6 changed files with 6 additions and 44 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,4 +1,3 @@
 *.log
 *.pwd
 *.pyc
-ccd/
--- a/README.md
+++ b/README.md
@ -40,14 +40,6 @@ Noch ein paar Zusatzpakete:
 # yum install tcpdump -y
 # yum install python3-bcrypt -y
 # yum install tar -y
-
-
-Firewalld disablen (WICHTIG!!!)
-# systemctl disable --now firewalld
-
-Tiefere Sicherheitsstufe, siehe https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening
-
-# update-crypto-policies --set LEGACY
 ```

 Wegen Entropy:
@ -140,12 +132,11 @@ MAILTO=root
 Startup mit Systemd einrichten:
 gemaess /opt/openvpn/systemd/README

-Verzeichnis /opt/openvpn/users ccd, log und status  muss angelegt werden:
+Verzeichnis /opt/openvpn/users ccd und status  muss angelegt werden:
 ```
 # mkdir /opt/openvpn/users
 # mkdir /opt/openvpn/ccd
 # mkdir /opt/openvpn/status
-# mkdir /opt/openvpn/log
 ```

 User anlegen:
@ -157,13 +148,6 @@ User anlegen:
 # groupadd sysoper
 # useradd -m -g sysoper -s /opt/openvpn/sysoper/sysoper_shell sysoper
 # passwd sysoper
-
-# chown sysoper:sysoper /opt/openvpn/users /opt/openvpn/ccd
-
-# cat /etc/sudoers.d/sysoper
-sysoper ALL=NOPASSWD: /usr/bin/systemctl start myopenvpn
-sysoper ALL=NOPASSWD: /usr/bin/systemctl stop myopenvpn
-sysoper ALL=NOPASSWD: /usr/bin/systemctl status myopenvpn
 ```
 Git Config:
 ```
@ -222,18 +206,3 @@ $2b$12$OkJpfcPt7Uk8DMVjBbuStedJ63rahYw05E7vNAg9PQigL97ox18Am
 ccd/testuser
 ::::::::::::::
 ifconfig-push 10.3.6.254 255.255.0.0
-
-
-Einrichten von Aide
-
-```bash
-# dnf install aide
-# aide init
-# mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
-Zum Testen:
-# aide --check
-
-Zum Updaten:
-# aide --update
-# mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
-```
--- a/config/server-443.conf
+++ b/config/server-443.conf
@ -10,9 +10,6 @@ writepid /var/run/openvpn-server/myopenvpn-443.pid

 ; ciphers
 tls-cipher "DEFAULT:@SECLEVEL=0"
-tls-version-min 1.0
-providers legacy default
-data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC

 ; tunnel configuration
 dev tap1
--- a/config/server.conf
+++ b/config/server.conf
@ -10,9 +10,6 @@ writepid /var/run/openvpn-server/myopenvpn.pid

 ; ciphers
 tls-cipher "DEFAULT:@SECLEVEL=0"
-tls-version-min 1.0
-providers legacy default
-data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC

 ; tunnel configuration
 dev tap0
@ -41,8 +38,8 @@ management localhost 6666
 ; certificates and authentication
 dh   /opt/openvpn/private/dh2048.pem
 ca   /opt/openvpn/ca/cacert.pem
-cert /opt/openvpn/certs/ewon.rychiger.com-cert.pem
-key  /opt/openvpn/private/ewon.rychiger.com-key.pem
+cert /opt/openvpn/certs/hostcert.pem
+key  /opt/openvpn/private/hostkey.pem
 verify-client-cert none
 username-as-common-name
 auth-user-pass-verify /opt/openvpn/scripts/openvpn-auth.py via-env
--- a/scripts/openvpn-auth.py
+++ b/scripts/openvpn-auth.py
@ -11,7 +11,7 @@ if not password:

 file = open('/opt/openvpn/users/'+username+'.pwd', 'r')
 hashed=file.read().rstrip()
-if bcrypt.hashpw(password.encode('utf-8'), hashed.encode('utf-8')) == hashed.encode('utf-8'):
+if bcrypt.hashpw(password, hashed) == hashed:
    sys.exit(0)
 else:
    sys.exit(1)
--- a/sysoper/hashme.py
+++ b/sysoper/hashme.py
@ -13,6 +13,6 @@ if not password:
    sys.exit()

 # Hash a password for the first time, with a randomly-generated salt
-hashed = bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt())
+hashed = bcrypt.hashpw(password, bcrypt.gensalt())

-print("%s" % (hashed.decode("utf-8")))
+print "%s" % (hashed)