From a20aacb4ae99ad76b83ab536677edbadfb85b42b Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Sun, 17 Jun 2018 21:20:43 +0200 Subject: [PATCH] system: custom dh parameter creation for #2466 --- src/opnsense/scripts/system/dh_parameters.sh | 9 ++++++++- .../service/conf/actions.d/actions_system.conf | 12 ++++++------ 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/src/opnsense/scripts/system/dh_parameters.sh b/src/opnsense/scripts/system/dh_parameters.sh index 77dc11197..06ae5453e 100755 --- a/src/opnsense/scripts/system/dh_parameters.sh +++ b/src/opnsense/scripts/system/dh_parameters.sh @@ -29,11 +29,18 @@ TMPFILE="/tmp/dh-parameters.${$}" FLOCK="/usr/local/bin/flock" OPENSSL="/usr/local/bin/openssl" +# XXX we could extrapolate from the files available in the system +WANTBITS="1024 2048 4096" + +if [ -n "${1}" ]; then + WANTBITS=${1} +fi + touch ${LOCKFILE} ( if ${FLOCK} -n 9; then - for BITS in 1024 2048 4096; do + for BITS in ${WANTBITS}; do ${OPENSSL} dhparam -out ${TMPFILE} ${BITS} mv ${TMPFILE} /usr/local/etc/dh-parameters.${BITS} done diff --git a/src/opnsense/service/conf/actions.d/actions_system.conf b/src/opnsense/service/conf/actions.d/actions_system.conf index 72e4b9218..7b8db4f09 100644 --- a/src/opnsense/service/conf/actions.d/actions_system.conf +++ b/src/opnsense/service/conf/actions.d/actions_system.conf @@ -2,23 +2,23 @@ command:/usr/local/opnsense/scripts/systemhealth/activity.py parameters:%s type:script_output -message:show system activity +message:Show system activity [list.interrupts] command:/usr/local/opnsense/scripts/system/list_interrupts.py -parameters: %s +parameters:%s type:script_output -message:request vmstat interrupt counters +message:Request vmstat interrupt counters [ssl.ciphers] command:/usr/local/opnsense/scripts/system/ssl_ciphers.py parameters: type:script_output -message:list ssl ciphers +message:List SSL ciphers [ssl.dhparam] command:daemon -f /usr/local/opnsense/scripts/system/dh_parameters.sh -parameters: +parameters:%s type:script -message:regenerate DH parameters +message:regenerate DH parameters %s description:Regenerate DH parameters