|
|
@@ -0,0 +1,192 @@
|
|
|
+ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
|
+ <html lang="en" xmlns="http://www.w3.org/1999/xhtml">
|
|
|
+ <head>
|
|
|
+ <title>Create a Secure Web Based Password Vault with Keepass Web</title>
|
|
|
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
|
+ <script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.min.js"></script>
|
|
|
+ <script type="text/javascript">
|
|
|
+ $(function(){
|
|
|
+ $('textarea').each(function(i,e){
|
|
|
+ theTextarea = $(this);
|
|
|
+ theTextarea.height((theTextarea[0].scrollHeight-5) +'px');
|
|
|
+ });
|
|
|
+
|
|
|
+ $('li').each(function(i,e){
|
|
|
+ if(!$(this).hasClass('noCheckbox')){
|
|
|
+ var uuid = 'li_' + Math.floor(Math.random() * Math.floor(1000000)).toString() + '_' + i.toString();
|
|
|
+ $(this).contents().wrap('<span id="'+ uuid +'"><label for="cb_'+ uuid +'"></label></span>');
|
|
|
+ $(this).prepend('<input type="checkbox" class="completeBox" id="cb_' + uuid +'" rel="'+ uuid +'" />')
|
|
|
+ }
|
|
|
+ });
|
|
|
+
|
|
|
+ $('code,div.codeBlock,textarea.codeBlock').each(function(i,e){
|
|
|
+ theElement = $(this);
|
|
|
+ var lines = theElement.html().split("\n");
|
|
|
+ theElement.empty();
|
|
|
+ for(l=0;l<lines.length;l++){
|
|
|
+ if($.trim(lines[l]) != '' && $.trim(lines[l]).substr(0,1) != '#' && $.trim(lines[l]).indexOf(' #') == -1 && lines[l].substr(0, 4).toUpperCase() != 'REM '){
|
|
|
+ theElement.append('<input type="image" src="images/clipboard.png" value="" class="copy-text" rel="copy_'+ i +'_'+ l +'" data-clipboard-text="'+ $.trim(lines[l].replace(/"/g, '"')) +'" /><span id="copy_'+ i +'_'+ l +'">'+ lines[l] +'</span>');
|
|
|
+ } else {
|
|
|
+ theElement.append(lines[l]);
|
|
|
+ }
|
|
|
+ }
|
|
|
+ });
|
|
|
+
|
|
|
+ $(document).on('click','input.copy-text',function(){
|
|
|
+ theButton = $(this);
|
|
|
+ $('input.copy-text').attr('src','images/clipboard.png');
|
|
|
+ $('span.copy-animation,span.copy-animation-ps').removeClass('copy-animation copy-animation-ps');
|
|
|
+ try {
|
|
|
+ if($('#'+ theButton.attr('rel')).parent('div').hasClass('PS')){
|
|
|
+ $('#'+ theButton.attr('rel')).addClass('copy-animation-ps');
|
|
|
+ } else if($('#'+ theButton.attr('rel')).parent('div').hasClass('CMD')){
|
|
|
+ $('#'+ theButton.attr('rel')).addClass('copy-animation-cmd');
|
|
|
+ } else {
|
|
|
+ $('#'+ theButton.attr('rel')).addClass('copy-animation');
|
|
|
+ }
|
|
|
+ navigator.clipboard.writeText(theButton.data('clipboard-text').replace(/<[^>]*>?/gm, ''));
|
|
|
+ theButton.attr('src','images/clipboard_active.png');
|
|
|
+ } catch(err) {
|
|
|
+ }
|
|
|
+ return false;
|
|
|
+ });
|
|
|
+
|
|
|
+ $(document).on('click','input.completeBox',function(){
|
|
|
+ theBox = $(this);
|
|
|
+ $('#'+ theBox.attr('rel')).addClass('strikethrough');
|
|
|
+ theBox.prop('disabled',true);
|
|
|
+ theBox.parent('li').prevAll().each(function(i,e){
|
|
|
+ theLI = $(this);
|
|
|
+ if(theLI.find('input[type=checkbox]').not(':checked')){
|
|
|
+ $('#'+ theLI.find('input[type=checkbox]').attr('rel')).addClass('strikethrough');
