Use mdoc(7) instead of markdown #6
2
bkctld
2
bkctld
|
@ -31,7 +31,7 @@ case "${subcommand}" in
|
||||||
"${LIBDIR}/bkctld-${subcommand}" "${jail}"
|
"${LIBDIR}/bkctld-${subcommand}" "${jail}"
|
||||||
;;
|
;;
|
||||||
"key" | "port" | "ip")
|
"key" | "port" | "ip")
|
||||||
"${LIBDIR}/bkctld-params" "${jail}" "${subcommand}" "${option}"
|
"${LIBDIR}/bkctld-${subcommand}" "${jail}" "${option}"
|
||||||
;;
|
;;
|
||||||
"start" | "stop" | "reload" | "restart" | "sync" | "update" | "remove")
|
"start" | "stop" | "reload" | "restart" | "sync" | "update" | "remove")
|
||||||
if [ "${jail}" = "all" ]; then
|
if [ "${jail}" = "all" ]; then
|
||||||
|
|
|
@ -22,8 +22,7 @@ fi
|
||||||
. "${LIBDIR}/mkjail"
|
. "${LIBDIR}/mkjail"
|
||||||
info "4 - Copie default sshd_config"
|
info "4 - Copie default sshd_config"
|
||||||
install -m 0640 "${sshd_config}" "${JAILDIR}/${jail}/${SSHD_CONFIG}"
|
install -m 0640 "${sshd_config}" "${JAILDIR}/${jail}/${SSHD_CONFIG}"
|
||||||
info "5 - Set usable sshd port"
|
info "5 - Copie default inc configuration"
|
||||||
set_port "${jail}" auto
|
|
||||||
info "6 - Copie default inc configuration"
|
|
||||||
install -m 0640 "${inctpl}" "${CONFDIR}/${jail}"
|
install -m 0640 "${inctpl}" "${CONFDIR}/${jail}"
|
||||||
|
"${LIBDIR}/bkctld-port" "${jail}" auto
|
||||||
notice "${jail} : created jail"
|
notice "${jail} : created jail"
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
bkctld-params
|
|
30
lib/bkctld-ip
Executable file
30
lib/bkctld-ip
Executable file
|
@ -0,0 +1,30 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
|
||||||
|
|
||||||
|
jail="${1:-}"
|
||||||
|
ip="${2:-}"
|
||||||
|
[ -n "${jail}" ] || usage
|
||||||
|
check_jail "${jail}" || error "${jail} : inexistant jail'"
|
||||||
|
|
||||||
|
if [ -z "${ip}" ]; then
|
||||||
|
grep -E "^AllowUsers" "${JAILDIR}/$jail/${SSHD_CONFIG}"|grep -Eo "root@[^ ]+"| while read allow; do
|
||||||
|
echo "${allow}"|cut -d'@' -f2
|
||||||
|
done
|
||||||
|
else
|
||||||
|
if [ "${ip}" = "all" ] || [ "${ip}" = "0.0.0.0/0" ]; then
|
||||||
|
ips="0.0.0.0/0"
|
||||||
|
else
|
||||||
|
ips=$("${LIBDIR}/bkctld-ip" "${jail}")
|
||||||
|
ips=$(echo "${ips}" "${ip}"|xargs -n1|grep -v "0.0.0.0/0"|sort|uniq)
|
||||||
|
fi
|
||||||
|
allow="AllowUsers"
|
||||||
|
for ip in $ips; do
|
||||||
|
allow="${allow} root@${ip}"
|
||||||
|
done
|
||||||
|
sed -i "s~^AllowUsers .*~${allow}~" "${JAILDIR}/$jail/${SSHD_CONFIG}"
|
||||||
|
set_firewall "${jail}"
|
||||||
|
notice "${jail} : update ip => ${ip}"
|
||||||
|
|
||||||
|
check_jail_on "${jail}" && "${LIBDIR}/bkctld-reload" "${jail}"
|
||||||
|
fi
|
|
@ -1 +0,0 @@
|
||||||
bkctld-params
|
|
21
lib/bkctld-key
Executable file
21
lib/bkctld-key
Executable file
|
@ -0,0 +1,21 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
|
||||||
|
|
||||||
|
jail="${1:-}"
|
||||||
|
keyfile="${2:-}"
|
||||||
|
[ -n "${jail}" ] || usage
|
||||||
|
check_jail "${jail}" || error "${jail} : inexistant jail'"
|
||||||
|
|
||||||
|
if [ -z "${keyfile}" ]; then
|
||||||
|
if [ -f "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}" ]; then
|
||||||
|
cat "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
[ -e "${keyfile}" ] || error "Keyfile ${keyfile} dosen't exist !"
