * Write text to a new file. + * + * @param string $file Filename to save to + * @param string $data What to put in the file. + * + * @return bool Success? + */ +function writeFile(string $file, string $data): bool +{ $exit_code = file_put_contents($file, $data); $real = ($exit_code === false) ? false : true; checkForError($real, "Unable to save to file: {$file}"); return $real; } -function append_to_file($file, $data) { +/** + * Append text to a existing file. + * + * @param string $file Filename to save to + * @param string $data What to add to the file. + * + * @return bool Success? + */ +function appendToFile(string $file, string $data): bool +{ $exit_code = file_put_contents($file, $data, FILE_APPEND | LOCK_EX); $real = ($exit_code === false) ? false : true; checkForError($real, "Unable to save to file: {$file}"); return $real; } -function rm($file) { +/** + * Remove/Delete file + * + * @param string $file Filename to erase + * + * @return bool Success? + */ +function rm(string $file): bool +{ $exit_code = unlink($file); checkForError($exit_code, "Unable to Delete file: {$file}"); return $exit_code; } -function mv($old, $new) { +/** + * Renames a file or directory. + * + * @param string $old Existing file + * @param string $new Rename it to this new filename + * + * @return bool Success? + */ +function mv(string $old, string $new): bool +{ $exit_code = rename($old, $new); checkForError($exit_code, "Unable to Move file: {$old} to {$new}"); return $exit_code; } -function cp($source, $dest) { +/** + * Copies a file + * + * @param string $source Existing file + * @param string $dest To make cloned file + * + * @return bool Success? + */ +function cp(string $source, string $dest): bool +{ $exit_code = copy($source, $dest); checkForError($exit_code, "Unable to Copy file: {$source} to: {$dest}"); return $exit_code; } -function ln($source, $new_link) { +/** + * Make a symbolic-Link + * + * @param string $source Existing file + * @param string $new_link Create new linked file + * + * @return bool Success? + */ +function ln(string $source, string $new_link): bool +{ $exit_code = symlink($source, $new_link); checkForError($exit_code, "Unable to make Link for file: {$source} to: {$new_link}"); return $exit_code; } -function make_dir($new_folder, $perms=0775) { +/** + * Make a new Directory + * + * @param string $new_folder Create the new folder here + * @param int $perms Set permissions + * + * @return bool Success? + */ +function makeDir(string $new_folder, int $perms=0775): bool +{ if (!is_dir($new_folder)) { $exit_code = mkdir($new_folder, $perms, true); checkForError($exit_code, "Unable to mkdir: {$new_folder}"); @@ -122,7 +221,16 @@ function make_dir($new_folder, $perms=0775) { } } -function chmod_file_or_dir($file, $kind) { +/** + * Chmod Change Permissions on File or Directory. + * + * @param string $file filename to change permissions on + * @param string|int $kind Set new permissions + * + * @return bool Success? + */ +function chmodFileOrDir(string $file, string|int $kind): bool +{ if (!is_file($file) && !is_dir($file)) { $ret = false; } else { @@ -133,7 +241,17 @@ function chmod_file_or_dir($file, $kind) { return $ret; } -function change_owner($file, $uid, $gid) { +/** + * Change User-ownership and Group-ownership of a file + * + * @param string $file Filename to change + * @param string|int $uid New User ID + * @param string|int $gid New Group ID + * + * @return bool Success? + */ +function changeOwner(string $file, string|int $uid, string|int $gid): bool +{ $ret_owner = chown($file, $uid); $ret_group = chgrp($file, $gid); $exit_code = ($ret_owner && $ret_group) ? true : false; @@ -141,13 +259,23 @@ function change_owner($file, $uid, $gid) { return $exit_code; } -function recursive_change_owner($mypath, $uid, $gid) { +/** + * Recursive change ownership on files + * + * @param string $mypath Directory path + * @param string|int $uid New User ID + * @param string|int $gid New Group ID + * + * @return void IDK + */ +function recursiveChangeOwner(string $mypath, string|int $uid, string|int $gid): void +{ $d = opendir($mypath); while (($file = readdir($d)) !== false) { if ($file != "." && $file != "..") { $typepath = $mypath . "/" . $file; if (filetype($typepath) == 'dir') { - recursive_change_owner($typepath, $uid, $gid); + recursiveChangeOwner($typepath, $uid, $gid); } chown($typepath, $uid); @@ -156,7 +284,15 @@ function recursive_change_owner($mypath, $uid, $gid) { } } -function make_password($length = 12) { +/** + * Make a random Password + * + * @param int $length Give max length + * + * @return string New Password Assigned + */ +function makePassword(int $length = 12): string +{ $conso = array("b", "c", "d", "f", "g", "h", "j", "k", "l", "m", "n", "p", "r", "s", "t", "v", "w", "x", "y", "z"); $vocal = array("a", "e", "i", "o", "u"); @@ -174,10 +310,9 @@ function make_password($length = 12) { } while ($length > 0) { - if ($length >= 1) { - $password .= $conso[rand(0, 19)]; - $length--; - } + $password .= $conso[rand(0, 19)]; + $length--; + if ($length >= 1) { $v = $vocal[rand(0, 4)]; $vp = ($v == 'o') ? $v : strtoupper($v); // A,E,I,o,U diff --git a/app/neato_enc.php b/app/neato_enc.php index bf8ba48..096b395 100644 --- a/app/neato_enc.php +++ b/app/neato_enc.php @@ -116,11 +116,11 @@ class Enc { if (!file_exists($file_name)) { $key = self::generateKey(); - write_file($file_name, $key); - chmod_file_or_dir($file_name, getPerms("secret")); - change_owner($file_name, "root", "root"); + writeFile($file_name, $key); + chmodFileOrDir($file_name, getPerms("secret")); + changeOwner($file_name, "root", "root"); } else { - $key = read_file($file_name); + $key = readMyFile($file_name); } return $key; } diff --git a/deploy_files/deploy_example.php b/deploy_files/deploy_example.php index f9ff413..9ba6d4a 100644 --- a/deploy_files/deploy_example.php +++ b/deploy_files/deploy_example.php @@ -14,11 +14,11 @@ Configure::set('preinstall', [ 'sed' => [ 'test.ini' => [ 'timeout' => '30', 'keep_alive_setting' => '15' ] ] ]); -force_normal(); +forceNormal(); //run_once(); // only allow, this script, to run once! -$root_password = make_password(Configure::get('passwords', 'length')); +$root_password = makePassword(Configure::get('passwords', 'length')); //do_command('service', 'mysql', 'stop'); diff --git a/deploy_files/deploy_mysql_ex1.php b/deploy_files/deploy_mysql_ex1.php index edf299a..03d143e 100644 --- a/deploy_files/deploy_mysql_ex1.php +++ b/deploy_files/deploy_mysql_ex1.php @@ -12,7 +12,7 @@ Configure::set('pre_actions', [ [ $cwd . '/my_vaults' => 'keydir', '/etc/neato_secrets' => 'keydir' ], ]); -force_root(); +forceRoot(); //doCommand('service', 'mysql', 'stop'); @@ -22,7 +22,7 @@ $my_key = Enc::makeKeyFile("/etc/neato_secrets/mysql_key"); /** @phpstan-ignore-next-line Variable $cwd might not be defined */ if (!file_exists($cwd . "/my_vaults/mysql_secrets")) { - $root_password = make_password(Configure::get('passwords', 'length')); + $root_password = makePassword(Configure::get('passwords', 'length')); $obj = new stdClass(); $obj->root = $root_password; diff --git a/deploy_files/deploy_mysql_ex2.php b/deploy_files/deploy_mysql_ex2.php