[ previous ] [ next ] [ threads ]
 From:  "Junior Gillespie" <jgillespie at t dash speed dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Password Protected Console
 Date:  Tue, 25 Jan 2005 08:48:15 -0600
I know many have asked how to protect the console menu system.  This is how I succeeded in this.


In the /etc directory, I copied rc.initial to rc.initial.menu

I then modified rc.initial script to something similar to this:



# display a cheap menu






echo "PacketMan Traffic Shaper"


echo "************************"


echo "1) About"


echo "2) Maintenance"




read -p "Enter a number: " opmode




# see what the user has chosen


case ${opmode} in



        /etc/rc.initial.about   # This is if you wanted to create an about screen



        /etc/rc.initial.lock    # This will call the access script



        /etc/rc.initial.menu   # I added this backdoor, in case password was lost. May want to
prompt for unique password, such as a serial.



###Then create a rc.initial.lock file and add the following:


#!/usr/local/bin/php -f


        /* parse the configuration and include all functions used below */



        $fp = fopen('php://stdin', 'r');

        echo <<<EOD


Password is required to access the Maintenance Menu.


Please enter password:



$passwdxml = $config['system']['password'];

if (crypt(chop(fgets($fp)), $passwdxml) == $passwdxml) {      # Crypt the user input, and compare to
system password

        echo <<<EOD


Access Granted!



                system_menu_access();   # This calls the rc.initial.menu file, and will need to be
added to the system.inc in /etc/inc/




###Now edit rc.initial.menu and add a exit option



#add an echo option


echo "7) Return to Main Menu"


###Then add the command to execute to return to opening menu






###Now to edit /etc/inc/system.inc


Add the following line toward the middle of the file:


function system_menu_access() {


        global $g;





###This should be a simple fix, although there are other (most likely simpler) ways to do this.

Check your file permissions, chmod 755


If any one knows of a good way to hide the user input in the lock script, please let me know.






Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.806 / Virus Database: 548 - Release Date: 12/5/2004