|
|
|
+ theLI.find('input[type=checkbox]').prop('checked',true).prop('disabled',true);
|
|
|
+ }
|
|
|
+ });
|
|
|
+ });
|
|
|
+
|
|
|
+ if(window.self !== window.top){
|
|
|
+ window.parent.$('iframe.stepsFrame').height((this['scrollingElement']['scrollHeight']+20) +'px');
|
|
|
+ }
|
|
|
+ });
|
|
|
+ </script>
|
|
|
+ <link href="css/steps.css" rel="stylesheet" type="text/css" />
|
|
|
+ </head>
|
|
|
+ <body>
|
|
|
+ <div id="gridContainer">
|
|
|
+ <div class="topMargin"></div>
|
|
|
+ <div id="listName" class="topMargin">
|
|
|
+ <h1>Create a Secure Web Based Password Vault with Keepass Web</h1>
|
|
|
+ </div>
|
|
|
+ <div></div>
|
|
|
+ <div id="content">
|
|
|
+ <ol>
|
|
|
+ <li>Log into the Debian device</li>
|
|
|
+ <li>Run the following commands in a terminal:
|
|
|
+ <div class="codeBlock"># update repositories and install any available software updates<br />
|
|
|
+ sudo apt update<br />
|
|
|
+ sudo apt upgrade<br />
|
|
|
+ # install apache2<br />
|
|
|
+ sudo apt install apache2<br />
|
|
|
+ # download and extract keepass web<br />
|
|
|
+ wget https://github.com/keeweb/keeweb/archive/gh-pages.zip<br />
|
|
|
+ sudo unzip gh-pages.zip -d /var/www/html/<br />
|
|
|
+ sudo mv /var/www/html/keeweb-gh-pages /var/www/html/keepass<br />
|
|
|
+ # create webdav directory and set permissions<br />
|
|
|
+ sudo mkdir /var/www/html/webdav<br />
|
|
|
+ sudo chown -R www-data:www-data /var/www/html/webdav<br />
|
|
|
+ # change permissions on the newly setup application folder<br />
|
|
|
+ sudo chown -R www-data:www-data /var/www/html/keepass<br />
|
|
|
+ # create a new keepass.conf file to configure the site<br />
|
|
|
+ sudo nano /etc/apache2/sites-available/keepass.conf</div>
|
|
|
+ </li>
|
|
|
+ <li>Paste the following directives into keepass.conf
|
|
|
+ <p>DavLockDB "/var/www/html/webdav/DavLock"<br />
|
|
|
+ <Location /keepass ><br />
|
|
|
+ RewriteEngine on<br />
|
|
|
+ RewriteCond %{REQUEST_METHOD} OPTIONS<br />
|
|
|
+ RewriteRule ^(.*)$ blank.html [R=200,L,E=HTTP_ORIGIN:%{HTTP:ORIGIN}]<br />
|
|
|
+ # Don't require LDAP authentication for a healthcheck<br />
|
|
|
+ SetEnvIf Request_URI "^/healhcheck" accessgranted=1<br />
|
|
|
+ Order deny,allow<br />
|
|
|
+ Satisfy any<br />
|
|
|
+ Deny from all<br />
|
|
|
+ Allow from env=accessgranted<br />
|
|
|
+ AuthType Basic<br />
|
|
|
+ AuthBasicProvider ldap<br />
|
|
|
+ AuthLDAPURL "ldap://i12bretro.local:389/DC=i12bretro,DC=local?sAMAccountName?sub?(objectClass=user)" NONE<br />
|
|
|
+ AuthLDAPBindDN "readonly_svc@i12bretro.local"<br />
|
|
|
+ AuthLDAPBindPassword "Read0nly!!"<br />
|
|
|
+ AuthName "Restricted Area [i12bretro.local]"<br />
|
|
|
+ # to authenticate a domain group, specify the full DN<br />
|
|
|
+ AuthLDAPGroupAttributeIsDN on<br />
|
|
|
+ require ldap-group CN=WebAuthAccess,CN=Users,DC=i12bretro,DC=local<br />
|
|
|
+ </Location> <br />
|
|
|
+ <Location "/webdav"><br />
|
|
|
+ DAV On<br />
|
|
|
+ AuthType "Basic"<br />
|
|
|
+ AuthName "webdav"<br />
|
|
|
+ Options Indexes<br />
|
|
|
