Merge bkctld-params and some functions into bkctld-(ip|port|key) scripts
This commit is contained in:
parent
6caa9078e6
commit
1522d2f6cd
2
bkctld
2
bkctld
|
@ -31,7 +31,7 @@ case "${subcommand}" in
|
|||
"${LIBDIR}/bkctld-${subcommand}" "${jail}"
|
||||
;;
|
||||
"key" | "port" | "ip")
|
||||
"${LIBDIR}/bkctld-params" "${jail}" "${subcommand}" "${option}"
|
||||
"${LIBDIR}/bkctld-${subcommand}" "${jail}" "${option}"
|
||||
;;
|
||||
"start" | "stop" | "reload" | "restart" | "sync" | "update" | "remove")
|
||||
if [ "${jail}" = "all" ]; then
|
||||
|
|
|
@ -22,8 +22,7 @@ fi
|
|||
. "${LIBDIR}/mkjail"
|
||||
info "4 - Copie default sshd_config"
|
||||
install -m 0640 "${sshd_config}" "${JAILDIR}/${jail}/${SSHD_CONFIG}"
|
||||
info "5 - Set usable sshd port"
|
||||
set_port "${jail}" auto
|
||||
info "6 - Copie default inc configuration"
|
||||
info "5 - Copie default inc configuration"
|
||||
install -m 0640 "${inctpl}" "${CONFDIR}/${jail}"
|
||||
"${LIBDIR}/bkctld-port" "${jail}" auto
|
||||
notice "${jail} : created jail"
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
bkctld-params
|
30
lib/bkctld-ip
Executable file
30
lib/bkctld-ip
Executable file
|
@ -0,0 +1,30 @@
|
|||
#!/bin/sh
|
||||
|
||||
LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
|
||||
|
||||
jail="${1:-}"
|
||||
ip="${2:-}"
|
||||
[ -n "${jail}" ] || usage
|
||||
check_jail "${jail}" || error "${jail} : inexistant jail'"
|
||||
|
||||
if [ -z "${ip}" ]; then
|
||||
grep -E "^AllowUsers" "${JAILDIR}/$jail/${SSHD_CONFIG}"|grep -Eo "root@[^ ]+"| while read allow; do
|
||||
echo "${allow}"|cut -d'@' -f2
|
||||
done
|
||||
else
|
||||
if [ "${ip}" = "all" ] || [ "${ip}" = "0.0.0.0/0" ]; then
|
||||
ips="0.0.0.0/0"
|
||||
else
|
||||
ips=$("${LIBDIR}/bkctld-ip" "${jail}")
|
||||
ips=$(echo "${ips}" "${ip}"|xargs -n1|grep -v "0.0.0.0/0"|sort|uniq)
|
||||
fi
|
||||
allow="AllowUsers"
|
||||
for ip in $ips; do
|
||||
allow="${allow} root@${ip}"
|
||||
done
|
||||
sed -i "s~^AllowUsers .*~${allow}~" "${JAILDIR}/$jail/${SSHD_CONFIG}"
|
||||
set_firewall "${jail}"
|
||||
notice "${jail} : update ip => ${ip}"
|
||||
|
||||
check_jail_on "${jail}" && "${LIBDIR}/bkctld-reload" "${jail}"
|
||||
fi
|
|
@ -1 +0,0 @@
|
|||
bkctld-params
|
21
lib/bkctld-key
Executable file
21
lib/bkctld-key
Executable file
|
@ -0,0 +1,21 @@
|
|||
#!/bin/sh
|
||||
|
||||
LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
|
||||
|
||||
jail="${1:-}"
|
||||
keyfile="${2:-}"
|
||||
[ -n "${jail}" ] || usage
|
||||
check_jail "${jail}" || error "${jail} : inexistant jail'"
|
||||
|
||||
if [ -z "${keyfile}" ]; then
|
||||
if [ -f "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}" ]; then
|
||||
cat "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
|
||||
fi
|
||||
else
|
||||
[ -e "${keyfile}" ] || error "Keyfile ${keyfile} dosen't exist !"
