Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gen_top_passwords.php « bin « create - github.com/zabbix/zabbix.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/create/bin/gen_top_passwords.php
blob: 3a0f919f930405fcbb8d0f4038058ef20b24fd3b (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

<?php
/*
** Zabbix
** Copyright (C) 2001-2022 Zabbix SIA
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License as published by
** the Free Software Foundation; either version 2 of the License, or
** (at your option) any later version.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
**/


define('DEST_FILENAME', __DIR__.'/top_passwords.txt');

$files = [];
for ($i = 1; $argc > $i; $i++) {
	if (!is_readable($argv[$i]) || !is_file($argv[$i])) {
		fwrite(STDERR, 'The file "'.$argv[$i].'" does not exist or is not readable.'."\n");
		exit(1);
	}

	$files[$argv[$i]] = true;
}

if (!$files) {
	fwrite(STDERR, 'No input file specified.'."\n");
	exit(1);
}

// Make a list of unique passwords from all source files.
$passwords = [];
foreach (array_keys($files) as $filename) {
	$passwords += array_flip(file($filename, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES));
}
$passwords = array_keys($passwords);

// Remove passwords containing non-printable characters.
$passwords = array_filter($passwords, function ($password) {
	return !preg_match('/[^\x20-\x7e]/', $password);
});

// Base64-encode each password and add quotes around it.
$passwords = array_map('base64_encode', $passwords);

// Generate file.
$source = "#\n".
	"# This file is meant to strengthen password validation for internal users. Passwords included in the list are considered\n".
	"# weak due to their common use and are not allowed to be chosen by Zabbix internal users for security reasons. The file \n".
	"# is generated automatically from the list of NCSC \"Top 100k passwords\", the list of SecLists \"Top 1M passwords\" and the\n".
	"# list of Zabbix context-specific passwords.\n".
	"#\n".
	"# The list of passwords is used to check for commonly used passwords according to the password policy. Passwords are\n".
	"# stored as base64-encoded strings. There must be two newlines before passwords.\n".
	"#\n".
	"\n".
	"\n".
	implode("\n", $passwords).
	"\n";

if (file_put_contents(DEST_FILENAME, $source)) {
	fwrite(STDOUT, 'File written: "'.DEST_FILENAME.'"'."\n");
	exit(0);
}
else {
	fwrite(STDERR, 'Cannot write file: "'.DEST_FILENAME.'"'."\n");
	exit(1);
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-06 11:07:31 +0300