You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
77 lines
2.6 KiB
77 lines
2.6 KiB
<?php
|
|
/*
|
|
** Zabbix
|
|
** Copyright (C) 2001-2023 Zabbix SIA
|
|
**
|
|
** This program is free software; you can redistribute it and/or modify
|
|
** it under the terms of the GNU General Public License as published by
|
|
** the Free Software Foundation; either version 2 of the License, or
|
|
** (at your option) any later version.
|
|
**
|
|
** This program is distributed in the hope that it will be useful,
|
|
** but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
** GNU General Public License for more details.
|
|
**
|
|
** You should have received a copy of the GNU General Public License
|
|
** along with this program; if not, write to the Free Software
|
|
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
**/
|
|
|
|
|
|
define('DEST_FILENAME', __DIR__.'/top_passwords.txt');
|
|
|
|
$files = [];
|
|
for ($i = 1; $argc > $i; $i++) {
|
|
if (!is_readable($argv[$i]) || !is_file($argv[$i])) {
|
|
fwrite(STDERR, 'The file "'.$argv[$i].'" does not exist or is not readable.'."\n");
|
|
exit(1);
|
|
}
|
|
|
|
$files[$argv[$i]] = true;
|
|
}
|
|
|
|
if (!$files) {
|
|
fwrite(STDERR, 'No input file specified.'."\n");
|
|
exit(1);
|
|
}
|
|
|
|
// Make a list of unique passwords from all source files.
|
|
$passwords = [];
|
|
foreach (array_keys($files) as $filename) {
|
|
$passwords += array_flip(file($filename, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES));
|
|
}
|
|
$passwords = array_keys($passwords);
|
|
|
|
// Remove passwords containing non-printable characters.
|
|
$passwords = array_filter($passwords, function ($password) {
|
|
return !preg_match('/[^\x20-\x7e]/', $password);
|
|
});
|
|
|
|
// Base64-encode each password and add quotes around it.
|
|
$passwords = array_map('base64_encode', $passwords);
|
|
|
|
// Generate file.
|
|
$source = "#\n".
|
|
"# This file is meant to strengthen password validation for internal users. Passwords included in the list are considered\n".
|
|
"# weak due to their common use and are not allowed to be chosen by Zabbix internal users for security reasons. The file \n".
|
|
"# is generated automatically from the list of NCSC \"Top 100k passwords\", the list of SecLists \"Top 1M passwords\" and the\n".
|
|
"# list of Zabbix context-specific passwords.\n".
|
|
"#\n".
|
|
"# The list of passwords is used to check for commonly used passwords according to the password policy. Passwords are\n".
|
|
"# stored as base64-encoded strings. There must be two newlines before passwords.\n".
|
|
"#\n".
|
|
"\n".
|
|
"\n".
|
|
implode("\n", $passwords).
|
|
"\n";
|
|
|
|
if (file_put_contents(DEST_FILENAME, $source)) {
|
|
fwrite(STDOUT, 'File written: "'.DEST_FILENAME.'"'."\n");
|
|
exit(0);
|
|
}
|
|
else {
|
|
fwrite(STDERR, 'Cannot write file: "'.DEST_FILENAME.'"'."\n");
|
|
exit(1);
|
|
}
|