|
||||
cat "${keyfile}" > "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
|
||||
chmod 600 "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
|
||||
notice "${jail} : update key => ${keyfile}"
|
||||
|
||||
check_jail_on "${jail}" && . "${LIBDIR}/bkctld-reload" "${jail}"
|
||||
fi
|
|
@ -1,17 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
|
||||
|
||||
jail="${1:-}"
|
||||
params="${2:-}"
|
||||
option="${3:-}"
|
||||
[ -n "${jail}" ] || usage
|
||||
check_jail "${jail}" || error "${jail} : inexistant jail'"
|
||||
|
||||
if [ -z "${option}" ]; then
|
||||
"get_${params}" "${jail}"
|
||||
else
|
||||
"set_${params}" "${jail}" "${option}"
|
||||
check_jail_on "${jail}" && . "${LIBDIR}/bkctld-reload" "${jail}"
|
||||
notice "${jail} : update ${params} => ${option}"
|
||||
fi
|
|
@ -1 +0,0 @@
|
|||
bkctld-params
|
23
lib/bkctld-port
Executable file
23
lib/bkctld-port
Executable file
|
@ -0,0 +1,23 @@
|
|||
#!/bin/sh
|
||||
|
||||
LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
|
||||
|
||||
jail="${1:-}"
|
||||
port="${2:-}"
|
||||
[ -n "${jail}" ] || usage
|
||||
check_jail "${jail}" || error "${jail} : inexistant jail'"
|
||||
|
||||
if [ -z "${port}" ]; then
|
||||
grep -E "Port [0-9]+" "${JAILDIR}/${jail}/${SSHD_CONFIG}"|grep -oE "[0-9]+"
|
||||
else
|
||||
if [ "${port}" = "auto" ]; then
|
||||
port=$(grep -h Port "${JAILDIR}"/*/"${SSHD_CONFIG}" 2>/dev/null | grep -Eo "[0-9]+" | sort -n | tail -1)
|
||||
port=$((port+1))
|
||||
[ "${port}" -le 1 ] && port=2222
|
||||
fi
|
||||
sed -i "s/^Port .*/Port ${port}/" "${JAILDIR}/$jail/${SSHD_CONFIG}"
|
||||
set_firewall "${jail}"
|
||||
notice "${jail} : update port => ${port}"
|
||||
|
||||
check_jail_on "${jail}" && . "${LIBDIR}/bkctld-reload" "${jail}"
|
||||
fi
|
|
@ -12,6 +12,6 @@ if ( check_jail_on "${jail}" ); then
|
|||
else
|
||||
status="OFF"
|
||||
fi
|
||||
port=$(get_port "${jail}")
|
||||
ip=$(get_ip "${jail}"|xargs|tr -s ' ' ',')
|
||||
port=$("${LIBDIR}/bkctld-port" "${jail}")
|
||||
ip=$("${LIBDIR}/bkctld-ip" "${jail}"|xargs|tr -s ' ' ',')
|
||||
echo "${jail} ${status} ${port} ${inc} ${ip}" | awk '{ printf("%- 30s %- 10s %- 10s %- 10s %- 40s\n", $1, $2, $3, $4, $5); }'
|
||||
|
|
|
@ -46,26 +46,6 @@ check_jail_on() {
|
|||
return "${return}"
|
||||
}
|
||||
|
||||
get_port() {
|
||||
jail="${1}"
|
||||
port=$(grep -E "Port [0-9]+" "${JAILDIR}/${jail}/${SSHD_CONFIG}"|grep -oE "[0-9]+")
|
||||
echo "${port}"
|
||||
}
|
||||
|
||||
get_key() {
|
||||
jail="${1}"
|
||||
if [ -f "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}" ]; then
|
||||
cat "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
|
||||
fi
|
||||
}
|
||||
|
||||
get_ip() {
|
||||
jail="${1}"
|
||||
grep -E "^AllowUsers" "${JAILDIR}/$jail/${SSHD_CONFIG}"|grep -Eo "root@[^ ]+"| while read allow; do
|
||||
echo "${allow}"|cut -d'@' -f2
|
||||
done
|
||||
}
|
||||
|
||||
get_inc() {
|
||||
jail="${1}"
|
||||
inc="0"
|
||||
|
@ -77,43 +57,6 @@ get_inc() {
|
|||
echo "${inc}"
|
||||
}
|
||||
|
||||
set_port() {
|
||||
jail="${1}"
|
||||
port="${2}"
|
||||
if [ "${port}" = "auto" ]; then
|
||||
port=$(grep -h Port "${JAILDIR}"/*/"${SSHD_CONFIG}" 2>/dev/null | grep -Eo "[0-9]+" | sort -n | tail -1)
|
||||
port=$((port+1))
|
||||
[ "${port}" -le 1 ] && port=2222
|
||||
fi
|
||||
sed -i "s/^Port .*/Port ${port}/" "${JAILDIR}/$jail/${SSHD_CONFIG}"
|
||||
set_firewall "${jail}"
|
||||
}
|
||||
|
||||
set_key() {
|
||||
jail="${1}"
|
||||
keyfile="${2}"
|
||||
[ -e "${keyfile}" ] || error "Keyfile ${keyfile} dosen't exist !"
|
||||
cat "${keyfile}" > "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
|
||||
chmod 600 "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
|
||||
}
|
||||
|
||||
set_ip() {
|
||||
jail="${1}"
|
||||
ip="${2}"
|
||||
if [ "${ip}" = "all" ] || [ "${ip}" = "0.0.0.0/0" ]; then
|
||||
ips="0.0.0.0/0"
|
||||
else
|
||||
ips=$(get_ip "${jail}")
|
||||
ips=$(echo "${ips}" "${ip}"|xargs -n1|grep -v "0.0.0.0/0"|sort|uniq)
|
||||
fi
|
||||
allow="AllowUsers"
|
||||
for ip in $ips; do
|
||||
allow="${allow} root@${ip}"
|
||||
done
|
||||
sed -i "s~^AllowUsers .*~${allow}~" "${JAILDIR}/$jail/${SSHD_CONFIG}"
|
||||
set_firewall "${jail}"
|
||||
}
|
||||
|
||||
set_firewall() {
|
||||
jail="${1}"
|
||||
if [ -n "${FIREWALL_RULES}" ]; then
|
||||
|
@ -121,8 +64,8 @@ set_firewall() {
|
|||
sed -i "/#${jail}$/d" "${FIREWALL_RULES}"
|
||||
fi
|
||||
if ( check_jail "${jail}" ); then
|
||||
port=$(get_port "${jail}")
|
||||
for ip in $(get_ip "${jail}"); do
|
||||
port=$("${LIBDIR}/bkctld-port" "${jail}")
|
||||
for ip in $("${LIBDIR}/bkctld-ip" "${jail}"); do
|
||||
echo "/sbin/iptables -A INPUT -p tcp --sport 1024: --dport ${port} -s ${ip} -j ACCEPT #${jail}" >> "${FIREWALL_RULES}"
|
||||
done
|
||||
if [ -f /etc/init.d/minifirewall ]; then
|
||||
|
|
Loading…
Reference in a new issue