index 0a9797e..1ee500a 100644 --- a/deploy_files/deploy_mysql_ex2.php +++ b/deploy_files/deploy_mysql_ex2.php @@ -5,9 +5,9 @@ Configure::set('syslog', false); //doCommand('service', 'mysql', 'stop'); -force_root(); +forceRoot(); -$my_key = read_file("/etc/neato_secrets/mysql_key"); +$my_key = readMyFile("/etc/neato_secrets/mysql_key"); /** @phpstan-ignore-next-line Variable $cwd might not be defined */ $o = Enc::decodeFile($cwd . "/my_vaults/mysql_secrets", $my_key); diff --git a/deploy_files/deploy_podman.php b/deploy_files/deploy_podman.php index 1e67e42..510b27b 100644 --- a/deploy_files/deploy_podman.php +++ b/deploy_files/deploy_podman.php @@ -9,7 +9,7 @@ Configure::set('pre_actions', [ ['/etc/containers' => 'dir'], ]); -force_root(); +forceRoot(); fileLoop(Configure::get('pre_actions')); @@ -37,8 +37,8 @@ $policy = ' } }'; if (! file_exists("/etc/containers/policy.json")) { - append_to_file("/etc/containers/policy.json", $policy); - chmod_file_or_dir("/etc/containers/policy.json", "config"); + appendToFile("/etc/containers/policy.json", $policy); + chmodFileOrDir("/etc/containers/policy.json", "config"); } $reg = "# This is a system-wide configuration file used to @@ -67,6 +67,6 @@ registries = [] [registries.block] registries = []"; if (! file_exists("/etc/containers/registries.conf")) { - append_to_file("/etc/containers/registries.conf", $reg); - chmod_file_or_dir("/etc/containers/registries.conf", "config"); + appendToFile("/etc/containers/registries.conf", $reg); + chmodFileOrDir("/etc/containers/registries.conf", "config"); } \ No newline at end of file diff --git a/deploy_files/deploy_security_audit.php b/deploy_files/deploy_security_audit.php index 4fc9dc4..3362144 100644 --- a/deploy_files/deploy_security_audit.php +++ b/deploy_files/deploy_security_audit.php @@ -11,7 +11,7 @@ Configure::set('remove_users', [ 'ftp', 'news', 'gopher', ]); -force_root(); +forceRoot(); display(getTermColors("Deleteing unused user accounts", ['color'=>'blue'])); $remove_users = Configure::get('remove_users'); diff --git a/deploy_files/deploy_ssh_client.php b/deploy_files/deploy_ssh_client.php index c3cba01..0470158 100644 --- a/deploy_files/deploy_ssh_client.php +++ b/deploy_files/deploy_ssh_client.php @@ -1,6 +1,6 @@ getValue(); // any, IPv4, or IPv6 -force_root(); +forceRoot(); runOnce(); if ($rekey == "yes") { @@ -172,8 +172,8 @@ if (file_exists("/etc/ssh/sshd_config")) { mv("/etc/ssh/sshd_config", "/etc/ssh/sshd_config.old"); } -append_to_file("/etc/ssh/sshd_config", $sshd); -chmod_file_or_dir("/etc/ssh/sshd_config", "config"); +appendToFile("/etc/ssh/sshd_config", $sshd); +chmodFileOrDir("/etc/ssh/sshd_config", "config"); $banner = "*************************************************************************** NOTICE TO USERS @@ -202,6 +202,6 @@ conditions stated in this warning. ****************************************************************************"; if (! file_exists("/etc/notice.txt")) { - append_to_file("/etc/notice.txt", $banner); - chmod_file_or_dir("/etc/notice.txt", "normal"); + appendToFile("/etc/notice.txt", $banner); + chmodFileOrDir("/etc/notice.txt", "normal"); } \ No newline at end of file diff --git a/deploy_files/deploy_test1.php b/deploy_files/deploy_test1.php index a1c3619..7baa847 100644 --- a/deploy_files/deploy_test1.php +++ b/deploy_files/deploy_test1.php @@ -3,7 +3,7 @@ Configure::set('display', true); // Show Output Configure::set('logfile', false); // Save to log folder Configure::set('syslog', false); -force_root(); +forceRoot(); doCommand('apache::ht_password', '.htpasswd', 'johnny', 'shhhh');