|
||||||
|
cat "${keyfile}" > "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
|
||||||
|
chmod 600 "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
|
||||||
|
notice "${jail} : update key => ${keyfile}"
|
||||||
|
|
||||||
|
check_jail_on "${jail}" && . "${LIBDIR}/bkctld-reload" "${jail}"
|
||||||
|
fi
|
|
@ -1,17 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
|
|
||||||
|
|
||||||
jail="${1:-}"
|
|
||||||
params="${2:-}"
|
|
||||||
option="${3:-}"
|
|
||||||
[ -n "${jail}" ] || usage
|
|
||||||
check_jail "${jail}" || error "${jail} : inexistant jail'"
|
|
||||||
|
|
||||||
if [ -z "${option}" ]; then
|
|
||||||
"get_${params}" "${jail}"
|
|
||||||
else
|
|
||||||
"set_${params}" "${jail}" "${option}"
|
|
||||||
check_jail_on "${jail}" && . "${LIBDIR}/bkctld-reload" "${jail}"
|
|
||||||
notice "${jail} : update ${params} => ${option}"
|
|
||||||
fi
|
|
|
@ -1 +0,0 @@
|
||||||
bkctld-params
|
|
23
lib/bkctld-port
Executable file
23
lib/bkctld-port
Executable file
|
@ -0,0 +1,23 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
|
||||||
|
|
||||||
|
jail="${1:-}"
|
||||||
|
port="${2:-}"
|
||||||
|
[ -n "${jail}" ] || usage
|
||||||
|
check_jail "${jail}" || error "${jail} : inexistant jail'"
|
||||||
|
|
||||||
|
if [ -z "${port}" ]; then
|
||||||
|
grep -E "Port [0-9]+" "${JAILDIR}/${jail}/${SSHD_CONFIG}"|grep -oE "[0-9]+"
|
||||||
|
else
|
||||||
|
if [ "${port}" = "auto" ]; then
|
||||||
|
port=$(grep -h Port "${JAILDIR}"/*/"${SSHD_CONFIG}" 2>/dev/null | grep -Eo "[0-9]+" | sort -n | tail -1)
|
||||||
|
port=$((port+1))
|
||||||
|
[ "${port}" -le 1 ] && port=2222
|
||||||
|
fi
|
||||||
|
sed -i "s/^Port .*/Port ${port}/" "${JAILDIR}/$jail/${SSHD_CONFIG}"
|
||||||
|
set_firewall "${jail}"
|
||||||
|
notice "${jail} : update port => ${port}"
|
||||||
|
|
||||||
|
check_jail_on "${jail}" && . "${LIBDIR}/bkctld-reload" "${jail}"
|
||||||
|
fi
|
|
@ -12,6 +12,6 @@ if ( check_jail_on "${jail}" ); then
|
||||||
else
|
else
|
||||||
status="OFF"
|
status="OFF"
|
||||||
fi
|
fi
|
||||||
port=$(get_port "${jail}")
|
port=$("${LIBDIR}/bkctld-port" "${jail}")
|
||||||
ip=$(get_ip "${jail}"|xargs|tr -s ' ' ',')
|
ip=$("${LIBDIR}/bkctld-ip" "${jail}"|xargs|tr -s ' ' ',')
|
||||||
echo "${jail} ${status} ${port} ${inc} ${ip}" | awk '{ printf("%- 30s %- 10s %- 10s %- 10s %- 40s\n", $1, $2, $3, $4, $5); }'
|
echo "${jail} ${status} ${port} ${inc} ${ip}" | awk '{ printf("%- 30s %- 10s %- 10s %- 10s %- 40s\n", $1, $2, $3, $4, $5); }'
|
||||||
|
|
|
@ -46,26 +46,6 @@ check_jail_on() {
|
||||||
return "${return}"
|
return "${return}"
|
||||||
}
|
}
|
||||||
|
|
||||||
get_port() {
|
|
||||||
jail="${1}"
|
|
||||||
port=$(grep -E "Port [0-9]+" "${JAILDIR}/${jail}/${SSHD_CONFIG}"|grep -oE "[0-9]+")
|
|
||||||
echo "${port}"
|
|
||||||
}
|
|
||||||
|
|
||||||
get_key() {
|
|
||||||
jail="${1}"
|
|
||||||