+ Header always set Access-Control-Allow-Origin "*"<br />
|
|
|
+ Header always set Access-Control-Allow-Headers "origin, content-type, cache-control, accept, authorization, if-match, destination, overwrite"<br />
|
|
|
+ Header always set Access-Control-Expose-Headers "ETag"<br />
|
|
|
+ Header always set Access-Control-Allow-Methods "GET, HEAD, POST, PUT, OPTIONS, MOVE, DELETE, COPY, LOCK, UNLOCK"<br />
|
|
|
+ Header always set Access-Control-Allow-Credentials "true"<br />
|
|
|
+ </Location></p>
|
|
|
+ </li>
|
|
|
+ <li>Edit the index.html file and modify the kw-config meta tag, setting the value to config.json
|
|
|
+ <div class="codeBlock"># <meta name="kw-config" content="config.json"><br />
|
|
|
+ sudo nano /var/www/html/keepass/index.html</div>
|
|
|
+ </li>
|
|
|
+ <li>Press CTRL+O, Enter, CTRL+X to write the changes to index.html</li>
|
|
|
+ <li>Create and edit config.json to by running the following command:
|
|
|
+ <div class="codeBlock">sudo nano /var/www/html/keepass/config.json</div>
|
|
|
+ </li>
|
|
|
+ <li>Paste the following in to config.json
|
|
|
+ <p>{<br />
|
|
|
+ "settings": {<br />
|
|
|
+ "theme": "fb",<br />
|
|
|
+ "autoSave": true,<br />
|
|
|
+ "autoSaveInterval": 1,<br />
|
|
|
+ "canOpenDemo": false,<br />
|
|
|
+ "dropbox": false,<br />
|
|
|
+ "gdrive": false,<br />
|
|
|
+ "onedrive": false,<br />
|
|
|
+ "canExportXml": true<br />
|
|
|
+ },<br />
|
|
|
+ "files": [{<br />
|
|
|
+ "storage": "webdav",<br />
|
|
|
+ "name": "Database",<br />
|
|
|
+ "path": "/webdav/database.kdbx"<br />
|
|
|
+ }]<br />
|
|
|
+ }</p>
|
|
|
+ </li>
|
|
|
+ <li>Press CTRL+O, Enter, CTRL+X to write the changes to config.json</li>
|
|
|
+ <li>Continue by executing the following commands in terminal:
|
|
|
+ <div class="codeBlock"># enable the keepass site and required Apache modules<br />
|
|
|
+ sudo a2ensite keepass<br />
|
|
|
+ sudo a2enmod dav dav_fs ldap authnz_ldap rewrite headers<br />
|
|
|
+ # restart apache2 service for the changes to take effect<br />
|
|
|
+ sudo systemctl restart apache2</div>
|
|
|
+ </li>
|
|
|
+ <li>Open a web browser and navigate to http://DNSorIP/keepass</li>
|
|
|
+ <li>Authenticate with a valid LDAP user account</li>
|
|
|
+ <li>Click the New icon</li>
|
|
|
+ <li>Click the New link in the lower left hand corner</li>
|
|
|
+ <li>Enter a Master password and re-type it to confirm</li>
|
|
|
+ <li>Enter a Name for the keepass database</li>
|
|
|
+ <li>Click the Save to... button > File</li>
|
|
|
+ <li>Save the database to ~/database.kdbx</li>
|
|
|
+ <li>Close the browser</li>
|
|
|
+ <li>Continue by executing the following commands in terminal:
|
|
|
+ <div class="codeBlock"># copy the keepass database to webdav directory<br />
|
|
|
+ sudo mv ~/database.kdbx /var/www/html/webdav/</div>
|
|
|
+ </li>
|
|
|
+ <li>Open a web browser and navigate to http://DNSorIP/keepass</li>
|
|
|
+ <li>Enter the master password created earlier</li>
|
|
|
+ <li>Enjoy your web based keepass editor</li>
|
|
|
+</ol>
|
|
|
+ </div>
|
|
|
+ </div>
|
|
|
+ </body>
|
|
|
+ </html>
|
|
|
+
|
i12bretro