[ previous ] [ next ] [ threads ]
 
 From:  "Junior Gillespie" <jgillespie at t dash speed dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Password Protected Console
 Date:  Tue, 25 Jan 2005 08:48:15 -0600 
I know many have asked how to protect the console menu system.  This is how I succeeded in this.

 

In the /etc directory, I copied rc.initial to rc.initial.menu

I then modified rc.initial script to something similar to this:

###rc.initial

 

# display a cheap menu

 

echo 

 

echo 

 

echo "PacketMan Traffic Shaper"

 

echo "************************"

 

echo "1) About"

 

echo "2) Maintenance"

 

echo 

 

read -p "Enter a number: " opmode

 

 

 

# see what the user has chosen

 

case ${opmode} in

 

1)

        /etc/rc.initial.about   # This is if you wanted to create an about screen

        ;;

2)

        /etc/rc.initial.lock    # This will call the access script

        ;;

911)

        /etc/rc.initial.menu   # I added this backdoor, in case password was lost. May want to
prompt for unique password, such as a serial.

        ;;

 

###Then create a rc.initial.lock file and add the following:

 

#!/usr/local/bin/php -f

<?php

        /* parse the configuration and include all functions used below */

        require_once("config.inc");

        require_once("functions.inc");

        $fp = fopen('php://stdin', 'r');

        echo <<<EOD

 

Password is required to access the Maintenance Menu.

 

Please enter password:

 

EOD;

$passwdxml = $config['system']['password'];

if (crypt(chop(fgets($fp)), $passwdxml) == $passwdxml) {      # Crypt the user input, and compare to
system password

        echo <<<EOD

 

Access Granted!

 

EOD;

                system_menu_access();   # This calls the rc.initial.menu file, and will need to be
added to the system.inc in /etc/inc/

        }

?>

 

###Now edit rc.initial.menu and add a exit option

 

#rc.initial.menu

#add an echo option

 

echo "7) Return to Main Menu"

 

###Then add the command to execute to return to opening menu

 

7)

        /etc/rc.initial

        ;;

 

###Now to edit /etc/inc/system.inc

 

Add the following line toward the middle of the file:

 

function system_menu_access() {

 

        global $g;

 

        mwexec("/etc/rc.initial.menu");

}

 

###This should be a simple fix, although there are other (most likely simpler) ways to do this.

Check your file permissions, chmod 755

 

If any one knows of a good way to hide the user input in the lock script, please let me know.

 

Thanks,

 

Junior

 


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.806 / Virus Database: 548 - Release Date: 12/5/2004