if [ -f "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}" ]; then
|
|
||||||
cat "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
get_ip() {
|
|
||||||
jail="${1}"
|
|
||||||
grep -E "^AllowUsers" "${JAILDIR}/$jail/${SSHD_CONFIG}"|grep -Eo "root@[^ ]+"| while read allow; do
|
|
||||||
echo "${allow}"|cut -d'@' -f2
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
get_inc() {
|
get_inc() {
|
||||||
jail="${1}"
|
jail="${1}"
|
||||||
inc="0"
|
inc="0"
|
||||||
|
@ -77,43 +57,6 @@ get_inc() {
|
||||||
echo "${inc}"
|
echo "${inc}"
|
||||||
}
|
}
|
||||||
|
|
||||||
set_port() {
|
|
||||||
jail="${1}"
|
|
||||||
port="${2}"
|
|
||||||
if [ "${port}" = "auto" ]; then
|
|
||||||
port=$(grep -h Port "${JAILDIR}"/*/"${SSHD_CONFIG}" 2>/dev/null | grep -Eo "[0-9]+" | sort -n | tail -1)
|
|
||||||
port=$((port+1))
|
|
||||||
[ "${port}" -le 1 ] && port=2222
|
|
||||||
fi
|
|
||||||
sed -i "s/^Port .*/Port ${port}/" "${JAILDIR}/$jail/${SSHD_CONFIG}"
|
|
||||||
set_firewall "${jail}"
|
|
||||||
}
|
|
||||||
|
|
||||||
set_key() {
|
|
||||||
jail="${1}"
|
|
||||||
keyfile="${2}"
|
|
||||||
[ -e "${keyfile}" ] || error "Keyfile ${keyfile} dosen't exist !"
|
|
||||||
cat "${keyfile}" > "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
|
|
||||||
chmod 600 "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
|
|
||||||
}
|
|
||||||
|
|
||||||
set_ip() {
|
|
||||||
jail="${1}"
|
|
||||||
ip="${2}"
|
|
||||||
if [ "${ip}" = "all" ] || [ "${ip}" = "0.0.0.0/0" ]; then
|
|
||||||
ips="0.0.0.0/0"
|
|
||||||
else
|
|
||||||
ips=$(get_ip "${jail}")
|
|
||||||
ips=$(echo "${ips}" "${ip}"|xargs -n1|grep -v "0.0.0.0/0"|sort|uniq)
|
|
||||||
fi
|
|
||||||
allow="AllowUsers"
|
|
||||||
for ip in $ips; do
|
|
||||||
allow="${allow} root@${ip}"
|
|
||||||
done
|
|
||||||
sed -i "s~^AllowUsers .*~${allow}~" "${JAILDIR}/$jail/${SSHD_CONFIG}"
|
|
||||||
set_firewall "${jail}"
|
|
||||||
}
|
|
||||||
|
|
||||||
set_firewall() {
|
set_firewall() {
|
||||||
jail="${1}"
|
jail="${1}"
|
||||||
if [ -n "${FIREWALL_RULES}" ]; then
|
if [ -n "${FIREWALL_RULES}" ]; then
|
||||||
|
@ -121,8 +64,8 @@ set_firewall() {
|
||||||
sed -i "/#${jail}$/d" "${FIREWALL_RULES}"
|
sed -i "/#${jail}$/d" "${FIREWALL_RULES}"
|
||||||
fi
|
fi
|
||||||
if ( check_jail "${jail}" ); then
|
if ( check_jail "${jail}" ); then
|
||||||
port=$(get_port "${jail}")
|
port=$("${LIBDIR}/bkctld-port" "${jail}")
|
||||||
for ip in $(get_ip "${jail}"); do
|
for ip in $("${LIBDIR}/bkctld-ip" "${jail}"); do
|
||||||
echo "/sbin/iptables -A INPUT -p tcp --sport 1024: --dport ${port} -s ${ip} -j ACCEPT #${jail}" >> "${FIREWALL_RULES}"
|
echo "/sbin/iptables -A INPUT -p tcp --sport 1024: --dport ${port} -s ${ip} -j ACCEPT #${jail}" >> "${FIREWALL_RULES}"
|
||||||
done
|
done
|
||||||
if [ -f /etc/init.d/minifirewall ]; then
|
if [ -f /etc/init.d/minifirewall ]; then
|
||||||
|
|
Loading…
Reference in a new issue