49 lines
1.4 KiB
Bash
Executable file
49 lines
1.4 KiB
Bash
Executable file
#!/bin/sh
|
|
#
|
|
# Set or get allowed(s) ip(s) of <jailname>
|
|
# Usage: ip <jailname> [<ip>|all]
|
|
#
|
|
|
|
# shellcheck source=./includes
|
|
LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
|
|
|
|
jail_name="${1:?}"
|
|
ip="${2:-}"
|
|
|
|
if [ ! -n "${jail_name}" ]; then
|
|
"${LIBDIR}/bkctld-help" && exit 1
|
|
fi
|
|
jail_path=$(jail_path "${jail_name}")
|
|
|
|
test -d "${jail_path}" || error "${jail_name}: jail not found" 2
|
|
|
|
jail_sshd_config="${jail_path}/${SSHD_CONFIG}"
|
|
|
|
if [ -z "${ip}" ]; then
|
|
# parse IP addresses from AllowUsers directives in sshd config
|
|
grep -E "^AllowUsers" "${jail_sshd_config}" \
|
|
| grep -E -o "root@[^ ]+" \
|
|
| while read allow; do
|
|
echo "${allow}" | cut -d'@' -f2
|
|
done
|
|
else
|
|
if [ "${ip}" = "all" ] || [ "${ip}" = "0.0.0.0/0" ]; then
|
|
new_ips="0.0.0.0/0"
|
|
else
|
|
existing_ips=$("${LIBDIR}/bkctld-ip" "${jail_name}")
|
|
new_ips=$(echo ${existing_ips} ${ip} | xargs -n1 | grep -v "0.0.0.0/0" | sort | uniq)
|
|
fi
|
|
allow_users="AllowUsers"
|
|
for new_ip in ${new_ips}; do
|
|
allow_users="${allow_users} root@${new_ip}"
|
|
done
|
|
if grep -q -E "^AllowUsers" "${jail_sshd_config}"; then
|
|
sed -i "s~^AllowUsers .*~${allow_users}~" "${jail_sshd_config}"
|
|
else
|
|
error "No \`AllowUsers' directive found in \`${jail_sshd_config}'"
|
|
fi
|
|
notice "Update IP whitelist with \`${ip}' for jail \`${jail_name}' : OK"
|
|
"${LIBDIR}/bkctld-reload" "${jail_name}"
|
|
"${LIBDIR}/bkctld-firewall" "${jail_name}"
|
|
fi
|